From 225b37a5437919f3aa92cde364d6584f476ba1ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 8 Mar 2017 10:22:54 +0100 Subject: [PATCH 001/368] Fix typos in comment --- include/mbedtls/ecp.h | 1 - library/ecp.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index bf9abeff6..944b7f82d 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -205,7 +205,6 @@ mbedtls_ecp_keypair; * 521 145 141 135 120 97 * 384 214 209 198 177 146 * 256 320 320 303 262 226 - * 224 475 475 453 398 342 * 192 640 640 633 587 476 */ diff --git a/library/ecp.c b/library/ecp.c index 5ad686398..c7f4b04bb 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1363,7 +1363,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, mbedtls_mpi_init( &M ); mbedtls_mpi_init( &mm ); - /* we need N to be odd to trnaform m in an odd number, check now */ + /* we need N to be odd to transform m in an odd number, check now */ if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); From c3a3bc7636ea1e6bce8ed922af9a5d74890564db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Mar 2017 11:17:51 +0100 Subject: [PATCH 002/368] Add config flag MBEDTLS_ECP_EARLY_RETURN --- include/mbedtls/config.h | 15 +++++++++++++++ library/version_features.c | 3 +++ 2 files changed, 18 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 47c719640..9040bb71b 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -561,6 +561,21 @@ */ #define MBEDTLS_ECP_NIST_OPTIM +/** + * \def MBEDTLS_ECP_EARLY_RETURN + * + * Enable "non-blocking" ECC operations that can return early and be resumed. + * + * This enables \c mbedtls_ecp_set_max_ops() and allows various ECC functions + * to return \c MBEDTLS_ERR_ECP_IN_PROGRESS when needed. + * + * TODO: depending on other choices, this might need to be disabled by default + * in order to avoid changing the ABI. Revisit that later. + * + * Comment this macro to disable non-blocking ECC computations. + */ +#define MBEDTLS_ECP_EARLY_RETURN + /** * \def MBEDTLS_ECDSA_DETERMINISTIC * diff --git a/library/version_features.c b/library/version_features.c index 5cbe8aca3..2668eaed5 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -276,6 +276,9 @@ static const char *features[] = { #if defined(MBEDTLS_ECP_NIST_OPTIM) "MBEDTLS_ECP_NIST_OPTIM", #endif /* MBEDTLS_ECP_NIST_OPTIM */ +#if defined(MBEDTLS_ECP_EARLY_RETURN) + "MBEDTLS_ECP_EARLY_RETURN", +#endif /* MBEDTLS_ECP_EARLY_RETURN */ #if defined(MBEDTLS_ECDSA_DETERMINISTIC) "MBEDTLS_ECDSA_DETERMINISTIC", #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ From 5e3c62fd1de6ecade242e03907d90d85d59b8ac1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 8 Mar 2017 10:14:11 +0100 Subject: [PATCH 003/368] Add MBEDTLS_ERR_ECP_IN_PROGRESS --- include/mbedtls/ecp.h | 1 + include/mbedtls/error.h | 2 +- library/error.c | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 944b7f82d..f821690ef 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -36,6 +36,7 @@ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ +#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B80 /**< Operation in progress, try again with the same parameters. */ #if !defined(MBEDTLS_ECP_ALT) /* diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 31591e2d6..6c580676d 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -76,7 +76,7 @@ * DHM 3 9 * PK 3 14 (Started from top) * RSA 4 9 - * ECP 4 8 (Started from top) + * ECP 4 9 (Started from top) * MD 5 4 * CIPHER 6 6 * SSL 6 17 (Started from top) diff --git a/library/error.c b/library/error.c index db42381c4..5845303c7 100644 --- a/library/error.c +++ b/library/error.c @@ -225,6 +225,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" ); if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) ) mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" ); + if( use_ret == -(MBEDTLS_ERR_ECP_IN_PROGRESS) ) + mbedtls_snprintf( buf, buflen, "ECP - Operation in progress, try again with the same parameters" ); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) From 054433c4935709df80ea1cb0d01849b6c745d009 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Mar 2017 11:18:33 +0100 Subject: [PATCH 004/368] Add mbedtls_ecp_set_max_ops() The plan is to count basic operations as follows: - call to ecp_add_mixed() -> 11 - call to ecp_double_jac() -> 8 - call to mpi_mul_mpi() -> 1 - call to mpi_inv_mod() -> 120 - everything else -> not counted The counts for ecp_add_mixed() and ecp_double_jac() are based on the actual number of calls to mpi_mul_mpi() they they make. The count for mpi_inv_mod() is based on timing measurements on K64F and LPC1768 boards, and are consistent with the usual very rough estimate of one inversion = 100 multiplications. It could be useful to repeat that measurement on a Cortex-M0 board as those have smaller divider and multipliers, so the result could be a bit different but should be the same order of magnitude. The documented limitation of 120 basic ops is due to the calls to mpi_inv_mod() which are currently not interruptible nor planned to be so far. --- include/mbedtls/ecp.h | 34 +++++++++++++++++++++++++++++++++- library/ecp.c | 16 ++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index f821690ef..7bcc69c01 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -240,6 +240,33 @@ mbedtls_ecp_keypair; */ #define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */ +#if defined(MBEDTLS_ECP_EARLY_RETURN) +/** + * \brief Set the maximum number of basic operations done in a row. + * + * If more operations are needed to complete a computation, + * MBEDTLS_ERR_ECP_IN_PROGRESS will be returned by the + * function performing the computation. That function will + * then need to be called again with the same arguments until + * it returns 0 or an other error code. + * + * \param max_ops Maximum number of basic operations done in a row. + * Default: 0 (unlimited). + * Lower (non-zero) values mean ECC functions will block for + * a lesser maximum amount of time. + * + * \note A "basic operation" is roughly multiplication in GF(p), + * or whatever takes a roughly equivalent amount of time. + * As an indication, a scalar multiplication on P-256 is + * of the order of 3600 "basic operations" with default + * settings. + * + * \warning Values lower than 120 are currently not well-supported, in + * that sometimes functions will have to block for longer. + */ +void mbedtls_ecp_set_max_ops( unsigned max_ops ); +#endif /* MBEDTLS_ECP_EARLY_RETURN */ + /** * \brief Get the list of supported curves in order of preferrence * (full information) @@ -525,7 +552,12 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, * \return 0 if successful, * MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey * or P is not a valid pubkey, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached (see \c mbedtls_ecp_set_max_ops()), + * indicating the function should be called again with the + * exact same arguments. + * */ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, diff --git a/library/ecp.c b/library/ecp.c index c7f4b04bb..1358a3f8c 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -85,6 +85,22 @@ static void mbedtls_zeroize( void *v, size_t n ) { static unsigned long add_count, dbl_count, mul_count; #endif + +#if defined(MBEDTLS_ECP_EARLY_RETURN) +/* + * Maximum number of "basic operations" to be done in a row. + */ +static unsigned ecp_max_ops = 0; + +/* + * Set ecp_max_ops + */ +void mbedtls_ecp_set_max_ops( unsigned max_ops ) +{ + ecp_max_ops = max_ops; +} +#endif /* MBEDTLS_ECP_EARLY_RETURN */ + #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ From 510d5caece90e35be004a77dc8171f110d2a9787 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 8 Mar 2017 11:41:47 +0100 Subject: [PATCH 005/368] Add early return test + fake implementation --- library/ecp.c | 21 ++++++ tests/suites/test_suite_ecp.data | 8 +++ tests/suites/test_suite_ecp.function | 101 +++++++++++++++++++++++++++ 3 files changed, 130 insertions(+) diff --git a/library/ecp.c b/library/ecp.c index 1358a3f8c..987739f56 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -99,6 +99,22 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ) { ecp_max_ops = max_ops; } + +/* + * Saved context type for restarting operations. + * + * XXX: this is a temporary place for the definition + */ +typedef struct { + unsigned char fake_it; /* for tests: should we fake early return? */ +} ecp_restart_context; + +/* + * Saved context fro restarting operations. + * + * XXX: temporary place for the allocation + */ +static ecp_restart_context ecp_restart; #endif /* MBEDTLS_ECP_EARLY_RETURN */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ @@ -1376,6 +1392,11 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, mbedtls_ecp_point *T; mbedtls_mpi M, mm; +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( ecp_restart.fake_it++ != 0 && ecp_max_ops != 0 ) + return( MBEDTLS_ERR_ECP_IN_PROGRESS ); +#endif + mbedtls_mpi_init( &M ); mbedtls_mpi_init( &mm ); diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index a43e7d75d..f96be5a51 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -344,3 +344,11 @@ ecp_test_vect:MBEDTLS_ECP_DP_SECP256K1:"923C6D4756CD940CD1E13A359F6E0F0698791938 ECP selftest ecp_selftest: + +ECP early return secp256r1 restart disabled +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":0:0:0 + +ECP early return secp256r1 restart enabled +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":1:1:5000 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 99780c0de..c8daef990 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -51,6 +51,107 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_EARLY_RETURN */ +void ecp_test_vect_restart( int id, + char *dA_str, char *xA_str, char *yA_str, + char *dB_str, char *xZ_str, char *yZ_str, + int max_ops, int min_restarts, int max_restarts ) +{ + /* + * Test for early restart. Based on test vectors like ecp_test_vect(), + * but for the sake of simplicity only does half of each side. It's + * important to test both base point and random point, though, as memory + * management is different in each case. + * + * Don't try using too precise bounds for restarts as the exact number + * will depend on settings such as MBEDTLS_ECP_FIXED_POINT_OPTIM and + * MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may + * change in the future. A factor 2 is a minimum safety margin. + * + * For reference, with mbed TLS 2.4 and default settings, for P-256: + * - Random point mult: ~3600M + * - Cold base point mult: ~3600M + * - Hot base point mult: ~1200M + * With MBEDTLS_ECP_WINDOW_SIZE set to 2 (minimum): + * - Random point mult: ~4200M + */ + mbedtls_ecp_group grp; + mbedtls_ecp_point R; + mbedtls_mpi dA, xA, yA, dB, xZ, yZ; + int cnt_restarts; + int ret; + + mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); + mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA ); + mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ ); + + TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 ); + + mbedtls_ecp_set_max_ops( (unsigned) max_ops ); + + /* Base point case */ + cnt_restarts = 0; + do { + ret = mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, NULL, NULL ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + cnt_restarts++; + } + while( ret != 0 ); + + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 ); + + TEST_ASSERT( cnt_restarts >= min_restarts ); + TEST_ASSERT( cnt_restarts <= max_restarts ); + + /* Do we leak memory when doing it twice in a row? */ + do { + ret = mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, NULL, NULL ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + } + while( ret != 0 ); + + /* Non-base point case */ + cnt_restarts = 0; + do { + ret = mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + cnt_restarts++; + } + while( ret != 0 ); + + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 ); + + TEST_ASSERT( cnt_restarts >= min_restarts ); + TEST_ASSERT( cnt_restarts <= max_restarts ); + + /* Do we leak memory when doing it twice in a row? */ + do { + ret = mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + } + while( ret != 0 ); + +exit: + mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R ); + mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); mbedtls_mpi_free( &yA ); + mbedtls_mpi_free( &dB ); mbedtls_mpi_free( &xZ ); mbedtls_mpi_free( &yZ ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ecp_test_vect( int id, char *dA_str, char *xA_str, char *yA_str, char *dB_str, char *xB_str, char *yB_str, char *xZ_str, From 7306dff01faf9fcac42d855c9e3ad54c23caeb32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 9 Mar 2017 12:23:45 +0100 Subject: [PATCH 006/368] Group related code together This will be split to a new function next. --- library/ecp.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 987739f56..c85b8ae49 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1389,7 +1389,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, unsigned char w, m_is_odd, p_eq_g, pre_len, i; size_t d; unsigned char k[COMB_MAX_D + 1]; - mbedtls_ecp_point *T; + mbedtls_ecp_point *T = NULL; mbedtls_mpi M, mm; #if defined(MBEDTLS_ECP_EARLY_RETURN) @@ -1404,6 +1404,15 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + /* + * Make sure M is odd (M = m or M = N - m, since N is odd) + * using the fact that m * P = - (N - m) * P + */ + m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, ! m_is_odd ) ); + /* * Minimize the number of multiplications, that is minimize * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w ) @@ -1462,15 +1471,6 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, } } - /* - * Make sure M is odd (M = m or M = N - m, since N is odd) - * using the fact that m * P = - (N - m) * P - */ - m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, ! m_is_odd ) ); - /* * Go for comb multiplication, R = M * P */ From ec5606ad0c8907527b95048e5faad270256d2d9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 9 Mar 2017 12:46:45 +0100 Subject: [PATCH 007/368] Extract code to separate function ecp_mul_comb() is already 110 lines long and we're going to add complexity with the early-return+restart code, so let's try to make it simpler first. --- library/ecp.c | 47 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 12 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index c85b8ae49..c0b6a1b7b 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1376,6 +1376,37 @@ cleanup: return( ret ); } +/* + * Set M to either m or -m, depending on which one is odd + */ +static int ecp_make_scalar_odd( const mbedtls_ecp_group *grp, + mbedtls_mpi *M, + const mbedtls_mpi *m, + const unsigned char m_is_odd ) +{ + int ret; + mbedtls_mpi mm; + + mbedtls_mpi_init( &mm ); + + /* we need N to be odd to transform m in an odd number, check now */ + if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + /* + * Make sure M is odd (M = m or M = N - m, since N is odd) + * using the fact that m * P = - (N - m) * P + */ + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( M, m ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( M, &mm, ! m_is_odd ) ); + +cleanup: + mbedtls_mpi_free( &mm ); + + return( ret ); +} + /* * Multiplication using the comb method, * for curves in short Weierstrass form @@ -1390,7 +1421,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, size_t d; unsigned char k[COMB_MAX_D + 1]; mbedtls_ecp_point *T = NULL; - mbedtls_mpi M, mm; + mbedtls_mpi M; #if defined(MBEDTLS_ECP_EARLY_RETURN) if( ecp_restart.fake_it++ != 0 && ecp_max_ops != 0 ) @@ -1398,20 +1429,13 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #endif mbedtls_mpi_init( &M ); - mbedtls_mpi_init( &mm ); - - /* we need N to be odd to transform m in an odd number, check now */ - if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); /* - * Make sure M is odd (M = m or M = N - m, since N is odd) - * using the fact that m * P = - (N - m) * P + * We need an odd scalar for recoding. Ensure that by replacing it with + * its opposite, then negating the result to compensate if needed. */ m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, ! m_is_odd ) ); + MBEDTLS_MPI_CHK( ecp_make_scalar_odd( grp, &M, m, m_is_odd ) ); /* * Minimize the number of multiplications, that is minimize @@ -1493,7 +1517,6 @@ cleanup: } mbedtls_mpi_free( &M ); - mbedtls_mpi_free( &mm ); if( ret != 0 ) mbedtls_ecp_point_free( R ); From 22be635d13929acba60ada6a018059105b6c74ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 9 Mar 2017 13:02:35 +0100 Subject: [PATCH 008/368] Re-order some more code --- library/ecp.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index c0b6a1b7b..cea835d15 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1437,6 +1437,14 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 ); MBEDTLS_MPI_CHK( ecp_make_scalar_odd( grp, &M, m, m_is_odd ) ); + /* Is P the base point ? */ +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 + p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && + mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 ); +#else + p_eq_g = 0; +#endif + /* * Minimize the number of multiplications, that is minimize * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w ) @@ -1449,14 +1457,8 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * Just adding one avoids upping the cost of the first mul too much, * and the memory cost too. */ -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 - p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && - mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 ); if( p_eq_g ) w++; -#else - p_eq_g = 0; -#endif /* * Make sure w is within bounds. From 4b2336d7f69ba5e6ad1ec4937f62b96f138f6c22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 9 Mar 2017 13:23:50 +0100 Subject: [PATCH 009/368] Move some more code to new function --- library/ecp.c | 62 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 25 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index cea835d15..2cbe4f069 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1407,6 +1407,41 @@ cleanup: return( ret ); } +/* + * Pick window size based on curve size and whether we optimize for base point + */ +static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, + unsigned char p_eq_g ) +{ + unsigned char w; + + /* + * Minimize the number of multiplications, that is minimize + * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w ) + * (see costs of the various parts, with 1S = 1M) + */ + w = grp->nbits >= 384 ? 5 : 4; + + /* + * If P == G, pre-compute a bit more, since this may be re-used later. + * Just adding one avoids upping the cost of the first mul too much, + * and the memory cost too. + */ + if( p_eq_g ) + w++; + + /* + * Make sure w is within bounds. + * (The last test is useful only for very small curves in the test suite.) + */ + if( w > MBEDTLS_ECP_WINDOW_SIZE ) + w = MBEDTLS_ECP_WINDOW_SIZE; + if( w >= grp->nbits ) + w = 2; + + return( w ); +} + /* * Multiplication using the comb method, * for curves in short Weierstrass form @@ -1445,31 +1480,8 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, p_eq_g = 0; #endif - /* - * Minimize the number of multiplications, that is minimize - * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w ) - * (see costs of the various parts, with 1S = 1M) - */ - w = grp->nbits >= 384 ? 5 : 4; - - /* - * If P == G, pre-compute a bit more, since this may be re-used later. - * Just adding one avoids upping the cost of the first mul too much, - * and the memory cost too. - */ - if( p_eq_g ) - w++; - - /* - * Make sure w is within bounds. - * (The last test is useful only for very small curves in the test suite.) - */ - if( w > MBEDTLS_ECP_WINDOW_SIZE ) - w = MBEDTLS_ECP_WINDOW_SIZE; - if( w >= grp->nbits ) - w = 2; - - /* Other sizes that depend on w */ + /* Window size and others that depend on it */ + w = ecp_pick_window_size( grp, p_eq_g ); pre_len = 1U << ( w - 1 ); d = ( grp->nbits + w - 1 ) / w; From 24be79588d363290bf253a67edad9ac06f9c62b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 13 Mar 2017 12:03:33 +0100 Subject: [PATCH 010/368] Group related code together --- library/ecp.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 2cbe4f069..4d3448c7e 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1465,13 +1465,6 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, mbedtls_mpi_init( &M ); - /* - * We need an odd scalar for recoding. Ensure that by replacing it with - * its opposite, then negating the result to compensate if needed. - */ - m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 ); - MBEDTLS_MPI_CHK( ecp_make_scalar_odd( grp, &M, m, m_is_odd ) ); - /* Is P the base point ? */ #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && @@ -1509,6 +1502,13 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, } } + /* + * We need an odd scalar for recoding. Ensure that by replacing it with + * its opposite, then negating the result to compensate if needed. + */ + m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 ); + MBEDTLS_MPI_CHK( ecp_make_scalar_odd( grp, &M, m, m_is_odd ) ); + /* * Go for comb multiplication, R = M * P */ From 391f44153dc18331d1bcf79a8420a15a4a8109ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 13 Mar 2017 12:26:21 +0100 Subject: [PATCH 011/368] Move more code to separate function This reduces the scope of some variables (M, k), clarifying where they're used. --- library/ecp.c | 79 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 53 insertions(+), 26 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 4d3448c7e..932e4e58a 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1407,6 +1407,53 @@ cleanup: return( ret ); } +/* + * Perform comb multiplication (for short Weierstrass curves) + * once the auxiliary table has been pre-computed. + */ +static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, + const mbedtls_mpi *m, + const mbedtls_ecp_point *T, + unsigned char pre_len, + unsigned char w, + size_t d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret; + unsigned char m_is_odd; + unsigned char k[COMB_MAX_D + 1]; + mbedtls_mpi M; + + mbedtls_mpi_init( &M ); + + /* + * We need an odd scalar for recoding. Ensure that by replacing it with + * its opposite, then negating the result to compensate if needed. + */ + m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 ); + MBEDTLS_MPI_CHK( ecp_make_scalar_odd( grp, &M, m, m_is_odd ) ); + ecp_comb_fixed( k, d, w, &M ); + + /* + * Go for comb multiplication, R = M * P + */ + MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, R, T, pre_len, k, d, f_rng, p_rng ) ); + + /* + * Now get m * P from M * P and normalize it + */ + MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, ! m_is_odd ) ); + MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) ); + +cleanup: + mbedtls_mpi_free( &M ); + + return( ret ); +} + + /* * Pick window size based on curve size and whether we optimize for base point */ @@ -1452,19 +1499,15 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, void *p_rng ) { int ret; - unsigned char w, m_is_odd, p_eq_g, pre_len, i; + unsigned char w, p_eq_g, pre_len, i; size_t d; - unsigned char k[COMB_MAX_D + 1]; mbedtls_ecp_point *T = NULL; - mbedtls_mpi M; #if defined(MBEDTLS_ECP_EARLY_RETURN) if( ecp_restart.fake_it++ != 0 && ecp_max_ops != 0 ) return( MBEDTLS_ERR_ECP_IN_PROGRESS ); #endif - mbedtls_mpi_init( &M ); - /* Is P the base point ? */ #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && @@ -1473,7 +1516,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, p_eq_g = 0; #endif - /* Window size and others that depend on it */ + /* Pick window size and deduce related sizes */ w = ecp_pick_window_size( grp, p_eq_g ); pre_len = 1U << ( w - 1 ); d = ( grp->nbits + w - 1 ) / w; @@ -1502,24 +1545,10 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, } } - /* - * We need an odd scalar for recoding. Ensure that by replacing it with - * its opposite, then negating the result to compensate if needed. - */ - m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 ); - MBEDTLS_MPI_CHK( ecp_make_scalar_odd( grp, &M, m, m_is_odd ) ); - - /* - * Go for comb multiplication, R = M * P - */ - ecp_comb_fixed( k, d, w, &M ); - MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, R, T, pre_len, k, d, f_rng, p_rng ) ); - - /* - * Now get m * P from M * P and normalize it - */ - MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, ! m_is_odd ) ); - MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) ); + /* Actual comb multiplication using precomputed points */ + MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m, + T, pre_len, w, d, + f_rng, p_rng ) ); cleanup: @@ -1530,8 +1559,6 @@ cleanup: mbedtls_free( T ); } - mbedtls_mpi_free( &M ); - if( ret != 0 ) mbedtls_ecp_point_free( R ); From 62738e9b170705059ff878aeeba7e3f4f6582c47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Mar 2017 10:00:21 +0100 Subject: [PATCH 012/368] Further restrict variable scope by moving code --- library/ecp.c | 68 +++++++++++++++++++++++++-------------------------- 1 file changed, 33 insertions(+), 35 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 932e4e58a..71f8700b5 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1220,8 +1220,8 @@ cleanup: * - m is the MPI, expected to be odd and such that bitlength(m) <= w * d * (the result will be incorrect if these assumptions are not satisfied) */ -static void ecp_comb_fixed( unsigned char x[], size_t d, - unsigned char w, const mbedtls_mpi *m ) +static void ecp_comb_recode_core( unsigned char x[], size_t d, + unsigned char w, const mbedtls_mpi *m ) { size_t i, j; unsigned char c, cc, adjust; @@ -1377,32 +1377,43 @@ cleanup: } /* - * Set M to either m or -m, depending on which one is odd + * Recode the scalar to get constant-time comb multiplication + * + * As the actual scalar recoding needs an odd scalar as a starting point, + * this wrapper ensures that by replacing m by N - m if necessary, and + * informs the caller that the result of multiplication will be negated. */ -static int ecp_make_scalar_odd( const mbedtls_ecp_group *grp, - mbedtls_mpi *M, - const mbedtls_mpi *m, - const unsigned char m_is_odd ) +static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp, + const mbedtls_mpi *m, + unsigned char k[COMB_MAX_D + 1], + size_t d, + unsigned char w, + unsigned char *parity_trick ) { int ret; - mbedtls_mpi mm; + mbedtls_mpi M, mm; + mbedtls_mpi_init( &M ); mbedtls_mpi_init( &mm ); - /* we need N to be odd to transform m in an odd number, check now */ + /* N is odd with all real-world curves, just make extra sure */ if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - /* - * Make sure M is odd (M = m or M = N - m, since N is odd) - * using the fact that m * P = - (N - m) * P - */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( M, m ) ); + /* do we need the parity trick? */ + *parity_trick = ( mbedtls_mpi_get_bit( m, 0 ) == 0 ); + + /* execute parity fix in constant time */ + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( M, &mm, ! m_is_odd ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, *parity_trick ) ); + + /* actual scalar recoding */ + ecp_comb_recode_core( k, d, w, &M ); cleanup: mbedtls_mpi_free( &mm ); + mbedtls_mpi_free( &M ); return( ret ); } @@ -1410,6 +1421,9 @@ cleanup: /* * Perform comb multiplication (for short Weierstrass curves) * once the auxiliary table has been pre-computed. + * + * Scalar recoding may use a parity trick that makes us compute -m * P, + * if that is the case we'll need to recover m * P at the end. */ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, @@ -1422,34 +1436,18 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, void *p_rng ) { int ret; - unsigned char m_is_odd; + unsigned char parity_trick; unsigned char k[COMB_MAX_D + 1]; - mbedtls_mpi M; - mbedtls_mpi_init( &M ); + MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, &parity_trick ) ); - /* - * We need an odd scalar for recoding. Ensure that by replacing it with - * its opposite, then negating the result to compensate if needed. - */ - m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 ); - MBEDTLS_MPI_CHK( ecp_make_scalar_odd( grp, &M, m, m_is_odd ) ); - ecp_comb_fixed( k, d, w, &M ); - - /* - * Go for comb multiplication, R = M * P - */ MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, R, T, pre_len, k, d, f_rng, p_rng ) ); - /* - * Now get m * P from M * P and normalize it - */ - MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, ! m_is_odd ) ); + MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, parity_trick ) ); + MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) ); cleanup: - mbedtls_mpi_free( &M ); - return( ret ); } From 77af79a324f8d340ef5595d92e1782eb3125ccc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Mar 2017 10:58:00 +0100 Subject: [PATCH 013/368] Add proper allocation of restart context We'll need to store MPIs and other things that allocate memory in this context, so we need a place to free it. We can't rely on doing it before returning from ecp_mul() as we might return MBEDTLS_ERR_ECP_IN_PROGRESS (thus preserving the context) and never be called again (for example, TLS handshake aborted for another reason). So, ecp_group_free() looks like a good place to do this, if the restart context is part of struct ecp_group. This means it's not possible to use the same ecp_group structure in different threads concurrently, but: - that's already the case (and documented) for other reasons - this feature is precisely intended for environments that lack threading An alternative option would be for the caller to have to allocate/free the restart context and pass it explicitly, but this means creating new functions that take a context argument, and putting a burden on the user. --- include/mbedtls/ecp.h | 13 +++++++ library/ecp.c | 55 +++++++++++++++++++++++----- tests/suites/test_suite_ecp.function | 4 ++ 3 files changed, 62 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 7bcc69c01..d44e65843 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -112,6 +112,16 @@ typedef struct } mbedtls_ecp_point; +#if defined(MBEDTLS_ECP_EARLY_RETURN) +/** + * \brief ECP context for resuming operations after returning + * \c MBEDTLS_ERR_ECP_IN_PROGRESS + * + * \note Opaque struct + */ +typedef struct mbedtls_ecp_restart mbedtls_ecp_restart_ctx; +#endif + /** * \brief ECP group structure * @@ -153,6 +163,9 @@ typedef struct void *t_data; /*!< unused */ mbedtls_ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */ size_t T_size; /*!< number for pre-computed points */ +#if defined(MBEDTLS_ECP_EARLY_RETURN) + mbedtls_ecp_restart_ctx *rs; /*!< context for resuming operation */ +#endif } mbedtls_ecp_group; diff --git a/library/ecp.c b/library/ecp.c index 71f8700b5..60aa0a3cd 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -101,20 +101,28 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ) } /* - * Saved context type for restarting operations. - * - * XXX: this is a temporary place for the definition + * Restart context type for interrupted operations */ -typedef struct { +struct mbedtls_ecp_restart { unsigned char fake_it; /* for tests: should we fake early return? */ -} ecp_restart_context; +}; /* - * Saved context fro restarting operations. - * - * XXX: temporary place for the allocation + * Init restart context */ -static ecp_restart_context ecp_restart; +static void ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_ecp_restart_ctx ) ); +} + +/* + * Free the components of a restart context + */ +static void ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) +{ + if( ctx == NULL ) + return; +} #endif /* MBEDTLS_ECP_EARLY_RETURN */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ @@ -378,6 +386,11 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) mbedtls_free( grp->T ); } +#if defined(MBEDTLS_ECP_EARLY_RETURN) + ecp_restart_free( grp->rs ); + mbedtls_free( grp->rs ); +#endif + mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) ); } @@ -1501,8 +1514,22 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, size_t d; mbedtls_ecp_point *T = NULL; + /* set up restart context if needed */ #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( ecp_restart.fake_it++ != 0 && ecp_max_ops != 0 ) + if( ecp_max_ops != 0 && grp->rs == NULL ) + { + grp->rs = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_ctx ) ); + if( grp->rs == NULL ) + return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + ecp_restart_init( grp->rs ); + + grp->rs->fake_it = 1; + } +#endif + + /* XXX: temporary */ +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs && grp->rs->fake_it++ != 0 ) return( MBEDTLS_ERR_ECP_IN_PROGRESS ); #endif @@ -1560,6 +1587,14 @@ cleanup: if( ret != 0 ) mbedtls_ecp_point_free( R ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + ecp_restart_free( grp->rs ); + mbedtls_free( grp->rs ); + grp->rs = NULL; + } +#endif + return( ret ); } diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index c8daef990..74e23875d 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -145,6 +145,10 @@ void ecp_test_vect_restart( int id, } while( ret != 0 ); + /* Do we leak memory when not finishing an operation? */ + ret = mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + exit: mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R ); mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); mbedtls_mpi_free( &yA ); From 78d564a84156974580895e5a1aa6c24b8dd2ac64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Mar 2017 11:48:38 +0100 Subject: [PATCH 014/368] Add check for changing arguments In case of argument change, freeing everything is not the most efficient (wastes one free()+calloc()) but makes the code simpler, which is probably more important here --- library/ecp.c | 24 +++++++++++++++++++++--- tests/suites/test_suite_ecp.function | 7 +++++++ 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 60aa0a3cd..0a0239cc3 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -105,6 +105,8 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ) */ struct mbedtls_ecp_restart { unsigned char fake_it; /* for tests: should we fake early return? */ + mbedtls_mpi m; /* saved argument: scalar */ + mbedtls_ecp_point P; /* saved argument: point */ }; /* @@ -122,6 +124,9 @@ static void ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) { if( ctx == NULL ) return; + + mbedtls_mpi_free( &ctx->m ); + mbedtls_ecp_point_free( &ctx->P ); } #endif /* MBEDTLS_ECP_EARLY_RETURN */ @@ -1514,22 +1519,35 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, size_t d; mbedtls_ecp_point *T = NULL; - /* set up restart context if needed */ #if defined(MBEDTLS_ECP_EARLY_RETURN) + /* check for restart with new arguments */ + if( grp->rs != NULL && + ( mbedtls_mpi_cmp_mpi( m, &grp->rs->m ) != 0 || + mbedtls_mpi_cmp_mpi( &P->X, &grp->rs->P.X ) != 0 || + mbedtls_mpi_cmp_mpi( &P->Y, &grp->rs->P.Y ) != 0 ) ) + { + ecp_restart_free( grp->rs ); + mbedtls_free( grp->rs ); + grp->rs = NULL; + } + + /* set up restart context if needed */ if( ecp_max_ops != 0 && grp->rs == NULL ) { grp->rs = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_ctx ) ); if( grp->rs == NULL ) return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + ecp_restart_init( grp->rs ); - grp->rs->fake_it = 1; + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &grp->rs->m, m ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &grp->rs->P, P ) ); } #endif /* XXX: temporary */ #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs && grp->rs->fake_it++ != 0 ) + if( grp->rs && ++grp->rs->fake_it != 0 ) return( MBEDTLS_ERR_ECP_IN_PROGRESS ); #endif diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 74e23875d..caf983e72 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -121,6 +121,13 @@ void ecp_test_vect_restart( int id, } while( ret != 0 ); + /* Ok, now start an operation with some arguments, and drop it. + * We'll see if the result of the next operation, with different args, + * are correct regardless (do we discard old context on new args?). + * This also tests that we don't write to R prematurely */ + ret = mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, NULL, NULL ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + /* Non-base point case */ cnt_restarts = 0; do { From 8962ddbb2327764284d17100ff5d6946ae63f0d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Mar 2017 12:11:21 +0100 Subject: [PATCH 015/368] Don't write to destination until we're done --- library/ecp.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 0a0239cc3..d402e5c10 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -107,6 +107,7 @@ struct mbedtls_ecp_restart { unsigned char fake_it; /* for tests: should we fake early return? */ mbedtls_mpi m; /* saved argument: scalar */ mbedtls_ecp_point P; /* saved argument: point */ + mbedtls_ecp_point R; /* current intermediate result */ }; /* @@ -127,6 +128,7 @@ static void ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) mbedtls_mpi_free( &ctx->m ); mbedtls_ecp_point_free( &ctx->P ); + mbedtls_ecp_point_free( &ctx->R ); } #endif /* MBEDTLS_ECP_EARLY_RETURN */ @@ -1456,14 +1458,24 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, int ret; unsigned char parity_trick; unsigned char k[COMB_MAX_D + 1]; + mbedtls_ecp_point *RR = R; + +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL ) + RR = &grp->rs->R; +#endif MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, &parity_trick ) ); - MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, R, T, pre_len, k, d, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, pre_len, k, d, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, parity_trick ) ); + MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); - MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) ); + MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); + +#if defined(MBEDTLS_ECP_EARLY_RETURN) + MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) ); +#endif cleanup: return( ret ); From 2fad7ae02a6e2dcc75f5c8f83e2fc3d2acd60442 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Mar 2017 13:13:13 +0100 Subject: [PATCH 016/368] Start actually splitting computation Temporary state is quite inefficient: pre-computed table is recomputed every single time. This is WIP obviously. --- library/ecp.c | 68 ++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 59 insertions(+), 9 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index d402e5c10..3505b2041 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -104,10 +104,14 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ) * Restart context type for interrupted operations */ struct mbedtls_ecp_restart { - unsigned char fake_it; /* for tests: should we fake early return? */ + unsigned ops_done; /* number of operations done this time */ mbedtls_mpi m; /* saved argument: scalar */ mbedtls_ecp_point P; /* saved argument: point */ mbedtls_ecp_point R; /* current intermediate result */ + enum { + ecp_rs_init = 0, + ecp_rs_final_norm, + } state; }; /* @@ -129,7 +133,37 @@ static void ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) mbedtls_mpi_free( &ctx->m ); mbedtls_ecp_point_free( &ctx->P ); mbedtls_ecp_point_free( &ctx->R ); + + memset( ctx, 0, sizeof( mbedtls_ecp_restart_ctx ) ); } + +/* + * Operation counts + */ +#define ECP_OPS_DBL 8 /* see ecp_double_jac() */ +#define ECP_OPS_ADD 11 /* see ecp_add_mixed() */ +#define ECP_OPS_INV 120 /* empirical equivalent */ + +/* + * Check if we can do the next step + */ +static int ecp_check_budget( const mbedtls_ecp_group *grp, unsigned ops ) +{ + if( grp->rs != NULL ) + { + /* avoid infinite loops: always allow first step */ + if( grp->rs->ops_done != 0 && grp->rs->ops_done + ops > ecp_max_ops ) + return( MBEDTLS_ERR_ECP_IN_PROGRESS ); + + grp->rs->ops_done += ops; + } + + return( 0 ); +} + +#define ECP_BUDGET( ops ) MBEDTLS_MPI_CHK( ecp_check_budget( grp, ops ) ); +#else +#define ECP_BUDGET( ops ) #endif /* MBEDTLS_ECP_EARLY_RETURN */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ @@ -1465,12 +1499,26 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, RR = &grp->rs->R; #endif - MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, &parity_trick ) ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs == NULL || grp->rs->state < ecp_rs_final_norm ) +#endif + { + MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, + &parity_trick ) ); + MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, pre_len, k, d, + f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); - MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, pre_len, k, d, f_rng, p_rng ) ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL ) + grp->rs->state++; +#endif - MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); + /* XXX: temporary: should have counted some ops */ + ECP_BUDGET( 42 ); + } + ECP_BUDGET( ECP_OPS_INV ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); #if defined(MBEDTLS_ECP_EARLY_RETURN) @@ -1555,12 +1603,10 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &grp->rs->m, m ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &grp->rs->P, P ) ); } -#endif - /* XXX: temporary */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs && ++grp->rs->fake_it != 0 ) - return( MBEDTLS_ERR_ECP_IN_PROGRESS ); + /* new start for ops counts */ + if( grp->rs != NULL ) + grp->rs->ops_done = 0; #endif /* Is P the base point ? */ @@ -1614,6 +1660,10 @@ cleanup: mbedtls_free( T ); } + /* don't free R while in progress in case R == P */ +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) +#endif if( ret != 0 ) mbedtls_ecp_point_free( R ); From c5d844b999c03379bb4b8fc5903791d13ba6231e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 15 Mar 2017 13:06:28 +0100 Subject: [PATCH 017/368] Full restart support in ecp_mul_comb_core() Still recomputing table every time, though. --- library/ecp.c | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 3505b2041..785093f7a 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -108,6 +108,7 @@ struct mbedtls_ecp_restart { mbedtls_mpi m; /* saved argument: scalar */ mbedtls_ecp_point P; /* saved argument: point */ mbedtls_ecp_point R; /* current intermediate result */ + size_t i; /* current index in various loops, 0 outside */ enum { ecp_rs_init = 0, ecp_rs_final_norm, @@ -1409,15 +1410,26 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R mbedtls_ecp_point_init( &Txi ); - /* Start with a non-zero point and randomize its coordinates */ - i = d; - MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, t_len, x[i] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); - if( f_rng != 0 ) - MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL && grp->rs->i != 0 ) + { + /* restore current index (R already pointing to grp->rs->R) */ + i = grp->rs->i; + } + else +#endif + { + /* Start with a non-zero point and randomize its coordinates */ + i = d; + MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, t_len, x[i] ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); + if( f_rng != 0 ) + MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); + } while( i-- != 0 ) { + ECP_BUDGET( ECP_OPS_DBL + ECP_OPS_ADD ); MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) ); MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, t_len, x[i] ) ); MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) ); @@ -1427,6 +1439,23 @@ cleanup: mbedtls_ecp_point_free( &Txi ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL ) + { + if( ret == 0 ) + { + grp->rs->state++; + grp->rs->i = 0; + } + else if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + { + /* was decreased before actually doing it */ + grp->rs->i = i + 1; + /* no need to save R, already pointing to grp->rs->R */ + } + } +#endif + return( ret ); } @@ -1513,9 +1542,6 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, if( grp->rs != NULL ) grp->rs->state++; #endif - - /* XXX: temporary: should have counted some ops */ - ECP_BUDGET( 42 ); } ECP_BUDGET( ECP_OPS_INV ); From c9c0aa6306fc1480a601ad1de5ecf9228068dde8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 16 Mar 2017 14:53:26 +0100 Subject: [PATCH 018/368] Remember precomputed table Free it as soon as it's no longer needed, but as a backup free it in ecp_group_free(), in case ecp_mul() is not called again after returning ECP_IN_PROGRESS. So far we only remember it when it's fully computed, next step is to be able to compute it in multiple steps. --- library/ecp.c | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 785093f7a..653c60f3b 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -109,9 +109,11 @@ struct mbedtls_ecp_restart { mbedtls_ecp_point P; /* saved argument: point */ mbedtls_ecp_point R; /* current intermediate result */ size_t i; /* current index in various loops, 0 outside */ - enum { - ecp_rs_init = 0, - ecp_rs_final_norm, + mbedtls_ecp_point *T; /* table for precomputed points */ + unsigned char T_size; /* number of points in table T */ + enum { /* what's the next step ? */ + ecp_rs_init = 0, /* just getting started */ + ecp_rs_final_norm, /* do the final normalization */ } state; }; @@ -128,6 +130,8 @@ static void ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) */ static void ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) { + unsigned char i; + if( ctx == NULL ) return; @@ -135,6 +139,12 @@ static void ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) mbedtls_ecp_point_free( &ctx->P ); mbedtls_ecp_point_free( &ctx->R ); + if( ctx->T != NULL ) { + for( i = 0; i < ctx->T_size; i++ ) + mbedtls_ecp_point_free( ctx->T + i ); + mbedtls_free( ctx->T ); + } + memset( ctx, 0, sizeof( mbedtls_ecp_restart_ctx ) ); } @@ -1601,8 +1611,9 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, void *p_rng ) { int ret; - unsigned char w, p_eq_g, pre_len, i; + unsigned char w, p_eq_g = 0, i; size_t d; + unsigned char pre_len = 0; mbedtls_ecp_point *T = NULL; #if defined(MBEDTLS_ECP_EARLY_RETURN) @@ -1639,8 +1650,6 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 ); -#else - p_eq_g = 0; #endif /* Pick window size and deduce related sizes */ @@ -1654,6 +1663,16 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, */ T = p_eq_g ? grp->T : NULL; +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL && grp->rs->T != NULL && T == NULL ) + { + /* transfer "ownership" of T from rs to local function */ + T = grp->rs->T; + grp->rs->T = NULL; + grp->rs->T_size = 0; + } +#endif + if( T == NULL ) { T = mbedtls_calloc( pre_len, sizeof( mbedtls_ecp_point ) ); @@ -1679,6 +1698,16 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, cleanup: +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != grp->T ) + { + /* transfer "ownership" of T from local function to rs */ + grp->rs->T_size = pre_len; + grp->rs->T = T; + T = NULL; + } +#endif + if( T != NULL && ! p_eq_g ) { for( i = 0; i < pre_len; i++ ) From 085b1dff40ad1a2bcccc0b9da062bd580b8d2961 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 16 Mar 2017 16:56:04 +0100 Subject: [PATCH 019/368] Allow T to be computed in multiple steps Previously there were only two states: - T unallocated - T allocated and valid Now there are three: - T unallocated - T allocated and in progress - T allocated and valid Introduce new bool T_ok to distinguish the last two states. --- library/ecp.c | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 653c60f3b..71fb314cc 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -113,6 +113,8 @@ struct mbedtls_ecp_restart { unsigned char T_size; /* number of points in table T */ enum { /* what's the next step ? */ ecp_rs_init = 0, /* just getting started */ + ecp_rs_tmp_dummy, /* temporary for incremental testing */ + ecp_rs_T_done, /* call ecp_mul_comb_after_precomp() */ ecp_rs_final_norm, /* do the final normalization */ } state; }; @@ -1334,6 +1336,15 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, size_t j; mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; +#if defined(MBEDTLS_ECP_EARLY_RETURN) + /* XXX: dummy "in_progress" return for testing caller */ + if( grp->rs != NULL && grp->rs->state == ecp_rs_init ) + { + grp->rs->state++; + return( MBEDTLS_ERR_ECP_IN_PROGRESS ); + } +#endif + /* * Set T[0] = P and * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) @@ -1370,6 +1381,11 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL ) + grp->rs->state++; +#endif + cleanup: return( ret ); @@ -1613,7 +1629,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int ret; unsigned char w, p_eq_g = 0, i; size_t d; - unsigned char pre_len = 0; + unsigned char pre_len = 0, T_ok = 0; mbedtls_ecp_point *T = NULL; #if defined(MBEDTLS_ECP_EARLY_RETURN) @@ -1657,22 +1673,28 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, pre_len = 1U << ( w - 1 ); d = ( grp->nbits + w - 1 ) / w; - /* - * Prepare precomputed points: if P == G we want to - * use grp->T if already initialized, or initialize it. - */ - T = p_eq_g ? grp->T : NULL; + /* Pre-computed table: do we have it already for the base point? */ + if( p_eq_g && grp->T != NULL ) + { + T = grp->T; + T_ok = 1; + } #if defined(MBEDTLS_ECP_EARLY_RETURN) + /* Pre-computed table: do we have one in progress? complete? */ if( grp->rs != NULL && grp->rs->T != NULL && T == NULL ) { /* transfer "ownership" of T from rs to local function */ T = grp->rs->T; grp->rs->T = NULL; grp->rs->T_size = 0; + + if( grp->rs->state >= ecp_rs_T_done ) + T_ok = 1; } #endif + /* Allocate table if we didn't have any */ if( T == NULL ) { T = mbedtls_calloc( pre_len, sizeof( mbedtls_ecp_point ) ); @@ -1681,7 +1703,11 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; goto cleanup; } + } + /* Compute table (or finish computing it) if not done already */ + if( !T_ok ) + { MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d ) ); if( p_eq_g ) From 07bf6f52c1e3317a12e53b523199fd9474831aa1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 16 Mar 2017 17:21:38 +0100 Subject: [PATCH 020/368] Tune T ownership code + comments Don't miss the little code changes among all those comments change :) --- library/ecp.c | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 71fb314cc..f852c9988 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1618,8 +1618,17 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, } /* - * Multiplication using the comb method, - * for curves in short Weierstrass form + * Multiplication using the comb method - for curves in short Weierstrass form + * + * This function is mainly responsible for administrative work: + * - managing the restart context if enabled + * - managing the table of precomputed points (passed between the above two + * functions): allocation, computation, ownership tranfer, freeing. + * + * It delegates the actual arithmetic work to: + * ecp_precompute_comb() and ecp_mul_comb_with_precomp() + * + * See comments on ecp_comb_recode_core() regarding the computation strategy. */ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, @@ -1657,7 +1666,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &grp->rs->P, P ) ); } - /* new start for ops counts */ + /* reset ops count for this call */ if( grp->rs != NULL ) grp->rs->ops_done = 0; #endif @@ -1676,6 +1685,8 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* Pre-computed table: do we have it already for the base point? */ if( p_eq_g && grp->T != NULL ) { + /* second pointer to the same table + * no ownership transfer as other threads might be using T too */ T = grp->T; T_ok = 1; } @@ -1684,7 +1695,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* Pre-computed table: do we have one in progress? complete? */ if( grp->rs != NULL && grp->rs->T != NULL && T == NULL ) { - /* transfer "ownership" of T from rs to local function */ + /* transfer ownership of T from rs to local function */ T = grp->rs->T; grp->rs->T = NULL; grp->rs->T_size = 0; @@ -1714,6 +1725,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, { grp->T = T; grp->T_size = pre_len; + /* now have two pointers to the same table */ } } @@ -1724,17 +1736,23 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, cleanup: + /* does T belong to the group? */ + if( T == grp->T ) + T = NULL; + + /* does T belong to the restart context? */ #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != grp->T ) + if( grp->rs != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) { - /* transfer "ownership" of T from local function to rs */ + /* transfer ownership of T from local function to rs */ grp->rs->T_size = pre_len; grp->rs->T = T; T = NULL; } #endif - if( T != NULL && ! p_eq_g ) + /* did T belong to us? then let's destroy it! */ + if( T != NULL ) { for( i = 0; i < pre_len; i++ ) mbedtls_ecp_point_free( &T[i] ); @@ -1745,9 +1763,11 @@ cleanup: #if defined(MBEDTLS_ECP_EARLY_RETURN) if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) #endif + /* prevent caller from using invalid value */ if( ret != 0 ) mbedtls_ecp_point_free( R ); + /* clear restart context when not in progress (done or error) */ #if defined(MBEDTLS_ECP_EARLY_RETURN) if( grp->rs != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { ecp_restart_free( grp->rs ); From fc3e0beabfa7b97476bc90fad32167ea04fb5341 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Mar 2017 09:29:31 +0100 Subject: [PATCH 021/368] Separate auxiliary array in precompute_comb() Separating main computation from filling of the auxiliary array makes things clearer and easier to restart as we don't have to remember the in-progress auxiliary array. --- library/ecp.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index f852c9988..47c7da2a2 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1332,7 +1332,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, unsigned char w, size_t d ) { int ret; - unsigned char i, k; + unsigned char i; size_t j; mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; @@ -1351,35 +1351,44 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, */ MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); - k = 0; for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 ) { cur = T + i; MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) ); for( j = 0; j < d; j++ ) MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); - - TT[k++] = cur; } - MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) ); + /* + * Normalize current elements in T. As T has holes, + * use an auxiliary array of pointers to elements in T. + */ + j = 0; + for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 ) + TT[j++] = T + i; + + MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); /* * Compute the remaining ones using the minimal number of additions * Be careful to update T[2^l] only after using it! */ - k = 0; for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 ) { j = i; while( j-- ) - { MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) ); - TT[k++] = &T[i + j]; - } } - MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) ); + /* + * Normalize final elements in T. Even though there are no holes now, + * we still need the auxiliary array for homogeneity with last time. + * Also skip T[0] which is already normalised, being a copy of P. + */ + for( j = 0; j + 1 < ( 1U << ( w - 1 ) ); j++ ) + TT[j] = T + j + 1; + + MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); #if defined(MBEDTLS_ECP_EARLY_RETURN) if( grp->rs != NULL ) From 67c83fb8710520a8c402f76396f3b0111330cebc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Mar 2017 10:08:53 +0100 Subject: [PATCH 022/368] Give a constant a name --- library/ecp.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 47c7da2a2..7bcf25626 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1334,6 +1334,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, int ret; unsigned char i; size_t j; + const unsigned char T_len = 1U << ( w - 1 ); mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; #if defined(MBEDTLS_ECP_EARLY_RETURN) @@ -1351,7 +1352,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, */ MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); - for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 ) + for( i = 1; i < T_len; i <<= 1 ) { cur = T + i; MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) ); @@ -1364,7 +1365,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, * use an auxiliary array of pointers to elements in T. */ j = 0; - for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 ) + for( i = 1; i < T_len; i <<= 1 ) TT[j++] = T + i; MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); @@ -1373,7 +1374,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, * Compute the remaining ones using the minimal number of additions * Be careful to update T[2^l] only after using it! */ - for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 ) + for( i = 1; i < T_len; i <<= 1 ) { j = i; while( j-- ) @@ -1383,9 +1384,9 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, /* * Normalize final elements in T. Even though there are no holes now, * we still need the auxiliary array for homogeneity with last time. - * Also skip T[0] which is already normalised, being a copy of P. + * Also, skip T[0] which is already normalised, being a copy of P. */ - for( j = 0; j + 1 < ( 1U << ( w - 1 ) ); j++ ) + for( j = 0; j + 1 < T_len; j++ ) TT[j] = T + j + 1; MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); From e2d7cb3f10a5e19f0448f010c8bc4008679f143a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Mar 2017 10:24:17 +0100 Subject: [PATCH 023/368] Start splitting precompute_comb() This is the easy part: with the current steps, all information between steps is passed via T which is already saved. Next we'll need to split at least the first loop, and maybe calls to normalize_jac_many() and/or the second loop. --- library/ecp.c | 50 +++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 45 insertions(+), 5 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 7bcf25626..2d473d9b4 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -113,7 +113,9 @@ struct mbedtls_ecp_restart { unsigned char T_size; /* number of points in table T */ enum { /* what's the next step ? */ ecp_rs_init = 0, /* just getting started */ - ecp_rs_tmp_dummy, /* temporary for incremental testing */ + ecp_rs_pre_norm_dbl, /* normalize precomputed 2^n multiples */ + ecp_rs_pre_add, /* precompute remaining points by adding */ + ecp_rs_pre_norm_add, /* normalize all precomputed points */ ecp_rs_T_done, /* call ecp_mul_comb_after_precomp() */ ecp_rs_final_norm, /* do the final normalization */ } state; @@ -1338,11 +1340,14 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; #if defined(MBEDTLS_ECP_EARLY_RETURN) - /* XXX: dummy "in_progress" return for testing caller */ - if( grp->rs != NULL && grp->rs->state == ecp_rs_init ) + if( grp->rs != NULL ) { - grp->rs->state++; - return( MBEDTLS_ERR_ECP_IN_PROGRESS ); + if( grp->rs->state == ecp_rs_pre_norm_add ) + goto norm_add; + if( grp->rs->state == ecp_rs_pre_add ) + goto add; + if( grp->rs->state == ecp_rs_pre_norm_dbl ) + goto norm_dbl; } #endif @@ -1350,6 +1355,8 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, * Set T[0] = P and * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) */ + ECP_BUDGET( ( w - 1 ) * d * ECP_OPS_DBL ); // XXX: split loop + MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); for( i = 1; i < T_len; i <<= 1 ) @@ -1360,20 +1367,42 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); } +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL ) + grp->rs->state++; +#endif + /* * Normalize current elements in T. As T has holes, * use an auxiliary array of pointers to elements in T. */ +#if defined(MBEDTLS_ECP_EARLY_RETURN) +norm_dbl: +#endif + j = 0; for( i = 1; i < T_len; i <<= 1 ) TT[j++] = T + i; + ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 ); // XXX: split next function? + MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL ) + grp->rs->state++; +#endif + /* * Compute the remaining ones using the minimal number of additions * Be careful to update T[2^l] only after using it! */ +#if defined(MBEDTLS_ECP_EARLY_RETURN) +add: +#endif + + ECP_BUDGET( ( T_len - 1 ) * ECP_OPS_ADD ); // XXX: split loop? + for( i = 1; i < T_len; i <<= 1 ) { j = i; @@ -1381,14 +1410,25 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) ); } +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL ) + grp->rs->state++; +#endif + /* * Normalize final elements in T. Even though there are no holes now, * we still need the auxiliary array for homogeneity with last time. * Also, skip T[0] which is already normalised, being a copy of P. */ +#if defined(MBEDTLS_ECP_EARLY_RETURN) +norm_add: +#endif + for( j = 0; j + 1 < T_len; j++ ) TT[j] = T + j + 1; + ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 ); // XXX: split next function? + MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); #if defined(MBEDTLS_ECP_EARLY_RETURN) From ae55707b2859ca1abf2d349213670283aeec59f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Mar 2017 12:21:24 +0100 Subject: [PATCH 024/368] Turn double loop into single loop In preparation for making the loop restartable --- library/ecp.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 2d473d9b4..5ee97c895 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1359,12 +1359,15 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); - for( i = 1; i < T_len; i <<= 1 ) + for( j = 0; j < d * ( w - 1 ); j++ ) { + i = 1U << ( j / d ); cur = T + i; - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) ); - for( j = 0; j < d; j++ ) - MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); + + if( j % d == 0 ) + MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) ); + + MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); } #if defined(MBEDTLS_ECP_EARLY_RETURN) From 213541a548ca56bd9adc9b4ed3a2ac68a11a76cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Mar 2017 12:50:41 +0100 Subject: [PATCH 025/368] Make the first precomp loop restartable --- library/ecp.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 5ee97c895..a1f019d39 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1335,7 +1335,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, { int ret; unsigned char i; - size_t j; + size_t j = 0; const unsigned char T_len = 1U << ( w - 1 ); mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; @@ -1355,12 +1355,19 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, * Set T[0] = P and * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) */ - ECP_BUDGET( ( w - 1 ) * d * ECP_OPS_DBL ); // XXX: split loop - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); - for( j = 0; j < d * ( w - 1 ); j++ ) +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL && grp->rs->i != 0 ) + j = grp->rs->i; + else +#endif + j = 0; + + for( ; j < d * ( w - 1 ); j++ ) { + ECP_BUDGET( ECP_OPS_DBL ); + i = 1U << ( j / d ); cur = T + i; @@ -1372,7 +1379,10 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, #if defined(MBEDTLS_ECP_EARLY_RETURN) if( grp->rs != NULL ) + { + grp->rs->i = 0; grp->rs->state++; + } #endif /* @@ -1440,6 +1450,13 @@ norm_add: #endif cleanup: +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( grp->rs != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + { + if( grp->rs->state == ecp_rs_init ) + grp->rs->i = j; + } +#endif return( ret ); } From 1c678e0e0603c376ba265d38bc572e1ddc2f182d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Mar 2017 13:39:39 +0100 Subject: [PATCH 026/368] Update doc about minimum max_ops value Ok, so the original plan was to make mpi_inv_mod() the smallest block that could not be divided. Updated plan is that the smallest block will be either: - ecp_normalize_jac_many() (one mpi_inv_mod() + a number or mpi_mul_mpi()s) - or the second loop in ecp_precompute_comb() With default settings, the minimum non-restartable sequence is: - for P-256: 222M - for P-384: 341M This is within a 2-3x factor of originally planned value of 120M. However, that value can be approached, at the cost of some performance, by setting ECP_WINDOW_SIZE (w below) lower than the default of 6. For example: - w=4 -> 166M for any curve (perf. impact < 10%) - w=2 -> 130M for any curve (perf. impact ~ 30%) My opinion is that the current state with w=4 is a good compromise, and the code complexity need to attain 120M is not warranted by the 1.4 factor between that and the current minimum with w=4 (which is close to optimal perf). --- include/mbedtls/ecp.h | 10 ++++++++-- library/ecp.c | 6 +++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index d44e65843..810cb9f78 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -274,8 +274,14 @@ mbedtls_ecp_keypair; * of the order of 3600 "basic operations" with default * settings. * - * \warning Values lower than 120 are currently not well-supported, in - * that sometimes functions will have to block for longer. + * \warning Very low values are not always respected: sometimes + * functions need to block for a minimum number of + * operations, and will do so even if max_ops is set to a + * lower value. That minimum depends on the curve size, and + * can be made lower by decreasing the value of + * \c MBEDTLS_ECP_WINDOW_SIZE. As an indication, the minimum + * is around 160 for P-256 with \c MBEDTLS_ECP_WINDOW_SIZE + * set to 4. */ void mbedtls_ecp_set_max_ops( unsigned max_ops ); #endif /* MBEDTLS_ECP_EARLY_RETURN */ diff --git a/library/ecp.c b/library/ecp.c index a1f019d39..b3bddbfc6 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1397,7 +1397,7 @@ norm_dbl: for( i = 1; i < T_len; i <<= 1 ) TT[j++] = T + i; - ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 ); // XXX: split next function? + ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 ); MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); @@ -1414,7 +1414,7 @@ norm_dbl: add: #endif - ECP_BUDGET( ( T_len - 1 ) * ECP_OPS_ADD ); // XXX: split loop? + ECP_BUDGET( ( T_len - 1 ) * ECP_OPS_ADD ); for( i = 1; i < T_len; i <<= 1 ) { @@ -1440,7 +1440,7 @@ norm_add: for( j = 0; j + 1 < T_len; j++ ) TT[j] = T + j + 1; - ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 ); // XXX: split next function? + ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 ); MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); From 9c5c78ff5c3d259b8fea0bed2af67e26042aea38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Mar 2017 14:13:07 +0100 Subject: [PATCH 027/368] Fix indicative values of ops counts Previous measurements were wrong due to counting multiplication by a small constant as a full multiplication, which it is not. --- include/mbedtls/ecp.h | 2 +- tests/suites/test_suite_ecp.function | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 810cb9f78..314e4b257 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -271,7 +271,7 @@ mbedtls_ecp_keypair; * \note A "basic operation" is roughly multiplication in GF(p), * or whatever takes a roughly equivalent amount of time. * As an indication, a scalar multiplication on P-256 is - * of the order of 3600 "basic operations" with default + * of the order of 3300 "basic operations" with default * settings. * * \warning Very low values are not always respected: sometimes diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index caf983e72..3dfef1877 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -69,11 +69,11 @@ void ecp_test_vect_restart( int id, * change in the future. A factor 2 is a minimum safety margin. * * For reference, with mbed TLS 2.4 and default settings, for P-256: - * - Random point mult: ~3600M - * - Cold base point mult: ~3600M - * - Hot base point mult: ~1200M + * - Random point mult: ~3250M + * - Cold base point mult: ~3300M + * - Hot base point mult: ~1100M * With MBEDTLS_ECP_WINDOW_SIZE set to 2 (minimum): - * - Random point mult: ~4200M + * - Random point mult: ~3850M */ mbedtls_ecp_group grp; mbedtls_ecp_point R; From d3a0ca850031012908fee4d7af2edd27649bb4d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Mar 2017 14:20:38 +0100 Subject: [PATCH 028/368] Add tests about number of restarts --- tests/suites/test_suite_ecp.data | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index f96be5a51..82ffec57b 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -349,6 +349,14 @@ ECP early return secp256r1 restart disabled depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":0:0:0 -ECP early return secp256r1 restart enabled +ECP early return secp256r1 restart max_ops=1 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":1:1:5000 + +ECP early return secp256r1 restart max_ops=10000 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":10000:0:0 + +ECP early return secp256r1 restart max_ops=250 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":250:2:32 From e685449004eccc58f327cbde5f9808f78c38471c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Mar 2017 14:35:19 +0100 Subject: [PATCH 029/368] Scale ops count for larger curves From a user's perspective, you want a "basic operation" to take approximately the same amount of time regardless of the curve size, especially since max_ops is a global setting: otherwise if you pick a limit suitable for P-384 then when you do an operation on P-256 it will return way more often than needed. Said otherwise, a user is actually interested in actual running time, and we do the API in terms of "basic ops" for practical reasons (no timers) but then we should make sure it's a good proxy for running time. --- include/mbedtls/ecp.h | 18 ++++++++++-------- library/ecp.c | 8 ++++++++ 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 314e4b257..9521875df 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -268,20 +268,22 @@ mbedtls_ecp_keypair; * Lower (non-zero) values mean ECC functions will block for * a lesser maximum amount of time. * - * \note A "basic operation" is roughly multiplication in GF(p), - * or whatever takes a roughly equivalent amount of time. - * As an indication, a scalar multiplication on P-256 is - * of the order of 3300 "basic operations" with default - * settings. + * \note A "basic operation" is defined as a rough equivalent of a + * multiplication in GF(p) for the NIST P-256 curve. + * As an indication, with default settings, a scalar + * multiplication (full run of \c mbedtls_ecp_mul()) is: + * - about 3300 basic operations for P-256 + * - about 9400 basic operations for P-384 * * \warning Very low values are not always respected: sometimes * functions need to block for a minimum number of * operations, and will do so even if max_ops is set to a * lower value. That minimum depends on the curve size, and * can be made lower by decreasing the value of - * \c MBEDTLS_ECP_WINDOW_SIZE. As an indication, the minimum - * is around 160 for P-256 with \c MBEDTLS_ECP_WINDOW_SIZE - * set to 4. + * \c MBEDTLS_ECP_WINDOW_SIZE. As an indication, with that + * parameter set to 4, the minimum amount of blocking is: + * - around 165 basic operations for P-256 + * - around 330 basic operations for P-384 */ void mbedtls_ecp_set_max_ops( unsigned max_ops ); #endif /* MBEDTLS_ECP_EARLY_RETURN */ diff --git a/library/ecp.c b/library/ecp.c index b3bddbfc6..ec2e3cd7d 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -166,10 +166,18 @@ static int ecp_check_budget( const mbedtls_ecp_group *grp, unsigned ops ) { if( grp->rs != NULL ) { + /* scale depending on curve size: the chosen reference is 256-bit, + * and multiplication is quadratic. Round to the closest integer. */ + if( grp->pbits >= 512 ) + ops *= 4; + else if( grp->pbits >= 384 ) + ops *= 2; + /* avoid infinite loops: always allow first step */ if( grp->rs->ops_done != 0 && grp->rs->ops_done + ops > ecp_max_ops ) return( MBEDTLS_ERR_ECP_IN_PROGRESS ); + /* update running count */ grp->rs->ops_done += ops; } From e58f65a04bb30412b03dc1192a9f122ae82cf013 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Mar 2017 14:59:54 +0100 Subject: [PATCH 030/368] Expand documentation with notes and warnings --- include/mbedtls/ecp.h | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 9521875df..c7370339a 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -275,7 +275,7 @@ mbedtls_ecp_keypair; * - about 3300 basic operations for P-256 * - about 9400 basic operations for P-384 * - * \warning Very low values are not always respected: sometimes + * \note Very low values are not always respected: sometimes * functions need to block for a minimum number of * operations, and will do so even if max_ops is set to a * lower value. That minimum depends on the curve size, and @@ -284,6 +284,21 @@ mbedtls_ecp_keypair; * parameter set to 4, the minimum amount of blocking is: * - around 165 basic operations for P-256 * - around 330 basic operations for P-384 + * + * \note This setting is currently ignored by Curve25519 + * + * \warning The ECJPAKE module is currently not compatible with this + * feature. \c max_ops must always be 0 while using ECJPAKE. + * + * \warning NOT thread-safe: when \c max_ops is not zero, sharing a + * \c mbedtls_ecp_group structure, or a + * \c mbedtls_pk_context structure wrapping an ECC key, + * between concurrent threads of execution is NOT supported. + * For (D)TLS, that means it's not safe to concurrently run + * two handshakes that use the same private EC key for + * authenticating ourselves; it is however safe to maintain + * multiple simultaneous connections as long as the + * handshakes are not concurrent or don't use the same key. */ void mbedtls_ecp_set_max_ops( unsigned max_ops ); #endif /* MBEDTLS_ECP_EARLY_RETURN */ From 45fd0164dd23de06d3618a6809c7ad9863d2e711 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Mar 2017 08:24:42 +0100 Subject: [PATCH 031/368] Rename multiplication-specific restart context It's going to be convenient for each function that can generate a MBEDTLS_ERR_ECP_IN_PROGRESS on its own (as opposed to just passing it around) to have its own restart context that they can allocate and free as needed independently of the restart context of other functions. For example ecp_muladd() is going to have its own restart_muladd context that in can managed, then when it calls ecp_mul() this will manage a restart_mul context without interfering with the caller's context. So, things need to be renames to avoid future name clashes. --- include/mbedtls/ecp.h | 6 +- library/ecp.c | 156 +++++++++++++++++++++--------------------- 2 files changed, 81 insertions(+), 81 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index c7370339a..c5664a84b 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -114,12 +114,12 @@ mbedtls_ecp_point; #if defined(MBEDTLS_ECP_EARLY_RETURN) /** - * \brief ECP context for resuming operations after returning + * \brief ECP context for resuming multiplication after returning * \c MBEDTLS_ERR_ECP_IN_PROGRESS * * \note Opaque struct */ -typedef struct mbedtls_ecp_restart mbedtls_ecp_restart_ctx; +typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx; #endif /** @@ -164,7 +164,7 @@ typedef struct mbedtls_ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */ size_t T_size; /*!< number for pre-computed points */ #if defined(MBEDTLS_ECP_EARLY_RETURN) - mbedtls_ecp_restart_ctx *rs; /*!< context for resuming operation */ + mbedtls_ecp_restart_mul_ctx *rsm; /*!< restart context for ecp_mul() */ #endif } mbedtls_ecp_group; diff --git a/library/ecp.c b/library/ecp.c index ec2e3cd7d..19d6af08c 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -103,7 +103,7 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ) /* * Restart context type for interrupted operations */ -struct mbedtls_ecp_restart { +struct mbedtls_ecp_restart_mul { unsigned ops_done; /* number of operations done this time */ mbedtls_mpi m; /* saved argument: scalar */ mbedtls_ecp_point P; /* saved argument: point */ @@ -112,27 +112,27 @@ struct mbedtls_ecp_restart { mbedtls_ecp_point *T; /* table for precomputed points */ unsigned char T_size; /* number of points in table T */ enum { /* what's the next step ? */ - ecp_rs_init = 0, /* just getting started */ - ecp_rs_pre_norm_dbl, /* normalize precomputed 2^n multiples */ - ecp_rs_pre_add, /* precompute remaining points by adding */ - ecp_rs_pre_norm_add, /* normalize all precomputed points */ - ecp_rs_T_done, /* call ecp_mul_comb_after_precomp() */ - ecp_rs_final_norm, /* do the final normalization */ + ecp_rsm_init = 0, /* just getting started */ + ecp_rsm_pre_norm_dbl, /* normalize precomputed 2^n multiples */ + ecp_rsm_pre_add, /* precompute remaining points by adding */ + ecp_rsm_pre_norm_add, /* normalize all precomputed points */ + ecp_rsm_T_done, /* call ecp_mul_comb_after_precomp() */ + ecp_rsm_final_norm, /* do the final normalization */ } state; }; /* - * Init restart context + * Init restart_mul context */ -static void ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) +static void ecp_restart_mul_init( mbedtls_ecp_restart_mul_ctx *ctx ) { - memset( ctx, 0, sizeof( mbedtls_ecp_restart_ctx ) ); + memset( ctx, 0, sizeof( mbedtls_ecp_restart_mul_ctx ) ); } /* - * Free the components of a restart context + * Free the components of a restart_mul context */ -static void ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) +static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx ) { unsigned char i; @@ -149,7 +149,7 @@ static void ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) mbedtls_free( ctx->T ); } - memset( ctx, 0, sizeof( mbedtls_ecp_restart_ctx ) ); + memset( ctx, 0, sizeof( mbedtls_ecp_restart_mul_ctx ) ); } /* @@ -164,7 +164,7 @@ static void ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) */ static int ecp_check_budget( const mbedtls_ecp_group *grp, unsigned ops ) { - if( grp->rs != NULL ) + if( grp->rsm != NULL ) { /* scale depending on curve size: the chosen reference is 256-bit, * and multiplication is quadratic. Round to the closest integer. */ @@ -174,11 +174,11 @@ static int ecp_check_budget( const mbedtls_ecp_group *grp, unsigned ops ) ops *= 2; /* avoid infinite loops: always allow first step */ - if( grp->rs->ops_done != 0 && grp->rs->ops_done + ops > ecp_max_ops ) + if( grp->rsm->ops_done != 0 && grp->rsm->ops_done + ops > ecp_max_ops ) return( MBEDTLS_ERR_ECP_IN_PROGRESS ); /* update running count */ - grp->rs->ops_done += ops; + grp->rsm->ops_done += ops; } return( 0 ); @@ -451,8 +451,8 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) } #if defined(MBEDTLS_ECP_EARLY_RETURN) - ecp_restart_free( grp->rs ); - mbedtls_free( grp->rs ); + ecp_restart_mul_free( grp->rsm ); + mbedtls_free( grp->rsm ); #endif mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) ); @@ -1348,13 +1348,13 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL ) + if( grp->rsm != NULL ) { - if( grp->rs->state == ecp_rs_pre_norm_add ) + if( grp->rsm->state == ecp_rsm_pre_norm_add ) goto norm_add; - if( grp->rs->state == ecp_rs_pre_add ) + if( grp->rsm->state == ecp_rsm_pre_add ) goto add; - if( grp->rs->state == ecp_rs_pre_norm_dbl ) + if( grp->rsm->state == ecp_rsm_pre_norm_dbl ) goto norm_dbl; } #endif @@ -1366,8 +1366,8 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL && grp->rs->i != 0 ) - j = grp->rs->i; + if( grp->rsm != NULL && grp->rsm->i != 0 ) + j = grp->rsm->i; else #endif j = 0; @@ -1386,10 +1386,10 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, } #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL ) + if( grp->rsm != NULL ) { - grp->rs->i = 0; - grp->rs->state++; + grp->rsm->i = 0; + grp->rsm->state++; } #endif @@ -1410,8 +1410,8 @@ norm_dbl: MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL ) - grp->rs->state++; + if( grp->rsm != NULL ) + grp->rsm->state++; #endif /* @@ -1432,8 +1432,8 @@ add: } #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL ) - grp->rs->state++; + if( grp->rsm != NULL ) + grp->rsm->state++; #endif /* @@ -1453,16 +1453,16 @@ norm_add: MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL ) - grp->rs->state++; + if( grp->rsm != NULL ) + grp->rsm->state++; #endif cleanup: #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if( grp->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - if( grp->rs->state == ecp_rs_init ) - grp->rs->i = j; + if( grp->rsm->state == ecp_rsm_init ) + grp->rsm->i = j; } #endif @@ -1515,10 +1515,10 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R mbedtls_ecp_point_init( &Txi ); #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL && grp->rs->i != 0 ) + if( grp->rsm != NULL && grp->rsm->i != 0 ) { - /* restore current index (R already pointing to grp->rs->R) */ - i = grp->rs->i; + /* restore current index (R already pointing to grp->rsm->R) */ + i = grp->rsm->i; } else #endif @@ -1544,18 +1544,18 @@ cleanup: mbedtls_ecp_point_free( &Txi ); #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL ) + if( grp->rsm != NULL ) { if( ret == 0 ) { - grp->rs->state++; - grp->rs->i = 0; + grp->rsm->state++; + grp->rsm->i = 0; } else if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { /* was decreased before actually doing it */ - grp->rs->i = i + 1; - /* no need to save R, already pointing to grp->rs->R */ + grp->rsm->i = i + 1; + /* no need to save R, already pointing to grp->rsm->R */ } } #endif @@ -1628,12 +1628,12 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, mbedtls_ecp_point *RR = R; #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL ) - RR = &grp->rs->R; + if( grp->rsm != NULL ) + RR = &grp->rsm->R; #endif #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs == NULL || grp->rs->state < ecp_rs_final_norm ) + if( grp->rsm == NULL || grp->rsm->state < ecp_rsm_final_norm ) #endif { MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, @@ -1643,8 +1643,8 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL ) - grp->rs->state++; + if( grp->rsm != NULL ) + grp->rsm->state++; #endif } @@ -1721,32 +1721,32 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if defined(MBEDTLS_ECP_EARLY_RETURN) /* check for restart with new arguments */ - if( grp->rs != NULL && - ( mbedtls_mpi_cmp_mpi( m, &grp->rs->m ) != 0 || - mbedtls_mpi_cmp_mpi( &P->X, &grp->rs->P.X ) != 0 || - mbedtls_mpi_cmp_mpi( &P->Y, &grp->rs->P.Y ) != 0 ) ) + if( grp->rsm != NULL && + ( mbedtls_mpi_cmp_mpi( m, &grp->rsm->m ) != 0 || + mbedtls_mpi_cmp_mpi( &P->X, &grp->rsm->P.X ) != 0 || + mbedtls_mpi_cmp_mpi( &P->Y, &grp->rsm->P.Y ) != 0 ) ) { - ecp_restart_free( grp->rs ); - mbedtls_free( grp->rs ); - grp->rs = NULL; + ecp_restart_mul_free( grp->rsm ); + mbedtls_free( grp->rsm ); + grp->rsm = NULL; } /* set up restart context if needed */ - if( ecp_max_ops != 0 && grp->rs == NULL ) + if( ecp_max_ops != 0 && grp->rsm == NULL ) { - grp->rs = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_ctx ) ); - if( grp->rs == NULL ) + grp->rsm = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_mul_ctx ) ); + if( grp->rsm == NULL ) return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - ecp_restart_init( grp->rs ); + ecp_restart_mul_init( grp->rsm ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &grp->rs->m, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &grp->rs->P, P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &grp->rsm->m, m ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &grp->rsm->P, P ) ); } /* reset ops count for this call */ - if( grp->rs != NULL ) - grp->rs->ops_done = 0; + if( grp->rsm != NULL ) + grp->rsm->ops_done = 0; #endif /* Is P the base point ? */ @@ -1771,14 +1771,14 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if defined(MBEDTLS_ECP_EARLY_RETURN) /* Pre-computed table: do we have one in progress? complete? */ - if( grp->rs != NULL && grp->rs->T != NULL && T == NULL ) + if( grp->rsm != NULL && grp->rsm->T != NULL && T == NULL ) { - /* transfer ownership of T from rs to local function */ - T = grp->rs->T; - grp->rs->T = NULL; - grp->rs->T_size = 0; + /* transfer ownership of T from rsm to local function */ + T = grp->rsm->T; + grp->rsm->T = NULL; + grp->rsm->T_size = 0; - if( grp->rs->state >= ecp_rs_T_done ) + if( grp->rsm->state >= ecp_rsm_T_done ) T_ok = 1; } #endif @@ -1820,11 +1820,11 @@ cleanup: /* does T belong to the restart context? */ #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) + if( grp->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) { - /* transfer ownership of T from local function to rs */ - grp->rs->T_size = pre_len; - grp->rs->T = T; + /* transfer ownership of T from local function to rsm */ + grp->rsm->T_size = pre_len; + grp->rsm->T = T; T = NULL; } #endif @@ -1847,10 +1847,10 @@ cleanup: /* clear restart context when not in progress (done or error) */ #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rs != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { - ecp_restart_free( grp->rs ); - mbedtls_free( grp->rs ); - grp->rs = NULL; + if( grp->rsm != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + ecp_restart_mul_free( grp->rsm ); + mbedtls_free( grp->rsm ); + grp->rsm = NULL; } #endif From b739a712d1caa5e27fc49b45cf7d71b8636e4053 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 19 Apr 2017 10:11:56 +0200 Subject: [PATCH 032/368] Start moving to new design/API Following discussion in the team, it was deemed preferable for the restart context to be explicitly managed by the caller. This commits in the first in a series moving in that directly: it starts by only changing the public API, while still internally using the old design. Future commits in that series will change to the new design internally. The test function was simplified as it no longer makes sense to test for some memory management errors since that responsibility shifted to the caller. --- include/mbedtls/ecp.h | 54 +++++++++++++++++++++++++--- library/ecp.c | 35 ++++++++++++++++++ tests/suites/test_suite_ecp.function | 31 +++++----------- 3 files changed, 93 insertions(+), 27 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index c5664a84b..86d7c5906 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -164,7 +164,7 @@ typedef struct mbedtls_ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */ size_t T_size; /*!< number for pre-computed points */ #if defined(MBEDTLS_ECP_EARLY_RETURN) - mbedtls_ecp_restart_mul_ctx *rsm; /*!< restart context for ecp_mul() */ + mbedtls_ecp_restart_mul_ctx *rsm; /*!< temporary */ #endif } mbedtls_ecp_group; @@ -184,6 +184,16 @@ typedef struct } mbedtls_ecp_keypair; +#if defined(MBEDTLS_ECP_EARLY_RETURN) +/** + * \brief General context for resuming ECC operations + */ +typedef struct +{ + mbedtls_ecp_restart_mul_ctx *rsm; /*!< restart context for ecp_mul() */ +} mbedtls_ecp_restart_ctx; +#endif /* MBEDTLS_ECP_EARLY_RETURN */ + /** * \name SECTION: Module settings * @@ -377,6 +387,18 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); */ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) +/** + * \brief Initialize a restart context + */ +void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ); + +/** + * \brief Free the components of a restart context + */ +void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ); +#endif /* MBEDTLS_ECP_EARLY_RETURN */ + /** * \brief Copy the contents of point Q into P * @@ -588,16 +610,40 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, * \return 0 if successful, * MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey * or P is not a valid pubkey, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, + * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + */ +int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + +#if defined(MBEDTLS_ECP_EARLY_RETURN) +/** + * \brief Restartable version of \c mbedtls_ecp_mul() + * + * \note Performs the same job as \c mbedtls_ecp_mul(), but can + * return early and restart according to the limit set with + * \c mbedtls_ecp_set_max_ops() to reduce blocking. + * + * \param grp ECP group + * \param R Destination point + * \param m Integer by which to multiply + * \param P Point to multiply + * \param f_rng RNG function (see notes) + * \param p_rng RNG parameter + * \param rs_ctx Restart context - must be non-NULL to enable early-return + * + * \return See \c mbedtls_ecp_mul(), or * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached (see \c mbedtls_ecp_set_max_ops()), * indicating the function should be called again with the * exact same arguments. * */ -int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx ); +#endif /* MBEDTLS_ECP_EARLY_RETURN */ /** * \brief Multiplication and addition of two points by integers: diff --git a/library/ecp.c b/library/ecp.c index 19d6af08c..b2c2f53c2 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -152,6 +152,27 @@ static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx ) memset( ctx, 0, sizeof( mbedtls_ecp_restart_mul_ctx ) ); } +/* + * Initialize a restart context + */ +void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) +{ + memset( ctx, 0, sizeof( *ctx ) ); +} + +/* + * Free the components of a restart context + */ +void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) +{ + if( ctx == NULL ) + return; + + ecp_restart_mul_free( ctx->rsm ); + mbedtls_free( ctx->rsm ); + ctx->rsm = NULL; +} + /* * Operation counts */ @@ -2111,6 +2132,20 @@ cleanup: return( ret ); } +#if defined(MBEDTLS_ECP_EARLY_RETURN) +/* + * Restartable multiplication R = m * P + */ +int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx ) +{ + (void) rs_ctx; /* cheating for now */ + return( mbedtls_ecp_mul( grp, R, m, P, f_rng, p_rng ) ); +} +#endif + #if defined(ECP_SHORTWEIERSTRASS) /* * Check that an affine point is valid as a public key, diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 3dfef1877..195146c54 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -75,12 +75,14 @@ void ecp_test_vect_restart( int id, * With MBEDTLS_ECP_WINDOW_SIZE set to 2 (minimum): * - Random point mult: ~3850M */ + mbedtls_ecp_restart_ctx ctx; mbedtls_ecp_group grp; mbedtls_ecp_point R; mbedtls_mpi dA, xA, yA, dB, xZ, yZ; int cnt_restarts; int ret; + mbedtls_ecp_restart_init( &ctx ); mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ ); @@ -100,7 +102,7 @@ void ecp_test_vect_restart( int id, /* Base point case */ cnt_restarts = 0; do { - ret = mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, NULL, NULL ); + ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G, NULL, NULL, &ctx ); TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) @@ -114,24 +116,13 @@ void ecp_test_vect_restart( int id, TEST_ASSERT( cnt_restarts >= min_restarts ); TEST_ASSERT( cnt_restarts <= max_restarts ); - /* Do we leak memory when doing it twice in a row? */ - do { - ret = mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, NULL, NULL ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); - } - while( ret != 0 ); - - /* Ok, now start an operation with some arguments, and drop it. - * We'll see if the result of the next operation, with different args, - * are correct regardless (do we discard old context on new args?). - * This also tests that we don't write to R prematurely */ - ret = mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, NULL, NULL ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + /* Prepare context for new operation */ + mbedtls_ecp_restart_free( &ctx ); /* Non-base point case */ cnt_restarts = 0; do { - ret = mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL ); + ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &R, NULL, NULL, &ctx ); TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) @@ -145,18 +136,12 @@ void ecp_test_vect_restart( int id, TEST_ASSERT( cnt_restarts >= min_restarts ); TEST_ASSERT( cnt_restarts <= max_restarts ); - /* Do we leak memory when doing it twice in a row? */ - do { - ret = mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); - } - while( ret != 0 ); - /* Do we leak memory when not finishing an operation? */ - ret = mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL ); + ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &R, NULL, NULL, &ctx ); TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); exit: + mbedtls_ecp_restart_free( &ctx ); mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R ); mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); mbedtls_mpi_free( &yA ); mbedtls_mpi_free( &dB ); mbedtls_mpi_free( &xZ ); mbedtls_mpi_free( &yZ ); From 8f28addb27da8f4e04a3d5d9c2e4bb3100947a6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 19 Apr 2017 10:20:49 +0200 Subject: [PATCH 033/368] Update documentation for new design/API EC-JPAKE warning is no longer needed as we now have separate _restartable() functions, and JPAKE will just call the non-restartable version. Concurrency warning removed as this is one of the reasons why this design was chosen. --- include/mbedtls/ecp.h | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 86d7c5906..111ef03bb 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -273,6 +273,10 @@ typedef struct * then need to be called again with the same arguments until * it returns 0 or an other error code. * + * This only affects functions that accept a pointer to a + * \c mbedtls_ecp_restart_ctx as an argument, and only works + * if that pointer valid (in particular, not NULL). + * * \param max_ops Maximum number of basic operations done in a row. * Default: 0 (unlimited). * Lower (non-zero) values mean ECC functions will block for @@ -296,19 +300,6 @@ typedef struct * - around 330 basic operations for P-384 * * \note This setting is currently ignored by Curve25519 - * - * \warning The ECJPAKE module is currently not compatible with this - * feature. \c max_ops must always be 0 while using ECJPAKE. - * - * \warning NOT thread-safe: when \c max_ops is not zero, sharing a - * \c mbedtls_ecp_group structure, or a - * \c mbedtls_pk_context structure wrapping an ECC key, - * between concurrent threads of execution is NOT supported. - * For (D)TLS, that means it's not safe to concurrently run - * two handshakes that use the same private EC key for - * authenticating ourselves; it is however safe to maintain - * multiple simultaneous connections as long as the - * handshakes are not concurrent or don't use the same key. */ void mbedtls_ecp_set_max_ops( unsigned max_ops ); #endif /* MBEDTLS_ECP_EARLY_RETURN */ From 3cade22f96b17862cccdf1cef7e20f8ea03b971b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 09:31:00 +0200 Subject: [PATCH 034/368] Switch to restart context internally --- include/mbedtls/ecp.h | 20 ++--- library/ecp.c | 200 +++++++++++++++++++++++++----------------- 2 files changed, 127 insertions(+), 93 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 111ef03bb..59d9d3dea 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -112,16 +112,6 @@ typedef struct } mbedtls_ecp_point; -#if defined(MBEDTLS_ECP_EARLY_RETURN) -/** - * \brief ECP context for resuming multiplication after returning - * \c MBEDTLS_ERR_ECP_IN_PROGRESS - * - * \note Opaque struct - */ -typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx; -#endif - /** * \brief ECP group structure * @@ -163,9 +153,6 @@ typedef struct void *t_data; /*!< unused */ mbedtls_ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */ size_t T_size; /*!< number for pre-computed points */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) - mbedtls_ecp_restart_mul_ctx *rsm; /*!< temporary */ -#endif } mbedtls_ecp_group; @@ -185,6 +172,13 @@ typedef struct mbedtls_ecp_keypair; #if defined(MBEDTLS_ECP_EARLY_RETURN) +/** + * \brief Internal restart context for multiplication + * + * \note Opaque struct + */ +typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx; + /** * \brief General context for resuming ECC operations */ diff --git a/library/ecp.c b/library/ecp.c index b2c2f53c2..21ce22f85 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -183,9 +183,11 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) /* * Check if we can do the next step */ -static int ecp_check_budget( const mbedtls_ecp_group *grp, unsigned ops ) +static int ecp_check_budget( const mbedtls_ecp_group *grp, + mbedtls_ecp_restart_ctx *rs_ctx, + unsigned ops ) { - if( grp->rsm != NULL ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) { /* scale depending on curve size: the chosen reference is 256-bit, * and multiplication is quadratic. Round to the closest integer. */ @@ -195,19 +197,22 @@ static int ecp_check_budget( const mbedtls_ecp_group *grp, unsigned ops ) ops *= 2; /* avoid infinite loops: always allow first step */ - if( grp->rsm->ops_done != 0 && grp->rsm->ops_done + ops > ecp_max_ops ) + if( rs_ctx->rsm->ops_done != 0 && rs_ctx->rsm->ops_done + ops > ecp_max_ops ) return( MBEDTLS_ERR_ECP_IN_PROGRESS ); /* update running count */ - grp->rsm->ops_done += ops; + rs_ctx->rsm->ops_done += ops; } return( 0 ); } -#define ECP_BUDGET( ops ) MBEDTLS_MPI_CHK( ecp_check_budget( grp, ops ) ); +#define ECP_BUDGET( ops ) MBEDTLS_MPI_CHK( ecp_check_budget( grp, rs_ctx, ops ) ); #else -#define ECP_BUDGET( ops ) +#define ECP_BUDGET( ops ) /* no-op */ + +/* We also need that type to make our life simpler for internal functions */ +typedef void mbedtls_ecp_restart_ctx; #endif /* MBEDTLS_ECP_EARLY_RETURN */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ @@ -471,11 +476,6 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) mbedtls_free( grp->T ); } -#if defined(MBEDTLS_ECP_EARLY_RETURN) - ecp_restart_mul_free( grp->rsm ); - mbedtls_free( grp->rsm ); -#endif - mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) ); } @@ -1360,7 +1360,8 @@ static void ecp_comb_recode_core( unsigned char x[], size_t d, */ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point T[], const mbedtls_ecp_point *P, - unsigned char w, size_t d ) + unsigned char w, size_t d, + mbedtls_ecp_restart_ctx *rs_ctx ) { int ret; unsigned char i; @@ -1368,14 +1369,18 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, const unsigned char T_len = 1U << ( w - 1 ); mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; +#if !defined(MBEDTLS_ECP_EARLY_RETURN) + (void) rs_ctx; +#endif + #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) { - if( grp->rsm->state == ecp_rsm_pre_norm_add ) + if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add ) goto norm_add; - if( grp->rsm->state == ecp_rsm_pre_add ) + if( rs_ctx->rsm->state == ecp_rsm_pre_add ) goto add; - if( grp->rsm->state == ecp_rsm_pre_norm_dbl ) + if( rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl ) goto norm_dbl; } #endif @@ -1387,8 +1392,8 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL && grp->rsm->i != 0 ) - j = grp->rsm->i; + if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) + j = rs_ctx->rsm->i; else #endif j = 0; @@ -1407,10 +1412,10 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, } #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) { - grp->rsm->i = 0; - grp->rsm->state++; + rs_ctx->rsm->i = 0; + rs_ctx->rsm->state++; } #endif @@ -1431,8 +1436,8 @@ norm_dbl: MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL ) - grp->rsm->state++; + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + rs_ctx->rsm->state++; #endif /* @@ -1453,8 +1458,8 @@ add: } #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL ) - grp->rsm->state++; + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + rs_ctx->rsm->state++; #endif /* @@ -1474,16 +1479,17 @@ norm_add: MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL ) - grp->rsm->state++; + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + rs_ctx->rsm->state++; #endif cleanup: #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL && + ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - if( grp->rsm->state == ecp_rsm_init ) - grp->rsm->i = j; + if( rs_ctx->rsm->state == ecp_rsm_init ) + rs_ctx->rsm->i = j; } #endif @@ -1527,7 +1533,8 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R const mbedtls_ecp_point T[], unsigned char t_len, const unsigned char x[], size_t d, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx ) { int ret; mbedtls_ecp_point Txi; @@ -1535,11 +1542,15 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R mbedtls_ecp_point_init( &Txi ); +#if !defined(MBEDTLS_ECP_EARLY_RETURN) + (void) rs_ctx; +#endif + #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL && grp->rsm->i != 0 ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) { - /* restore current index (R already pointing to grp->rsm->R) */ - i = grp->rsm->i; + /* restore current index (R already pointing to rs_ctx->rsm->R) */ + i = rs_ctx->rsm->i; } else #endif @@ -1565,18 +1576,18 @@ cleanup: mbedtls_ecp_point_free( &Txi ); #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) { if( ret == 0 ) { - grp->rsm->state++; - grp->rsm->i = 0; + rs_ctx->rsm->state++; + rs_ctx->rsm->i = 0; } else if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { /* was decreased before actually doing it */ - grp->rsm->i = i + 1; - /* no need to save R, already pointing to grp->rsm->R */ + rs_ctx->rsm->i = i + 1; + /* no need to save R, already pointing to rs_ctx->rsm->R */ } } #endif @@ -1641,31 +1652,37 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, unsigned char w, size_t d, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx ) { int ret; unsigned char parity_trick; unsigned char k[COMB_MAX_D + 1]; mbedtls_ecp_point *RR = R; -#if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL ) - RR = &grp->rsm->R; +#if !defined(MBEDTLS_ECP_EARLY_RETURN) + (void) rs_ctx; #endif #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm == NULL || grp->rsm->state < ecp_rsm_final_norm ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + RR = &rs_ctx->rsm->R; +#endif + +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( rs_ctx == NULL || rs_ctx->rsm == NULL || + rs_ctx->rsm->state < ecp_rsm_final_norm ) #endif { MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, &parity_trick ) ); MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, pre_len, k, d, - f_rng, p_rng ) ); + f_rng, p_rng, rs_ctx ) ); MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL ) - grp->rsm->state++; + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + rs_ctx->rsm->state++; #endif } @@ -1732,7 +1749,8 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx ) { int ret; unsigned char w, p_eq_g = 0, i; @@ -1740,34 +1758,38 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, unsigned char pre_len = 0, T_ok = 0; mbedtls_ecp_point *T = NULL; +#if !defined(MBEDTLS_ECP_EARLY_RETURN) + (void) rs_ctx; +#endif + #if defined(MBEDTLS_ECP_EARLY_RETURN) /* check for restart with new arguments */ - if( grp->rsm != NULL && - ( mbedtls_mpi_cmp_mpi( m, &grp->rsm->m ) != 0 || - mbedtls_mpi_cmp_mpi( &P->X, &grp->rsm->P.X ) != 0 || - mbedtls_mpi_cmp_mpi( &P->Y, &grp->rsm->P.Y ) != 0 ) ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm != NULL && + ( mbedtls_mpi_cmp_mpi( m, &rs_ctx->rsm->m ) != 0 || + mbedtls_mpi_cmp_mpi( &P->X, &rs_ctx->rsm->P.X ) != 0 || + mbedtls_mpi_cmp_mpi( &P->Y, &rs_ctx->rsm->P.Y ) != 0 ) ) { - ecp_restart_mul_free( grp->rsm ); - mbedtls_free( grp->rsm ); - grp->rsm = NULL; + ecp_restart_mul_free( rs_ctx->rsm ); + mbedtls_free( rs_ctx->rsm ); + rs_ctx->rsm = NULL; } /* set up restart context if needed */ - if( ecp_max_ops != 0 && grp->rsm == NULL ) + if( ecp_max_ops != 0 && rs_ctx != NULL && rs_ctx->rsm == NULL ) { - grp->rsm = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_mul_ctx ) ); - if( grp->rsm == NULL ) + rs_ctx->rsm = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_mul_ctx ) ); + if( rs_ctx->rsm == NULL ) return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - ecp_restart_mul_init( grp->rsm ); + ecp_restart_mul_init( rs_ctx->rsm ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &grp->rsm->m, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &grp->rsm->P, P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &rs_ctx->rsm->m, m ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &rs_ctx->rsm->P, P ) ); } /* reset ops count for this call */ - if( grp->rsm != NULL ) - grp->rsm->ops_done = 0; + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + rs_ctx->rsm->ops_done = 0; #endif /* Is P the base point ? */ @@ -1792,14 +1814,14 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if defined(MBEDTLS_ECP_EARLY_RETURN) /* Pre-computed table: do we have one in progress? complete? */ - if( grp->rsm != NULL && grp->rsm->T != NULL && T == NULL ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL && T == NULL ) { /* transfer ownership of T from rsm to local function */ - T = grp->rsm->T; - grp->rsm->T = NULL; - grp->rsm->T_size = 0; + T = rs_ctx->rsm->T; + rs_ctx->rsm->T = NULL; + rs_ctx->rsm->T_size = 0; - if( grp->rsm->state >= ecp_rsm_T_done ) + if( rs_ctx->rsm->state >= ecp_rsm_T_done ) T_ok = 1; } #endif @@ -1818,7 +1840,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* Compute table (or finish computing it) if not done already */ if( !T_ok ) { - MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d ) ); + MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d, rs_ctx ) ); if( p_eq_g ) { @@ -1831,7 +1853,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* Actual comb multiplication using precomputed points */ MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m, T, pre_len, w, d, - f_rng, p_rng ) ); + f_rng, p_rng, rs_ctx ) ); cleanup: @@ -1841,11 +1863,11 @@ cleanup: /* does T belong to the restart context? */ #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) { /* transfer ownership of T from local function to rsm */ - grp->rsm->T_size = pre_len; - grp->rsm->T = T; + rs_ctx->rsm->T_size = pre_len; + rs_ctx->rsm->T = T; T = NULL; } #endif @@ -1868,10 +1890,10 @@ cleanup: /* clear restart context when not in progress (done or error) */ #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( grp->rsm != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { - ecp_restart_mul_free( grp->rsm ); - mbedtls_free( grp->rsm ); - grp->rsm = NULL; + if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + ecp_restart_mul_free( rs_ctx->rsm ); + mbedtls_free( rs_ctx->rsm ); + rs_ctx->rsm = NULL; } #endif @@ -2117,7 +2139,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #endif #if defined(ECP_SHORTWEIERSTRASS) if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) - ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng ); + ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng, NULL ); #endif #if defined(MBEDTLS_ECP_INTERNAL_ALT) @@ -2141,8 +2163,26 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ) { - (void) rs_ctx; /* cheating for now */ - return( mbedtls_ecp_mul( grp, R, m, P, f_rng, p_rng ) ); + /* temporary code duplication with non-restartable version */ + int ret; + + /* Common sanity checks */ + if( mbedtls_mpi_cmp_int( &P->Z, 1 ) != 0 ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + if( ( ret = mbedtls_ecp_check_privkey( grp, m ) ) != 0 || + ( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 ) + return( ret ); + +#if defined(ECP_MONTGOMERY) + if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) + return( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) ); +#endif +#if defined(ECP_SHORTWEIERSTRASS) + if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) + return( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) ); +#endif + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } #endif From 8467e6848d9137abc175c54456d279240f6c4318 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 09:47:06 +0200 Subject: [PATCH 035/368] Stop checking for argument change This was intended to detect aborted operations, but now that case is handled by the caller freeing the restart context. Also, as the internal sub-context is managed by the callee, no need for the caller to free/reset the restart context between successful calls. --- include/mbedtls/ecp.h | 14 ++++++-------- library/ecp.c | 18 ------------------ tests/suites/test_suite_ecp.function | 3 --- 3 files changed, 6 insertions(+), 29 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 59d9d3dea..d9e62f079 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -263,9 +263,10 @@ typedef struct * * If more operations are needed to complete a computation, * MBEDTLS_ERR_ECP_IN_PROGRESS will be returned by the - * function performing the computation. That function will - * then need to be called again with the same arguments until - * it returns 0 or an other error code. + * function performing the computation. It is then the + * caller's responsibility to either call again with the same + * arguments until it returns 0 or an error code; or to free + * the restart context if the operation is to be aborted. * * This only affects functions that accept a pointer to a * \c mbedtls_ecp_restart_ctx as an argument, and only works @@ -615,14 +616,11 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \param P Point to multiply * \param f_rng RNG function (see notes) * \param p_rng RNG parameter - * \param rs_ctx Restart context - must be non-NULL to enable early-return + * \param rs_ctx Restart context * * \return See \c mbedtls_ecp_mul(), or * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached (see \c mbedtls_ecp_set_max_ops()), - * indicating the function should be called again with the - * exact same arguments. - * + * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, diff --git a/library/ecp.c b/library/ecp.c index 21ce22f85..fcc3ae077 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -105,8 +105,6 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ) */ struct mbedtls_ecp_restart_mul { unsigned ops_done; /* number of operations done this time */ - mbedtls_mpi m; /* saved argument: scalar */ - mbedtls_ecp_point P; /* saved argument: point */ mbedtls_ecp_point R; /* current intermediate result */ size_t i; /* current index in various loops, 0 outside */ mbedtls_ecp_point *T; /* table for precomputed points */ @@ -139,8 +137,6 @@ static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx ) if( ctx == NULL ) return; - mbedtls_mpi_free( &ctx->m ); - mbedtls_ecp_point_free( &ctx->P ); mbedtls_ecp_point_free( &ctx->R ); if( ctx->T != NULL ) { @@ -1763,17 +1759,6 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #endif #if defined(MBEDTLS_ECP_EARLY_RETURN) - /* check for restart with new arguments */ - if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm != NULL && - ( mbedtls_mpi_cmp_mpi( m, &rs_ctx->rsm->m ) != 0 || - mbedtls_mpi_cmp_mpi( &P->X, &rs_ctx->rsm->P.X ) != 0 || - mbedtls_mpi_cmp_mpi( &P->Y, &rs_ctx->rsm->P.Y ) != 0 ) ) - { - ecp_restart_mul_free( rs_ctx->rsm ); - mbedtls_free( rs_ctx->rsm ); - rs_ctx->rsm = NULL; - } - /* set up restart context if needed */ if( ecp_max_ops != 0 && rs_ctx != NULL && rs_ctx->rsm == NULL ) { @@ -1782,9 +1767,6 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); ecp_restart_mul_init( rs_ctx->rsm ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &rs_ctx->rsm->m, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &rs_ctx->rsm->P, P ) ); } /* reset ops count for this call */ diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 195146c54..23905cef9 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -116,9 +116,6 @@ void ecp_test_vect_restart( int id, TEST_ASSERT( cnt_restarts >= min_restarts ); TEST_ASSERT( cnt_restarts <= max_restarts ); - /* Prepare context for new operation */ - mbedtls_ecp_restart_free( &ctx ); - /* Non-base point case */ cnt_restarts = 0; do { From 646393bb1e6b4d30a8119eea28ae520af5e2b7a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 10:03:45 +0200 Subject: [PATCH 036/368] Move ops count to top-level context When a restartable function calls another restartable function, the current ops_count needs to be shared to avoid either doing too many operations or returning IN_PROGRESS uselessly. So it needs to be in the top-level context rather than a specific sub-context. --- include/mbedtls/ecp.h | 3 ++- library/ecp.c | 15 ++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index d9e62f079..9193b77b9 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -184,7 +184,8 @@ typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx; */ typedef struct { - mbedtls_ecp_restart_mul_ctx *rsm; /*!< restart context for ecp_mul() */ + unsigned ops_done; /*!< current ops count */ + mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */ } mbedtls_ecp_restart_ctx; #endif /* MBEDTLS_ECP_EARLY_RETURN */ diff --git a/library/ecp.c b/library/ecp.c index fcc3ae077..ecc18152d 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -104,7 +104,6 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ) * Restart context type for interrupted operations */ struct mbedtls_ecp_restart_mul { - unsigned ops_done; /* number of operations done this time */ mbedtls_ecp_point R; /* current intermediate result */ size_t i; /* current index in various loops, 0 outside */ mbedtls_ecp_point *T; /* table for precomputed points */ @@ -164,6 +163,8 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) if( ctx == NULL ) return; + ctx->ops_done = 0; + ecp_restart_mul_free( ctx->rsm ); mbedtls_free( ctx->rsm ); ctx->rsm = NULL; @@ -183,7 +184,7 @@ static int ecp_check_budget( const mbedtls_ecp_group *grp, mbedtls_ecp_restart_ctx *rs_ctx, unsigned ops ) { - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx != NULL && ecp_max_ops != 0 ) { /* scale depending on curve size: the chosen reference is 256-bit, * and multiplication is quadratic. Round to the closest integer. */ @@ -193,11 +194,11 @@ static int ecp_check_budget( const mbedtls_ecp_group *grp, ops *= 2; /* avoid infinite loops: always allow first step */ - if( rs_ctx->rsm->ops_done != 0 && rs_ctx->rsm->ops_done + ops > ecp_max_ops ) + if( rs_ctx->ops_done != 0 && rs_ctx->ops_done + ops > ecp_max_ops ) return( MBEDTLS_ERR_ECP_IN_PROGRESS ); /* update running count */ - rs_ctx->rsm->ops_done += ops; + rs_ctx->ops_done += ops; } return( 0 ); @@ -1759,7 +1760,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #endif #if defined(MBEDTLS_ECP_EARLY_RETURN) - /* set up restart context if needed */ + /* set up our own sub-context if needed */ if( ecp_max_ops != 0 && rs_ctx != NULL && rs_ctx->rsm == NULL ) { rs_ctx->rsm = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_mul_ctx ) ); @@ -1770,8 +1771,8 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, } /* reset ops count for this call */ - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - rs_ctx->rsm->ops_done = 0; + if( rs_ctx != NULL ) + rs_ctx->ops_done = 0; #endif /* Is P the base point ? */ From 884569cdb40b58fa98d375deba55ed38431d2ba2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 10:10:59 +0200 Subject: [PATCH 037/368] Avoid code duplication in ecp_mul() --- library/ecp.c | 42 ++++++++++++------------------------------ 1 file changed, 12 insertions(+), 30 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index ecc18152d..3df9d7634 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2089,11 +2089,15 @@ cleanup: #endif /* ECP_MONTGOMERY */ /* - * Multiplication R = m * P + * Restartable multiplication R = m * P */ -int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +#if !defined(MBEDTLS_ECP_EARLY_RETURN) +static +#endif +int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx ) { int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; #if defined(MBEDTLS_ECP_INTERNAL_ALT) @@ -2122,7 +2126,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #endif #if defined(ECP_SHORTWEIERSTRASS) if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) - ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng, NULL ); + ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ); #endif #if defined(MBEDTLS_ECP_INTERNAL_ALT) @@ -2137,37 +2141,15 @@ cleanup: return( ret ); } -#if defined(MBEDTLS_ECP_EARLY_RETURN) /* - * Restartable multiplication R = m * P + * Multiplication R = m * P */ -int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - /* temporary code duplication with non-restartable version */ - int ret; - - /* Common sanity checks */ - if( mbedtls_mpi_cmp_int( &P->Z, 1 ) != 0 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - - if( ( ret = mbedtls_ecp_check_privkey( grp, m ) ) != 0 || - ( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 ) - return( ret ); - -#if defined(ECP_MONTGOMERY) - if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) - return( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) ); -#endif -#if defined(ECP_SHORTWEIERSTRASS) - if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) - return( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) ); -#endif - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) ); } -#endif #if defined(ECP_SHORTWEIERSTRASS) /* From 53fbd63eb44a3ce09a7972b571ab6ce68023e461 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 10:22:22 +0200 Subject: [PATCH 038/368] Remove redundant check Checked by check_pubkey(), called 2 lines later. --- library/ecp.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 3df9d7634..673b54705 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2105,9 +2105,6 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #endif /* Common sanity checks */ - if( mbedtls_mpi_cmp_int( &P->Z, 1 ) != 0 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - if( ( ret = mbedtls_ecp_check_privkey( grp, m ) ) != 0 || ( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 ) return( ret ); From 3a256128d696322497f69f81b866d4fe75164ba0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 11:20:26 +0200 Subject: [PATCH 039/368] Reset ops_done at the right time This should only be done in the top-level function. Also, we need to know if we indeed are the top-level function or not: for example, when mbedtls_ecp_muladd() calls mbedtls_ecp_mul(), the later should not reset ops_done. This is handled by the "depth" parameter in the restart context. --- include/mbedtls/ecp.h | 1 + library/ecp.c | 35 ++++++++++++++++++++++------------- 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 9193b77b9..7d0abc032 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -185,6 +185,7 @@ typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx; typedef struct { unsigned ops_done; /*!< current ops count */ + unsigned depth; /*!< call depth (0 = top-level) */ mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */ } mbedtls_ecp_restart_ctx; #endif /* MBEDTLS_ECP_EARLY_RETURN */ diff --git a/library/ecp.c b/library/ecp.c index 673b54705..2f6c1e8f9 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -164,6 +164,7 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) return; ctx->ops_done = 0; + ctx->depth = 0; ecp_restart_mul_free( ctx->rsm ); mbedtls_free( ctx->rsm ); @@ -1769,10 +1770,6 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, ecp_restart_mul_init( rs_ctx->rsm ); } - - /* reset ops count for this call */ - if( rs_ctx != NULL ) - rs_ctx->ops_done = 0; #endif /* Is P the base point ? */ @@ -2104,10 +2101,11 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, char is_grp_capable = 0; #endif - /* Common sanity checks */ - if( ( ret = mbedtls_ecp_check_privkey( grp, m ) ) != 0 || - ( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 ) - return( ret ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + /* reset ops count for this call if top-level */ + if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) + rs_ctx->ops_done = 0; +#endif #if defined(MBEDTLS_ECP_INTERNAL_ALT) if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) @@ -2116,25 +2114,36 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, } #endif /* MBEDTLS_ECP_INTERNAL_ALT */ + + /* Common sanity checks */ + MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); + + ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; #if defined(ECP_MONTGOMERY) if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) - ret = ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ); - + MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) ); #endif #if defined(ECP_SHORTWEIERSTRASS) if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) - ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ); - + MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) ); #endif -#if defined(MBEDTLS_ECP_INTERNAL_ALT) + cleanup: +#if defined(MBEDTLS_ECP_INTERNAL_ALT) if ( is_grp_capable ) { mbedtls_internal_ecp_free( grp ); } #endif /* MBEDTLS_ECP_INTERNAL_ALT */ + +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( rs_ctx != NULL ) + rs_ctx->depth--; +#endif + return( ret ); } From a08cd1a77fa03865db46c0068ad2dc270a329a74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 11:29:43 +0200 Subject: [PATCH 040/368] Avoid re-checking argument on restart --- library/ecp.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 2f6c1e8f9..4e637d732 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2115,9 +2115,19 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #endif /* MBEDTLS_ECP_INTERNAL_ALT */ - /* Common sanity checks */ - MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) && defined(ECP_SHORTWEIERSTRASS) + /* skip argument check when restarting */ + if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS || + rs_ctx == NULL || rs_ctx->rsm == NULL ) +#endif + { + /* Common sanity checks */ + MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); + + /* check_privkey is 0M and check_pubkey is 3M */ + ECP_BUDGET( 3 ); + } ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; #if defined(ECP_MONTGOMERY) From 54dd6527f0ffe980aa5c0eb03bbb0ed9d8c01ba5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 13:36:18 +0200 Subject: [PATCH 041/368] Introduce muladd_restartable() and its sub-context Only the administrative parts for now, not actually restartable so far. --- include/mbedtls/ecp.h | 35 +++++++++++ library/ecp.c | 94 +++++++++++++++++++++++++--- tests/suites/test_suite_ecp.data | 12 ++-- tests/suites/test_suite_ecp.function | 71 +++++++++++++++++++++ 4 files changed, 199 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 7d0abc032..e2c605b0d 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -179,6 +179,13 @@ mbedtls_ecp_keypair; */ typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx; +/** + * \brief Internal restart context for ecp_muladd() + * + * \note Opaque struct + */ +typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx; + /** * \brief General context for resuming ECC operations */ @@ -187,6 +194,7 @@ typedef struct unsigned ops_done; /*!< current ops count */ unsigned depth; /*!< call depth (0 = top-level) */ mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */ + mbedtls_ecp_restart_muladd_ctx *ma; /*!< ecp_muladd() sub-context */ } mbedtls_ecp_restart_ctx; #endif /* MBEDTLS_ECP_EARLY_RETURN */ @@ -654,6 +662,33 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) +/** + * \brief Restartable version of \c mbedtls_ecp_muladd() + * + * \note Performs the same job as \c mbedtls_ecp_muladd(), but can + * return early and restart according to the limit set with + * \c mbedtls_ecp_set_max_ops() to reduce blocking. + * + * \param grp ECP group + * \param R Destination point + * \param m Integer by which to multiply P + * \param P Point to multiply by m + * \param n Integer by which to multiply Q + * \param Q Point to be multiplied by n + * \param rs_ctx Restart context + * + * \return See \c mbedtls_ecp_muladd(), or + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). + */ +int mbedtls_ecp_muladd_restartable( + mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + const mbedtls_mpi *n, const mbedtls_ecp_point *Q, + mbedtls_ecp_restart_ctx *rs_ctx ); +#endif + /** * \brief Check that a point is a valid public key on this curve * diff --git a/library/ecp.c b/library/ecp.c index 4e637d732..493346006 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -101,9 +101,10 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ) } /* - * Restart context type for interrupted operations + * Restart sub-context for ecp_mul_comb() */ -struct mbedtls_ecp_restart_mul { +struct mbedtls_ecp_restart_mul +{ mbedtls_ecp_point R; /* current intermediate result */ size_t i; /* current index in various loops, 0 outside */ mbedtls_ecp_point *T; /* table for precomputed points */ @@ -119,7 +120,7 @@ struct mbedtls_ecp_restart_mul { }; /* - * Init restart_mul context + * Init restart_mul sub-context */ static void ecp_restart_mul_init( mbedtls_ecp_restart_mul_ctx *ctx ) { @@ -127,7 +128,7 @@ static void ecp_restart_mul_init( mbedtls_ecp_restart_mul_ctx *ctx ) } /* - * Free the components of a restart_mul context + * Free the components of a restart_mul sub-context */ static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx ) { @@ -147,6 +148,33 @@ static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx ) memset( ctx, 0, sizeof( mbedtls_ecp_restart_mul_ctx ) ); } +/* + * Restart context for ecp_muladd() + */ +struct mbedtls_ecp_restart_muladd +{ + int state; /* dummy for now */ +}; + +/* + * Init restart_muladd sub-context + */ +static void ecp_restart_muladd_init( mbedtls_ecp_restart_muladd_ctx *ctx ) +{ + memset( ctx, 0, sizeof( *ctx ) ); +} + +/* + * Free the components of a restart_muladd sub-context + */ +static void ecp_restart_muladd_free( mbedtls_ecp_restart_muladd_ctx *ctx ) +{ + if( ctx == NULL ) + return; + + memset( ctx, 0, sizeof( *ctx ) ); +} + /* * Initialize a restart context */ @@ -1868,9 +1896,9 @@ cleanup: if( ret != 0 ) mbedtls_ecp_point_free( R ); - /* clear restart context when not in progress (done or error) */ + /* clear our sub-context when not in progress (done or error) */ #if defined(MBEDTLS_ECP_EARLY_RETURN) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { ecp_restart_mul_free( rs_ctx->rsm ); mbedtls_free( rs_ctx->rsm ); rs_ctx->rsm = NULL; @@ -2248,12 +2276,17 @@ cleanup: } /* - * Linear combination + * Restartable linear combination * NOT constant-time */ -int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +#if !defined(MBEDTLS_ECP_EARLY_RETURN) +static +#endif +int mbedtls_ecp_muladd_restartable( + mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q ) + const mbedtls_mpi *n, const mbedtls_ecp_point *Q, + mbedtls_ecp_restart_ctx *rs_ctx ) { int ret; mbedtls_ecp_point mP; @@ -2261,9 +2294,29 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, char is_grp_capable = 0; #endif +#if !defined(MBEDTLS_ECP_EARLY_RETURN) + (void) rs_ctx; +#endif + if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS ) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + /* reset ops count for this call if top-level */ + if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) + rs_ctx->ops_done = 0; + + /* set up our own sub-context if needed */ + if( ecp_max_ops != 0 && rs_ctx != NULL && rs_ctx->ma == NULL ) + { + rs_ctx->ma = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_muladd_ctx ) ); + if( rs_ctx->ma == NULL ) + return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + + ecp_restart_muladd_init( rs_ctx->ma ); + } +#endif /* MBEDTLS_ECP_EARLY_RETURN */ + mbedtls_ecp_point_init( &mP ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, &mP, m, P ) ); @@ -2290,9 +2343,32 @@ cleanup: #endif /* MBEDTLS_ECP_INTERNAL_ALT */ mbedtls_ecp_point_free( &mP ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + /* clear our sub-context when not in progress (done or error) */ + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + ecp_restart_muladd_free( rs_ctx->ma ); + mbedtls_free( rs_ctx->ma ); + rs_ctx->ma = NULL; + } + + + if( rs_ctx != NULL ) + rs_ctx->depth--; +#endif /* MBEDTLS_ECP_EARLY_RETURN */ + return( ret ); } +/* + * Linear combination + * NOT constant-time + */ +int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + const mbedtls_mpi *n, const mbedtls_ecp_point *Q ) +{ + return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) ); +} #if defined(ECP_MONTGOMERY) /* diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 82ffec57b..9d25d2261 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -345,18 +345,22 @@ ecp_test_vect:MBEDTLS_ECP_DP_SECP256K1:"923C6D4756CD940CD1E13A359F6E0F0698791938 ECP selftest ecp_selftest: -ECP early return secp256r1 restart disabled +ECP early return mul secp256r1 restart disabled depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":0:0:0 -ECP early return secp256r1 restart max_ops=1 +ECP early return mul secp256r1 restart max_ops=1 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":1:1:5000 -ECP early return secp256r1 restart max_ops=10000 +ECP early return mul secp256r1 restart max_ops=10000 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":10000:0:0 -ECP early return secp256r1 restart max_ops=250 +ECP early return mul secp256r1 restart max_ops=250 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":250:2:32 + +ECP early return muladd secp256r1 restart disabled +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":0:0:0 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 23905cef9..659830e5d 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -145,6 +145,77 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_EARLY_RETURN */ +void ecp_muladd_restart( int id, char *xR_str, char *yR_str, + char *u1_str, char *u2_str, + char *xQ_str, char *yQ_str, + int max_ops, int min_restarts, int max_restarts ) +{ + /* + * Compute R = u1 * G + u2 * Q + * (test vectors mostly taken from ECDSA intermediate results) + * + * See comments at the top of ecp_test_vect_restart() + */ + mbedtls_ecp_restart_ctx ctx; + mbedtls_ecp_group grp; + mbedtls_ecp_point R, Q; + mbedtls_mpi u1, u2, xR, yR; + int cnt_restarts; + int ret; + + mbedtls_ecp_restart_init( &ctx ); + mbedtls_ecp_group_init( &grp ); + mbedtls_ecp_point_init( &R ); + mbedtls_ecp_point_init( &Q ); + mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 ); + mbedtls_mpi_init( &xR ); mbedtls_mpi_init( &yR ); + + TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &u1, 16, u1_str ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &u2, 16, u2_str ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &xR, 16, xR_str ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &yR, 16, yR_str ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &Q.X, 16, xQ_str ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q.Y, 16, yQ_str ) == 0 ); + TEST_ASSERT( mbedtls_mpi_lset( &Q.Z, 1 ) == 0 ); + + mbedtls_ecp_set_max_ops( (unsigned) max_ops ); + + cnt_restarts = 0; + do { + ret = mbedtls_ecp_muladd_restartable( &grp, &R, + &u1, &grp.G, &u2, &Q, &ctx ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + cnt_restarts++; + } + while( ret != 0 ); + + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xR ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yR ) == 0 ); + + TEST_ASSERT( cnt_restarts >= min_restarts ); + TEST_ASSERT( cnt_restarts <= max_restarts ); + + /* Do we leak memory when aborting? */ + ret = mbedtls_ecp_muladd_restartable( &grp, &R, + &u1, &grp.G, &u2, &Q, &ctx ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + +exit: + mbedtls_ecp_restart_free( &ctx ); + mbedtls_ecp_group_free( &grp ); + mbedtls_ecp_point_free( &R ); + mbedtls_ecp_point_free( &Q ); + mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 ); + mbedtls_mpi_free( &xR ); mbedtls_mpi_free( &yR ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ecp_test_vect( int id, char *dA_str, char *xA_str, char *yA_str, char *dB_str, char *xB_str, char *yB_str, char *xZ_str, From 1631d63d0c7d31b3e68246c3b9713c37ae060b8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 14:48:56 +0200 Subject: [PATCH 042/368] Make muladd_restartable() actually restartable --- library/ecp.c | 89 ++++++++++++++++++++++++++------ tests/suites/test_suite_ecp.data | 12 +++++ 2 files changed, 85 insertions(+), 16 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 493346006..f520b9caf 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -153,7 +153,14 @@ static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx ) */ struct mbedtls_ecp_restart_muladd { - int state; /* dummy for now */ + mbedtls_ecp_point mP; /* mP value */ + mbedtls_ecp_point R; /* R intermediate result */ + enum { /* what should we do next? */ + ecp_rsma_mul1 = 0, /* first multiplication */ + ecp_rsma_mul2, /* second multiplication */ + ecp_rsma_add, /* addition */ + ecp_rsma_norm, /* normalization */ + } state; }; /* @@ -172,6 +179,9 @@ static void ecp_restart_muladd_free( mbedtls_ecp_restart_muladd_ctx *ctx ) if( ctx == NULL ) return; + mbedtls_ecp_point_free( &ctx->mP ); + mbedtls_ecp_point_free( &ctx->R ); + memset( ctx, 0, sizeof( *ctx ) ); } @@ -197,6 +207,10 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) ecp_restart_mul_free( ctx->rsm ); mbedtls_free( ctx->rsm ); ctx->rsm = NULL; + + ecp_restart_muladd_free( ctx->ma ); + mbedtls_free( ctx->ma ); + ctx->ma = NULL; } /* @@ -2252,7 +2266,8 @@ cleanup: static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, - const mbedtls_ecp_point *P ) + const mbedtls_ecp_point *P, + mbedtls_ecp_restart_ctx *rs_ctx ) { int ret; @@ -2268,7 +2283,8 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, } else { - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P, + NULL, NULL, rs_ctx ) ); } cleanup: @@ -2290,6 +2306,8 @@ int mbedtls_ecp_muladd_restartable( { int ret; mbedtls_ecp_point mP; + mbedtls_ecp_point *pmP = &mP; + mbedtls_ecp_point *pR = R; #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; #endif @@ -2301,6 +2319,16 @@ int mbedtls_ecp_muladd_restartable( if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS ) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + mbedtls_ecp_point_init( &mP ); + +#if defined(MBEDTLS_ECP_INTERNAL_ALT) + if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) + { + MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); + } + +#endif /* MBEDTLS_ECP_INTERNAL_ALT */ + #if defined(MBEDTLS_ECP_EARLY_RETURN) /* reset ops count for this call if top-level */ if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) @@ -2315,25 +2343,54 @@ int mbedtls_ecp_muladd_restartable( ecp_restart_muladd_init( rs_ctx->ma ); } + + if( rs_ctx != NULL && rs_ctx->ma != NULL ) + { + /* redirect intermediate results to restart context */ + pmP = &rs_ctx->ma->mP; + pR = &rs_ctx->ma->R; + + /* jump to next operation */ + if( rs_ctx->ma->state == ecp_rsma_mul2 ) + goto mul2; + if( rs_ctx->ma->state == ecp_rsma_add ) + goto add; + if( rs_ctx->ma->state == ecp_rsma_norm ) + goto norm; + } #endif /* MBEDTLS_ECP_EARLY_RETURN */ - mbedtls_ecp_point_init( &mP ); + MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( rs_ctx != NULL && rs_ctx->ma != NULL ) + rs_ctx->ma->state++; - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, &mP, m, P ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) ); +mul2: +#endif + MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( rs_ctx != NULL && rs_ctx->ma != NULL ) + rs_ctx->ma->state++; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) - { - MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); - } +add: +#endif + ECP_BUDGET( ECP_OPS_ADD ); + MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) ); +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( rs_ctx != NULL && rs_ctx->ma != NULL ) + rs_ctx->ma->state++; -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, &mP, R ) ); - MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) ); +norm: +#endif + ECP_BUDGET( ECP_OPS_INV ); + MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) ); + +#if defined(MBEDTLS_ECP_EARLY_RETURN) + if( rs_ctx != NULL && rs_ctx->ma != NULL ) + MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) ); +#endif cleanup: - #if defined(MBEDTLS_ECP_INTERNAL_ALT) if ( is_grp_capable ) { @@ -2341,6 +2398,7 @@ cleanup: } #endif /* MBEDTLS_ECP_INTERNAL_ALT */ + mbedtls_ecp_point_free( &mP ); #if defined(MBEDTLS_ECP_EARLY_RETURN) @@ -2351,7 +2409,6 @@ cleanup: rs_ctx->ma = NULL; } - if( rs_ctx != NULL ) rs_ctx->depth--; #endif /* MBEDTLS_ECP_EARLY_RETURN */ diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 9d25d2261..f76f93b66 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -364,3 +364,15 @@ ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A128499 ECP early return muladd secp256r1 restart disabled depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":0:0:0 + +ECP early return muladd secp256r1 restart max_ops=1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":1:1:10000 + +ECP early return muladd secp256r1 restart max_ops=10000 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":10000:0:0 + +ECP early return muladd secp256r1 restart max_ops=250 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":250:4:64 From a7937f99673ecb1040d3b57353581abbb280c104 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 15:37:46 +0200 Subject: [PATCH 043/368] Add public function generating private keys This will be useful for restartable ECDH and ECDSA. Currently they call mbedtls_ecp_gen_keypair(); one could make that one restartable, but that means adding its own sub-context, while ECDH and ECDSA (will) have their own contexts already, so switching to this saves one extra context. --- include/mbedtls/ecp.h | 16 ++++++++++++++++ library/ecp.c | 34 +++++++++++++++++++++++----------- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index e2c605b0d..1cf3ab119 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -727,6 +727,22 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po */ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ); +/** + * \brief Generate a private key + * + * \param grp ECP group + * \param d Destination MPI (secret part) + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \return 0 if successful, + * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + */ +int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, + mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + /** * \brief Generate a keypair with configurable base point * diff --git a/library/ecp.c b/library/ecp.c index f520b9caf..dfc5dd8dd 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2495,15 +2495,14 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi * } /* - * Generate a keypair with configurable base point + * Generate a private key */ -int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, - const mbedtls_ecp_point *G, - mbedtls_mpi *d, mbedtls_ecp_point *Q, +int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, + mbedtls_mpi *d, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; size_t n_size = ( grp->nbits + 7 ) / 8; #if defined(ECP_MONTGOMERY) @@ -2528,8 +2527,8 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) ); } - else #endif /* ECP_MONTGOMERY */ + #if defined(ECP_SHORTWEIERSTRASS) if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) { @@ -2565,15 +2564,28 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ); } - else #endif /* ECP_SHORTWEIERSTRASS */ - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); cleanup: - if( ret != 0 ) - return( ret ); + return( ret ); +} - return( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) ); +/* + * Generate a keypair with configurable base point + */ +int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, + const mbedtls_ecp_point *G, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret; + + MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) ); + +cleanup: + return( ret ); } /* From 411079fc34a20f3db58f3cf0060e3d6537a02582 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 15:41:08 +0200 Subject: [PATCH 044/368] Rm obsolete comment Refers to ecp_mul() while we're now calling ecp_muladd(). Wrap long lines while at it. --- library/ecdsa.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index 4156f3c3c..6873757a0 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -205,7 +205,8 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, mbedtls_ecp_point R; mbedtls_ecp_point_init( &R ); - mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv ); mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 ); + mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv ); + mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 ); /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ if( grp->N.p == NULL ) @@ -244,9 +245,6 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, /* * Step 5: R = u1 G + u2 Q - * - * Since we're not using any secret data, no need to pass a RNG to - * mbedtls_ecp_mul() for countermesures. */ MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, &R, &u1, &grp->G, &u2, Q ) ); @@ -273,7 +271,8 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, cleanup: mbedtls_ecp_point_free( &R ); - mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv ); mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 ); + mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv ); + mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 ); return( ret ); } From 4b9c51ef32d04043997de1ffed286d4535974593 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 15:50:26 +0200 Subject: [PATCH 045/368] Rename EARLY_RETURN -> RESTARTABLE This is more consistent with function and context names. --- include/mbedtls/config.h | 4 +- include/mbedtls/ecp.h | 18 +++--- library/ecp.c | 82 ++++++++++++++-------------- library/version_features.c | 6 +- tests/suites/test_suite_ecp.data | 16 +++--- tests/suites/test_suite_ecp.function | 4 +- 6 files changed, 65 insertions(+), 65 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 9040bb71b..f4c565ebb 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -562,7 +562,7 @@ #define MBEDTLS_ECP_NIST_OPTIM /** - * \def MBEDTLS_ECP_EARLY_RETURN + * \def MBEDTLS_ECP_RESTARTABLE * * Enable "non-blocking" ECC operations that can return early and be resumed. * @@ -574,7 +574,7 @@ * * Comment this macro to disable non-blocking ECC computations. */ -#define MBEDTLS_ECP_EARLY_RETURN +#define MBEDTLS_ECP_RESTARTABLE /** * \def MBEDTLS_ECDSA_DETERMINISTIC diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 1cf3ab119..325392b02 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -171,7 +171,7 @@ typedef struct } mbedtls_ecp_keypair; -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Internal restart context for multiplication * @@ -196,7 +196,7 @@ typedef struct mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */ mbedtls_ecp_restart_muladd_ctx *ma; /*!< ecp_muladd() sub-context */ } mbedtls_ecp_restart_ctx; -#endif /* MBEDTLS_ECP_EARLY_RETURN */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ /** * \name SECTION: Module settings @@ -267,7 +267,7 @@ typedef struct */ #define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Set the maximum number of basic operations done in a row. * @@ -307,7 +307,7 @@ typedef struct * \note This setting is currently ignored by Curve25519 */ void mbedtls_ecp_set_max_ops( unsigned max_ops ); -#endif /* MBEDTLS_ECP_EARLY_RETURN */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ /** * \brief Get the list of supported curves in order of preferrence @@ -383,7 +383,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); */ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Initialize a restart context */ @@ -393,7 +393,7 @@ void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ); * \brief Free the components of a restart context */ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ); -#endif /* MBEDTLS_ECP_EARLY_RETURN */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ /** * \brief Copy the contents of point Q into P @@ -612,7 +612,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Restartable version of \c mbedtls_ecp_mul() * @@ -636,7 +636,7 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ); -#endif /* MBEDTLS_ECP_EARLY_RETURN */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ /** * \brief Multiplication and addition of two points by integers: @@ -662,7 +662,7 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Restartable version of \c mbedtls_ecp_muladd() * diff --git a/library/ecp.c b/library/ecp.c index dfc5dd8dd..03b1476a4 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -86,7 +86,7 @@ static unsigned long add_count, dbl_count, mul_count; #endif -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* * Maximum number of "basic operations" to be done in a row. */ @@ -253,7 +253,7 @@ static int ecp_check_budget( const mbedtls_ecp_group *grp, /* We also need that type to make our life simpler for internal functions */ typedef void mbedtls_ecp_restart_ctx; -#endif /* MBEDTLS_ECP_EARLY_RETURN */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ @@ -1409,11 +1409,11 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, const unsigned char T_len = 1U << ( w - 1 ); mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; -#if !defined(MBEDTLS_ECP_EARLY_RETURN) +#if !defined(MBEDTLS_ECP_RESTARTABLE) (void) rs_ctx; #endif -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) { if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add ) @@ -1431,7 +1431,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, */ MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) j = rs_ctx->rsm->i; else @@ -1451,7 +1451,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); } -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) { rs_ctx->rsm->i = 0; @@ -1463,7 +1463,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, * Normalize current elements in T. As T has holes, * use an auxiliary array of pointers to elements in T. */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) norm_dbl: #endif @@ -1475,7 +1475,7 @@ norm_dbl: MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) rs_ctx->rsm->state++; #endif @@ -1484,7 +1484,7 @@ norm_dbl: * Compute the remaining ones using the minimal number of additions * Be careful to update T[2^l] only after using it! */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) add: #endif @@ -1497,7 +1497,7 @@ add: MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) ); } -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) rs_ctx->rsm->state++; #endif @@ -1507,7 +1507,7 @@ add: * we still need the auxiliary array for homogeneity with last time. * Also, skip T[0] which is already normalised, being a copy of P. */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) norm_add: #endif @@ -1518,13 +1518,13 @@ norm_add: MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) rs_ctx->rsm->state++; #endif cleanup: -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { @@ -1582,11 +1582,11 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R mbedtls_ecp_point_init( &Txi ); -#if !defined(MBEDTLS_ECP_EARLY_RETURN) +#if !defined(MBEDTLS_ECP_RESTARTABLE) (void) rs_ctx; #endif -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) { /* restore current index (R already pointing to rs_ctx->rsm->R) */ @@ -1615,7 +1615,7 @@ cleanup: mbedtls_ecp_point_free( &Txi ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) { if( ret == 0 ) @@ -1700,16 +1700,16 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, unsigned char k[COMB_MAX_D + 1]; mbedtls_ecp_point *RR = R; -#if !defined(MBEDTLS_ECP_EARLY_RETURN) +#if !defined(MBEDTLS_ECP_RESTARTABLE) (void) rs_ctx; #endif -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) RR = &rs_ctx->rsm->R; #endif -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx == NULL || rs_ctx->rsm == NULL || rs_ctx->rsm->state < ecp_rsm_final_norm ) #endif @@ -1720,7 +1720,7 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, f_rng, p_rng, rs_ctx ) ); MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) rs_ctx->rsm->state++; #endif @@ -1729,7 +1729,7 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, ECP_BUDGET( ECP_OPS_INV ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) ); #endif @@ -1798,11 +1798,11 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, unsigned char pre_len = 0, T_ok = 0; mbedtls_ecp_point *T = NULL; -#if !defined(MBEDTLS_ECP_EARLY_RETURN) +#if !defined(MBEDTLS_ECP_RESTARTABLE) (void) rs_ctx; #endif -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* set up our own sub-context if needed */ if( ecp_max_ops != 0 && rs_ctx != NULL && rs_ctx->rsm == NULL ) { @@ -1834,7 +1834,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, T_ok = 1; } -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* Pre-computed table: do we have one in progress? complete? */ if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL && T == NULL ) { @@ -1884,7 +1884,7 @@ cleanup: T = NULL; /* does T belong to the restart context? */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) { /* transfer ownership of T from local function to rsm */ @@ -1903,7 +1903,7 @@ cleanup: } /* don't free R while in progress in case R == P */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) #endif /* prevent caller from using invalid value */ @@ -1911,7 +1911,7 @@ cleanup: mbedtls_ecp_point_free( R ); /* clear our sub-context when not in progress (done or error) */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { ecp_restart_mul_free( rs_ctx->rsm ); mbedtls_free( rs_ctx->rsm ); @@ -2130,7 +2130,7 @@ cleanup: /* * Restartable multiplication R = m * P */ -#if !defined(MBEDTLS_ECP_EARLY_RETURN) +#if !defined(MBEDTLS_ECP_RESTARTABLE) static #endif int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, @@ -2143,7 +2143,7 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, char is_grp_capable = 0; #endif -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* reset ops count for this call if top-level */ if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) rs_ctx->ops_done = 0; @@ -2157,7 +2157,7 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #endif /* MBEDTLS_ECP_INTERNAL_ALT */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) && defined(ECP_SHORTWEIERSTRASS) +#if defined(MBEDTLS_ECP_RESTARTABLE) && defined(ECP_SHORTWEIERSTRASS) /* skip argument check when restarting */ if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS || rs_ctx == NULL || rs_ctx->rsm == NULL ) @@ -2191,7 +2191,7 @@ cleanup: #endif /* MBEDTLS_ECP_INTERNAL_ALT */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL ) rs_ctx->depth--; #endif @@ -2295,7 +2295,7 @@ cleanup: * Restartable linear combination * NOT constant-time */ -#if !defined(MBEDTLS_ECP_EARLY_RETURN) +#if !defined(MBEDTLS_ECP_RESTARTABLE) static #endif int mbedtls_ecp_muladd_restartable( @@ -2312,7 +2312,7 @@ int mbedtls_ecp_muladd_restartable( char is_grp_capable = 0; #endif -#if !defined(MBEDTLS_ECP_EARLY_RETURN) +#if !defined(MBEDTLS_ECP_RESTARTABLE) (void) rs_ctx; #endif @@ -2329,7 +2329,7 @@ int mbedtls_ecp_muladd_restartable( #endif /* MBEDTLS_ECP_INTERNAL_ALT */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* reset ops count for this call if top-level */ if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) rs_ctx->ops_done = 0; @@ -2358,17 +2358,17 @@ int mbedtls_ecp_muladd_restartable( if( rs_ctx->ma->state == ecp_rsma_norm ) goto norm; } -#endif /* MBEDTLS_ECP_EARLY_RETURN */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->ma != NULL ) rs_ctx->ma->state++; mul2: #endif MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->ma != NULL ) rs_ctx->ma->state++; @@ -2376,7 +2376,7 @@ add: #endif ECP_BUDGET( ECP_OPS_ADD ); MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->ma != NULL ) rs_ctx->ma->state++; @@ -2385,7 +2385,7 @@ norm: ECP_BUDGET( ECP_OPS_INV ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->ma != NULL ) MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) ); #endif @@ -2401,7 +2401,7 @@ cleanup: mbedtls_ecp_point_free( &mP ); -#if defined(MBEDTLS_ECP_EARLY_RETURN) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* clear our sub-context when not in progress (done or error) */ if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { ecp_restart_muladd_free( rs_ctx->ma ); @@ -2411,7 +2411,7 @@ cleanup: if( rs_ctx != NULL ) rs_ctx->depth--; -#endif /* MBEDTLS_ECP_EARLY_RETURN */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ return( ret ); } diff --git a/library/version_features.c b/library/version_features.c index 2668eaed5..ec355e1ff 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -276,9 +276,9 @@ static const char *features[] = { #if defined(MBEDTLS_ECP_NIST_OPTIM) "MBEDTLS_ECP_NIST_OPTIM", #endif /* MBEDTLS_ECP_NIST_OPTIM */ -#if defined(MBEDTLS_ECP_EARLY_RETURN) - "MBEDTLS_ECP_EARLY_RETURN", -#endif /* MBEDTLS_ECP_EARLY_RETURN */ +#if defined(MBEDTLS_ECP_RESTARTABLE) + "MBEDTLS_ECP_RESTARTABLE", +#endif /* MBEDTLS_ECP_RESTARTABLE */ #if defined(MBEDTLS_ECDSA_DETERMINISTIC) "MBEDTLS_ECDSA_DETERMINISTIC", #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index f76f93b66..5bb8d024d 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -345,34 +345,34 @@ ecp_test_vect:MBEDTLS_ECP_DP_SECP256K1:"923C6D4756CD940CD1E13A359F6E0F0698791938 ECP selftest ecp_selftest: -ECP early return mul secp256r1 restart disabled +ECP restartable mul secp256r1 restart disabled depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":0:0:0 -ECP early return mul secp256r1 restart max_ops=1 +ECP restartable mul secp256r1 max_ops=1 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":1:1:5000 -ECP early return mul secp256r1 restart max_ops=10000 +ECP restartable mul secp256r1 max_ops=10000 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":10000:0:0 -ECP early return mul secp256r1 restart max_ops=250 +ECP restartable mul secp256r1 max_ops=250 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":250:2:32 -ECP early return muladd secp256r1 restart disabled +ECP restartable muladd secp256r1 restart disabled depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":0:0:0 -ECP early return muladd secp256r1 restart max_ops=1 +ECP restartable muladd secp256r1 max_ops=1 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":1:1:10000 -ECP early return muladd secp256r1 restart max_ops=10000 +ECP restartable muladd secp256r1 max_ops=10000 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":10000:0:0 -ECP early return muladd secp256r1 restart max_ops=250 +ECP restartable muladd secp256r1 max_ops=250 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":250:4:64 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 659830e5d..3ec7caf54 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -51,7 +51,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ECP_EARLY_RETURN */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void ecp_test_vect_restart( int id, char *dA_str, char *xA_str, char *yA_str, char *dB_str, char *xZ_str, char *yZ_str, @@ -145,7 +145,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ECP_EARLY_RETURN */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void ecp_muladd_restart( int id, char *xR_str, char *yR_str, char *u1_str, char *u2_str, char *xQ_str, char *yQ_str, From 0ff17df081cd34394427e47e41c64323571fd109 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 15:51:52 +0200 Subject: [PATCH 046/368] Fix ECDSA test descriptions The rename script was a bit zealous during the Great Renaming. --- tests/suites/test_suite_ecdsa.data | 60 +++++++++++++++--------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index d9640765e..c0fab761a 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -50,7 +50,7 @@ ECDSA write-read random #5 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecdsa_write_read_random:MBEDTLS_ECP_DP_SECP521R1 -ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha1 +ECDSA deterministic test vector rfc 6979 p192 sha1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"sample":"98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF":"57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64" @@ -58,7 +58,7 @@ ECDSA deterministic test vector rfc 6979 p192 sha224 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"sample":"A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5":"E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A" -ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha256 +ECDSA deterministic test vector rfc 6979 p192 sha256 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA256:"sample":"4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55":"CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85" @@ -66,11 +66,11 @@ ECDSA deterministic test vector rfc 6979 p192 sha384 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA384:"sample":"DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5":"C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E" -ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha512 +ECDSA deterministic test vector rfc 6979 p192 sha512 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA512:"sample":"4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8":"3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67" -ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha1 +ECDSA deterministic test vector rfc 6979 p192 sha1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"test":"0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D":"EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7" @@ -78,7 +78,7 @@ ECDSA deterministic test vector rfc 6979 p192 sha224 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"test":"6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34":"B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293" -ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha256 +ECDSA deterministic test vector rfc 6979 p192 sha256 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA256:"test":"3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE":"5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F" @@ -86,11 +86,11 @@ ECDSA deterministic test vector rfc 6979 p192 sha384 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA384:"test":"B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367":"7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A" -ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha512 +ECDSA deterministic test vector rfc 6979 p192 sha512 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA512:"test":"FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739":"74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290" -ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha1 +ECDSA deterministic test vector rfc 6979 p224 sha1 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"sample":"22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC":"66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69" @@ -98,7 +98,7 @@ ECDSA deterministic test vector rfc 6979 p224 sha224 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"sample":"1CDFE6662DDE1E4A1EC4CDEDF6A1F5A2FB7FBD9145C12113E6ABFD3E":"A6694FD7718A21053F225D3F46197CA699D45006C06F871808F43EBC" -ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha256 +ECDSA deterministic test vector rfc 6979 p224 sha256 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA256:"sample":"61AA3DA010E8E8406C656BC477A7A7189895E7E840CDFE8FF42307BA":"BC814050DAB5D23770879494F9E0A680DC1AF7161991BDE692B10101" @@ -106,11 +106,11 @@ ECDSA deterministic test vector rfc 6979 p224 sha384 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA384:"sample":"0B115E5E36F0F9EC81F1325A5952878D745E19D7BB3EABFABA77E953":"830F34CCDFE826CCFDC81EB4129772E20E122348A2BBD889A1B1AF1D" -ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha512 +ECDSA deterministic test vector rfc 6979 p224 sha512 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA512:"sample":"074BD1D979D5F32BF958DDC61E4FB4872ADCAFEB2256497CDAC30397":"A4CECA196C3D5A1FF31027B33185DC8EE43F288B21AB342E5D8EB084" -ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha1 +ECDSA deterministic test vector rfc 6979 p224 sha1 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"test":"DEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C":"95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2" @@ -118,7 +118,7 @@ ECDSA deterministic test vector rfc 6979 p224 sha224 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"test":"C441CE8E261DED634E4CF84910E4C5D1D22C5CF3B732BB204DBEF019":"902F42847A63BDC5F6046ADA114953120F99442D76510150F372A3F4" -ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha256 +ECDSA deterministic test vector rfc 6979 p224 sha256 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA256:"test":"AD04DDE87B84747A243A631EA47A1BA6D1FAA059149AD2440DE6FBA6":"178D49B1AE90E3D8B629BE3DB5683915F4E8C99FDF6E666CF37ADCFD" @@ -126,11 +126,11 @@ ECDSA deterministic test vector rfc 6979 p224 sha384 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA384:"test":"389B92682E399B26518A95506B52C03BC9379A9DADF3391A21FB0EA4":"414A718ED3249FF6DBC5B50C27F71F01F070944DA22AB1F78F559AAB" -ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha512 +ECDSA deterministic test vector rfc 6979 p224 sha512 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA512:"test":"049F050477C5ADD858CAC56208394B5A55BAEBBE887FDF765047C17C":"077EB13E7005929CEFA3CD0403C7CDCC077ADF4E44F3C41B2F60ECFF" -ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha1 +ECDSA deterministic test vector rfc 6979 p256 sha1 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"sample":"61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32":"6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB" @@ -138,7 +138,7 @@ ECDSA deterministic test vector rfc 6979 p256 sha224 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"sample":"53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F":"B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C" -ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha256 +ECDSA deterministic test vector rfc 6979 p256 sha256 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"sample":"EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716":"F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8" @@ -146,11 +146,11 @@ ECDSA deterministic test vector rfc 6979 p256 sha384 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA384:"sample":"0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF7719":"4861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954" -ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha512 +ECDSA deterministic test vector rfc 6979 p256 sha512 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA512:"sample":"8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F00":"2362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE" -ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha1 +ECDSA deterministic test vector rfc 6979 p256 sha1 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"test":"0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89":"01B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1" @@ -158,7 +158,7 @@ ECDSA deterministic test vector rfc 6979 p256 sha224 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"test":"C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692":"C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D" -ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha256 +ECDSA deterministic test vector rfc 6979 p256 sha256 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367":"019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083" @@ -166,11 +166,11 @@ ECDSA deterministic test vector rfc 6979 p256 sha384 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA384:"test":"83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB6":"8DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C" -ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha512 +ECDSA deterministic test vector rfc 6979 p256 sha512 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA512:"test":"461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04":"39AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55" -ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha1 +ECDSA deterministic test vector rfc 6979 p384 sha1 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"sample":"EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2":"A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443" @@ -178,7 +178,7 @@ ECDSA deterministic test vector rfc 6979 p384 sha224 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"sample":"42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE060122":"9DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D" -ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha256 +ECDSA deterministic test vector rfc 6979 p384 sha256 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA256:"sample":"21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD":"F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0" @@ -186,11 +186,11 @@ ECDSA deterministic test vector rfc 6979 p384 sha384 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA384:"sample":"94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE46":"99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8" -ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha512 +ECDSA deterministic test vector rfc 6979 p384 sha512 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA512:"sample":"ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709":"512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5" -ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha1 +ECDSA deterministic test vector rfc 6979 p384 sha1 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"test":"4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7":"D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282" @@ -198,7 +198,7 @@ ECDSA deterministic test vector rfc 6979 p384 sha224 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"test":"E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72":"07041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66" -ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha256 +ECDSA deterministic test vector rfc 6979 p384 sha256 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA256:"test":"6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B":"2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265" @@ -206,11 +206,11 @@ ECDSA deterministic test vector rfc 6979 p384 sha384 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA384:"test":"8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB":"DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5" -ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha512 +ECDSA deterministic test vector rfc 6979 p384 sha512 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA512:"test":"A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277":"976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736" -ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha1 +ECDSA deterministic test vector rfc 6979 p521 sha1 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"sample":"0343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D":"0E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16" @@ -218,7 +218,7 @@ ECDSA deterministic test vector rfc 6979 p521 sha224 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"sample":"1776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E":"050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F" -ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha256 +ECDSA deterministic test vector rfc 6979 p521 sha256 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA256:"sample":"1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7":"04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC" @@ -226,11 +226,11 @@ ECDSA deterministic test vector rfc 6979 p521 sha384 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA384:"sample":"1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451":"1F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61" -ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha512 +ECDSA deterministic test vector rfc 6979 p521 sha512 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA512:"sample":"0C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA":"0617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A" -ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha1 +ECDSA deterministic test vector rfc 6979 p521 sha1 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"test":"13BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367":"1E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF" @@ -238,7 +238,7 @@ ECDSA deterministic test vector rfc 6979 p521 sha224 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"test":"1C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB":"177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4" -ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha256 +ECDSA deterministic test vector rfc 6979 p521 sha256 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA256:"test":"00E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8":"0CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86" @@ -246,7 +246,7 @@ ECDSA deterministic test vector rfc 6979 p521 sha384 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA384:"test":"14BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C":"133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979" -ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha512 +ECDSA deterministic test vector rfc 6979 p521 sha512 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3" From b5a50e754dd3d61f49eb798a23279ce0b74f9cf3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 16:06:13 +0200 Subject: [PATCH 047/368] Always declare restartable function variants Otherwise code that uses these functions in other modules will have to do: #if defined(MBEDTLS_ECP_RESTARTABLE) ret = do_stuff( there, may, be, many, args ); #else ret = do_stuff( their, may, be, namy, args, rs_ctx ); #fi and there is a risk that the arg list will differ when code is updated, and this might not be caught immediately by tests because this depends on a config.h compile-time option which are harder to test. Always declaring the restartable variants of the API functions avoids this problem; the cost in ROM size should be negligible. --- include/mbedtls/ecp.h | 11 +++++++---- library/ecp.c | 9 --------- 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 325392b02..532124dc7 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -172,6 +172,7 @@ typedef struct mbedtls_ecp_keypair; #if defined(MBEDTLS_ECP_RESTARTABLE) + /** * \brief Internal restart context for multiplication * @@ -196,6 +197,12 @@ typedef struct mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */ mbedtls_ecp_restart_muladd_ctx *ma; /*!< ecp_muladd() sub-context */ } mbedtls_ecp_restart_ctx; + +#else /* MBEDTLS_ECP_RESTARTABLE */ + +/* We want to declare restartable versions of existing functions anyway */ +typedef void mbedtls_ecp_restart_ctx; + #endif /* MBEDTLS_ECP_RESTARTABLE */ /** @@ -612,7 +619,6 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); -#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Restartable version of \c mbedtls_ecp_mul() * @@ -636,7 +642,6 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ /** * \brief Multiplication and addition of two points by integers: @@ -662,7 +667,6 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); -#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Restartable version of \c mbedtls_ecp_muladd() * @@ -687,7 +691,6 @@ int mbedtls_ecp_muladd_restartable( const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q, mbedtls_ecp_restart_ctx *rs_ctx ); -#endif /** * \brief Check that a point is a valid public key on this curve diff --git a/library/ecp.c b/library/ecp.c index 03b1476a4..92397244a 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -250,9 +250,6 @@ static int ecp_check_budget( const mbedtls_ecp_group *grp, #define ECP_BUDGET( ops ) MBEDTLS_MPI_CHK( ecp_check_budget( grp, rs_ctx, ops ) ); #else #define ECP_BUDGET( ops ) /* no-op */ - -/* We also need that type to make our life simpler for internal functions */ -typedef void mbedtls_ecp_restart_ctx; #endif /* MBEDTLS_ECP_RESTARTABLE */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ @@ -2130,9 +2127,6 @@ cleanup: /* * Restartable multiplication R = m * P */ -#if !defined(MBEDTLS_ECP_RESTARTABLE) -static -#endif int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, @@ -2295,9 +2289,6 @@ cleanup: * Restartable linear combination * NOT constant-time */ -#if !defined(MBEDTLS_ECP_RESTARTABLE) -static -#endif int mbedtls_ecp_muladd_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, From c751148cc5772b55c172ae9e8ec92380630c6fed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Apr 2017 16:31:00 +0200 Subject: [PATCH 048/368] Make some macros/functions public These will be needed in other modules that already include ecp.h --- include/mbedtls/ecp.h | 27 +++++++++++++++++++++++++++ library/ecp.c | 34 ++++++++++++---------------------- 2 files changed, 39 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 532124dc7..420c6d07b 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -198,8 +198,35 @@ typedef struct mbedtls_ecp_restart_muladd_ctx *ma; /*!< ecp_muladd() sub-context */ } mbedtls_ecp_restart_ctx; +/* + * Operation counts for restartable functions + */ +#define MBEDTLS_ECP_OPS_DBL 8 /*!< basic ops count for ecp_double_jac() */ +#define MBEDTLS_ECP_OPS_ADD 11 /*!< basic ops count for see ecp_add_mixed() */ +#define MBEDTLS_ECP_OPS_INV 120 /*!< empirical equivalent for mpi_mod_inv() */ + +/** + * \brief Internal; for restartable functions in other modules. + * Check and update basic ops budget. + * + * \param grp Group structure + * \param rs_ctx Restart context + * \param ops Number of basic ops to do + * + * \return 0 is doing 'ops' basic ops is still allowed, + * MBEDTLS_ERR_ECP_IN_PROGRESS otherwise. + */ +int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, + mbedtls_ecp_restart_ctx *rs_ctx, + unsigned ops ); + +/* Utility macro for checking and updating ops budget */ +#define MBEDTLS_ECP_BUDGET( ops ) MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, ops ) ); + #else /* MBEDTLS_ECP_RESTARTABLE */ +#define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */ + /* We want to declare restartable versions of existing functions anyway */ typedef void mbedtls_ecp_restart_ctx; diff --git a/library/ecp.c b/library/ecp.c index 92397244a..9d4721ec5 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -213,19 +213,12 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) ctx->ma = NULL; } -/* - * Operation counts - */ -#define ECP_OPS_DBL 8 /* see ecp_double_jac() */ -#define ECP_OPS_ADD 11 /* see ecp_add_mixed() */ -#define ECP_OPS_INV 120 /* empirical equivalent */ - /* * Check if we can do the next step */ -static int ecp_check_budget( const mbedtls_ecp_group *grp, - mbedtls_ecp_restart_ctx *rs_ctx, - unsigned ops ) +int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, + mbedtls_ecp_restart_ctx *rs_ctx, + unsigned ops ) { if( rs_ctx != NULL && ecp_max_ops != 0 ) { @@ -247,9 +240,6 @@ static int ecp_check_budget( const mbedtls_ecp_group *grp, return( 0 ); } -#define ECP_BUDGET( ops ) MBEDTLS_MPI_CHK( ecp_check_budget( grp, rs_ctx, ops ) ); -#else -#define ECP_BUDGET( ops ) /* no-op */ #endif /* MBEDTLS_ECP_RESTARTABLE */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ @@ -1437,7 +1427,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, for( ; j < d * ( w - 1 ); j++ ) { - ECP_BUDGET( ECP_OPS_DBL ); + MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL ); i = 1U << ( j / d ); cur = T + i; @@ -1468,7 +1458,7 @@ norm_dbl: for( i = 1; i < T_len; i <<= 1 ) TT[j++] = T + i; - ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 ); + MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); @@ -1485,7 +1475,7 @@ norm_dbl: add: #endif - ECP_BUDGET( ( T_len - 1 ) * ECP_OPS_ADD ); + MBEDTLS_ECP_BUDGET( ( T_len - 1 ) * MBEDTLS_ECP_OPS_ADD ); for( i = 1; i < T_len; i <<= 1 ) { @@ -1511,7 +1501,7 @@ norm_add: for( j = 0; j + 1 < T_len; j++ ) TT[j] = T + j + 1; - ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 ); + MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); @@ -1602,7 +1592,7 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R while( i-- != 0 ) { - ECP_BUDGET( ECP_OPS_DBL + ECP_OPS_ADD ); + MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD ); MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) ); MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, t_len, x[i] ) ); MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) ); @@ -1723,7 +1713,7 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, #endif } - ECP_BUDGET( ECP_OPS_INV ); + MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -2162,7 +2152,7 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); /* check_privkey is 0M and check_pubkey is 3M */ - ECP_BUDGET( 3 ); + MBEDTLS_ECP_BUDGET( 3 ); } ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; @@ -2365,7 +2355,7 @@ mul2: add: #endif - ECP_BUDGET( ECP_OPS_ADD ); + MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_ADD ); MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->ma != NULL ) @@ -2373,7 +2363,7 @@ add: norm: #endif - ECP_BUDGET( ECP_OPS_INV ); + MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) From 1ed2505f854b5e9be20578079e37a29d896f5673 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Apr 2017 10:04:02 +0200 Subject: [PATCH 049/368] Add some negative testing for ecdsa_verify() --- include/mbedtls/ecdsa.h | 2 +- tests/suites/test_suite_ecdsa.function | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index a277715b3..259948dfc 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -120,7 +120,7 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi * prescribed by SEC1 4.1.4 step 3. * * \return 0 if successful, - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid + * MBEDTLS_ERR_ECP_VERIFY_FAILED if signature is invalid * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code */ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 88e07a9e6..491ab43b4 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -87,6 +87,16 @@ void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str, TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 ); + TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 ); + + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, + &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, + &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, + &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + exit: mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &Q ); @@ -178,13 +188,13 @@ void ecdsa_write_read_random( int id ) /* try modifying r */ sig[10]++; TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len ) != 0 ); + sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); sig[10]--; /* try modifying s */ sig[sig_len - 1]++; TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len ) != 0 ); + sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); sig[sig_len - 1]--; exit: From 32aa4375cca6a9f645e9ae9b03d40c0d48f259b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Apr 2017 10:29:13 +0200 Subject: [PATCH 050/368] Declare ecdsa_read_signature_restartable() Not making ecdsa_verify_restartable() public, as it isn't called from any other module. --- include/mbedtls/ecdsa.h | 58 ++++++++++++++++++++++++++++++++++++++--- library/ecdsa.c | 54 ++++++++++++++++++++++++++++++++++---- 2 files changed, 104 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 259948dfc..f09e75490 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -46,14 +46,31 @@ /** Maximum size of an ECDSA signature in bytes */ #define MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) ) +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief ECDSA context structure */ typedef mbedtls_ecp_keypair mbedtls_ecdsa_context; -#ifdef __cplusplus -extern "C" { -#endif +#if defined(MBEDTLS_ECP_RESTARTABLE) + +/** + * \brief General context for resuming ECDSA operations + */ +typedef struct +{ + mbedtls_ecp_restart_ctx rs_ecp; /*!< base context (admin+ecp info) */ +} mbedtls_ecdsa_restart_ctx; + +#else /* MBEDTLS_ECP_RESTARTABLE */ + +/* Now we can declare functions that take a pointer to that */ +typedef void mbedtls_ecdsa_restart_ctx; + +#endif /* MBEDTLS_ECP_RESTARTABLE */ /** * \brief Compute ECDSA signature of a previously hashed message @@ -227,6 +244,29 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen ); +/** + * \brief Restartable version of \c mbedtls_ecdsa_read_signature() + * + * \note Performs the same job as \c mbedtls_ecdsa_read_signature() + * but can return early and restart according to the limit + * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. + * + * \param ctx ECDSA context + * \param hash Message hash + * \param hlen Size of hash + * \param sig Signature to read and verify + * \param slen Size of sig + * \param rs_ctx Restart context + * + * \return See \c mbedtls_ecdsa_read_signature(), or + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). + */ +int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + const unsigned char *sig, size_t slen, + mbedtls_ecdsa_restart_ctx *rs_ctx ); + /** * \brief Generate an ECDSA keypair on the given curve * @@ -265,6 +305,18 @@ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ); */ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ); +#if defined(MBEDTLS_ECP_RESTARTABLE) +/** + * \brief Initialize a restart context + */ +void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ); + +/** + * \brief Free the components of a restart context + */ +void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + #ifdef __cplusplus } #endif diff --git a/library/ecdsa.c b/library/ecdsa.c index 6873757a0..3003812e9 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -196,14 +196,18 @@ cleanup: * Verify ECDSA signature of hashed message (SEC1 4.1.4) * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message) */ -int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s) +static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *r, const mbedtls_mpi *s, + mbedtls_ecdsa_restart_ctx *rs_ctx ) { int ret; mbedtls_mpi e, s_inv, u1, u2; mbedtls_ecp_point R; + (void) rs_ctx; // temporary + mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv ); mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 ); @@ -277,6 +281,16 @@ cleanup: return( ret ); } +/* + * Verify ECDSA signature of hashed message + */ +int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s) +{ + return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) ); +} + /* * Convert a signature (given by context) to ASN.1 */ @@ -356,6 +370,18 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen ) +{ + return( mbedtls_ecdsa_read_signature_restartable( + ctx, hash, hlen, sig, slen, NULL ) ); +} + +/* + * Restartable read and check signature + */ +int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + const unsigned char *sig, size_t slen, + mbedtls_ecdsa_restart_ctx *rs_ctx ) { int ret; unsigned char *p = (unsigned char *) sig; @@ -387,8 +413,8 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, goto cleanup; } - if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen, - &ctx->Q, &r, &s ) ) != 0 ) + if( ( ret = ecdsa_verify_restartable( &ctx->grp, hash, hlen, + &ctx->Q, &r, &s, rs_ctx ) ) != 0 ) goto cleanup; if( p != end ) @@ -444,4 +470,22 @@ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ) mbedtls_ecp_keypair_free( ctx ); } +#if defined(MBEDTLS_ECP_RESTARTABLE) +/* + * Initialize a restart context + */ +void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) +{ + mbedtls_ecp_restart_init( &ctx->rs_ecp ); +} + +/* + * Free the components of a restart context + */ +void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ) +{ + mbedtls_ecp_restart_free( &ctx->rs_ecp ); +} +#endif /* MBEDTLS_ECP_RESTARTABLE */ + #endif /* MBEDTLS_ECDSA_C */ From 722e5156fd1cf0eebfec849a080f3b556b840e3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Apr 2017 11:04:47 +0200 Subject: [PATCH 051/368] Add test for ecdsa_read_signature_restartable() Test values taken from a random signature as generated in ecdsa_write_read_random() test function --- include/mbedtls/ecdsa.h | 2 +- library/ecdsa.c | 4 +- tests/suites/test_suite_ecdsa.data | 3 ++ tests/suites/test_suite_ecdsa.function | 62 ++++++++++++++++++++++++++ 4 files changed, 68 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index f09e75490..c7b9f27da 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -62,7 +62,7 @@ typedef mbedtls_ecp_keypair mbedtls_ecdsa_context; */ typedef struct { - mbedtls_ecp_restart_ctx rs_ecp; /*!< base context (admin+ecp info) */ + mbedtls_ecp_restart_ctx ecp; /*!< base context (admin+ecp info) */ } mbedtls_ecdsa_restart_ctx; #else /* MBEDTLS_ECP_RESTARTABLE */ diff --git a/library/ecdsa.c b/library/ecdsa.c index 3003812e9..19f9d5e2e 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -476,7 +476,7 @@ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ) */ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) { - mbedtls_ecp_restart_init( &ctx->rs_ecp ); + mbedtls_ecp_restart_init( &ctx->ecp ); } /* @@ -484,7 +484,7 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) */ void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ) { - mbedtls_ecp_restart_free( &ctx->rs_ecp ); + mbedtls_ecp_restart_free( &ctx->ecp ); } #endif /* MBEDTLS_ECP_RESTARTABLE */ diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index c0fab761a..6ca912a46 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -250,3 +250,6 @@ ECDSA deterministic test vector rfc 6979 p521 sha512 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3" +ECDSA restartable read-verify: restart disabled +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":0:0:0 diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 491ab43b4..d5cb65480 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -202,3 +202,65 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str, + int max_ops, int min_restart, int max_restart ) +{ + mbedtls_ecdsa_context ctx; + mbedtls_ecdsa_restart_ctx rs_ctx; + unsigned char hash[64]; + unsigned char sig[200]; + unsigned char pk[65]; + size_t sig_len, hash_len, pk_len; + int ret, cnt_restart; + + mbedtls_ecdsa_init( &ctx ); + mbedtls_ecdsa_restart_init( &rs_ctx ); + + hash_len = unhexify(hash, h_str); + sig_len = unhexify(sig, s_str); + pk_len = unhexify(pk, k_str); + + TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); + TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, pk, pk_len ) == 0 ); + + mbedtls_ecp_set_max_ops( max_ops ); + + cnt_restart = 0; + do { + ret = mbedtls_ecdsa_read_signature_restartable( &ctx, + hash, hash_len, sig, sig_len, &rs_ctx ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); + + TEST_ASSERT( ret == 0 ); + TEST_ASSERT( cnt_restart >= min_restart ); + TEST_ASSERT( cnt_restart <= max_restart ); + + /* try modifying r */ + sig[10]++; + do { + ret = mbedtls_ecdsa_read_signature_restartable( &ctx, + hash, hash_len, sig, sig_len, &rs_ctx ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + sig[10]--; + + /* try modifying s */ + sig[sig_len - 1]++; + do { + ret = mbedtls_ecdsa_read_signature_restartable( &ctx, + hash, hash_len, sig, sig_len, &rs_ctx ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + sig[sig_len - 1]--; + + /* do we leak memory when aborting? */ + ret = mbedtls_ecdsa_read_signature_restartable( &ctx, + hash, hash_len, sig, sig_len, &rs_ctx ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + +exit: + mbedtls_ecdsa_free( &ctx ); + mbedtls_ecdsa_restart_free( &rs_ctx ); +} +/* END_CASE */ From a0c5bcc2bc09bd1a096172d9ffd03c0626e8dada Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Apr 2017 11:33:57 +0200 Subject: [PATCH 052/368] Add infrastructure for ecdsa_verify_restartable() --- include/mbedtls/ecdsa.h | 8 ++++ include/mbedtls/ecp.h | 8 ++++ library/ecdsa.c | 85 ++++++++++++++++++++++++++++++++++++++++- library/ecp.c | 8 ++++ 4 files changed, 107 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index c7b9f27da..d2f83b224 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -57,12 +57,20 @@ typedef mbedtls_ecp_keypair mbedtls_ecdsa_context; #if defined(MBEDTLS_ECP_RESTARTABLE) +/** + * \brief Internal restart context for ecdsa_verify() + * + * \note Opaque struct + */ +typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx; + /** * \brief General context for resuming ECDSA operations */ typedef struct { mbedtls_ecp_restart_ctx ecp; /*!< base context (admin+ecp info) */ + mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */ } mbedtls_ecdsa_restart_ctx; #else /* MBEDTLS_ECP_RESTARTABLE */ diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 420c6d07b..3e5c60530 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -341,6 +341,14 @@ typedef void mbedtls_ecp_restart_ctx; * \note This setting is currently ignored by Curve25519 */ void mbedtls_ecp_set_max_ops( unsigned max_ops ); + +/** + * \brief Check if restart is enabled (max_ops != 0) + * + * \return 0 if max_ops == 0 (restart disabled) + * 1 otherwise (restart enabled) + */ +int mbedtls_ecp_restart_enabled( void ); #endif /* MBEDTLS_ECP_RESTARTABLE */ /** diff --git a/library/ecdsa.c b/library/ecdsa.c index 19f9d5e2e..8e1f62a8e 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -42,6 +42,50 @@ #include "mbedtls/hmac_drbg.h" #endif +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + +#if defined(MBEDTLS_ECP_RESTARTABLE) +/* + * Sub-contect for ecdsa_verify() + */ +struct mbedtls_ecdsa_restart_ver +{ + int state; /* dummy */ +}; + +/* + * Init verify restart sub-context + */ +static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx ) +{ + memset( ctx, 0, sizeof( *ctx ) ); +} + +/* + * Free the components of a verify restart sub-context + */ +static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx ) +{ + if( ctx == NULL ) + return; + + memset( ctx, 0, sizeof( *ctx ) ); +} + +#define ECDSA_RS_ECP &rs_ctx->ecp + +#else /* MBEDTLS_ECP_RESTARTABLE */ + +#define ECDSA_RS_ECP NULL + +#endif /* MBEDTLS_ECP_RESTARTABLE */ + /* * Derive a suitable integer for group grp from a buffer of length len * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3 @@ -206,7 +250,9 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, mbedtls_mpi e, s_inv, u1, u2; mbedtls_ecp_point R; - (void) rs_ctx; // temporary +#if !defined(MBEDTLS_ECP_RESTARTABLE) + (void) rs_ctx; +#endif mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv ); @@ -216,6 +262,22 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, if( grp->N.p == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + /* reset ops count for this call if top-level */ + if( rs_ctx != NULL && rs_ctx->ecp.depth++ == 0 ) + rs_ctx->ecp.ops_done = 0; + + /* set up our own sub-context if needed */ + if( mbedtls_ecp_restart_enabled() && rs_ctx != NULL && rs_ctx->ver == NULL ) + { + rs_ctx->ver = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ver_ctx ) ); + if( rs_ctx->ver == NULL ) + return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + + ecdsa_restart_ver_init( rs_ctx->ver ); + } +#endif /* MBEDTLS_ECP_RESTARTABLE */ + /* * Step 1: make sure r and s are in range 1..n-1 */ @@ -250,7 +312,8 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, /* * Step 5: R = u1 G + u2 Q */ - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, &R, &u1, &grp->G, &u2, Q ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_muladd_restartable( grp, + &R, &u1, &grp->G, &u2, Q, ECDSA_RS_ECP ) ); if( mbedtls_ecp_is_zero( &R ) ) { @@ -278,6 +341,18 @@ cleanup: mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv ); mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + /* clear our sub-context when not in progress (done or error) */ + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + ecdsa_restart_ver_free( rs_ctx->ver ); + mbedtls_free( rs_ctx->ver ); + rs_ctx->ver = NULL; + } + + if( rs_ctx != NULL ) + rs_ctx->ecp.depth--; +#endif /* MBEDTLS_ECP_RESTARTABLE */ + return( ret ); } @@ -477,6 +552,8 @@ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ) void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) { mbedtls_ecp_restart_init( &ctx->ecp ); + + ctx->ver = NULL; } /* @@ -485,6 +562,10 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ) { mbedtls_ecp_restart_free( &ctx->ecp ); + + ecdsa_restart_ver_free( ctx->ver ); + mbedtls_free( ctx->ver ); + ctx->ver = NULL; } #endif /* MBEDTLS_ECP_RESTARTABLE */ diff --git a/library/ecp.c b/library/ecp.c index 9d4721ec5..40daa6710 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -100,6 +100,14 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ) ecp_max_ops = max_ops; } +/* + * Check if restart is enabled + */ +int mbedtls_ecp_restart_enabled( void ) +{ + return( ecp_max_ops != 0 ); +} + /* * Restart sub-context for ecp_mul_comb() */ From 5314f234ca303e2a2770bb1718e88c62b80bc6d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Apr 2017 12:36:59 +0200 Subject: [PATCH 053/368] Make verify_restartable() actually restartable --- include/mbedtls/ecp.h | 1 + library/ecdsa.c | 46 ++++++++++++++++++++++++++---- library/ecp.c | 6 ++-- tests/suites/test_suite_ecdsa.data | 12 ++++++++ 4 files changed, 56 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 3e5c60530..04a557bdb 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -201,6 +201,7 @@ typedef struct /* * Operation counts for restartable functions */ +#define MBEDTLS_ECP_OPS_CHK 3 /*!< basic ops count for ecp_check_pubkey() */ #define MBEDTLS_ECP_OPS_DBL 8 /*!< basic ops count for ecp_double_jac() */ #define MBEDTLS_ECP_OPS_ADD 11 /*!< basic ops count for see ecp_add_mixed() */ #define MBEDTLS_ECP_OPS_INV 120 /*!< empirical equivalent for mpi_mod_inv() */ diff --git a/library/ecdsa.c b/library/ecdsa.c index 8e1f62a8e..f7f7a01af 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -51,12 +51,17 @@ #endif #if defined(MBEDTLS_ECP_RESTARTABLE) + /* * Sub-contect for ecdsa_verify() */ struct mbedtls_ecdsa_restart_ver { - int state; /* dummy */ + mbedtls_mpi u1, u2; /* intermediate values */ + enum { /* what to do next? */ + ecdsa_ver_init = 0, /* getting started */ + ecdsa_ver_muladd, /* muladd step */ + } state; }; /* @@ -75,15 +80,24 @@ static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx ) if( ctx == NULL ) return; + mbedtls_mpi_free( &ctx->u1 ); + mbedtls_mpi_free( &ctx->u2 ); + memset( ctx, 0, sizeof( *ctx ) ); } #define ECDSA_RS_ECP &rs_ctx->ecp +/* Utility macro for checking and updating ops budget */ +#define ECDSA_BUDGET( ops ) \ + MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, &rs_ctx->ecp, ops ) ); + #else /* MBEDTLS_ECP_RESTARTABLE */ #define ECDSA_RS_ECP NULL +#define ECDSA_BUDGET( ops ) /* no-op; for compatibility */ + #endif /* MBEDTLS_ECP_RESTARTABLE */ /* @@ -249,6 +263,7 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, int ret; mbedtls_mpi e, s_inv, u1, u2; mbedtls_ecp_point R; + mbedtls_mpi *pu1 = &u1, *pu2 = &u2; #if !defined(MBEDTLS_ECP_RESTARTABLE) (void) rs_ctx; @@ -276,6 +291,17 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, ecdsa_restart_ver_init( rs_ctx->ver ); } + + if( rs_ctx != NULL && rs_ctx->ver != NULL ) + { + /* redirect to our context */ + pu1 = &rs_ctx->ver->u1; + pu2 = &rs_ctx->ver->u2; + + /* jump to current step */ + if( rs_ctx->ver->state == ecdsa_ver_muladd ) + goto muladd; + } #endif /* MBEDTLS_ECP_RESTARTABLE */ /* @@ -290,7 +316,9 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, /* * Additional precaution: make sure Q is valid + * For ops count, group that together with step 4 */ + ECDSA_BUDGET( MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2 ); MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) ); /* @@ -303,17 +331,23 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, */ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &s_inv, s, &grp->N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u1, &e, &s_inv ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &u1, &u1, &grp->N ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu1, &e, &s_inv ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu1, pu1, &grp->N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u2, r, &s_inv ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &u2, &u2, &grp->N ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu2, r, &s_inv ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu2, pu2, &grp->N ) ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->ver != NULL ) + rs_ctx->ver->state++; + +muladd: +#endif /* * Step 5: R = u1 G + u2 Q */ MBEDTLS_MPI_CHK( mbedtls_ecp_muladd_restartable( grp, - &R, &u1, &grp->G, &u2, Q, ECDSA_RS_ECP ) ); + &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP ) ); if( mbedtls_ecp_is_zero( &R ) ) { diff --git a/library/ecp.c b/library/ecp.c index 40daa6710..0f1cbfce4 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2155,12 +2155,12 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, rs_ctx == NULL || rs_ctx->rsm == NULL ) #endif { + /* check_privkey is free */ + MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK ); + /* Common sanity checks */ MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); - - /* check_privkey is 0M and check_pubkey is 3M */ - MBEDTLS_ECP_BUDGET( 3 ); } ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index 6ca912a46..f2cf214cc 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -253,3 +253,15 @@ ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757 ECDSA restartable read-verify: restart disabled depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":0:0:0 + +ECDSA restartable read-verify: max_ops=1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":1:42:10000 + +ECDSA restartable read-verify: max_ops=10000 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":10000:0:0 + +ECDSA restartable read-verify: max_ops=250 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":250:4:64 From addb10efac68cccf16918ba9798dc3dad8754729 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Apr 2017 12:54:46 +0200 Subject: [PATCH 054/368] Create functions for restartable sign --- include/mbedtls/ecdsa.h | 29 +++++++++++++++++++ library/ecdsa.c | 64 ++++++++++++++++++++++++++++++++++------- 2 files changed, 83 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index d2f83b224..f557a4de2 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -187,6 +187,35 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief Restartable version of \c mbedtls_ecdsa_write_signature() + * + * \note Performs the same job as \c mbedtls_ecdsa_write_signature() + * but can return early and restart according to the limit + * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. + * + * \param ctx ECDSA context + * \param md_alg Algorithm that was used to hash the message + * \param hash Message hash + * \param hlen Length of hash + * \param sig Buffer that will hold the signature + * \param slen Length of the signature written + * \param f_rng RNG function + * \param p_rng RNG parameter + * \param rs_ctx Restart context + * + * \return See \c mbedtls_ecdsa_write_signature(), or + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). + */ +int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecdsa_restart_ctx *rs_ctx ); + #if defined(MBEDTLS_ECDSA_DETERMINISTIC) #if ! defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) diff --git a/library/ecdsa.c b/library/ecdsa.c index f7f7a01af..ec1e5872d 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -127,14 +127,18 @@ cleanup: * Compute ECDSA signature of a hashed message (SEC1 4.1.3) * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message) */ -int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, +static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, + mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_ecdsa_restart_ctx *rs_ctx ) { int ret, key_tries, sign_tries, blind_tries; mbedtls_ecp_point R; mbedtls_mpi k, e, t; + (void) rs_ctx; // temporary + /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ if( grp->N.p == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); @@ -212,13 +216,26 @@ cleanup: return( ret ); } +/* + * Compute ECDSA signature of a hashed message + */ +int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + return( ecdsa_sign_restartable( grp, r, s, d, buf, blen, + f_rng, p_rng, NULL ) ); +} + #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /* * Deterministic signature wrapper */ -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, +static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, + mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ) + mbedtls_md_type_t md_alg, + mbedtls_ecdsa_restart_ctx *rs_ctx ) { int ret; mbedtls_hmac_drbg_context rng_ctx; @@ -227,6 +244,8 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi const mbedtls_md_info_t *md_info; mbedtls_mpi h; + (void) rs_ctx; // temporary + if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); @@ -248,6 +267,16 @@ cleanup: return( ret ); } + +/* + * Deterministic signature wrapper + */ +int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg ) +{ + return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg, NULL ) ); +} #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ /* @@ -427,11 +456,13 @@ static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s, /* * Compute and write signature */ -int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, +int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) + void *p_rng, + mbedtls_ecdsa_restart_ctx *rs_ctx ) { int ret; mbedtls_mpi r, s; @@ -443,13 +474,13 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t (void) f_rng; (void) p_rng; - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ctx->grp, &r, &s, &ctx->d, - hash, hlen, md_alg ) ); + MBEDTLS_MPI_CHK( ecdsa_sign_det_restartable( &ctx->grp, &r, &s, &ctx->d, + hash, hlen, md_alg, rs_ctx ) ); #else (void) md_alg; - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ctx->grp, &r, &s, &ctx->d, - hash, hlen, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( ecdsa_sign_restartable( &ctx->grp, &r, &s, &ctx->d, + hash, hlen, f_rng, p_rng, rs_ctx ) ); #endif MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) ); @@ -461,6 +492,19 @@ cleanup: return( ret ); } +/* + * Compute and write signature + */ +int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + return( mbedtls_ecdsa_write_signature_restartable( + ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) ); +} + #if ! defined(MBEDTLS_DEPRECATED_REMOVED) && \ defined(MBEDTLS_ECDSA_DETERMINISTIC) int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, From eb402f3cd39bae8689a927fb61499cbee0283a0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Apr 2017 10:57:30 +0200 Subject: [PATCH 055/368] Add test for restartable signature Test relies on deterministic signature as this uses plain sig internally, so if deterministic works, then so does non-deterministic, while the reciprocal is false. (Also, deterministic is enabled by default in config.h.) Test case is taken from a RFC 6979 test vector, just manually converting (r,s) to the encoded signature. --- tests/suites/test_suite_ecdsa.data | 4 ++ tests/suites/test_suite_ecdsa.function | 57 ++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index f2cf214cc..c236c28c6 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -265,3 +265,7 @@ ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387 ECDSA restartable read-verify: max_ops=250 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":250:4:64 + +ECDSA restartable sign-write: secp256r1 restart disabled +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +ecdsa_write_restart:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0 diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index d5cb65480..9205627be 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -264,3 +264,60 @@ exit: mbedtls_ecdsa_restart_free( &rs_ctx ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */ +void ecdsa_write_restart( int id, char *d_str, int md_alg, + char *msg, char *sig_str, + int max_ops, int min_restart, int max_restart ) +{ + int ret, cnt_restart; + mbedtls_ecdsa_restart_ctx rs_ctx; + mbedtls_ecdsa_context ctx; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; + unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; + unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN]; + size_t hlen, slen, slen_check; + const mbedtls_md_info_t *md_info; + + mbedtls_ecdsa_restart_init( &rs_ctx ); + mbedtls_ecdsa_init( &ctx ); + memset( hash, 0, sizeof( hash ) ); + memset( sig, 0, sizeof( sig ) ); + memset( sig_check, 0, sizeof( sig_check ) ); + + TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 ); + slen_check = unhexify( sig_check, sig_str ); + + md_info = mbedtls_md_info_from_type( md_alg ); + TEST_ASSERT( md_info != NULL ); + + hlen = mbedtls_md_get_size( md_info ); + mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash ); + + mbedtls_ecp_set_max_ops( max_ops ); + + slen = sizeof( sig ); + cnt_restart = 0; + do { + ret = mbedtls_ecdsa_write_signature_restartable( &ctx, + md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); + + TEST_ASSERT( ret == 0 ); + TEST_ASSERT( slen == slen_check ); + TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 ); + + TEST_ASSERT( cnt_restart >= min_restart ); + TEST_ASSERT( cnt_restart <= max_restart ); + + /* do we leak memory when aborting? */ + ret = mbedtls_ecdsa_write_signature_restartable( &ctx, + md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + +exit: + mbedtls_ecdsa_restart_free( &rs_ctx ); + mbedtls_ecdsa_free( &ctx ); +} +/* END_CASE */ From b90883dc1dc42891354c0f40a908e298d8d0af32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Apr 2017 11:33:10 +0200 Subject: [PATCH 056/368] Prepare infra for restartable sign --- include/mbedtls/ecdsa.h | 20 +++++ library/ecdsa.c | 176 ++++++++++++++++++++++++++++++++-------- 2 files changed, 161 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index f557a4de2..ce94af871 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -64,6 +64,22 @@ typedef mbedtls_ecp_keypair mbedtls_ecdsa_context; */ typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx; +/** + * \brief Internal restart context for ecdsa_sign() + * + * \note Opaque struct, defined in ecdsa.c + */ +typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx; + +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +/** + * \brief Internal restart context for ecdsa_sign_det() + * + * \note Opaque struct, defined in ecdsa.c + */ +typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx; +#endif + /** * \brief General context for resuming ECDSA operations */ @@ -71,6 +87,10 @@ typedef struct { mbedtls_ecp_restart_ctx ecp; /*!< base context (admin+ecp info) */ mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */ + mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */ +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */ +#endif } mbedtls_ecdsa_restart_ctx; #else /* MBEDTLS_ECP_RESTARTABLE */ diff --git a/library/ecdsa.c b/library/ecdsa.c index ec1e5872d..4c0b61462 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -86,18 +86,110 @@ static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx ) memset( ctx, 0, sizeof( *ctx ) ); } +/* + * Sub-contect for ecdsa_sign() + */ +struct mbedtls_ecdsa_restart_sig +{ + enum { /* what to do next? */ + ecdsa_sig_init = 0, /* getting started */ + } state; +}; + +/* + * Init verify sign sub-context + */ +static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx ) +{ + memset( ctx, 0, sizeof( *ctx ) ); +} + +/* + * Free the components of a sign restart sub-context + */ +static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx ) +{ + if( ctx == NULL ) + return; + + memset( ctx, 0, sizeof( *ctx ) ); +} + +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +/* + * Sub-contect for ecdsa_sign_det() + */ +struct mbedtls_ecdsa_restart_det +{ + enum { /* what to do next? */ + ecdsa_det_init = 0, /* getting started */ + } state; +}; + +/* + * Init verify sign_det sub-context + */ +static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx ) +{ + memset( ctx, 0, sizeof( *ctx ) ); +} + +/* + * Free the components of a sign_det restart sub-context + */ +static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) +{ + if( ctx == NULL ) + return; + + memset( ctx, 0, sizeof( *ctx ) ); +} +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ + #define ECDSA_RS_ECP &rs_ctx->ecp /* Utility macro for checking and updating ops budget */ #define ECDSA_BUDGET( ops ) \ MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, &rs_ctx->ecp, ops ) ); +#define ECDSA_RS_ENTER( SUB ) do { \ + /* reset ops count for this call if top-level */ \ + if( rs_ctx != NULL && rs_ctx->ecp.depth++ == 0 ) \ + rs_ctx->ecp.ops_done = 0; \ + \ + /* set up our own sub-context if needed */ \ + if( mbedtls_ecp_restart_enabled() && \ + rs_ctx != NULL && rs_ctx->SUB == NULL ) \ + { \ + rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \ + if( rs_ctx->SUB == NULL ) \ + return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \ + \ + ecdsa_restart_## SUB ##_init( rs_ctx->SUB ); \ + } \ +} while( 0 ) + +#define ECDSA_RS_LEAVE( SUB ) do { \ + /* clear our sub-context when not in progress (done or error) */ \ + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { \ + ecdsa_restart_## SUB ##_free( rs_ctx->SUB ); \ + mbedtls_free( rs_ctx->SUB ); \ + rs_ctx->SUB = NULL; \ + } \ + \ + if( rs_ctx != NULL ) \ + rs_ctx->ecp.depth--; \ +} while( 0 ) + #else /* MBEDTLS_ECP_RESTARTABLE */ #define ECDSA_RS_ECP NULL #define ECDSA_BUDGET( ops ) /* no-op; for compatibility */ +#define ECDSA_RS_ENTER( SUB ) (void) rs_ctx +#define ECDSA_RS_LEAVE( SUB ) (void) rs_ctx + #endif /* MBEDTLS_ECP_RESTARTABLE */ /* @@ -137,8 +229,6 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point R; mbedtls_mpi k, e, t; - (void) rs_ctx; // temporary - /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ if( grp->N.p == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); @@ -146,6 +236,19 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t ); + ECDSA_RS_ENTER( sig ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->sig != NULL ) + { + /* redirect to our context */ + // TODO + + /* jump to current step */ + // TODO + } +#endif /* MBEDTLS_ECP_RESTARTABLE */ + sign_tries = 0; do { @@ -213,6 +316,8 @@ cleanup: mbedtls_ecp_point_free( &R ); mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t ); + ECDSA_RS_LEAVE( sig ); + return( ret ); } @@ -244,27 +349,40 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, const mbedtls_md_info_t *md_info; mbedtls_mpi h; - (void) rs_ctx; // temporary - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); mbedtls_mpi_init( &h ); mbedtls_hmac_drbg_init( &rng_ctx ); + ECDSA_RS_ENTER( det ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->det != NULL ) + { + /* redirect to our context */ + // TODO + + /* jump to current step */ + // TODO + } +#endif /* MBEDTLS_ECP_RESTARTABLE */ + /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); - ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, &rng_ctx ); + ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, &rng_ctx, rs_ctx ); cleanup: mbedtls_hmac_drbg_free( &rng_ctx ); mbedtls_mpi_free( &h ); + ECDSA_RS_LEAVE( det ); + return( ret ); } @@ -294,10 +412,6 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point R; mbedtls_mpi *pu1 = &u1, *pu2 = &u2; -#if !defined(MBEDTLS_ECP_RESTARTABLE) - (void) rs_ctx; -#endif - mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv ); mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 ); @@ -306,21 +420,9 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, if( grp->N.p == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + ECDSA_RS_ENTER( ver ); + #if defined(MBEDTLS_ECP_RESTARTABLE) - /* reset ops count for this call if top-level */ - if( rs_ctx != NULL && rs_ctx->ecp.depth++ == 0 ) - rs_ctx->ecp.ops_done = 0; - - /* set up our own sub-context if needed */ - if( mbedtls_ecp_restart_enabled() && rs_ctx != NULL && rs_ctx->ver == NULL ) - { - rs_ctx->ver = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ver_ctx ) ); - if( rs_ctx->ver == NULL ) - return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - - ecdsa_restart_ver_init( rs_ctx->ver ); - } - if( rs_ctx != NULL && rs_ctx->ver != NULL ) { /* redirect to our context */ @@ -404,17 +506,7 @@ cleanup: mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv ); mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 ); -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* clear our sub-context when not in progress (done or error) */ - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { - ecdsa_restart_ver_free( rs_ctx->ver ); - mbedtls_free( rs_ctx->ver ); - rs_ctx->ver = NULL; - } - - if( rs_ctx != NULL ) - rs_ctx->ecp.depth--; -#endif /* MBEDTLS_ECP_RESTARTABLE */ + ECDSA_RS_LEAVE( ver ); return( ret ); } @@ -632,6 +724,10 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) mbedtls_ecp_restart_init( &ctx->ecp ); ctx->ver = NULL; + ctx->sig = NULL; +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + ctx->det = NULL; +#endif } /* @@ -644,6 +740,16 @@ void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ) ecdsa_restart_ver_free( ctx->ver ); mbedtls_free( ctx->ver ); ctx->ver = NULL; + + ecdsa_restart_sig_free( ctx->sig ); + mbedtls_free( ctx->sig ); + ctx->sig = NULL; + +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + ecdsa_restart_det_free( ctx->det ); + mbedtls_free( ctx->det ); + ctx->det = NULL; +#endif } #endif /* MBEDTLS_ECP_RESTARTABLE */ From 675439620d3029c313e0a804e0ae1e24d6ef376a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Apr 2017 13:19:43 +0200 Subject: [PATCH 057/368] Improve sign/key_tries handling (Unrelated to restartable work, just noticed while staring at the code.) Checking at the end is inefficient as we might give up when we just generated a valid signature or key. --- library/ecdsa.c | 18 +++++++++--------- library/ecp.c | 23 +++++++++++------------ 2 files changed, 20 insertions(+), 21 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index 4c0b61462..14854ffac 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -252,6 +252,12 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, sign_tries = 0; do { + if( sign_tries++ > 10 ) + { + ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; + goto cleanup; + } + /* * Steps 1-3: generate a suitable ephemeral keypair * and set r = xR mod n @@ -259,14 +265,14 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, key_tries = 0; do { - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair( grp, &k, &R, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( r, &R.X, &grp->N ) ); - if( key_tries++ > 10 ) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } + + MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair( grp, &k, &R, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( r, &R.X, &grp->N ) ); } while( mbedtls_mpi_cmp_int( r, 0 ) == 0 ); @@ -303,12 +309,6 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, &k, &grp->N ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) ); - - if( sign_tries++ > 10 ) - { - ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; - goto cleanup; - } } while( mbedtls_mpi_cmp_int( s, 0 ) == 0 ); diff --git a/library/ecp.c b/library/ecp.c index 0f1cbfce4..9b586eebe 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2531,24 +2531,23 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, * - keep the leftmost nbits bits of the generated octet string; * - try until result is in the desired range. * This also avoids any biais, which is especially important for ECDSA. + * + * Each try has at worst a probability 1/2 of failing (the msb has + * a probability 1/2 of being 0, and then the result will be < N), + * so after 30 tries failure probability is a most 2**(-30). + * + * For most curves, 1 try is enough with overwhelming probability, + * since N starts with a lot of 1s in binary, but some curves + * such as secp224k1 are actually very close to the worst case. */ do { + if( ++count > 30 ) + return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + MBEDTLS_MPI_CHK( f_rng( p_rng, rnd, n_size ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( d, rnd, n_size ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) ); - - /* - * Each try has at worst a probability 1/2 of failing (the msb has - * a probability 1/2 of being 0, and then the result will be < N), - * so after 30 tries failure probability is a most 2**(-30). - * - * For most curves, 1 try is enough with overwhelming probability, - * since N starts with a lot of 1s in binary, but some curves - * such as secp224k1 are actually very close to the worst case. - */ - if( ++count > 30 ) - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); } while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ); From 50b63ba2f588910123f4366c5145435ea9df3c9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Apr 2017 12:57:22 +0200 Subject: [PATCH 058/368] Use ecp_gen_privkey() in ECDSA sign Two different changes: - the first one will allow us to store k in the restart context while restarting the following ecp_mul() operation - the second one is an simplification, unrelated to restartability, made possible by the fact that ecp_gen_privkey() is now public --- library/ecdsa.c | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index 14854ffac..b8aef5d30 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -225,7 +225,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_ecdsa_restart_ctx *rs_ctx ) { - int ret, key_tries, sign_tries, blind_tries; + int ret, key_tries, sign_tries; mbedtls_ecp_point R; mbedtls_mpi k, e, t; @@ -271,7 +271,10 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair( grp, &k, &R, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, &k, f_rng, p_rng ) ); + + MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, &R, &k, &grp->G, + f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( r, &R.X, &grp->N ) ); } while( mbedtls_mpi_cmp_int( r, 0 ) == 0 ); @@ -285,19 +288,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, * Generate a random value to blind inv_mod in next step, * avoiding a potential timing leak. */ - blind_tries = 0; - do - { - size_t n_size = ( grp->nbits + 7 ) / 8; - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &t, n_size, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &t, 8 * n_size - grp->nbits ) ); - - /* See mbedtls_ecp_gen_keypair() */ - if( ++blind_tries > 30 ) - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); - } - while( mbedtls_mpi_cmp_int( &t, 1 ) < 0 || - mbedtls_mpi_cmp_mpi( &t, &grp->N ) >= 0 ); + MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, &t, f_rng, p_rng ) ); /* * Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n From af081f546076b76cabb19cf88a35e75a44943499 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Apr 2017 13:44:19 +0200 Subject: [PATCH 059/368] Make ECDSA sign actually restartable --- library/ecdsa.c | 98 ++++++++++++++++++++++++------ tests/suites/test_suite_ecdsa.data | 12 ++++ 2 files changed, 91 insertions(+), 19 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index b8aef5d30..e137a0074 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -91,8 +91,14 @@ static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx ) */ struct mbedtls_ecdsa_restart_sig { + int sign_tries; + int key_tries; + mbedtls_mpi k; /* per-signature random */ + mbedtls_mpi r; /* r value */ enum { /* what to do next? */ ecdsa_sig_init = 0, /* getting started */ + ecdsa_sig_mul, /* doing ecp_mul() */ + ecdsa_sig_modn, /* mod N computations */ } state; }; @@ -102,6 +108,9 @@ struct mbedtls_ecdsa_restart_sig static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx ) { memset( ctx, 0, sizeof( *ctx ) ); + + mbedtls_mpi_init( &ctx->k ); + mbedtls_mpi_init( &ctx->r ); } /* @@ -112,6 +121,9 @@ static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx ) if( ctx == NULL ) return; + mbedtls_mpi_free( &ctx->k ); + mbedtls_mpi_free( &ctx->r ); + memset( ctx, 0, sizeof( *ctx ) ); } @@ -121,8 +133,10 @@ static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx ) */ struct mbedtls_ecdsa_restart_det { + mbedtls_hmac_drbg_context rng_ctx; /* DRBG state */ enum { /* what to do next? */ - ecdsa_det_init = 0, /* getting started */ + ecdsa_det_init = 0, /* getting started */ + ecdsa_det_sign, /* make signature */ } state; }; @@ -132,6 +146,8 @@ struct mbedtls_ecdsa_restart_det static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx ) { memset( ctx, 0, sizeof( *ctx ) ); + + mbedtls_hmac_drbg_init( &ctx->rng_ctx ); } /* @@ -142,6 +158,8 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) if( ctx == NULL ) return; + mbedtls_hmac_drbg_free( &ctx->rng_ctx ); + memset( ctx, 0, sizeof( *ctx ) ); } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ @@ -226,8 +244,10 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, mbedtls_ecdsa_restart_ctx *rs_ctx ) { int ret, key_tries, sign_tries; + int *p_sign_tries = &sign_tries, *p_key_tries = &key_tries; mbedtls_ecp_point R; mbedtls_mpi k, e, t; + mbedtls_mpi *pk = &k, *pr = r; /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ if( grp->N.p == NULL ) @@ -242,17 +262,24 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, if( rs_ctx != NULL && rs_ctx->sig != NULL ) { /* redirect to our context */ - // TODO + p_sign_tries = &rs_ctx->sig->sign_tries; + p_key_tries = &rs_ctx->sig->key_tries; + pk = &rs_ctx->sig->k; + pr = &rs_ctx->sig->r; + /* jump to current step */ - // TODO + if( rs_ctx->sig->state == ecdsa_sig_mul ) + goto mul; + if( rs_ctx->sig->state == ecdsa_sig_modn ) + goto modn; } #endif /* MBEDTLS_ECP_RESTARTABLE */ - sign_tries = 0; + *p_sign_tries = 0; do { - if( sign_tries++ > 10 ) + if( *p_sign_tries++ > 10 ) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; @@ -262,22 +289,43 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, * Steps 1-3: generate a suitable ephemeral keypair * and set r = xR mod n */ - key_tries = 0; + *p_key_tries = 0; do { - if( key_tries++ > 10 ) + if( *p_key_tries++ > 10 ) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, &k, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, &R, &k, &grp->G, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( r, &R.X, &grp->N ) ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->sig != NULL ) + { + rs_ctx->sig->state++; + } + +mul: +#endif + MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G, + f_rng, p_rng, ECDSA_RS_ECP ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) ); } - while( mbedtls_mpi_cmp_int( r, 0 ) == 0 ); + while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 ); + + +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->sig != NULL ) + rs_ctx->sig->state++; + +modn: +#endif + /* + * Accounting for everything up to the end of the loop + * (step 6, but checking now avoids saving e and t) + */ + ECDSA_BUDGET( MBEDTLS_ECP_OPS_INV + 4 ); /* * Step 5: derive MPI from hashed message @@ -293,16 +341,20 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, /* * Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, r, d ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, pr, d ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &k, &k, &t ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, &k, &grp->N ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pk, pk, &t ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) ); } while( mbedtls_mpi_cmp_int( s, 0 ) == 0 ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_mpi_copy( r, pr ); +#endif + cleanup: mbedtls_ecp_point_free( &R ); mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t ); @@ -335,6 +387,7 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, { int ret; mbedtls_hmac_drbg_context rng_ctx; + mbedtls_hmac_drbg_context *p_rng = &rng_ctx; unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; size_t grp_len = ( grp->nbits + 7 ) / 8; const mbedtls_md_info_t *md_info; @@ -352,10 +405,11 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, if( rs_ctx != NULL && rs_ctx->det != NULL ) { /* redirect to our context */ - // TODO + p_rng = &rs_ctx->det->rng_ctx; /* jump to current step */ - // TODO + if( rs_ctx->det->state == ecdsa_det_sign ) + goto sign; } #endif /* MBEDTLS_ECP_RESTARTABLE */ @@ -363,10 +417,16 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); - mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); + mbedtls_hmac_drbg_seed_buf( p_rng, md_info, data, 2 * grp_len ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->det != NULL ) + rs_ctx->det->state++; + +sign: +#endif ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, &rng_ctx, rs_ctx ); + mbedtls_hmac_drbg_random, p_rng, rs_ctx ); cleanup: mbedtls_hmac_drbg_free( &rng_ctx ); diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index c236c28c6..f9c8f6068 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -269,3 +269,15 @@ ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387 ECDSA restartable sign-write: secp256r1 restart disabled depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C ecdsa_write_restart:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0 + +ECDSA restartable sign-write: secp256r1 restart max_ops=1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +ecdsa_write_restart:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":1:1:10000 + +ECDSA restartable sign-write: secp256r1 restart max_ops=10000 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +ecdsa_write_restart:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":10000:0:0 + +ECDSA restartable sign-write: secp256r1 restart max_ops=250 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +ecdsa_write_restart:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:32 From c90d3b0f896761dc4c7830cdd01cb894c5536cf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Apr 2017 10:48:29 +0200 Subject: [PATCH 060/368] Update doc for restartable ECDH functions --- include/mbedtls/ecdh.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 625a28192..506a1cfb9 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -67,6 +67,8 @@ mbedtls_ecdh_context; * * \return 0 if successful, * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), @@ -85,6 +87,8 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp * * \return 0 if successful, * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). * * \note If f_rng is not NULL, it is used to implement * countermeasures against potential elaborate timing @@ -124,6 +128,8 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); * properly set (for example using mbedtls_ecp_group_load). * * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, @@ -170,6 +176,8 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypai * \param p_rng RNG parameter * * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, @@ -201,6 +209,8 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, * \param p_rng RNG parameter * * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, From 71b2c53254b670ae2639d33c415bdfc446d9ef95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Apr 2017 10:38:52 +0200 Subject: [PATCH 061/368] Add tests for restartable ECDH --- tests/suites/test_suite_ecdh.data | 4 + tests/suites/test_suite_ecdh.function | 110 ++++++++++++++++++++++++++ 2 files changed, 114 insertions(+) diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data index f7119de41..98c4f60c1 100644 --- a/tests/suites/test_suite_ecdh.data +++ b/tests/suites/test_suite_ecdh.data @@ -37,3 +37,7 @@ ecdh_exchange:MBEDTLS_ECP_DP_SECP192R1 ECDH exchange #2 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecdh_exchange:MBEDTLS_ECP_DP_SECP521R1 + +ECDH restartable rfc 5903 p256 restart disabled +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:0:0 diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 4c6a97baf..911464ad0 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -158,3 +158,113 @@ exit: mbedtls_ecdh_free( &cli ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, + int max_ops, int min_restart, int max_restart ) +{ + int ret; + mbedtls_ecdh_context srv, cli; + unsigned char buf[1000]; + const unsigned char *vbuf; + size_t len; + unsigned char z[MBEDTLS_ECP_MAX_BYTES]; + size_t z_len; + unsigned char rnd_buf_A[MBEDTLS_ECP_MAX_BYTES]; + unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES]; + rnd_buf_info rnd_info_A, rnd_info_B; + int cnt_restart; + + mbedtls_ecdh_init( &srv ); + mbedtls_ecdh_init( &cli ); + + z_len = unhexify( z, z_str ); + + rnd_info_A.buf = rnd_buf_A; + rnd_info_A.length = unhexify( rnd_buf_A, dA_str ); + + rnd_info_B.buf = rnd_buf_B; + rnd_info_B.length = unhexify( rnd_buf_B, dB_str ); + + TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 ); + + /* otherwise we would have to fix the random buffer, + * as in ecdh_primitive_test_vec */ + TEST_ASSERT( srv.grp.nbits % 8 == 0 ); + + mbedtls_ecp_set_max_ops( max_ops ); + + /* server writes its paramaters */ + memset( buf, 0x00, sizeof( buf ) ); + len = 0; + + cnt_restart = 0; + do { + ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ), + rnd_buffer_rand, &rnd_info_A ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); + + TEST_ASSERT( ret == 0 ); + TEST_ASSERT( cnt_restart >= min_restart ); + TEST_ASSERT( cnt_restart <= max_restart ); + + /* client read server params */ + vbuf = buf; + TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 ); + + /* client writes its key share */ + memset( buf, 0x00, sizeof( buf ) ); + len = 0; + + cnt_restart = 0; + do { + ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ), + rnd_buffer_rand, &rnd_info_B ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); + + TEST_ASSERT( ret == 0 ); + TEST_ASSERT( cnt_restart >= min_restart ); + TEST_ASSERT( cnt_restart <= max_restart ); + + /* server reads client key share */ + TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); + + /* server computes shared secret */ + memset( buf, 0, sizeof( buf ) ); + len = 0; + + cnt_restart = 0; + do { + ret = mbedtls_ecdh_calc_secret( &srv, &len, buf, sizeof( buf ), + NULL, NULL ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); + + TEST_ASSERT( ret == 0 ); + TEST_ASSERT( cnt_restart >= min_restart ); + TEST_ASSERT( cnt_restart <= max_restart ); + + TEST_ASSERT( len == z_len ); + TEST_ASSERT( memcmp( buf, z, len ) == 0 ); + + /* client computes shared secret */ + memset( buf, 0, sizeof( buf ) ); + len = 0; + + cnt_restart = 0; + do { + ret = mbedtls_ecdh_calc_secret( &cli, &len, buf, sizeof( buf ), + NULL, NULL ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); + + TEST_ASSERT( ret == 0 ); + TEST_ASSERT( cnt_restart >= min_restart ); + TEST_ASSERT( cnt_restart <= max_restart ); + + TEST_ASSERT( len == z_len ); + TEST_ASSERT( memcmp( buf, z, len ) == 0 ); + +exit: + mbedtls_ecdh_free( &srv ); + mbedtls_ecdh_free( &cli ); +} +/* END_CASE */ From 66ba48a3c8e6522b48acffca9cb6beb7c9d7a23e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Apr 2017 11:38:26 +0200 Subject: [PATCH 062/368] Make ECDH functions actually restartable --- include/mbedtls/ecdh.h | 3 ++ library/ecdh.c | 86 ++++++++++++++++++++++++++----- tests/suites/test_suite_ecdh.data | 12 +++++ 3 files changed, 89 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 506a1cfb9..e707558a8 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -52,6 +52,9 @@ typedef struct mbedtls_ecp_point Vi; /*!< blinding value (for later) */ mbedtls_ecp_point Vf; /*!< un-blinding value (for later) */ mbedtls_mpi _d; /*!< previous d (for later) */ +#if defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecp_restart_ctx rs; /*!< restart context for EC computations */ +#endif } mbedtls_ecdh_context; diff --git a/library/ecdh.c b/library/ecdh.c index c0a814731..b2859c4b6 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -39,22 +39,48 @@ #include /* - * Generate public key: simple wrapper around mbedtls_ecp_gen_keypair + * Generate public key (restartable version) + */ +static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx ) +{ + int ret; + + /* If multiplication is in progress, we already generated a privkey */ +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx == NULL || rs_ctx->rsm == NULL ) +#endif + MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); + + MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G, + f_rng, p_rng, rs_ctx ) ); + +cleanup: + return( ret ); +} + +/* + * Generate public key */ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - return mbedtls_ecp_gen_keypair( grp, d, Q, f_rng, p_rng ); + return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) ); } /* * Compute shared secret (SEC1 3.3.1) */ -int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, +static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp, + mbedtls_mpi *z, const mbedtls_ecp_point *Q, const mbedtls_mpi *d, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx ) { int ret; mbedtls_ecp_point P; @@ -66,7 +92,8 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, */ MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, &P, d, Q, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &P, d, Q, + f_rng, p_rng, rs_ctx ) ); if( mbedtls_ecp_is_zero( &P ) ) { @@ -82,12 +109,28 @@ cleanup: return( ret ); } +/* + * Compute shared secret (SEC1 3.3.1) + */ +int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, + const mbedtls_ecp_point *Q, const mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + return( ecdh_compute_shared_restartable( grp, z, Q, d, + f_rng, p_rng, NULL ) ); +} + /* * Initialize context */ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_ecdh_context ) ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecp_restart_init( &ctx->rs ); +#endif } /* @@ -106,6 +149,10 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) mbedtls_mpi_free( &ctx->d ); mbedtls_mpi_free( &ctx->z ); mbedtls_mpi_free( &ctx->_d ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecp_restart_free( &ctx->rs ); +#endif } /* @@ -122,12 +169,17 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, { int ret; size_t grp_len, pt_len; + mbedtls_ecp_restart_ctx *rs_ctx = NULL; if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ) - != 0 ) +#if defined(MBEDTLS_ECP_RESTARTABLE) + rs_ctx = &ctx->rs; +#endif + + if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng, rs_ctx ) ) != 0 ) return( ret ); if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) ) @@ -202,12 +254,17 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int ret; + mbedtls_ecp_restart_ctx *rs_ctx = NULL; if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ) - != 0 ) +#if defined(MBEDTLS_ECP_RESTARTABLE) + rs_ctx = &ctx->rs; +#endif + + if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng, rs_ctx ) ) != 0 ) return( ret ); return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format, @@ -244,12 +301,17 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int ret; + mbedtls_ecp_restart_ctx *rs_ctx = NULL; - if( ctx == NULL ) + if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d, - f_rng, p_rng ) ) != 0 ) +#if defined(MBEDTLS_ECP_RESTARTABLE) + rs_ctx = &ctx->rs; +#endif + + if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, + &ctx->z, &ctx->Qp, &ctx->d, f_rng, p_rng, rs_ctx ) ) != 0 ) { return( ret ); } diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data index 98c4f60c1..991d11388 100644 --- a/tests/suites/test_suite_ecdh.data +++ b/tests/suites/test_suite_ecdh.data @@ -41,3 +41,15 @@ ecdh_exchange:MBEDTLS_ECP_DP_SECP521R1 ECDH restartable rfc 5903 p256 restart disabled depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:0:0 + +ECDH restartable rfc 5903 p256 restart max_ops=1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:1:10000 + +ECDH restartable rfc 5903 p256 restart max_ops=10000 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":10000:0:0 + +ECDH restartable rfc 5903 p256 restart max_ops=250 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":250:2:32 From fd838dab5cdc13c831851cf6bc00e4d8ff3f167c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Apr 2017 11:38:51 +0200 Subject: [PATCH 063/368] Comment cosmetics --- include/mbedtls/ecdh.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index e707558a8..2e344a8c9 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -43,15 +43,15 @@ typedef enum */ typedef struct { - mbedtls_ecp_group grp; /*!< elliptic curve used */ - mbedtls_mpi d; /*!< our secret value (private key) */ - mbedtls_ecp_point Q; /*!< our public value (public key) */ - mbedtls_ecp_point Qp; /*!< peer's public value (public key) */ - mbedtls_mpi z; /*!< shared secret */ - int point_format; /*!< format for point export in TLS messages */ - mbedtls_ecp_point Vi; /*!< blinding value (for later) */ - mbedtls_ecp_point Vf; /*!< un-blinding value (for later) */ - mbedtls_mpi _d; /*!< previous d (for later) */ + mbedtls_ecp_group grp; /*!< elliptic curve used */ + mbedtls_mpi d; /*!< our secret value (private key) */ + mbedtls_ecp_point Q; /*!< our public value (public key) */ + mbedtls_ecp_point Qp; /*!< peer's public value (public key) */ + mbedtls_mpi z; /*!< shared secret */ + int point_format; /*!< format for point export in TLS */ + mbedtls_ecp_point Vi; /*!< blinding value (for later) */ + mbedtls_ecp_point Vf; /*!< un-blinding value (for later) */ + mbedtls_mpi _d; /*!< previous d (for later) */ #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx rs; /*!< restart context for EC computations */ #endif From 82cb27b3db2b15e32937cbca9474afbd9e2ccd5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 3 May 2017 10:59:45 +0200 Subject: [PATCH 064/368] PK: declare restartable sign/verify functions For RSA, we could either have the function return an error code like NOT_IMPLEMENTED or just run while disregarding ecp_max_ops. IMO the second option makes more sense, as otherwise the caller would need to check whether the key is EC or RSA before deciding to call either sign() or sign_restartable(), and having to do this kind of check feels contrary to the goal of the PK layer. --- include/mbedtls/pk.h | 57 ++++++++++++++++++++++++++++++++++++++++++++ library/pk.c | 43 ++++++++++++++++++++++++++++----- 2 files changed, 94 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index f9f9b9bb0..05c51d38d 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -284,6 +284,33 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ); +/** + * \brief Restartable version of \c mbedtls_pk_verify() + * + * \note Performs the same job as \c mbedtls_pk_verify(), but can + * return early and restart according to the limit set with + * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC + * operations. For RSA, same as \c mbedtls_pk_verify(). + * + * \param ctx PK context to use + * \param md_alg Hash algorithm used (see notes) + * \param hash Hash of the message to sign + * \param hash_len Hash length or 0 (see notes) + * \param sig Signature to verify + * \param sig_len Signature length + * \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a + * pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA. + * + * \return See \c mbedtls_pk_verify(), or + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). + */ +int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx ); + /** * \brief Verify signature, with options. * (Includes verification of the padding depending on type.) @@ -347,6 +374,36 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief Restartable version of \c mbedtls_pk_sign() + * + * \note Performs the same job as \c mbedtls_pk_sign(), but can + * return early and restart according to the limit set with + * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC + * operations. For RSA, same as \c mbedtls_pk_sign(). + * + * \param ctx PK context to use - must hold a private key + * \param md_alg Hash algorithm used (see notes) + * \param hash Hash of the message to sign + * \param hash_len Hash length or 0 (see notes) + * \param sig Place to write the signature + * \param sig_len Number of bytes written + * \param f_rng RNG function + * \param p_rng RNG parameter + * \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a + * pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA. + * + * \return See \c mbedtls_pk_sign(), or + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). + */ +int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *rs_ctx ); + /** * \brief Decrypt message (including padding if relevant). * diff --git a/library/pk.c b/library/pk.c index 8d13bc5ce..b5081f961 100644 --- a/library/pk.c +++ b/library/pk.c @@ -176,12 +176,16 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len } /* - * Verify a signature + * Verify a signature (restartable) */ -int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, +int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) + const unsigned char *sig, size_t sig_len, + void *rs_ctx ) { + (void) rs_ctx; // XXX temporary + if( ctx == NULL || ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -193,6 +197,17 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, sig, sig_len ) ); } +/* + * Verify a signature + */ +int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len ) +{ + return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len, + sig, sig_len, NULL ) ); +} + /* * Verify a signature with options */ @@ -252,13 +267,17 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, } /* - * Make a signature + * Make a signature (restartable) */ -int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, +int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *rs_ctx ) { + (void) rs_ctx; // XXX temporary + if( ctx == NULL || ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -270,6 +289,18 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, sig, sig_len, f_rng, p_rng ) ); } +/* + * Make a signature + */ +int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len, + sig, sig_len, f_rng, p_rng, NULL ) ); +} + /* * Decrypt message */ From c4ee9acb7b58f05d360f881ac92372eb3d42eaa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 May 2017 10:09:36 +0200 Subject: [PATCH 065/368] Add tests for restartable PK sign/verify --- tests/suites/test_suite_pk.data | 8 ++ tests/suites/test_suite_pk.function | 160 +++++++++++++++++++++++++++- 2 files changed, 166 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index dc24cfdd3..8ca9a2194 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -153,3 +153,11 @@ mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDT RSA hash_len overflow (size_t vs unsigned int) depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64 pk_rsa_overflow: + +ECDSA restartable sign/verify: ECDSA, restart disabled +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0 + +ECDSA restartable sign/verify: ECKEY, restart disabled +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5fa8a693a..6e8c032c1 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -127,6 +127,14 @@ void pk_rsa_verify_test_vec( char *message_hex_string, int digest, mbedtls_rsa_context *rsa; mbedtls_pk_context pk; int msg_len; + void *rs_ctx = NULL; +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecdsa_restart_ctx ctx; + + rs_ctx = &ctx; + mbedtls_ecdsa_restart_init( rs_ctx ); + mbedtls_ecp_set_max_ops( 42 ); +#endif mbedtls_pk_init( &pk ); @@ -150,7 +158,13 @@ void pk_rsa_verify_test_vec( char *message_hex_string, int digest, TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0, result_str, mbedtls_pk_get_len( &pk ) ) == result ); + TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, digest, hash_result, 0, + result_str, mbedtls_pk_get_len( &pk ), rs_ctx ) == result ); + exit: +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecdsa_restart_free( rs_ctx ); +#endif mbedtls_pk_free( &pk ); } /* END_CASE */ @@ -253,12 +267,118 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */ +void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, + char *QX_str, char *QY_str, + int md_alg, char *msg, char *sig_str, + int max_ops, int min_restart, int max_restart ) +{ + int ret, cnt_restart; + mbedtls_ecdsa_restart_ctx rs_ctx; + mbedtls_pk_context prv, pub; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; + unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; + unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN]; + size_t hlen, slen, slen_check; + const mbedtls_md_info_t *md_info; + + mbedtls_ecdsa_restart_init( &rs_ctx ); + mbedtls_pk_init( &prv ); + mbedtls_pk_init( &pub ); + memset( hash, 0, sizeof( hash ) ); + memset( sig, 0, sizeof( sig ) ); + memset( sig_check, 0, sizeof( sig_check ) ); + + TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); + TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 ); + + TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); + TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 ); + TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 ); + + slen_check = unhexify( sig_check, sig_str ); + + md_info = mbedtls_md_info_from_type( md_alg ); + TEST_ASSERT( md_info != NULL ); + + hlen = mbedtls_md_get_size( md_info ); + mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash ); + + mbedtls_ecp_set_max_ops( max_ops ); + + slen = sizeof( sig ); + cnt_restart = 0; + do { + ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen, + sig, &slen, NULL, NULL, &rs_ctx ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); + + TEST_ASSERT( ret == 0 ); + TEST_ASSERT( slen == slen_check ); + TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 ); + + TEST_ASSERT( cnt_restart >= min_restart ); + TEST_ASSERT( cnt_restart <= max_restart ); + + cnt_restart = 0; + do { + ret = mbedtls_pk_verify_restartable( &pub, md_alg, + hash, hlen, sig, slen, &rs_ctx ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); + + TEST_ASSERT( ret == 0 ); + TEST_ASSERT( cnt_restart >= min_restart ); + TEST_ASSERT( cnt_restart <= max_restart ); + + hash[0]++; + do { + ret = mbedtls_pk_verify_restartable( &pub, md_alg, + hash, hlen, sig, slen, &rs_ctx ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + TEST_ASSERT( ret != 0 ); + hash[0]--; + + sig[0]++; + do { + ret = mbedtls_pk_verify_restartable( &pub, md_alg, + hash, hlen, sig, slen, &rs_ctx ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + TEST_ASSERT( ret != 0 ); + sig[0]--; + + /* Do we leak memory when aborting? try verify then sign */ + ret = mbedtls_pk_verify_restartable( &pub, md_alg, + hash, hlen, sig, slen, &rs_ctx ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + mbedtls_ecdsa_restart_free( &rs_ctx ); + + slen = sizeof( sig ); + ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen, + sig, &slen, NULL, NULL, &rs_ctx ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + +exit: + mbedtls_ecdsa_restart_free( &rs_ctx ); + mbedtls_pk_free( &prv ); + mbedtls_pk_free( &pub ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ void pk_sign_verify( int type, int sign_ret, int verify_ret ) { mbedtls_pk_context pk; unsigned char hash[50], sig[5000]; size_t sig_len; + void *rs_ctx = NULL; +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecdsa_restart_ctx ctx; + + rs_ctx = &ctx; + mbedtls_ecdsa_restart_init( rs_ctx ); + mbedtls_ecp_set_max_ops( 42000 ); +#endif mbedtls_pk_init( &pk ); @@ -268,13 +388,49 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret ) TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); TEST_ASSERT( pk_genkey( &pk ) == 0 ); - TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, - sig, &sig_len, rnd_std_rand, NULL ) == sign_ret ); + TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256, + hash, sizeof hash, sig, &sig_len, + rnd_std_rand, NULL, rs_ctx ) == sign_ret ); TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, sig, sig_len ) == verify_ret ); + if( verify_ret == 0 ) + { + hash[0]++; + TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, + hash, sizeof hash, sig, sig_len ) != 0 ); + hash[0]--; + + sig[0]++; + TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, + hash, sizeof hash, sig, sig_len ) != 0 ); + sig[0]--; + } + + TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, + sig, &sig_len, rnd_std_rand, NULL ) == sign_ret ); + + TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256, + hash, sizeof hash, sig, sig_len, rs_ctx ) == verify_ret ); + + if( verify_ret == 0 ) + { + hash[0]++; + TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256, + hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 ); + hash[0]--; + + sig[0]++; + TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256, + hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 ); + sig[0]--; + } + exit: +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecdsa_restart_free( rs_ctx ); +#endif mbedtls_pk_free( &pk ); } /* END_CASE */ From 1f596064bc3683f6214a87dd0f6b7cb3f97be004 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 9 May 2017 10:42:40 +0200 Subject: [PATCH 066/368] Make PK EC sign/verify actually restartable --- include/mbedtls/ecdsa.h | 3 + include/mbedtls/pk_internal.h | 15 +++ library/ecdsa.c | 9 ++ library/pk.c | 24 ++++- library/pk_wrap.c | 172 +++++++++++++++++++++++++++++++- tests/suites/test_suite_pk.data | 24 +++++ 6 files changed, 242 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index ce94af871..77842526c 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -91,6 +91,9 @@ typedef struct #if defined(MBEDTLS_ECDSA_DETERMINISTIC) mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */ #endif +#if defined(MBEDTLS_PK_C) + mbedtls_ecdsa_context *ecdsa; /*!< used by the PK layer */ +#endif } mbedtls_ecdsa_restart_ctx; #else /* MBEDTLS_ECP_RESTARTABLE */ diff --git a/include/mbedtls/pk_internal.h b/include/mbedtls/pk_internal.h index 01d0f214b..e996b6cad 100644 --- a/include/mbedtls/pk_internal.h +++ b/include/mbedtls/pk_internal.h @@ -58,6 +58,21 @@ struct mbedtls_pk_info_t int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + /** Verify signature (restartable) */ + int (*verify_rs_func)( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx ); + + /** Make signature (restartable) */ + int (*sign_rs_func)( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, void *rs_ctx ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + /** Decrypt message */ int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, diff --git a/library/ecdsa.c b/library/ecdsa.c index e137a0074..673076275 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -779,6 +779,9 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) #if defined(MBEDTLS_ECDSA_DETERMINISTIC) ctx->det = NULL; #endif +#if defined(MBEDTLS_PK_C) + ctx->ecdsa = NULL; +#endif } /* @@ -801,6 +804,12 @@ void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ) mbedtls_free( ctx->det ); ctx->det = NULL; #endif + +#if defined(MBEDTLS_PK_C) + mbedtls_ecdsa_free( ctx->ecdsa ); + mbedtls_free( ctx->ecdsa ); + ctx->ecdsa = NULL; +#endif } #endif /* MBEDTLS_ECP_RESTARTABLE */ diff --git a/library/pk.c b/library/pk.c index b5081f961..e439c7ad8 100644 --- a/library/pk.c +++ b/library/pk.c @@ -184,12 +184,20 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, const unsigned char *sig, size_t sig_len, void *rs_ctx ) { - (void) rs_ctx; // XXX temporary - if( ctx == NULL || ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( ctx->pk_info->verify_rs_func != NULL ) + { + return( ctx->pk_info->verify_rs_func( ctx->pk_ctx, + md_alg, hash, hash_len, sig, sig_len, rs_ctx ) ); + } +#else + (void) rs_ctx; +#endif /* MBEDTLS_ECP_RESTARTABLE */ + if( ctx->pk_info->verify_func == NULL ) return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); @@ -276,12 +284,20 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, void *rs_ctx ) { - (void) rs_ctx; // XXX temporary - if( ctx == NULL || ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( ctx->pk_info->sign_rs_func != NULL ) + { + return( ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg, + hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx ) ); + } +#else + (void) rs_ctx; +#endif /* MBEDTLS_ECP_RESTARTABLE */ + if( ctx->pk_info->sign_func == NULL ) return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index db6274cbf..d3933a0f1 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -180,6 +180,10 @@ const mbedtls_pk_info_t mbedtls_rsa_info = { rsa_can_do, rsa_verify_wrap, rsa_sign_wrap, +#if defined(MBEDTLS_ECP_RESTARTABLE) + NULL, + NULL, +#endif rsa_decrypt_wrap, rsa_encrypt_wrap, rsa_check_pair_wrap, @@ -252,6 +256,118 @@ static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, return( ret ); } +#if defined(MBEDTLS_ECP_RESTARTABLE) +/* Forward declarations */ +static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx ); + +static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *rs_ctx ); + +static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *p_rs_ctx ) +{ + int ret; + mbedtls_ecdsa_context ecdsa, *p_ecdsa = &ecdsa; + mbedtls_ecdsa_restart_ctx *rs_ctx = p_rs_ctx; + + mbedtls_ecdsa_init( &ecdsa ); + + /* set up our own sub-context if needed */ + if( mbedtls_ecp_restart_enabled() && + rs_ctx != NULL && rs_ctx->ecdsa == NULL ) + { + rs_ctx->ecdsa = mbedtls_calloc( 1, sizeof( *rs_ctx->ecdsa ) ); + if( rs_ctx->ecdsa == NULL ) + return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + + mbedtls_ecdsa_init( rs_ctx->ecdsa ); + MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( rs_ctx->ecdsa, ctx ) ); + } + + if( rs_ctx != NULL && rs_ctx->ecdsa != NULL ) + { + /* redirect to our context */ + p_ecdsa = rs_ctx->ecdsa; + } + else + { + MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( p_ecdsa, ctx ) ); + } + + MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( p_ecdsa, md_alg, hash, hash_len, + sig, sig_len, rs_ctx ) ); + +cleanup: + /* clear our sub-context when not in progress (done or error) */ + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + mbedtls_ecdsa_free( rs_ctx->ecdsa ); + mbedtls_free( rs_ctx->ecdsa ); + rs_ctx->ecdsa = NULL; + } + + mbedtls_ecdsa_free( &ecdsa ); + + return( ret ); +} + +static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *p_rs_ctx ) +{ + int ret; + mbedtls_ecdsa_context ecdsa, *p_ecdsa = &ecdsa; + mbedtls_ecdsa_restart_ctx *rs_ctx = p_rs_ctx; + + mbedtls_ecdsa_init( &ecdsa ); + + /* set up our own sub-context if needed */ + if( mbedtls_ecp_restart_enabled() && + rs_ctx != NULL && rs_ctx->ecdsa == NULL ) + { + rs_ctx->ecdsa = mbedtls_calloc( 1, sizeof( *rs_ctx->ecdsa ) ); + if( rs_ctx->ecdsa == NULL ) + return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + + mbedtls_ecdsa_init( rs_ctx->ecdsa ); + MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( rs_ctx->ecdsa, ctx ) ); + } + + if( rs_ctx != NULL && rs_ctx->ecdsa != NULL ) + { + /* redirect to our context */ + p_ecdsa = rs_ctx->ecdsa; + } + else + { + MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( p_ecdsa, ctx ) ); + } + + MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( p_ecdsa, md_alg, hash, hash_len, + sig, sig_len, f_rng, p_rng, rs_ctx ) ); + +cleanup: + /* clear our sub-context when not in progress (done or error) */ + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + mbedtls_ecdsa_free( rs_ctx->ecdsa ); + mbedtls_free( rs_ctx->ecdsa ); + rs_ctx->ecdsa = NULL; + } + + mbedtls_ecdsa_free( &ecdsa ); + + return( ret ); +} +#endif /* MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_ECDSA_C */ static int eckey_check_pair( const void *pub, const void *prv ) @@ -291,10 +407,18 @@ const mbedtls_pk_info_t mbedtls_eckey_info = { #if defined(MBEDTLS_ECDSA_C) eckey_verify_wrap, eckey_sign_wrap, -#else +#if defined(MBEDTLS_ECP_RESTARTABLE) + eckey_verify_rs_wrap, + eckey_sign_rs_wrap, +#endif +#else /* MBEDTLS_ECDSA_C */ + NULL, + NULL, +#if defined(MBEDTLS_ECP_RESTARTABLE) NULL, NULL, #endif +#endif /* MBEDTLS_ECDSA_C */ NULL, NULL, eckey_check_pair, @@ -319,6 +443,10 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = { eckeydh_can_do, NULL, NULL, +#if defined(MBEDTLS_ECP_RESTARTABLE) + NULL, + NULL, +#endif NULL, NULL, eckey_check_pair, @@ -359,6 +487,40 @@ static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) ); } +#if defined(MBEDTLS_ECP_RESTARTABLE) +static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx ) +{ + int ret; + ((void) md_alg); + + ret = mbedtls_ecdsa_read_signature_restartable( + (mbedtls_ecdsa_context *) ctx, + hash, hash_len, sig, sig_len, + (mbedtls_ecdsa_restart_ctx *) rs_ctx ); + + if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) + return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); + + return( ret ); +} + +static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *rs_ctx ) +{ + return( mbedtls_ecdsa_write_signature_restartable( + (mbedtls_ecdsa_context *) ctx, + md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng, + (mbedtls_ecdsa_restart_ctx *) rs_ctx ) ); + +} +#endif /* MBEDTLS_ECP_RESTARTABLE */ + static void *ecdsa_alloc_wrap( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) ); @@ -382,6 +544,10 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = { ecdsa_can_do, ecdsa_verify_wrap, ecdsa_sign_wrap, +#if defined(MBEDTLS_ECP_RESTARTABLE) + ecdsa_verify_rs_wrap, + ecdsa_sign_rs_wrap, +#endif NULL, NULL, eckey_check_pair, /* Compatible key structures */ @@ -496,6 +662,10 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { rsa_alt_can_do, NULL, rsa_alt_sign_wrap, +#if defined(MBEDTLS_ECP_RESTARTABLE) + NULL, + NULL, +#endif rsa_alt_decrypt_wrap, NULL, #if defined(MBEDTLS_RSA_C) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 8ca9a2194..bd3db182b 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -161,3 +161,27 @@ pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75 ECDSA restartable sign/verify: ECKEY, restart disabled depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0 + +ECDSA restartable sign/verify: ECDSA, max_ops=1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":1:1:10000 + +ECDSA restartable sign/verify: ECKEY, max_ops=1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":1:1:10000 + +ECDSA restartable sign/verify: ECDSA, max_ops=10000 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":10000:0:0 + +ECDSA restartable sign/verify: ECKEY, max_ops=10000 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":10000:0:0 + +ECDSA restartable sign/verify: ECDSA, max_ops=250 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64 + +ECDSA restartable sign/verify: ECKEY, max_ops=1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64 From 31f0ef7b19fe4670a78eb1412b5d2e38a095aead Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 17 May 2017 10:05:58 +0200 Subject: [PATCH 067/368] Fix style issues introduced earlier --- library/ecdsa.c | 3 ++- library/ecp.c | 9 ++++++--- library/pk_wrap.c | 6 ++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index 673076275..8d1f9d632 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -189,7 +189,8 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) #define ECDSA_RS_LEAVE( SUB ) do { \ /* clear our sub-context when not in progress (done or error) */ \ - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { \ + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \ + { \ ecdsa_restart_## SUB ##_free( rs_ctx->SUB ); \ mbedtls_free( rs_ctx->SUB ); \ rs_ctx->SUB = NULL; \ diff --git a/library/ecp.c b/library/ecp.c index 9b586eebe..74a19eecb 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -147,7 +147,8 @@ static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx ) mbedtls_ecp_point_free( &ctx->R ); - if( ctx->T != NULL ) { + if( ctx->T != NULL ) + { for( i = 0; i < ctx->T_size; i++ ) mbedtls_ecp_point_free( ctx->T + i ); mbedtls_free( ctx->T ); @@ -1907,7 +1908,8 @@ cleanup: /* clear our sub-context when not in progress (done or error) */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + { ecp_restart_mul_free( rs_ctx->rsm ); mbedtls_free( rs_ctx->rsm ); rs_ctx->rsm = NULL; @@ -2392,7 +2394,8 @@ cleanup: #if defined(MBEDTLS_ECP_RESTARTABLE) /* clear our sub-context when not in progress (done or error) */ - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + { ecp_restart_muladd_free( rs_ctx->ma ); mbedtls_free( rs_ctx->ma ); rs_ctx->ma = NULL; diff --git a/library/pk_wrap.c b/library/pk_wrap.c index d3933a0f1..8b94d8129 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -307,7 +307,8 @@ static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, cleanup: /* clear our sub-context when not in progress (done or error) */ - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + { mbedtls_ecdsa_free( rs_ctx->ecdsa ); mbedtls_free( rs_ctx->ecdsa ); rs_ctx->ecdsa = NULL; @@ -357,7 +358,8 @@ static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, cleanup: /* clear our sub-context when not in progress (done or error) */ - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + { mbedtls_ecdsa_free( rs_ctx->ecdsa ); mbedtls_free( rs_ctx->ecdsa ); rs_ctx->ecdsa = NULL; From 171a481b9660a05d914d13c76754972d35a279b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 15 May 2017 17:23:37 +0200 Subject: [PATCH 068/368] Add a ChangeLog entry for changes so far --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 55cccd5e6..a377bbb7c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.y.0 released YYYY-MM-DD + +Features + * Add support for restartable ECC operations, controlled by + MBEDTLS_ECP_RESTARTABLE (disabled by default), using new xxx_restartable + functions in ECP, ECDSA, PK, and using existing functions in ECDH. + = mbed TLS x.x.x branch released xxxx-xx-xx Security From b3c8307960255a2d27788d0c40f118681bbb38b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 May 2017 08:50:24 +0200 Subject: [PATCH 069/368] Adapt ssl_client2 to restartable EC --- programs/ssl/ssl_client2.c | 43 +++++++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 8 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5032a9f3d..84ce115cd 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -79,6 +79,7 @@ int main( void ) #define DFL_PSK "" #define DFL_PSK_IDENTITY "Client_identity" #define DFL_ECJPAKE_PW NULL +#define DFL_EC_MAX_OPS -1 #define DFL_FORCE_CIPHER 0 #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED #define DFL_ALLOW_LEGACY -2 @@ -235,6 +236,13 @@ int main( void ) #define USAGE_ECJPAKE "" #endif +#if defined(MBEDTLS_ECP_RESTARTABLE) +#define USAGE_ECRESTART \ + " ec_max_ops=%%s default: library default (restart disabled)\n" +#else +#define USAGE_ECRESTART "" +#endif + #define USAGE \ "\n usage: ssl_client2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -258,6 +266,7 @@ int main( void ) "\n" \ USAGE_PSK \ USAGE_ECJPAKE \ + USAGE_ECRESTART \ "\n" \ " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ @@ -310,6 +319,7 @@ struct options const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ const char *ecjpake_pw; /* the EC J-PAKE password */ + int ec_max_ops; /* EC consecutive operations limit */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ int renegotiation; /* enable / disable renegotiation */ int allow_legacy; /* allow legacy renegotiation */ @@ -527,6 +537,7 @@ int main( int argc, char *argv[] ) opt.psk = DFL_PSK; opt.psk_identity = DFL_PSK_IDENTITY; opt.ecjpake_pw = DFL_ECJPAKE_PW; + opt.ec_max_ops = DFL_EC_MAX_OPS; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; opt.renegotiation = DFL_RENEGOTIATION; opt.allow_legacy = DFL_ALLOW_LEGACY; @@ -619,6 +630,8 @@ int main( int argc, char *argv[] ) opt.psk_identity = q; else if( strcmp( p, "ecjpake_pw" ) == 0 ) opt.ecjpake_pw = q; + else if( strcmp( p, "ec_max_ops" ) == 0 ) + opt.ec_max_ops = atoi( q ); else if( strcmp( p, "force_ciphersuite" ) == 0 ) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q ); @@ -1374,6 +1387,11 @@ int main( int argc, char *argv[] ) mbedtls_timing_get_delay ); #endif +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( opt.ec_max_ops != DFL_EC_MAX_OPS ) + mbedtls_ecp_set_max_ops( opt.ec_max_ops ); +#endif + mbedtls_printf( " ok\n" ); /* @@ -1384,7 +1402,9 @@ int main( int argc, char *argv[] ) while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) { - if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE && + ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", -ret ); if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) @@ -1476,7 +1496,8 @@ int main( int argc, char *argv[] ) while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + ret != MBEDTLS_ERR_SSL_WANT_WRITE && + ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret ); goto exit; @@ -1528,7 +1549,8 @@ send_request: <= 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + ret != MBEDTLS_ERR_SSL_WANT_WRITE && + ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret ); goto exit; @@ -1540,7 +1562,8 @@ send_request: { do ret = mbedtls_ssl_write( &ssl, buf, len ); while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + ret == MBEDTLS_ERR_SSL_WANT_WRITE || + ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); if( ret < 0 ) { @@ -1573,7 +1596,8 @@ send_request: ret = mbedtls_ssl_read( &ssl, buf, len ); if( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ) + ret == MBEDTLS_ERR_SSL_WANT_WRITE || + ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) continue; if( ret <= 0 ) @@ -1618,7 +1642,8 @@ send_request: do ret = mbedtls_ssl_read( &ssl, buf, len ); while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + ret == MBEDTLS_ERR_SSL_WANT_WRITE || + ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); if( ret <= 0 ) { @@ -1666,7 +1691,8 @@ send_request: while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + ret != MBEDTLS_ERR_SSL_WANT_WRITE && + ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); goto exit; @@ -1749,7 +1775,8 @@ reconnect: while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + ret != MBEDTLS_ERR_SSL_WANT_WRITE && + ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); goto exit; From 2350b4ebdc20816df2b6fcfa7f88f75c20795eee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 May 2017 09:26:48 +0200 Subject: [PATCH 070/368] Adapt ECDHE_ECDSA key exchange to restartable EC For now some other key exchanges (ECDHE_PSK) will just fail to work, this will be either fixed or properly fixed later. --- include/mbedtls/ssl_internal.h | 16 +++++++++++++ library/ssl_cli.c | 16 +++++++++++++ tests/ssl-opt.sh | 42 ++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 756360b18..20e443630 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -88,6 +88,14 @@ #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +/* Shorthand for restartable */ +#if defined(MBEDTLS_ECP_RESTARTABLE) && \ + defined(MBEDTLS_SSL_CLI_C) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#define MBEDTLS_SSL__ECP_RESTARTABLE +#endif + #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ @@ -218,6 +226,14 @@ struct mbedtls_ssl_handshake_params mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + enum { + ssl_ecrs_init = 0, /*!< just getting started */ + ssl_ecrs_ecdh_public_done, /*!< wrote ECDHE public share */ + ssl_ecrs_ecdh_completed, /*!< completed ECDHE key exchange */ + } ecrs_state; /*!< state for restartable ECC */ + size_t ecrs_n; /*!< place for seving a length */ +#endif #if defined(MBEDTLS_SSL_PROTO_DTLS) unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a2b9f8cfe..8d7bc45ce 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2861,6 +2861,11 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) */ i = 4; +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_state == ssl_ecrs_ecdh_public_done ) + goto ecdh_calc_secret; +#endif + ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, &ssl->out_msg[i], 1000, @@ -2873,6 +2878,13 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q ); +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + ssl->handshake->ecrs_n = n; + ssl->handshake->ecrs_state++; + +ecdh_calc_secret: + n = ssl->handshake->ecrs_n; +#endif if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &ssl->handshake->pmslen, ssl->handshake->premaster, @@ -2884,6 +2896,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); + +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + ssl->handshake->ecrs_state++; +#endif } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 280fc6348..05e882249 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3441,6 +3441,48 @@ run_test "Large packet TLS 1.2 AEAD shorter tag" \ 0 \ -s "Read from client: 16384 bytes read" +# Tests for restartable ECC + +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, default" \ + "$P_SRV" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + debug_level=1" \ + 0 \ + -C "mbedtls_ecdh_make_public.*4b80" + +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, max_ops=0" \ + "$P_SRV" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + debug_level=1 ec_max_ops=0" \ + 0 \ + -C "mbedtls_ecdh_make_public.*4b80" + +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, max_ops=65535" \ + "$P_SRV" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + debug_level=1 ec_max_ops=65535" \ + 0 \ + -C "mbedtls_ecdh_make_public.*4b80" + +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, max_ops=1000" \ + "$P_SRV" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + debug_level=1 ec_max_ops=1000" \ + 0 \ + -c "mbedtls_ecdh_make_public.*4b80" + +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: DTLS, max_ops=1000" \ + "$P_SRV dtls=1" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + dtls=1 debug_level=1 ec_max_ops=1000" \ + 0 \ + -c "mbedtls_ecdh_make_public.*4b80" + # Tests for DTLS HelloVerifyRequest run_test "DTLS cookie: enabled" \ From 862cde5b8e728c78e52767b642d6783e22ec3dac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 17 May 2017 11:56:15 +0200 Subject: [PATCH 071/368] Add restart support for ECDSA client auth --- include/mbedtls/ssl_internal.h | 6 +++++- library/ssl_cli.c | 34 +++++++++++++++++++++++++++++++--- library/ssl_tls.c | 8 ++++++++ tests/ssl-opt.sh | 30 ++++++++++++++++++++---------- 4 files changed, 64 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 20e443630..af8728d5c 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -88,7 +88,7 @@ #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -/* Shorthand for restartable */ +/* Shorthand for restartable ECC */ #if defined(MBEDTLS_ECP_RESTARTABLE) && \ defined(MBEDTLS_SSL_CLI_C) && \ defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ @@ -227,10 +227,14 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + int ec_restart_enabled; /*!< Handshake supports EC restart? */ + mbedtls_ecdsa_restart_ctx rs_ctx; /*!< ECDSA restart context */ enum { ssl_ecrs_init = 0, /*!< just getting started */ ssl_ecrs_ecdh_public_done, /*!< wrote ECDHE public share */ ssl_ecrs_ecdh_completed, /*!< completed ECDHE key exchange */ + ssl_ecrs_keys_derived, /*!< ssl_derive_keys() done */ + ssl_ecrs_pk_sign_done, /*!< done writing CertificateVerify */ } ecrs_state; /*!< state for restartable ECC */ size_t ecrs_n; /*!< place for seving a length */ #endif diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8d7bc45ce..77d376beb 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1715,6 +1715,14 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } } +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + { + ssl->handshake->ec_restart_enabled = 1; + } +#endif + if( comp != MBEDTLS_SSL_COMPRESS_NULL #if defined(MBEDTLS_ZLIB_SUPPORT) && comp != MBEDTLS_SSL_COMPRESS_DEFLATE @@ -3114,15 +3122,26 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) unsigned char *hash_start = hash; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; unsigned int hashlen; + void *rs_ctx = NULL; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_state == ssl_ecrs_keys_derived ) + goto keys_derived; +#endif + if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); return( ret ); } +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + ssl->handshake->ecrs_state++; + +keys_derived: +#endif if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || @@ -3226,14 +3245,24 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash_start, hashlen, +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ec_restart_enabled ) + rs_ctx = &ssl->handshake->rs_ctx; +#endif + + if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ), + md_alg, hash_start, hashlen, ssl->out_msg + 6 + offset, &n, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); return( ret ); } +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + ssl->handshake->ecrs_state++; +#endif + ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); ssl->out_msg[5 + offset] = (unsigned char)( n ); @@ -3242,7 +3271,6 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY; ssl->state++; - if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065..50222c375 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5472,6 +5472,10 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #endif #endif +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + mbedtls_ecdsa_restart_init( &handshake->rs_ctx ); +#endif + #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET; #endif @@ -7304,6 +7308,10 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + mbedtls_ecdsa_restart_free( &handshake->rs_ctx ); +#endif + #if defined(MBEDTLS_SSL_PROTO_DTLS) mbedtls_free( handshake->verify_cookie ); mbedtls_free( handshake->hs_msg ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 05e882249..b960df099 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3445,43 +3445,53 @@ run_test "Large packet TLS 1.2 AEAD shorter tag" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, default" \ - "$P_SRV" \ + "$P_SRV auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1" \ 0 \ - -C "mbedtls_ecdh_make_public.*4b80" + -C "mbedtls_ecdh_make_public.*4b80" \ + -C "mbedtls_pk_sign.*4b80" requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, max_ops=0" \ - "$P_SRV" \ + "$P_SRV auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=0" \ 0 \ - -C "mbedtls_ecdh_make_public.*4b80" + -C "mbedtls_ecdh_make_public.*4b80" \ + -C "mbedtls_pk_sign.*4b80" requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, max_ops=65535" \ - "$P_SRV" \ + "$P_SRV auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=65535" \ 0 \ - -C "mbedtls_ecdh_make_public.*4b80" + -C "mbedtls_ecdh_make_public.*4b80" \ + -C "mbedtls_pk_sign.*4b80" requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, max_ops=1000" \ - "$P_SRV" \ + "$P_SRV auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ - -c "mbedtls_ecdh_make_public.*4b80" + -c "mbedtls_ecdh_make_public.*4b80" \ + -c "mbedtls_pk_sign.*4b80" requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: DTLS, max_ops=1000" \ - "$P_SRV dtls=1" \ + "$P_SRV auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ dtls=1 debug_level=1 ec_max_ops=1000" \ 0 \ - -c "mbedtls_ecdh_make_public.*4b80" + -c "mbedtls_ecdh_make_public.*4b80" \ + -c "mbedtls_pk_sign.*4b80" # Tests for DTLS HelloVerifyRequest From 1f1f2a1ca67b861c062587e3dbeef0bcfc819d44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 18 May 2017 11:27:06 +0200 Subject: [PATCH 072/368] Adapt ServerKeyEchange processing to restart --- include/mbedtls/ssl_internal.h | 2 ++ library/ssl_cli.c | 40 ++++++++++++++++++++++++++++++---- tests/ssl-opt.sh | 5 +++++ 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index af8728d5c..51dd4e1df 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -231,6 +231,8 @@ struct mbedtls_ssl_handshake_params mbedtls_ecdsa_restart_ctx rs_ctx; /*!< ECDSA restart context */ enum { ssl_ecrs_init = 0, /*!< just getting started */ + ssl_ecrs_ske_read, /*!< ServerKeyExchange was read */ + ssl_ecrs_ske_verified, /*!< ServerKeyExchange was verified */ ssl_ecrs_ecdh_public_done, /*!< wrote ECDHE public share */ ssl_ecrs_ecdh_completed, /*!< completed ECDHE key exchange */ ssl_ecrs_keys_derived, /*!< ssl_derive_keys() done */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 77d376beb..faaedb7f3 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1697,6 +1697,14 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + { + ssl->handshake->ec_restart_enabled = 1; + } +#endif + i = 0; while( 1 ) { @@ -2303,12 +2311,22 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_state == ssl_ecrs_ske_read ) + goto ske_process; +#endif + if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); return( ret ); } +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + ssl->handshake->ecrs_state++; + +ske_process: +#endif if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); @@ -2432,6 +2450,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); size_t params_len = p - params; + void *rs_ctx = NULL; /* * Handle the digitally-signed structure @@ -2598,14 +2617,27 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); } - if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk, - md_alg, hash, hashlen, p, sig_len ) ) != 0 ) +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ec_restart_enabled ) + rs_ctx = &ssl->handshake->rs_ctx; +#endif + + if( ( ret = mbedtls_pk_verify_restartable( + &ssl->session_negotiate->peer_cert->pk, + md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 ) { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) +#endif + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); return( ret ); } + +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + ssl->handshake->ecrs_state++; +#endif } #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b960df099..d1ad9bfc3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3450,6 +3450,7 @@ run_test "EC restart: TLS, default" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1" \ 0 \ + -C "mbedtls_pk_verify.*4b80" \ -C "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" @@ -3460,6 +3461,7 @@ run_test "EC restart: TLS, max_ops=0" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=0" \ 0 \ + -C "mbedtls_pk_verify.*4b80" \ -C "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" @@ -3470,6 +3472,7 @@ run_test "EC restart: TLS, max_ops=65535" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=65535" \ 0 \ + -C "mbedtls_pk_verify.*4b80" \ -C "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" @@ -3480,6 +3483,7 @@ run_test "EC restart: TLS, max_ops=1000" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ + -c "mbedtls_pk_verify.*4b80" \ -c "mbedtls_ecdh_make_public.*4b80" \ -c "mbedtls_pk_sign.*4b80" @@ -3490,6 +3494,7 @@ run_test "EC restart: DTLS, max_ops=1000" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ dtls=1 debug_level=1 ec_max_ops=1000" \ 0 \ + -c "mbedtls_pk_verify.*4b80" \ -c "mbedtls_ecdh_make_public.*4b80" \ -c "mbedtls_pk_sign.*4b80" From 23e416261c5dd1e7cb43db5c8c6766af56509d3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 18 May 2017 12:35:37 +0200 Subject: [PATCH 073/368] ECDH: not restartable unless explicitly enabled This is mainly for the benefit of SSL modules, which only supports restart in a limited number of cases. In the other cases (ECDHE_PSK) it would currently return ERR_ECP_IN_PROGRESS and the user would thus call ssl_handshake() again, but the SSL code wouldn't handle state properly and things would go wrong in possibly unexpected ways. This is undesirable, so it should be possible for the SSL module to choose if ECDHE should behave the old or the new way. Not that it also brings ECDHE more in line with the other modules which already have that choice available (by passing a NULL or valid restart context). --- include/mbedtls/ecdh.h | 17 ++++++++++++++ library/ecdh.c | 19 +++++++++++++--- library/ssl_cli.c | 3 +++ tests/suites/test_suite_ecdh.data | 32 ++++++++++++++++++++------- tests/suites/test_suite_ecdh.function | 9 +++++++- 5 files changed, 68 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 2e344a8c9..6f3fe137c 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -53,6 +53,7 @@ typedef struct mbedtls_ecp_point Vf; /*!< un-blinding value (for later) */ mbedtls_mpi _d; /*!< previous d (for later) */ #if defined(MBEDTLS_ECP_RESTARTABLE) + int restart_enabled; /*!< enable restartalbe EC computations? */ mbedtls_ecp_restart_ctx rs; /*!< restart context for EC computations */ #endif } @@ -220,6 +221,22 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +#if defined(MBEDTLS_ECP_RESTARTABLE) +/** + * \brief Enable restartable EC computations for this context. + * (Default: disabled.) + * + * \sa \c mbedtls_ecp_set_max_ops() + * + * \note It is not possible to safely disable restartable + * computations once enabled, except by free-ing the context, + * which cancels possible in-progress operations. + * + * \param ctx ECDH context + */ +void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + #ifdef __cplusplus } #endif diff --git a/library/ecdh.c b/library/ecdh.c index b2859c4b6..cae3b290f 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -155,6 +155,16 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) #endif } +#if defined(MBEDTLS_ECP_RESTARTABLE) +/* + * Enable restartable operations for context + */ +void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ) +{ + ctx->restart_enabled = 1; +} +#endif + /* * Setup and write the ServerKeyExhange parameters (RFC 4492) * struct { @@ -175,7 +185,8 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECP_RESTARTABLE) - rs_ctx = &ctx->rs; + if( ctx->restart_enabled ) + rs_ctx = &ctx->rs; #endif if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, @@ -260,7 +271,8 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECP_RESTARTABLE) - rs_ctx = &ctx->rs; + if( ctx->restart_enabled ) + rs_ctx = &ctx->rs; #endif if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, @@ -307,7 +319,8 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECP_RESTARTABLE) - rs_ctx = &ctx->rs; + if( ctx->restart_enabled ) + rs_ctx = &ctx->rs; #endif if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, diff --git a/library/ssl_cli.c b/library/ssl_cli.c index faaedb7f3..cbd46475c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2902,6 +2902,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) i = 4; #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ec_restart_enabled) + mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); + if( ssl->handshake->ecrs_state == ssl_ecrs_ecdh_public_done ) goto ecdh_calc_secret; #endif diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data index 991d11388..da30633ac 100644 --- a/tests/suites/test_suite_ecdh.data +++ b/tests/suites/test_suite_ecdh.data @@ -38,18 +38,34 @@ ECDH exchange #2 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecdh_exchange:MBEDTLS_ECP_DP_SECP521R1 -ECDH restartable rfc 5903 p256 restart disabled +ECDH restartable rfc 5903 p256 restart enabled max_ops=0 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:0:0 +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:0:0:0 -ECDH restartable rfc 5903 p256 restart max_ops=1 +ECDH restartable rfc 5903 p256 restart enabled max_ops=1 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:1:10000 +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:1:1:10000 -ECDH restartable rfc 5903 p256 restart max_ops=10000 +ECDH restartable rfc 5903 p256 restart enabled max_ops=10000 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":10000:0:0 +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:10000:0:0 -ECDH restartable rfc 5903 p256 restart max_ops=250 +ECDH restartable rfc 5903 p256 restart enabled max_ops=250 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":250:2:32 +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:250:2:32 + +ECDH restartable rfc 5903 p256 restart disabled max_ops=0 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:0:0:0 + +ECDH restartable rfc 5903 p256 restart disabled max_ops=1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:1:0:0 + +ECDH restartable rfc 5903 p256 restart disabled max_ops=10000 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:10000:0:0 + +ECDH restartable rfc 5903 p256 restart disabled max_ops=250 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:250:0:0 diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 911464ad0..05e61e4eb 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -161,7 +161,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, - int max_ops, int min_restart, int max_restart ) + int enable, int max_ops, int min_restart, int max_restart ) { int ret; mbedtls_ecdh_context srv, cli; @@ -192,8 +192,15 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, * as in ecdh_primitive_test_vec */ TEST_ASSERT( srv.grp.nbits % 8 == 0 ); + /* set up restart parameters */ mbedtls_ecp_set_max_ops( max_ops ); + if( enable) + { + mbedtls_ecdh_enable_restart( &srv ); + mbedtls_ecdh_enable_restart( &cli ); + } + /* server writes its paramaters */ memset( buf, 0x00, sizeof( buf ) ); len = 0; From 32033da127e64d9035eb2b3170604e55098477d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 18 May 2017 12:49:27 +0200 Subject: [PATCH 074/368] Test some more handshake flows --- tests/ssl-opt.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d1ad9bfc3..2e03758e6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3498,6 +3498,26 @@ run_test "EC restart: DTLS, max_ops=1000" \ -c "mbedtls_ecdh_make_public.*4b80" \ -c "mbedtls_pk_sign.*4b80" +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, max_ops=1000 no client auth" \ + "$P_SRV" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + debug_level=1 ec_max_ops=1000" \ + 0 \ + -c "mbedtls_pk_verify.*4b80" \ + -c "mbedtls_ecdh_make_public.*4b80" \ + -C "mbedtls_pk_sign.*4b80" + +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ + "$P_SRV psk=abc123" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ + psk=abc123 debug_level=1 ec_max_ops=1000" \ + 0 \ + -C "mbedtls_pk_verify.*4b80" \ + -C "mbedtls_ecdh_make_public.*4b80" \ + -C "mbedtls_pk_sign.*4b80" + # Tests for DTLS HelloVerifyRequest run_test "DTLS cookie: enabled" \ From 21b7719fb2578dd4edf8d5b57c603e06c12f32c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 18 May 2017 12:54:56 +0200 Subject: [PATCH 075/368] Add ChangeLog entry for current progress --- ChangeLog | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a377bbb7c..b80f53a25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,9 +3,16 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.y.0 released YYYY-MM-DD Features - * Add support for restartable ECC operations, controlled by - MBEDTLS_ECP_RESTARTABLE (disabled by default), using new xxx_restartable - functions in ECP, ECDSA, PK, and using existing functions in ECDH. + * Add support for restartable ECC operations, enabled by + MBEDTLS_ECP_RESTARTABLE (disabled by default) at compile time and + mbedtls_ecp_set_max_ops() at runtime, using new xxx_restartable functions + in ECP, ECDSA, PK, and using existing functions in ECDH and SSL + (currently only implemented client-side, for ECDHE-ECDSA ciphersuites + with TLS 1.2, including client authentication). + TEMPORARY NOTE: server authentication currently not supported (WIP). + For now, MUST be disabled by calling + mbedtls_ssl_conf_authmode( MBEDTLS_SSL_VERIFY_NONE ) + (or blocking ECC operations will happen) = mbed TLS x.x.x branch released xxxx-xx-xx From bc3f44ae9c0f2615cc35e7b92cd6faf871e74a68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Jul 2017 11:02:20 +0200 Subject: [PATCH 076/368] Introduce mbedtls_x509_crt_verify_restartable() --- include/mbedtls/x509_crt.h | 60 ++++++++++++++++++++++++++++++++++++ library/x509_crt.c | 62 +++++++++++++++++++++++++++++++------- 2 files changed, 111 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 2b4d3533f..61a912459 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -142,6 +142,23 @@ typedef struct mbedtls_x509write_cert } mbedtls_x509write_cert; +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + +/** + * \brief Context for resuming X.509 verify operations + */ +typedef struct +{ + mbedtls_ecdsa_restart_ctx ecdsa; /*!< ecdsa restart context */ +} mbedtls_x509_crt_restart_ctx; + +#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ + +/* Now we can declare functions that take a pointer to that */ +typedef void mbedtls_x509_crt_restart_ctx; + +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ + #if defined(MBEDTLS_X509_CRT_PARSE_C) /** * Default security profile. Should provide a good balance between security @@ -352,6 +369,37 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ); +/** + * \brief Restartable version of \c mbedtls_crt_verify_with_profile() + * + * \note Performs the same job as \c mbedtls_crt_verify_with_profile() + * but can return early and restart according to the limit + * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. + * + * \param crt a certificate (chain) to be verified + * \param trust_ca the list of trusted CAs + * \param ca_crl the list of CRLs for trusted CAs + * \param profile security profile for verification + * \param cn expected Common Name (can be set to + * NULL if the CN must not be verified) + * \param flags result of the verification + * \param f_vrfy verification function + * \param p_vrfy verification parameter + * \param rs_ctx resart context + * + * \return See \c mbedtls_crt_verify_with_profile(), or + * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). + */ +int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy, + mbedtls_x509_crt_restart_ctx *rs_ctx ); + #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) /** * \brief Check usage of certificate against keyUsage extension. @@ -422,6 +470,18 @@ void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ); * \param crt Certificate chain to free */ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ); + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +/** + * \brief Initialize a restart context + */ +void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ); + +/** + * \brief Free the components of a restart context + */ +void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ); +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* \} name */ diff --git a/library/x509_crt.c b/library/x509_crt.c index f586fb452..8d5d06058 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2271,7 +2271,7 @@ static int x509_crt_merge_flags_with_cb( } /* - * Verify the certificate validity + * Verify the certificate validity (default profile, not restartable) */ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, @@ -2280,19 +2280,13 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { - return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl, - &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) ); + return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl, + &mbedtls_x509_crt_profile_default, cn, flags, + f_vrfy, p_vrfy, NULL ) ); } /* - * Verify the certificate validity, with profile - * - * This function: - * - checks the requested CN (if any) - * - checks the type and size of the EE cert's key, - * as that isn't done as part of chain building/verification currently - * - builds and verifies the chain - * - then calls the callback and merges the flags + * Verify the certificate validity (user-chosen profile, not restartable) */ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, @@ -2301,6 +2295,29 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, const char *cn, uint32_t *flags, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) +{ + return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl, + profile, cn, flags, f_vrfy, p_vrfy, NULL ) ); +} + +/* + * Verify the certificate validity, with profile, restartable version + * + * This function: + * - checks the requested CN (if any) + * - checks the type and size of the EE cert's key, + * as that isn't done as part of chain building/verification currently + * - builds and verifies the chain + * - then calls the callback and merges the flags + */ +int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy, + mbedtls_x509_crt_restart_ctx *rs_ctx ) { int ret; mbedtls_pk_type_t pk_type; @@ -2308,6 +2325,8 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, size_t chain_len; uint32_t *ee_flags = &ver_chain[0].flags; + (void) rs_ctx; + *flags = 0; memset( ver_chain, 0, sizeof( ver_chain ) ); chain_len = 0; @@ -2450,4 +2469,25 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) while( cert_cur != NULL ); } +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +/* + * Initialize a restart context + */ +void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) +{ + mbedtls_ecdsa_restart_init( &ctx->ecdsa ); +} + +/* + * Free the components of a restart context + */ +void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ) +{ + if( ctx == NULL ) + return; + + mbedtls_ecdsa_restart_free( &ctx->ecdsa ); +} +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ + #endif /* MBEDTLS_X509_CRT_PARSE_C */ From d19a41d9aaaa09fffe2ed7ace061e204a37a97fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 14 Jul 2017 11:05:59 +0200 Subject: [PATCH 077/368] Add tests for verify_restartable() For selection of test cases, see comments added in the commit. It makes the most sense to test with chains using ECC only, so for the chain of length 2 we use server10 -> int-ca3 -> int-ca2 and trust int-ca2 directly. Note: server10.crt was created by copying server10_int3_int-ca2.crt and manually truncating it to remove the intermediates. That base can now be used to create derived certs (without or with a chain) in a programmatic way. --- library/x509_crt.c | 10 +++++ tests/data_files/Makefile | 15 ++++++- tests/data_files/Readme-x509.txt | 1 + tests/data_files/server10-badsign.crt | 10 +++++ tests/data_files/server10-bs_int3.pem | 22 +++++++++++ tests/data_files/server10.crt | 10 +++++ tests/data_files/server10_int3-bs.pem | 22 +++++++++++ tests/data_files/test-int-ca3-badsign.crt | 12 ++++++ tests/suites/test_suite_x509parse.data | 23 +++++++++++ tests/suites/test_suite_x509parse.function | 46 ++++++++++++++++++++++ 10 files changed, 169 insertions(+), 2 deletions(-) create mode 100644 tests/data_files/server10-badsign.crt create mode 100644 tests/data_files/server10-bs_int3.pem create mode 100644 tests/data_files/server10.crt create mode 100644 tests/data_files/server10_int3-bs.pem create mode 100644 tests/data_files/test-int-ca3-badsign.crt diff --git a/library/x509_crt.c b/library/x509_crt.c index 8d5d06058..4e3296466 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2069,6 +2069,16 @@ static int x509_crt_check_ee_locally_trusted( * - EE, Ci1, ..., Ciq cannot be continued with a trusted root * -> return that chain with NOT_TRUSTED set on Ciq * + * Tests for (aspects of) this function should include at least: + * - trusted EE + * - EE -> trusted root + * - EE -> intermedate CA -> trusted root + * - if relevant: EE untrusted + * - if relevant: EE -> intermediate, untrusted + * with the aspect under test checked at each relevant level (EE, int, root). + * For some aspects longer chains are required, but usually length 2 is + * enough (but length 1 is not in general). + * * Arguments: * - [in] crt: the cert list EE, C1, ..., Cn * - [in] trust_ca: the trusted list R1, ..., Rp diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 40cbcbe4d..05d7d23ff 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -104,7 +104,7 @@ server7-future.crt: server7.csr $(test_ca_int_rsa1) $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ all_final += server7-future.crt server7-badsign.crt: server7.crt $(test_ca_int_rsa1) - { head -n-2 server7.crt; tail -n-2 server7.crt | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat test-int-ca.crt; } > server7-badsign.crt + { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ all_final += server7-badsign.crt server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt cat server7.crt test-int-ca-exp.crt > $@ @@ -119,7 +119,18 @@ server5-ss-forgeca.crt: server5.key $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ all_final += server5-ss-forgeca.crt - +server10-badsign.crt: server10.crt + { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ +all_final += server10-badsign.crt +server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt + cat server10-badsign.crt test-int-ca3.crt > $@ +all_final += server10-bs_int3.pem +test-int-ca3-badsign.crt: test-int-ca3.crt + { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ +all_final += test-int-ca3-badsign.crt +server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt + cat server10.crt test-int-ca3-badsign.crt > $@ +all_final += server10-bs_int3-bs.pem ################################################################ diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt index b56346ab3..d1a6c2d27 100644 --- a/tests/data_files/Readme-x509.txt +++ b/tests/data_files/Readme-x509.txt @@ -21,6 +21,7 @@ Two intermediate CAs are signed by them: A third intermediate CA is signed by test-int-ca2.crt: - test-int-ca3.crt "C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3" + uses an EC key with NIST P-256, signed by test-int-ca2 Finally, other CAs for specific purposes: - enco-ca-prstr.pem: has its CN encoded as a printable string, but child cert diff --git a/tests/data_files/server10-badsign.crt b/tests/data_files/server10-badsign.crt new file mode 100644 index 000000000..eca171f35 --- /dev/null +++ b/tests/data_files/server10-badsign.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G +A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp +YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD +VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq +oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY +Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io +rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ +AzO3pJx7WJAApZuBX10= +-----END CERTIFICATE----- diff --git a/tests/data_files/server10-bs_int3.pem b/tests/data_files/server10-bs_int3.pem new file mode 100644 index 000000000..b84cee7c3 --- /dev/null +++ b/tests/data_files/server10-bs_int3.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G +A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp +YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD +VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq +oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY +Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io +rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ +AzO3pJx7WJAApZuBX10= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo +ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt +Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt +pz590JvGWfM= +-----END CERTIFICATE----- diff --git a/tests/data_files/server10.crt b/tests/data_files/server10.crt new file mode 100644 index 000000000..96a4040ce --- /dev/null +++ b/tests/data_files/server10.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G +A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp +YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD +VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq +oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY +Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io +rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ +AzO3pJx7WJAApZuBX1Q= +-----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3-bs.pem b/tests/data_files/server10_int3-bs.pem new file mode 100644 index 000000000..a9e06150b --- /dev/null +++ b/tests/data_files/server10_int3-bs.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G +A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp +YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD +VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq +oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY +Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io +rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ +AzO3pJx7WJAApZuBX1Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo +ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt +Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt +pz590JvGWf0= +-----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca3-badsign.crt b/tests/data_files/test-int-ca3-badsign.crt new file mode 100644 index 000000000..2087056e8 --- /dev/null +++ b/tests/data_files/test-int-ca3-badsign.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo +ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt +Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt +pz590JvGWf0= +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index afa86a1d8..b3e1c1cdf 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1806,3 +1806,26 @@ X509 Get time (UTC invalid character in sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 +X509 cert verify restart: trusted EE, max_ops=0 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:0:0:0 + +X509 cert verify restart: no intermediate, max_ops=0 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:0:0:0 + +X509 cert verify restart: no intermediate, badsign, max_ops=0 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 + +X509 cert verify restart: one intermediate, max_ops=0 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:0:0:0 + +X509 cert verify restart: one intermediate, EE badsign, max_ops=0 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 + +X509 cert verify restart: one intermediate, int badsign, max_ops=0 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index b3b6f4dce..f899eb018 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -261,6 +261,52 @@ void x509_verify_info( int flags, char *prefix, char *result_str ) } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */ +void x509_verify_restart( char *crt_file, char *ca_file, + int result, int flags_result, + int max_ops, int min_restart, int max_restart ) +{ + int ret, cnt_restart; + mbedtls_x509_crt_restart_ctx rs_ctx; + mbedtls_x509_crt crt; + mbedtls_x509_crt ca; + uint32_t flags = 0; + + mbedtls_x509_crt_restart_init( &rs_ctx ); + mbedtls_x509_crt_init( &crt ); + mbedtls_x509_crt_init( &ca ); + + TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); + TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); + + mbedtls_ecp_set_max_ops( max_ops ); + + cnt_restart = 0; + do { + ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL, + &mbedtls_x509_crt_profile_default, NULL, &flags, + NULL, NULL, &rs_ctx ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); + + TEST_ASSERT( ret == result ); + TEST_ASSERT( flags == (uint32_t) flags_result ); + + TEST_ASSERT( cnt_restart >= min_restart ); + TEST_ASSERT( cnt_restart <= max_restart ); + + /* Do we leak memory when aborting? */ + ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL, + &mbedtls_x509_crt_profile_default, NULL, &flags, + NULL, NULL, &rs_ctx ); + TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + +exit: + mbedtls_x509_crt_restart_free( &rs_ctx ); + mbedtls_x509_crt_free( &crt ); + mbedtls_x509_crt_free( &ca ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */ void x509_verify( char *crt_file, char *ca_file, char *crl_file, char *cn_name_str, int result, int flags_result, From be4ff42fe4fafe91df1405831d75515a1b0ea786 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 14 Jul 2017 12:04:14 +0200 Subject: [PATCH 078/368] Call crt_check_signature from one place only --- library/x509_crt.c | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 4e3296466..91c444876 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1932,6 +1932,7 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * 1. subject name matches child's issuer * 2. if necessary, the CA bit is set and key usage allows signing certs * 3. for trusted roots, the signature is correct + * (for intermediates, the signature is checked and the result reported) * 4. pathlen constraints are satisfied * * If there's a suitable candidate which is also time-valid, return the first @@ -1953,11 +1954,15 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, */ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, mbedtls_x509_crt *candidates, + int *signature_is_good, int top, int path_cnt, int self_cnt ) { - mbedtls_x509_crt *parent, *badtime_parent = NULL; + mbedtls_x509_crt *parent, *fallback_parent = NULL; + int fallback_sign_good = 0; + + *signature_is_good = 0; for( parent = candidates; parent != NULL; parent = parent->next ) { @@ -1973,17 +1978,19 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, } /* Signature */ - if( top && x509_crt_check_signature( child, parent ) != 0 ) - { + *signature_is_good = x509_crt_check_signature( child, parent ) == 0; + if( top && ! *signature_is_good ) continue; - } /* optional time check */ if( mbedtls_x509_time_is_past( &parent->valid_to ) || mbedtls_x509_time_is_future( &parent->valid_from ) ) { - if( badtime_parent == NULL ) - badtime_parent = parent; + if( fallback_parent == NULL ) + { + fallback_parent = parent; + fallback_sign_good = *signature_is_good; + } continue; } @@ -1992,7 +1999,10 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, } if( parent == NULL ) - parent = badtime_parent; + { + parent = fallback_parent; + *signature_is_good = fallback_sign_good; + } return parent; } @@ -2006,6 +2016,7 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, int *parent_is_trusted, + int *signature_is_good, int path_cnt, int self_cnt ) { @@ -2013,14 +2024,16 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, /* Look for a parent in trusted CAs */ *parent_is_trusted = 1; - parent = x509_crt_find_parent_in( child, trust_ca, 1, path_cnt, self_cnt ); + parent = x509_crt_find_parent_in( child, trust_ca, signature_is_good, + 1, path_cnt, self_cnt ); if( parent != NULL ) return parent; /* Look for a parent upwards the chain */ *parent_is_trusted = 0; - return( x509_crt_find_parent_in( child, child->next, 0, path_cnt, self_cnt ) ); + return( x509_crt_find_parent_in( child, child->next, signature_is_good, + 0, path_cnt, self_cnt ) ); } /* @@ -2103,6 +2116,7 @@ static int x509_crt_verify_chain( mbedtls_x509_crt *parent; int parent_is_trusted = 0; int child_is_trusted = 0; + int signature_is_good = 0; int self_cnt = 0; child = crt; @@ -2140,7 +2154,8 @@ static int x509_crt_verify_chain( } /* Look for a parent in trusted CAs or up the chain */ - parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted, + parent = x509_crt_find_parent( child, trust_ca, + &parent_is_trusted, &signature_is_good, *chain_len - 1, self_cnt ); /* No parent? We're done here */ @@ -2168,8 +2183,8 @@ static int x509_crt_verify_chain( return( MBEDTLS_ERR_X509_FATAL_ERROR ); } - /* if parent is trusted, the signature was checked by find_parent() */ - if( ! parent_is_trusted && x509_crt_check_signature( child, parent ) != 0 ) + /* signature was check while searching parent */ + if( ! signature_is_good ) *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; /* check size of signing key */ @@ -2187,6 +2202,7 @@ static int x509_crt_verify_chain( child = parent; parent = NULL; child_is_trusted = parent_is_trusted; + signature_is_good = 0; } } From a4a5d1dbe65913fe826ef714066f3853eb14d824 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 Jul 2017 10:26:19 +0200 Subject: [PATCH 079/368] Adapt function signatures to rs_ctx + ret --- library/x509_crt.c | 147 ++++++++++++++++++++++++++++++++------------- 1 file changed, 105 insertions(+), 42 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 91c444876..e8fb627d4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1866,7 +1866,8 @@ static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b * Check the signature of a certificate by its parent */ static int x509_crt_check_signature( const mbedtls_x509_crt *child, - mbedtls_x509_crt *parent ) + mbedtls_x509_crt *parent, + mbedtls_x509_crt_restart_ctx *rs_ctx ) { const mbedtls_md_info_t *md_info; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; @@ -1878,14 +1879,24 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child, return( -1 ); } - if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, - child->sig_md, hash, mbedtls_md_get_size( md_info ), - child->sig.p, child->sig.len ) != 0 ) - { + /* Skip expensive computation on obvious mismatch */ + if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) ) return( -1 ); - } - return( 0 ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA ) + { + return( mbedtls_pk_verify_restartable( &parent->pk, + child->sig_md, hash, mbedtls_md_get_size( md_info ), + child->sig.p, child->sig.len, &rs_ctx->ecdsa ) ); + } +#else + (void) rs_ctx; +#endif + + return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, + child->sig_md, hash, mbedtls_md_get_size( md_info ), + child->sig.p, child->sig.len ) ); } /* @@ -1952,17 +1963,19 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * rely on key identifier extensions). (This is one way users might choose to * handle key rollover, another relies on self-issued certs, see [SIRO].) */ -static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, - mbedtls_x509_crt *candidates, - int *signature_is_good, - int top, - int path_cnt, - int self_cnt ) +static int x509_crt_find_parent_in( + mbedtls_x509_crt *child, + mbedtls_x509_crt *candidates, + mbedtls_x509_crt **r_parent, + int *r_signature_is_good, + int top, + int path_cnt, + int self_cnt, + mbedtls_x509_crt_restart_ctx *rs_ctx ) { + int ret; mbedtls_x509_crt *parent, *fallback_parent = NULL; - int fallback_sign_good = 0; - - *signature_is_good = 0; + int signature_is_good = 0, fallback_sign_good = 0; for( parent = candidates; parent != NULL; parent = parent->next ) { @@ -1978,8 +1991,17 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, } /* Signature */ - *signature_is_good = x509_crt_check_signature( child, parent ) == 0; - if( top && ! *signature_is_good ) + ret = x509_crt_check_signature( child, parent, rs_ctx ); + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { + // TODO: stave state + return( ret ); + } +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ + + signature_is_good = ret == 0; + if( top && ! signature_is_good ) continue; /* optional time check */ @@ -1989,7 +2011,7 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, if( fallback_parent == NULL ) { fallback_parent = parent; - fallback_sign_good = *signature_is_good; + fallback_sign_good = signature_is_good; } continue; @@ -1998,13 +2020,18 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, break; } - if( parent == NULL ) + if( parent != NULL ) { - parent = fallback_parent; - *signature_is_good = fallback_sign_good; + *r_parent = parent; + *r_signature_is_good = signature_is_good; + } + else + { + *r_parent = fallback_parent; + *r_signature_is_good = fallback_sign_good; } - return parent; + return( 0 ); } /* @@ -2013,27 +2040,48 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, * Searches in trusted CAs first, and return the first suitable parent found * (see find_parent_in() for definition of suitable). */ -static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, - mbedtls_x509_crt *trust_ca, - int *parent_is_trusted, - int *signature_is_good, - int path_cnt, - int self_cnt ) +static int x509_crt_find_parent( + mbedtls_x509_crt *child, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crt **parent, + int *parent_is_trusted, + int *signature_is_good, + int path_cnt, + int self_cnt, + mbedtls_x509_crt_restart_ctx *rs_ctx ) { - mbedtls_x509_crt *parent; + int ret; /* Look for a parent in trusted CAs */ *parent_is_trusted = 1; - parent = x509_crt_find_parent_in( child, trust_ca, signature_is_good, - 1, path_cnt, self_cnt ); + ret = x509_crt_find_parent_in( child, trust_ca, + parent, signature_is_good, + 1, path_cnt, self_cnt, rs_ctx ); - if( parent != NULL ) - return parent; +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { + // TODO: stave state + return( ret ); + } +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ + + if( *parent != NULL ) + return( 0 ); /* Look for a parent upwards the chain */ *parent_is_trusted = 0; - return( x509_crt_find_parent_in( child, child->next, signature_is_good, - 0, path_cnt, self_cnt ) ); + ret = x509_crt_find_parent_in( child, child->next, + parent, signature_is_good, + 0, path_cnt, self_cnt, rs_ctx ); + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { + // TODO: stave state + return( ret ); + } +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ + + return( 0 ); } /* @@ -2109,8 +2157,10 @@ static int x509_crt_verify_chain( mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE], - size_t *chain_len ) + size_t *chain_len, + mbedtls_x509_crt_restart_ctx *rs_ctx ) { + int ret; uint32_t *flags; mbedtls_x509_crt *child; mbedtls_x509_crt *parent; @@ -2154,9 +2204,16 @@ static int x509_crt_verify_chain( } /* Look for a parent in trusted CAs or up the chain */ - parent = x509_crt_find_parent( child, trust_ca, + ret = x509_crt_find_parent( child, trust_ca, &parent, &parent_is_trusted, &signature_is_good, - *chain_len - 1, self_cnt ); + *chain_len - 1, self_cnt, rs_ctx ); + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { + // TODO: stave state + return( ret ); +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ + } /* No parent? We're done here */ if( parent == NULL ) @@ -2351,8 +2408,6 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, size_t chain_len; uint32_t *ee_flags = &ver_chain[0].flags; - (void) rs_ctx; - *flags = 0; memset( ver_chain, 0, sizeof( ver_chain ) ); chain_len = 0; @@ -2378,7 +2433,15 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, /* Check the chain */ ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, - ver_chain, &chain_len ); + ver_chain, &chain_len, rs_ctx ); + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { + // TODO: stave state + return( ret ); + } +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ + if( ret != 0 ) goto exit; From 18547b5db62c4fc63513c545f38f10edf9541d85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 14 Aug 2017 16:11:43 +0200 Subject: [PATCH 080/368] Refactor find_parent() to merge two call sites --- library/x509_crt.c | 46 +++++++++++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index e8fb627d4..b6150e806 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2051,35 +2051,39 @@ static int x509_crt_find_parent( mbedtls_x509_crt_restart_ctx *rs_ctx ) { int ret; + mbedtls_x509_crt *search_list; - /* Look for a parent in trusted CAs */ *parent_is_trusted = 1; - ret = x509_crt_find_parent_in( child, trust_ca, - parent, signature_is_good, - 1, path_cnt, self_cnt, rs_ctx ); + + while( 1 ) { + search_list = *parent_is_trusted ? trust_ca : child->next; + + ret = x509_crt_find_parent_in( child, search_list, + parent, signature_is_good, + *parent_is_trusted, + path_cnt, self_cnt, rs_ctx ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - // TODO: stave state - return( ret ); - } + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { + // TODO: stave state + return( ret ); + } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - if( *parent != NULL ) - return( 0 ); + /* stop here if found or already in second iteration */ + if( *parent != NULL || *parent_is_trusted == 0 ) + break; - /* Look for a parent upwards the chain */ - *parent_is_trusted = 0; - ret = x509_crt_find_parent_in( child, child->next, - parent, signature_is_good, - 0, path_cnt, self_cnt, rs_ctx ); - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - // TODO: stave state - return( ret ); + /* prepare second iteration */ + *parent_is_trusted = 0; + } + + /* extra precaution against mistakes in the caller */ + if( parent == NULL ) + { + parent_is_trusted = 0; + signature_is_good = 0; } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ return( 0 ); } From c11e4baa6336073cf9432a7bca8ced78465c4a04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 14 Aug 2017 17:17:14 +0200 Subject: [PATCH 081/368] Rework type for verify chain - create container with length + table - make types public (will be needed in restart context) --- include/mbedtls/x509_crt.h | 22 ++++++++++++++ library/x509_crt.c | 59 ++++++++++++++------------------------ 2 files changed, 44 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 61a912459..eb929d7e5 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -142,6 +142,28 @@ typedef struct mbedtls_x509write_cert } mbedtls_x509write_cert; +/** + * Item in a verification chain: cert and flags for it + */ +typedef struct { + mbedtls_x509_crt *crt; + uint32_t flags; +} mbedtls_x509_crt_verify_chain_item; + +/** + * Max size of verification chain: end-entity + intermediates + trusted root + */ +#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) + +/** + * Verification chain as built by \c mbedtls_crt_verify_chain() + */ +typedef struct +{ + mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; + size_t len; +} mbedtls_x509_crt_verify_chain; + #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** diff --git a/library/x509_crt.c b/library/x509_crt.c index b6150e806..5c2d2c1b9 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -77,19 +77,6 @@ #endif /* !_WIN32 || EFIX64 || EFI32 */ #endif -/* - * Item in a verification chain: cert and flags for it - */ -typedef struct { - mbedtls_x509_crt *crt; - uint32_t flags; -} x509_crt_verify_chain_item; - -/* - * Max size of verification chain: end-entity + intermediates + trusted root - */ -#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -2148,7 +2135,7 @@ static int x509_crt_check_ee_locally_trusted( * - [in] crt: the cert list EE, C1, ..., Cn * - [in] trust_ca: the trusted list R1, ..., Rp * - [in] ca_crl, profile: as in verify_with_profile() - * - [out] ver_chain, chain_len: the built and verified chain + * - [out] ver_chain: the built and verified chain * * Return value: * - non-zero if the chain could not be fully built and examined @@ -2160,12 +2147,12 @@ static int x509_crt_verify_chain( mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, - x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE], - size_t *chain_len, + mbedtls_x509_crt_verify_chain *ver_chain, mbedtls_x509_crt_restart_ctx *rs_ctx ) { int ret; uint32_t *flags; + mbedtls_x509_crt_verify_chain_item *cur; mbedtls_x509_crt *child; mbedtls_x509_crt *parent; int parent_is_trusted = 0; @@ -2174,13 +2161,13 @@ static int x509_crt_verify_chain( int self_cnt = 0; child = crt; - *chain_len = 0; while( 1 ) { /* Add certificate to the verification chain */ - ver_chain[*chain_len].crt = child; - flags = &ver_chain[*chain_len].flags; - ++*chain_len; + cur = &ver_chain->items[ver_chain->len]; + cur->crt = child; + flags = &cur->flags; + ver_chain->len++; /* Check time-validity (all certificates) */ if( mbedtls_x509_time_is_past( &child->valid_to ) ) @@ -2201,7 +2188,7 @@ static int x509_crt_verify_chain( *flags |= MBEDTLS_X509_BADCERT_BAD_PK; /* Special case: EE certs that are locally trusted */ - if( *chain_len == 1 && + if( ver_chain->len == 1 && x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) { return( 0 ); @@ -2210,7 +2197,7 @@ static int x509_crt_verify_chain( /* Look for a parent in trusted CAs or up the chain */ ret = x509_crt_find_parent( child, trust_ca, &parent, &parent_is_trusted, &signature_is_good, - *chain_len - 1, self_cnt, rs_ctx ); + ver_chain->len - 1, self_cnt, rs_ctx ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { @@ -2229,7 +2216,7 @@ static int x509_crt_verify_chain( /* Count intermediate self-issued (not necessarily self-signed) certs. * These can occur with some strategies for key rollover, see [SIRO], * and should be excluded from max_pathlen checks. */ - if( *chain_len != 1 && + if( ver_chain->len != 1 && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) { self_cnt++; @@ -2238,7 +2225,7 @@ static int x509_crt_verify_chain( /* path_cnt is 0 for the first intermediate CA, * and if parent is trusted it's not an intermediate CA */ if( ! parent_is_trusted && - *chain_len > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) + ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) { /* return immediately to avoid overflow the chain array */ return( MBEDTLS_ERR_X509_FATAL_ERROR ); @@ -2334,21 +2321,22 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt, */ static int x509_crt_merge_flags_with_cb( uint32_t *flags, - x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE], - size_t chain_len, + const mbedtls_x509_crt_verify_chain *ver_chain, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { int ret; size_t i; uint32_t cur_flags; + const mbedtls_x509_crt_verify_chain_item *cur; - for( i = chain_len; i != 0; --i ) + for( i = ver_chain->len; i != 0; --i ) { - cur_flags = ver_chain[i-1].flags; + cur = &ver_chain->items[i-1]; + cur_flags = cur->flags; if( NULL != f_vrfy ) - if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, i-1, &cur_flags ) ) != 0 ) + if( ( ret = f_vrfy( p_vrfy, cur->crt, i-1, &cur_flags ) ) != 0 ) return( ret ); *flags |= cur_flags; @@ -2408,13 +2396,11 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, { int ret; mbedtls_pk_type_t pk_type; - x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE]; - size_t chain_len; - uint32_t *ee_flags = &ver_chain[0].flags; + mbedtls_x509_crt_verify_chain ver_chain; + uint32_t *ee_flags = &ver_chain.items[0].flags; *flags = 0; - memset( ver_chain, 0, sizeof( ver_chain ) ); - chain_len = 0; + memset( &ver_chain, 0, sizeof( ver_chain ) ); if( profile == NULL ) { @@ -2437,7 +2423,7 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, /* Check the chain */ ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, - ver_chain, &chain_len, rs_ctx ); + &ver_chain, rs_ctx ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { @@ -2450,8 +2436,7 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, goto exit; /* Build final flags, calling callback on the way if any */ - ret = x509_crt_merge_flags_with_cb( flags, - ver_chain, chain_len, f_vrfy, p_vrfy ); + ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); exit: /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by From 8b59049407f337cf9813f9012a81f6587e6c4d98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 14 Aug 2017 18:04:19 +0200 Subject: [PATCH 082/368] Make verify() actually restartable --- include/mbedtls/x509_crt.h | 17 ++- library/x509_crt.c | 137 +++++++++++++++++---- tests/data_files/Readme-x509.txt | 2 +- tests/suites/test_suite_x509parse.data | 70 ++++++++++- tests/suites/test_suite_x509parse.function | 10 ++ 5 files changed, 208 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index eb929d7e5..7487df619 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -171,7 +171,22 @@ typedef struct */ typedef struct { - mbedtls_ecdsa_restart_ctx ecdsa; /*!< ecdsa restart context */ + /* for check_signature() */ + mbedtls_ecdsa_restart_ctx ecdsa; + + /* for find_parent_in() */ + mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */ + mbedtls_x509_crt *fallback_parent; + int fallback_sign_good; + + /* for find_parent() */ + int parent_is_trusted; /* -1 if find_parent is not in progress */ + + /* for verify_chain() */ + mbedtls_x509_crt *child; /* non-null iff in progress */ + int self_cnt; + mbedtls_x509_crt_verify_chain ver_chain; + } mbedtls_x509_crt_restart_ctx; #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 5c2d2c1b9..a0d1956dc 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1870,7 +1870,7 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child, if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) ) return( -1 ); -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA ) { return( mbedtls_pk_verify_restartable( &parent->pk, @@ -1961,8 +1961,23 @@ static int x509_crt_find_parent_in( mbedtls_x509_crt_restart_ctx *rs_ctx ) { int ret; - mbedtls_x509_crt *parent, *fallback_parent = NULL; - int signature_is_good = 0, fallback_sign_good = 0; + mbedtls_x509_crt *parent, *fallback_parent; + int signature_is_good, fallback_sign_good; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + /* restore state if we have some stored */ + if( rs_ctx != NULL && rs_ctx->parent != NULL ) + { + parent = rs_ctx->parent; + fallback_parent = rs_ctx->fallback_parent; + fallback_sign_good = rs_ctx->fallback_sign_good; + + goto check_signature; + } +#endif + + fallback_parent = NULL; + fallback_sign_good = 0; for( parent = candidates; parent != NULL; parent = parent->next ) { @@ -1978,14 +1993,24 @@ static int x509_crt_find_parent_in( } /* Signature */ +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +check_signature: +#endif ret = x509_crt_check_signature( child, parent, rs_ctx ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - // TODO: stave state + if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + { + /* save state */ + rs_ctx->parent = parent; + rs_ctx->fallback_parent = fallback_parent; + rs_ctx->fallback_sign_good = fallback_sign_good; + return( ret ); } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#else + (void) ret; +#endif signature_is_good = ret == 0; if( top && ! signature_is_good ) @@ -2018,6 +2043,16 @@ static int x509_crt_find_parent_in( *r_signature_is_good = fallback_sign_good; } +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL ) + { + /* reset state */ + rs_ctx->parent = NULL; + rs_ctx->fallback_parent = NULL; + rs_ctx->fallback_sign_good = 0; + } +#endif + return( 0 ); } @@ -2042,6 +2077,12 @@ static int x509_crt_find_parent( *parent_is_trusted = 1; +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + /* restore state if we have some stored */ + if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) + *parent_is_trusted = rs_ctx->parent_is_trusted; +#endif + while( 1 ) { search_list = *parent_is_trusted ? trust_ca : child->next; @@ -2051,11 +2092,15 @@ static int x509_crt_find_parent( path_cnt, self_cnt, rs_ctx ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - // TODO: stave state + if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + { + /* save state */ + rs_ctx->parent_is_trusted = *parent_is_trusted; return( ret ); } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#else + (void) ret; +#endif /* stop here if found or already in second iteration */ if( *parent != NULL || *parent_is_trusted == 0 ) @@ -2072,6 +2117,12 @@ static int x509_crt_find_parent( signature_is_good = 0; } +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + /* reset state */ + if( rs_ctx != NULL ) + rs_ctx->parent_is_trusted = -1; +#endif + return( 0 ); } @@ -2155,12 +2206,31 @@ static int x509_crt_verify_chain( mbedtls_x509_crt_verify_chain_item *cur; mbedtls_x509_crt *child; mbedtls_x509_crt *parent; - int parent_is_trusted = 0; - int child_is_trusted = 0; - int signature_is_good = 0; - int self_cnt = 0; + int parent_is_trusted; + int child_is_trusted; + int signature_is_good; + int self_cnt; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + /* resume if we had an operation in progress */ + if( rs_ctx != NULL && rs_ctx->child != NULL ) + { + /* save state */ + child = rs_ctx->child; + self_cnt = rs_ctx->self_cnt; + *ver_chain = rs_ctx->ver_chain; + + cur = &ver_chain->items[ver_chain->len - 1]; + flags = &cur->flags; + + goto find_parent; + } +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ child = crt; + self_cnt = 0; + parent_is_trusted = 0; + child_is_trusted = 0; while( 1 ) { /* Add certificate to the verification chain */ @@ -2194,17 +2264,27 @@ static int x509_crt_verify_chain( return( 0 ); } +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +find_parent: +#endif /* Look for a parent in trusted CAs or up the chain */ ret = x509_crt_find_parent( child, trust_ca, &parent, &parent_is_trusted, &signature_is_good, ver_chain->len - 1, self_cnt, rs_ctx ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - // TODO: stave state + if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + { + /* save state */ + rs_ctx->child = child; + rs_ctx->self_cnt = self_cnt; + rs_ctx-> ver_chain = *ver_chain; + return( ret ); -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ } +#else + (void) ret; +#endif /* No parent? We're done here */ if( parent == NULL ) @@ -2425,13 +2505,6 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, &ver_chain, rs_ctx ); -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - // TODO: stave state - return( ret ); - } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - if( ret != 0 ) goto exit; @@ -2439,6 +2512,11 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); exit: +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + mbedtls_x509_crt_restart_free( rs_ctx ); +#endif + /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by * the SSL module for authmode optional, but non-zero return from the * callback means a fatal error so it shouldn't be ignored */ @@ -2554,6 +2632,17 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) { mbedtls_ecdsa_restart_init( &ctx->ecdsa ); + + ctx->parent = NULL; + ctx->fallback_parent = NULL; + ctx->fallback_sign_good = 0; + + ctx->parent_is_trusted = -1; + + ctx->child = NULL; + ctx->self_cnt = 0; + memset( ctx->ver_chain.items, 0, sizeof( ctx->ver_chain.items ) ); + ctx->ver_chain.len = 0; } /* @@ -2565,6 +2654,8 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ) return; mbedtls_ecdsa_restart_free( &ctx->ecdsa ); + + mbedtls_x509_crt_restart_init( ctx ); } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt index d1a6c2d27..185fb3412 100644 --- a/tests/data_files/Readme-x509.txt +++ b/tests/data_files/Readme-x509.txt @@ -17,7 +17,7 @@ Two intermediate CAs are signed by them: - test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA" uses RSA-4096, signed by test-ca2 - test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA" - uses an EC key with NIST P-256, signed by test-ca + uses an EC key with NIST P-384, signed by test-ca A third intermediate CA is signed by test-int-ca2.crt: - test-int-ca3.crt "C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3" diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b3e1c1cdf..1c553b456 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1810,22 +1810,86 @@ X509 cert verify restart: trusted EE, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:0:0:0 +X509 cert verify restart: trusted EE, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:1:0:0 + X509 cert verify restart: no intermediate, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:0:0:0 +X509 cert verify restart: no intermediate, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:1:100:10000 + +X509 cert verify restart: no intermediate, max_ops=40000 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:40000:0:0 + +X509 cert verify restart: no intermediate, max_ops=500 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:500:20:80 + X509 cert verify restart: no intermediate, badsign, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 -X509 cert verify restart: one intermediate, max_ops=0 +X509 cert verify restart: no intermediate, badsign, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 + +X509 cert verify restart: no intermediate, badsign, max_ops=40000 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:40000:0:0 + +X509 cert verify restart: no intermediate, badsign, max_ops=500 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:20:80 + +X509 cert verify restart: one int, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:0:0:0 -X509 cert verify restart: one intermediate, EE badsign, max_ops=0 +X509 cert verify restart: one int, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:1:100:10000 + +X509 cert verify restart: one int, max_ops=30000 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:30000:0:0 + +X509 cert verify restart: one int, max_ops=500 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:500:25:100 + +X509 cert verify restart: one int, EE badsign, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 -X509 cert verify restart: one intermediate, int badsign, max_ops=0 +X509 cert verify restart: one int, EE badsign, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 + +X509 cert verify restart: one int, EE badsign, max_ops=30000 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 + +X509 cert verify restart: one int, EE badsign, max_ops=500 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 + +X509 cert verify restart: one int, int badsign, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 + +X509 cert verify restart: one int, int badsign, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 + +X509 cert verify restart: one int, int badsign, max_ops=30000 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 + +X509 cert verify restart: one int, int badsign, max_ops=500 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f899eb018..c12aaef0c 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -272,6 +272,16 @@ void x509_verify_restart( char *crt_file, char *ca_file, mbedtls_x509_crt ca; uint32_t flags = 0; + /* + * See comments on ecp_test_vect_restart() for op count precision. + * + * For reference, with mbed TLS 2.6 and default settings: + * - ecdsa_verify() for P-256: ~ 6700 + * - ecdsa_verify() for P-384: ~ 18800 + * - x509_verify() for server5 -> test-ca2: ~ 18800 + * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500 + */ + mbedtls_x509_crt_restart_init( &rs_ctx ); mbedtls_x509_crt_init( &crt ); mbedtls_x509_crt_init( &ca ); From d27d1a5a82b4b0cf63cef05698bc8918883e7868 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Aug 2017 11:49:08 +0200 Subject: [PATCH 083/368] Clean up existing SSL restartable ECC code - more consistent naming with ecrs prefix for everything - always check it enabled before touching the rest - rm duplicated code in parse_server_hello() --- include/mbedtls/ssl_internal.h | 4 +-- library/ssl_cli.c | 63 +++++++++++++++++++--------------- library/ssl_tls.c | 4 +-- 3 files changed, 40 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 51dd4e1df..bc38b8b03 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -227,8 +227,8 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - int ec_restart_enabled; /*!< Handshake supports EC restart? */ - mbedtls_ecdsa_restart_ctx rs_ctx; /*!< ECDSA restart context */ + int ecrs_enabled; /*!< Handshake supports EC restart? */ + mbedtls_ecdsa_restart_ctx ecrs_ctx; /*!< ECDSA restart context */ enum { ssl_ecrs_init = 0, /*!< just getting started */ ssl_ecrs_ske_read, /*!< ServerKeyExchange was read */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index cbd46475c..db57713a6 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1701,7 +1701,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { - ssl->handshake->ec_restart_enabled = 1; + ssl->handshake->ecrs_enabled = 1; } #endif @@ -1723,14 +1723,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } } -#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - ssl->handshake->ec_restart_enabled = 1; - } -#endif - if( comp != MBEDTLS_SSL_COMPRESS_NULL #if defined(MBEDTLS_ZLIB_SUPPORT) && comp != MBEDTLS_SSL_COMPRESS_DEFLATE @@ -2312,8 +2304,11 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ssl->handshake->ecrs_state == ssl_ecrs_ske_read ) - goto ske_process; + if( ssl->handshake->ecrs_enabled && + ssl->handshake->ecrs_state == ssl_ecrs_ske_read ) + { + goto ske_process; + } #endif if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) @@ -2323,6 +2318,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_enabled ) ssl->handshake->ecrs_state++; ske_process: @@ -2618,8 +2614,8 @@ ske_process: } #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ssl->handshake->ec_restart_enabled ) - rs_ctx = &ssl->handshake->rs_ctx; + if( ssl->handshake->ecrs_enabled ) + rs_ctx = &ssl->handshake->ecrs_ctx; #endif if( ( ret = mbedtls_pk_verify_restartable( @@ -2636,7 +2632,8 @@ ske_process: } #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - ssl->handshake->ecrs_state++; + if( ssl->handshake->ecrs_enabled ) + ssl->handshake->ecrs_state++; #endif } #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */ @@ -2902,11 +2899,13 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) i = 4; #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ssl->handshake->ec_restart_enabled) - mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); + if( ssl->handshake->ecrs_enabled ) + { + if( ssl->handshake->ecrs_state == ssl_ecrs_ecdh_public_done ) + goto ecdh_calc_secret; - if( ssl->handshake->ecrs_state == ssl_ecrs_ecdh_public_done ) - goto ecdh_calc_secret; + mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); + } #endif ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, @@ -2922,11 +2921,15 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q ); #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - ssl->handshake->ecrs_n = n; - ssl->handshake->ecrs_state++; + if( ssl->handshake->ecrs_enabled ) + { + ssl->handshake->ecrs_n = n; + ssl->handshake->ecrs_state++; + } ecdh_calc_secret: - n = ssl->handshake->ecrs_n; + if( ssl->handshake->ecrs_enabled ) + n = ssl->handshake->ecrs_n; #endif if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &ssl->handshake->pmslen, @@ -2941,7 +2944,8 @@ ecdh_calc_secret: MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - ssl->handshake->ecrs_state++; + if( ssl->handshake->ecrs_enabled ) + ssl->handshake->ecrs_state++; #endif } else @@ -3162,8 +3166,11 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ssl->handshake->ecrs_state == ssl_ecrs_keys_derived ) + if( ssl->handshake->ecrs_enabled && + ssl->handshake->ecrs_state == ssl_ecrs_keys_derived ) + { goto keys_derived; + } #endif if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) @@ -3173,7 +3180,8 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - ssl->handshake->ecrs_state++; + if( ssl->handshake->ecrs_enabled ) + ssl->handshake->ecrs_state++; keys_derived: #endif @@ -3281,8 +3289,8 @@ keys_derived: } #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ssl->handshake->ec_restart_enabled ) - rs_ctx = &ssl->handshake->rs_ctx; + if( ssl->handshake->ecrs_enabled ) + rs_ctx = &ssl->handshake->ecrs_ctx; #endif if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ), @@ -3295,7 +3303,8 @@ keys_derived: } #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - ssl->handshake->ecrs_state++; + if( ssl->handshake->ecrs_enabled ) + ssl->handshake->ecrs_state++; #endif ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 50222c375..90331efa1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5473,7 +5473,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #endif #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - mbedtls_ecdsa_restart_init( &handshake->rs_ctx ); + mbedtls_ecdsa_restart_init( &handshake->ecrs_ctx ); #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -7309,7 +7309,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - mbedtls_ecdsa_restart_free( &handshake->rs_ctx ); + mbedtls_ecdsa_restart_free( &handshake->ecrs_ctx ); #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) From 6b7301c8722e9fce24f1e17e3b716d15cca618d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Aug 2017 12:08:45 +0200 Subject: [PATCH 084/368] Change restart context type. No need to have both x509 and ecdsa, as the former contains the later. --- include/mbedtls/ssl_internal.h | 2 +- library/ssl_cli.c | 4 ++-- library/ssl_tls.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index bc38b8b03..00a8db44e 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -228,7 +228,7 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) int ecrs_enabled; /*!< Handshake supports EC restart? */ - mbedtls_ecdsa_restart_ctx ecrs_ctx; /*!< ECDSA restart context */ + mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */ enum { ssl_ecrs_init = 0, /*!< just getting started */ ssl_ecrs_ske_read, /*!< ServerKeyExchange was read */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index db57713a6..7ffeb5bb4 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2615,7 +2615,7 @@ ske_process: #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled ) - rs_ctx = &ssl->handshake->ecrs_ctx; + rs_ctx = &ssl->handshake->ecrs_ctx.ecdsa; #endif if( ( ret = mbedtls_pk_verify_restartable( @@ -3290,7 +3290,7 @@ keys_derived: #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled ) - rs_ctx = &ssl->handshake->ecrs_ctx; + rs_ctx = &ssl->handshake->ecrs_ctx.ecdsa; #endif if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ), diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 90331efa1..221071b5e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5473,7 +5473,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #endif #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - mbedtls_ecdsa_restart_init( &handshake->ecrs_ctx ); + mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx ); #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -7309,7 +7309,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - mbedtls_ecdsa_restart_free( &handshake->ecrs_ctx ); + mbedtls_x509_crt_restart_free( &handshake->ecrs_ctx ); #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) From 39eda87382100565a890182ff9dffedd640cfa18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Aug 2017 13:00:33 +0200 Subject: [PATCH 085/368] Make more auto variables const That way we know we don't have to worry about saving and restoring their value. --- library/ssl_tls.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 221071b5e..48bb33683 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4313,8 +4313,15 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; size_t i, n; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; - int authmode = ssl->conf->authmode; + const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = + ssl->transform_negotiate->ciphersuite_info; +#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET + ? ssl->handshake->sni_authmode + : ssl->conf->authmode; +#else + const int authmode = ssl->conf->authmode; +#endif uint8_t alert; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); @@ -4338,11 +4345,6 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) return( 0 ); } -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) - authmode = ssl->handshake->sni_authmode; -#endif - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && authmode == MBEDTLS_SSL_VERIFY_NONE ) { From fed37ed0391f5b25393d5802c5ef434314a53894 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Aug 2017 13:27:41 +0200 Subject: [PATCH 086/368] Extract some code to separate function Goals include: - reducing the number of local variables in the main function (so that we don't have to worry about saving/restoring them) - reducing the number exit points in the main function, making it easier to update ssl->state only right before we return --- library/ssl_tls.c | 141 ++++++++++++++++++++++++++-------------------- 1 file changed, 81 insertions(+), 60 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 48bb33683..f91e2a885 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4309,62 +4309,16 @@ write_msg: return( ret ); } -int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) +/* + * Once the certificate message is read, parse it into a cert chain and + * perform basic checks, but leave actual verification to the caller + */ +static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + int ret; size_t i, n; - const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET - ? ssl->handshake->sni_authmode - : ssl->conf->authmode; -#else - const int authmode = ssl->conf->authmode; -#endif uint8_t alert; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); - - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); - ssl->state++; - return( 0 ); - } - -#if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); - ssl->state++; - return( 0 ); - } - - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - authmode == MBEDTLS_SSL_VERIFY_NONE ) - { - ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); - ssl->state++; - return( 0 ); - } -#endif - - if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) - { - /* mbedtls_ssl_read_record may have sent an alert already. We - let it decide whether to alert. */ - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); - } - - ssl->state++; - #if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_PROTO_SSL3) /* @@ -4384,10 +4338,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) one. The client should know what's going on, so we don't send an alert. */ ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; - if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) - return( 0 ); - else - return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); + return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); } } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ @@ -4408,10 +4359,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) one. The client should know what's going on, so we don't send an alert. */ ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; - if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) - return( 0 ); - else - return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); + return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); } } #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ @@ -4555,6 +4503,75 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ + return( 0 ); +} + +int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) +{ + int ret; + const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = + ssl->transform_negotiate->ciphersuite_info; +#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET + ? ssl->handshake->sni_authmode + : ssl->conf->authmode; +#else + const int authmode = ssl->conf->authmode; +#endif + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); + + if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + ssl->state++; + return( 0 ); + } + +#if defined(MBEDTLS_SSL_SRV_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + ssl->state++; + return( 0 ); + } + + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + authmode == MBEDTLS_SSL_VERIFY_NONE ) + { + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + ssl->state++; + return( 0 ); + } +#endif + + if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) + { + /* mbedtls_ssl_read_record may have sent an alert already. We + let it decide whether to alert. */ + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); + return( ret ); + } + + if( ( ret = ssl_parse_certificate_chain( ssl ) ) != 0 ) + { +#if defined(MBEDTLS_SSL_SRV_C) + if( ret == MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE && + authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) + { + ret = 0; + } +#endif + + ssl->state++; + return( ret ); + } + if( authmode != MBEDTLS_SSL_VERIFY_NONE ) { mbedtls_x509_crt *ca_chain; @@ -4641,6 +4658,8 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) if( ret != 0 ) { + uint8_t alert; + /* The certificate may have been rejected for several reasons. Pick one and send the corresponding alert. Which alert to send may be a subject of debate in some cases. */ @@ -4683,6 +4702,8 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_DEBUG_C */ } + ssl->state++; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); return( ret ); From 3bf49c45522ea5a3fed29966d32fece46c12afda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Aug 2017 13:47:06 +0200 Subject: [PATCH 087/368] Enable restart for certificate verify --- include/mbedtls/ssl_internal.h | 2 ++ library/ssl_tls.c | 33 +++++++++++++++++-- tests/ssl-opt.sh | 58 ++++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 00a8db44e..4cfe1540c 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -231,6 +231,8 @@ struct mbedtls_ssl_handshake_params mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */ enum { ssl_ecrs_init = 0, /*!< just getting started */ + ssl_ecrs_crt_parsed, /*!< server certificate was parsed */ + ssl_ecrs_crt_verified, /*!< server certificate was verified*/ ssl_ecrs_ske_read, /*!< ServerKeyExchange was read */ ssl_ecrs_ske_verified, /*!< ServerKeyExchange was verified */ ssl_ecrs_ecdh_public_done, /*!< wrote ECDHE public share */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f91e2a885..f3cde7f0a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4518,6 +4518,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) #else const int authmode = ssl->conf->authmode; #endif + void *rs_ctx = NULL; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); @@ -4545,11 +4546,20 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) { ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + ssl->state++; return( 0 ); } #endif +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_enabled && + ssl->handshake->ecrs_state == ssl_ecrs_crt_parsed ) + { + goto crt_verify; + } +#endif + if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) { /* mbedtls_ssl_read_record may have sent an alert already. We @@ -4572,6 +4582,15 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) return( ret ); } +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_enabled) + ssl->handshake->ecrs_state++; + +crt_verify: + if( ssl->handshake->ecrs_enabled) + rs_ctx = &ssl->handshake->ecrs_ctx; +#endif + if( authmode != MBEDTLS_SSL_VERIFY_NONE ) { mbedtls_x509_crt *ca_chain; @@ -4593,19 +4612,24 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) /* * Main check: verify certificate */ - ret = mbedtls_x509_crt_verify_with_profile( + ret = mbedtls_x509_crt_verify_restartable( ssl->session_negotiate->peer_cert, ca_chain, ca_crl, ssl->conf->cert_profile, ssl->hostname, &ssl->session_negotiate->verify_result, - ssl->conf->f_vrfy, ssl->conf->p_vrfy ); + ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); } +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + return( ret ); +#endif + /* * Secondary checks: always done, but change 'ret' only if it was 0 */ @@ -4702,6 +4726,11 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_DEBUG_C */ } +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_enabled) + ssl->handshake->ecrs_state++; +#endif + ssl->state++; MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2e03758e6..1dea049da 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3450,6 +3450,7 @@ run_test "EC restart: TLS, default" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1" \ 0 \ + -C "x509_verify_cert.*4b80" \ -C "mbedtls_pk_verify.*4b80" \ -C "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" @@ -3461,6 +3462,7 @@ run_test "EC restart: TLS, max_ops=0" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=0" \ 0 \ + -C "x509_verify_cert.*4b80" \ -C "mbedtls_pk_verify.*4b80" \ -C "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" @@ -3472,6 +3474,7 @@ run_test "EC restart: TLS, max_ops=65535" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=65535" \ 0 \ + -C "x509_verify_cert.*4b80" \ -C "mbedtls_pk_verify.*4b80" \ -C "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" @@ -3483,10 +3486,62 @@ run_test "EC restart: TLS, max_ops=1000" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ + -c "x509_verify_cert.*4b80" \ -c "mbedtls_pk_verify.*4b80" \ -c "mbedtls_ecdh_make_public.*4b80" \ -c "mbedtls_pk_sign.*4b80" +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, max_ops=1000, badsign" \ + "$P_SRV auth_mode=required \ + crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ + debug_level=1 ec_max_ops=1000" \ + 1 \ + -c "x509_verify_cert.*4b80" \ + -C "mbedtls_pk_verify.*4b80" \ + -C "mbedtls_ecdh_make_public.*4b80" \ + -C "mbedtls_pk_sign.*4b80" \ + -c "! The certificate is not correctly signed by the trusted CA" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ + "$P_SRV auth_mode=required \ + crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ + debug_level=1 ec_max_ops=1000 auth_mode=optional" \ + 0 \ + -c "x509_verify_cert.*4b80" \ + -c "mbedtls_pk_verify.*4b80" \ + -c "mbedtls_ecdh_make_public.*4b80" \ + -c "mbedtls_pk_sign.*4b80" \ + -c "! The certificate is not correctly signed by the trusted CA" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ + "$P_SRV auth_mode=required \ + crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ + debug_level=1 ec_max_ops=1000 auth_mode=none" \ + 0 \ + -C "x509_verify_cert.*4b80" \ + -c "mbedtls_pk_verify.*4b80" \ + -c "mbedtls_ecdh_make_public.*4b80" \ + -c "mbedtls_pk_sign.*4b80" \ + -C "! The certificate is not correctly signed by the trusted CA" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: DTLS, max_ops=1000" \ "$P_SRV auth_mode=required dtls=1" \ @@ -3494,6 +3549,7 @@ run_test "EC restart: DTLS, max_ops=1000" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ dtls=1 debug_level=1 ec_max_ops=1000" \ 0 \ + -c "x509_verify_cert.*4b80" \ -c "mbedtls_pk_verify.*4b80" \ -c "mbedtls_ecdh_make_public.*4b80" \ -c "mbedtls_pk_sign.*4b80" @@ -3504,6 +3560,7 @@ run_test "EC restart: TLS, max_ops=1000 no client auth" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ 0 \ + -c "x509_verify_cert.*4b80" \ -c "mbedtls_pk_verify.*4b80" \ -c "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" @@ -3514,6 +3571,7 @@ run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ psk=abc123 debug_level=1 ec_max_ops=1000" \ 0 \ + -C "x509_verify_cert.*4b80" \ -C "mbedtls_pk_verify.*4b80" \ -C "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" From 9897cc933db6d14860bd0ae31a6eb015b18450ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Aug 2017 14:30:43 +0200 Subject: [PATCH 088/368] Update ChangeLog --- ChangeLog | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index b80f53a25..3acb972f7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,13 +6,9 @@ Features * Add support for restartable ECC operations, enabled by MBEDTLS_ECP_RESTARTABLE (disabled by default) at compile time and mbedtls_ecp_set_max_ops() at runtime, using new xxx_restartable functions - in ECP, ECDSA, PK, and using existing functions in ECDH and SSL - (currently only implemented client-side, for ECDHE-ECDSA ciphersuites - with TLS 1.2, including client authentication). - TEMPORARY NOTE: server authentication currently not supported (WIP). - For now, MUST be disabled by calling - mbedtls_ssl_conf_authmode( MBEDTLS_SSL_VERIFY_NONE ) - (or blocking ECC operations will happen) + in ECP, ECDSA, PK and X509 (CRL not supported yet), and using existing + functions in ECDH and SSL (currently only implemented client-side, for + ECDHE-ECDSA ciphersuites with TLS 1.2, including client authentication). = mbed TLS x.x.x branch released xxxx-xx-xx From c9e16a97da197abf687ff1a8a107c3d3d4497e3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Aug 2017 14:30:59 +0200 Subject: [PATCH 089/368] Disable restartable ECC by default --- include/mbedtls/config.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f4c565ebb..fbfab63b0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -566,15 +566,17 @@ * * Enable "non-blocking" ECC operations that can return early and be resumed. * - * This enables \c mbedtls_ecp_set_max_ops() and allows various ECC functions - * to return \c MBEDTLS_ERR_ECP_IN_PROGRESS when needed. + * This enables \c mbedtls_ecp_set_max_ops() and allows various functions + * to return \c MBEDTLS_ERR_ECP_IN_PROGRESS when needed, and then be called + * again later with the same arguments in order to further progress and + * eventually complete the operation, see \c mbedtls_ecp_set_max_ops(). * - * TODO: depending on other choices, this might need to be disabled by default - * in order to avoid changing the ABI. Revisit that later. + * This is usefull in non-threaded environments if you want to avoid blocking + * for too long on ECC (hence, X509 or SSL/TLS) operations. * - * Comment this macro to disable non-blocking ECC computations. + * Uncomment this macro to enable restartable ECC computations. */ -#define MBEDTLS_ECP_RESTARTABLE +//#define MBEDTLS_ECP_RESTARTABLE /** * \def MBEDTLS_ECDSA_DETERMINISTIC From 5faafa76cf925954f275a878302b660f0889912a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 17 Aug 2017 10:13:00 +0200 Subject: [PATCH 090/368] Update X.509 test certs' Readme --- tests/data_files/Readme-x509.txt | 39 ++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt index 185fb3412..6f54ed0c1 100644 --- a/tests/data_files/Readme-x509.txt +++ b/tests/data_files/Readme-x509.txt @@ -16,6 +16,7 @@ The files test-ca_cat12 and test-ca_cat21 contain them concatenated both ways. Two intermediate CAs are signed by them: - test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA" uses RSA-4096, signed by test-ca2 + - test-int-ca-exp.crt is a copy that is expired - test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA" uses an EC key with NIST P-384, signed by test-ca @@ -66,21 +67,41 @@ List of certificates: - server2*.crt: 1 R L: misc - server3.crt: 1 E L: EC cert signed by RSA CA - server4.crt: 2 R L: RSA cert signed by EC CA -- server5*.crt: 2* E L: misc *(except server5-selfsigned) +- server5*.crt: 2* E L: misc *(except -selfsigned and -ss-*) -sha*: hashes - -eku*: extendeKeyUsage (cli/srv = www client/server, cs = codesign, etc) - -ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement) + .eku*: extendeKeyUsage (cli/srv = www client/server, cs = codesign, etc) + .ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement) + .req*: CSR, not certificate + -der*: trailing bytes in der (?) + -badsign.crt: S5 with corrupted signature + -expired.crt: S5 with "not after" date in the past + -future.crt: S5 with "not before" date in the future + -selfsigned.crt: Self-signed cert with S5 key + -ss-expired.crt: Self-signed cert with S5 key, expired + -ss-forgeca.crt: Copy of test-int-ca3 self-signed with S5 key - server6-ss-child.crt: O E: "child" of non-CA server5-selfsigned - server6.crt, server6.pem: 2 E L C: revoked -- server7*.crt: I1 E L P1*: EC signed by RSA signed by EC - *P1 except 7.crt, P2 _int-ca_ca2.crt - *_space: with PEM error(s) - _spurious: has spurious cert in its chain (S7 + I2 + I1) +- server7.crt: I1 E L P1(usually): EC signed by RSA signed by EC + -badsign.crt: S7 with corrupted signature + I1 + -expired.crt: S7 with "not after" date in the past + I1 + -future.crt: S7 with "not before" date in the future + I1 + _int-ca-exp.crt: S7 + expired I1 + _int-ca.crt: S7 + I1 + _int-ca_ca2.crt: S7 + I1 + 2 + _all_space.crt: S7 + I1 both with misplaced spaces (invalid PEM) + _pem_space.crt: S7 with misplace space (invalid PEM) + I1 + _trailing_space.crt: S7 + I1 both with trainling space (valid PEM) + _spurious_int-ca.crt: S7 + I2(spurious) + I1 - server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2) - server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS *CRL for: 9.crt, -badsign, -with-ca (P1) -- server10*.crt: I3 E L P2/P3 - _spurious: S10 + I3 + I1(spurious) + I2 +- server10.crt: I3 E L + -badsign.crt: S10 with corrupted signature + -bs_int3.pem: S10-badsign + I3 + _int3-bs.pem: S10 + I3-badsign + _int3_int-ca2.crt: S10 + I3 + I2 + _int3_int-ca2_ca.crt: S10 + I3 + I2 + 1 + _int3_spurious_int-ca2.crt: S10 + I3 + I1(spurious) + I2 Certificate revocation lists ---------------------------- From b889d3e5fbbb3ae16a2c23b77c6cd243486967dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 17 Aug 2017 10:25:18 +0200 Subject: [PATCH 091/368] Clarify & uniformise test comments --- tests/suites/test_suite_ecdh.data | 4 ++-- tests/suites/test_suite_ecdsa.data | 4 ++-- tests/suites/test_suite_ecp.data | 4 ++-- tests/suites/test_suite_pk.data | 6 +++--- tests/suites/test_suite_x509parse.data | 12 ++++++------ 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data index da30633ac..0165a7e0a 100644 --- a/tests/suites/test_suite_ecdh.data +++ b/tests/suites/test_suite_ecdh.data @@ -38,7 +38,7 @@ ECDH exchange #2 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecdh_exchange:MBEDTLS_ECP_DP_SECP521R1 -ECDH restartable rfc 5903 p256 restart enabled max_ops=0 +ECDH restartable rfc 5903 p256 restart enabled max_ops=0 (disabled) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:0:0:0 @@ -54,7 +54,7 @@ ECDH restartable rfc 5903 p256 restart enabled max_ops=250 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:250:2:32 -ECDH restartable rfc 5903 p256 restart disabled max_ops=0 +ECDH restartable rfc 5903 p256 restart disabled max_ops=0 (disabled) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:0:0:0 diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index f9c8f6068..e07c4cd57 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -250,7 +250,7 @@ ECDSA deterministic test vector rfc 6979 p521 sha512 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3" -ECDSA restartable read-verify: restart disabled +ECDSA restartable read-verify: max_ops=0 (disabled) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":0:0:0 @@ -266,7 +266,7 @@ ECDSA restartable read-verify: max_ops=250 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":250:4:64 -ECDSA restartable sign-write: secp256r1 restart disabled +ECDSA restartable sign-write: secp256r1 max_ops=0 (disabled) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C ecdsa_write_restart:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0 diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 5bb8d024d..8c3e8f748 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -345,7 +345,7 @@ ecp_test_vect:MBEDTLS_ECP_DP_SECP256K1:"923C6D4756CD940CD1E13A359F6E0F0698791938 ECP selftest ecp_selftest: -ECP restartable mul secp256r1 restart disabled +ECP restartable mul secp256r1 max_ops=0 (disabled) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":0:0:0 @@ -361,7 +361,7 @@ ECP restartable mul secp256r1 max_ops=250 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":250:2:32 -ECP restartable muladd secp256r1 restart disabled +ECP restartable muladd secp256r1 max_ops=0 (disabled) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":0:0:0 diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index bd3db182b..574011c90 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -154,11 +154,11 @@ RSA hash_len overflow (size_t vs unsigned int) depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64 pk_rsa_overflow: -ECDSA restartable sign/verify: ECDSA, restart disabled +ECDSA restartable sign/verify: ECDSA, max_ops=0 (disabled) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0 -ECDSA restartable sign/verify: ECKEY, restart disabled +ECDSA restartable sign/verify: ECKEY, max_ops=0 (disabled) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0 @@ -182,6 +182,6 @@ ECDSA restartable sign/verify: ECDSA, max_ops=250 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64 -ECDSA restartable sign/verify: ECKEY, max_ops=1 +ECDSA restartable sign/verify: ECKEY, max_ops=250 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 1c553b456..30274b58d 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1806,7 +1806,7 @@ X509 Get time (UTC invalid character in sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 -X509 cert verify restart: trusted EE, max_ops=0 +X509 cert verify restart: trusted EE, max_ops=0 (disabled) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:0:0:0 @@ -1814,7 +1814,7 @@ X509 cert verify restart: trusted EE, max_ops=1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:1:0:0 -X509 cert verify restart: no intermediate, max_ops=0 +X509 cert verify restart: no intermediate, max_ops=0 (disabled) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:0:0:0 @@ -1830,7 +1830,7 @@ X509 cert verify restart: no intermediate, max_ops=500 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:500:20:80 -X509 cert verify restart: no intermediate, badsign, max_ops=0 +X509 cert verify restart: no intermediate, badsign, max_ops=0 (disabled) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 @@ -1846,7 +1846,7 @@ X509 cert verify restart: no intermediate, badsign, max_ops=500 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:20:80 -X509 cert verify restart: one int, max_ops=0 +X509 cert verify restart: one int, max_ops=0 (disabled) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:0:0:0 @@ -1862,7 +1862,7 @@ X509 cert verify restart: one int, max_ops=500 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:500:25:100 -X509 cert verify restart: one int, EE badsign, max_ops=0 +X509 cert verify restart: one int, EE badsign, max_ops=0 (disabled) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 @@ -1878,7 +1878,7 @@ X509 cert verify restart: one int, EE badsign, max_ops=500 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 -X509 cert verify restart: one int, int badsign, max_ops=0 +X509 cert verify restart: one int, int badsign, max_ops=0 (disabled) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 From 98a6778d478b62423bbb6ba85ec638e9f10b2374 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 17 Aug 2017 10:52:20 +0200 Subject: [PATCH 092/368] Better document some function arguments --- library/x509_crt.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index a0d1956dc..9ab376db2 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1949,6 +1949,16 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * way we select the correct one is by checking the signature (as we don't * rely on key identifier extensions). (This is one way users might choose to * handle key rollover, another relies on self-issued certs, see [SIRO].) + * + * Arguments: + * [in] child: certificate for which we want a parent + * [in] candidates: list of possible parents + * [out] r_parent: parent found (or NULL) + * [out] r_signature_is_good: 1 if child signature by parent is valid, or 0 + * [in] top: 1 if candidates are locally trusted, or 0 + * [in] path_cnt: number of links in the chain so far (EE -> ... -> child) + * [in] self_cnt: number of self-signed certs in the chain so far + * [in-out] rs_ctx: context for restarting operations */ static int x509_crt_find_parent_in( mbedtls_x509_crt *child, @@ -2061,6 +2071,17 @@ check_signature: * * Searches in trusted CAs first, and return the first suitable parent found * (see find_parent_in() for definition of suitable). + * + * Arguments: + * [in] child: certificate for which we want a parent, + * possibly followed by a list of ancestors + * [in] trust_ca: list of locally trusted certificates + * [out] parent: parent found (or NULL) + * [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0 + * [out] signature_is_good: 1 if child signature by parent is valid, or 0 + * [in] path_cnt: number of links in the chain so far (EE -> ... -> child) + * [in] self_cnt: number of self-signed certs in the chain so far + * [in-out] rs_ctx: context for restarting operations */ static int x509_crt_find_parent( mbedtls_x509_crt *child, @@ -2187,6 +2208,7 @@ static int x509_crt_check_ee_locally_trusted( * - [in] trust_ca: the trusted list R1, ..., Rp * - [in] ca_crl, profile: as in verify_with_profile() * - [out] ver_chain: the built and verified chain + * - [in-out] rs_ctx: context for restarting operations * * Return value: * - non-zero if the chain could not be fully built and examined @@ -2311,7 +2333,7 @@ find_parent: return( MBEDTLS_ERR_X509_FATAL_ERROR ); } - /* signature was check while searching parent */ + /* signature was checked while searching parent */ if( ! signature_is_good ) *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; From 15d7df2ba8ca706b944b771958cd23b6c2163f81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 17 Aug 2017 14:33:31 +0200 Subject: [PATCH 093/368] Introduce mbedtls_pk_restart_ctx and use it The fact that you needed to pass a pointer to mbedtls_ecdsa_restart_ctx (or that you needed to know the key type of the PK context) was a breach of abstraction. Change the API (and callers) now, and the implementation will be changed in the next commit. --- include/mbedtls/pk.h | 35 ++++++++++++++++++++++++----- include/mbedtls/x509_crt.h | 2 +- library/pk.c | 25 +++++++++++++++++++-- library/ssl_cli.c | 4 ++-- library/x509_crt.c | 6 ++--- tests/suites/test_suite_pk.function | 22 +++++++++--------- 6 files changed, 69 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 05c51d38d..55b0668c2 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -129,6 +129,19 @@ typedef struct void * pk_ctx; /**< Underlying public key context */ } mbedtls_pk_context; +#if defined(MBEDTLS_ECP_RESTARTABLE) +/** + * \brief Context for resuming operations + */ +typedef struct +{ + mbedtls_ecdsa_restart_ctx ecdsa; /* temporary */ +} mbedtls_pk_restart_ctx; +#else +/* Now we can declare functions that take a pointer to that */ +typedef void mbedtls_pk_restart_ctx; +#endif + #if defined(MBEDTLS_RSA_C) /** * Quick access to an RSA context inside a PK context. @@ -188,6 +201,18 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx ); */ void mbedtls_pk_free( mbedtls_pk_context *ctx ); +#if defined(MBEDTLS_ECP_RESTARTABLE) +/** + * \brief Initialize a restart context + */ +void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ); + +/** + * \brief Free the components of a restart context + */ +void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + /** * \brief Initialize a PK context with the information given * and allocates the type-specific PK subcontext. @@ -298,8 +323,7 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \param hash_len Hash length or 0 (see notes) * \param sig Signature to verify * \param sig_len Signature length - * \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a - * pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA. + * \param rs_ctx Restart context (NULL to disable restart) * * \return See \c mbedtls_pk_verify(), or * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of @@ -309,7 +333,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len, - void *rs_ctx ); + mbedtls_pk_restart_ctx *rs_ctx ); /** * \brief Verify signature, with options. @@ -390,8 +414,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \param sig_len Number of bytes written * \param f_rng RNG function * \param p_rng RNG parameter - * \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a - * pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA. + * \param rs_ctx Restart context (NULL to disable restart) * * \return See \c mbedtls_pk_sign(), or * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of @@ -402,7 +425,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - void *rs_ctx ); + mbedtls_pk_restart_ctx *rs_ctx ); /** * \brief Decrypt message (including padding if relevant). diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 7487df619..3388c3b93 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -172,7 +172,7 @@ typedef struct typedef struct { /* for check_signature() */ - mbedtls_ecdsa_restart_ctx ecdsa; + mbedtls_pk_restart_ctx pk; /* for find_parent_in() */ mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */ diff --git a/library/pk.c b/library/pk.c index e439c7ad8..27ca5f3eb 100644 --- a/library/pk.c +++ b/library/pk.c @@ -73,6 +73,27 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ) mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) ); } +#if defined(MBEDTLS_ECP_RESTARTABLE) +/* + * Initialize a restart context + */ +void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) +{ + mbedtls_ecdsa_restart_init( &ctx->ecdsa ); +} + +/* + * Free the components of a restart context + */ +void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) +{ + if( ctx == NULL ) + return; + + mbedtls_ecdsa_restart_free( &ctx->ecdsa ); +} +#endif /* MBEDTLS_ECP_RESTARTABLE */ + /* * Get pk_info structure from type */ @@ -182,7 +203,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len, - void *rs_ctx ) + mbedtls_pk_restart_ctx *rs_ctx ) { if( ctx == NULL || ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) @@ -282,7 +303,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - void *rs_ctx ) + mbedtls_pk_restart_ctx *rs_ctx ) { if( ctx == NULL || ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 7ffeb5bb4..d53f7b227 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2615,7 +2615,7 @@ ske_process: #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled ) - rs_ctx = &ssl->handshake->ecrs_ctx.ecdsa; + rs_ctx = &ssl->handshake->ecrs_ctx.pk; #endif if( ( ret = mbedtls_pk_verify_restartable( @@ -3290,7 +3290,7 @@ keys_derived: #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled ) - rs_ctx = &ssl->handshake->ecrs_ctx.ecdsa; + rs_ctx = &ssl->handshake->ecrs_ctx.pk; #endif if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ), diff --git a/library/x509_crt.c b/library/x509_crt.c index 9ab376db2..a6f6a78d8 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1875,7 +1875,7 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child, { return( mbedtls_pk_verify_restartable( &parent->pk, child->sig_md, hash, mbedtls_md_get_size( md_info ), - child->sig.p, child->sig.len, &rs_ctx->ecdsa ) ); + child->sig.p, child->sig.len, &rs_ctx->pk ) ); } #else (void) rs_ctx; @@ -2653,7 +2653,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) */ void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) { - mbedtls_ecdsa_restart_init( &ctx->ecdsa ); + mbedtls_pk_restart_init( &ctx->pk ); ctx->parent = NULL; ctx->fallback_parent = NULL; @@ -2675,7 +2675,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ) if( ctx == NULL ) return; - mbedtls_ecdsa_restart_free( &ctx->ecdsa ); + mbedtls_pk_restart_free( &ctx->pk ); mbedtls_x509_crt_restart_init( ctx ); } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 6e8c032c1..176b08f98 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -127,12 +127,12 @@ void pk_rsa_verify_test_vec( char *message_hex_string, int digest, mbedtls_rsa_context *rsa; mbedtls_pk_context pk; int msg_len; - void *rs_ctx = NULL; + mbedtls_pk_restart_ctx *rs_ctx = NULL; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecdsa_restart_ctx ctx; + mbedtls_pk_restart_ctx ctx; rs_ctx = &ctx; - mbedtls_ecdsa_restart_init( rs_ctx ); + mbedtls_pk_restart_init( rs_ctx ); mbedtls_ecp_set_max_ops( 42 ); #endif @@ -163,7 +163,7 @@ void pk_rsa_verify_test_vec( char *message_hex_string, int digest, exit: #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecdsa_restart_free( rs_ctx ); + mbedtls_pk_restart_free( rs_ctx ); #endif mbedtls_pk_free( &pk ); } @@ -274,7 +274,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, int max_ops, int min_restart, int max_restart ) { int ret, cnt_restart; - mbedtls_ecdsa_restart_ctx rs_ctx; + mbedtls_pk_restart_ctx rs_ctx; mbedtls_pk_context prv, pub; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; @@ -282,7 +282,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, size_t hlen, slen, slen_check; const mbedtls_md_info_t *md_info; - mbedtls_ecdsa_restart_init( &rs_ctx ); + mbedtls_pk_restart_init( &rs_ctx ); mbedtls_pk_init( &prv ); mbedtls_pk_init( &pub ); memset( hash, 0, sizeof( hash ) ); @@ -351,7 +351,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, ret = mbedtls_pk_verify_restartable( &pub, md_alg, hash, hlen, sig, slen, &rs_ctx ); TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); - mbedtls_ecdsa_restart_free( &rs_ctx ); + mbedtls_pk_restart_free( &rs_ctx ); slen = sizeof( sig ); ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen, @@ -359,7 +359,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); exit: - mbedtls_ecdsa_restart_free( &rs_ctx ); + mbedtls_pk_restart_free( &rs_ctx ); mbedtls_pk_free( &prv ); mbedtls_pk_free( &pub ); } @@ -373,10 +373,10 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret ) size_t sig_len; void *rs_ctx = NULL; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecdsa_restart_ctx ctx; + mbedtls_pk_restart_ctx ctx; rs_ctx = &ctx; - mbedtls_ecdsa_restart_init( rs_ctx ); + mbedtls_pk_restart_init( rs_ctx ); mbedtls_ecp_set_max_ops( 42000 ); #endif @@ -429,7 +429,7 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret ) exit: #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecdsa_restart_free( rs_ctx ); + mbedtls_pk_restart_free( rs_ctx ); #endif mbedtls_pk_free( &pk ); } From 0bbc66cc7695ede2f6efcb7eb3c8a1103f196a0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 18 Aug 2017 16:22:06 +0200 Subject: [PATCH 094/368] Dynamically allocate/free restart subcontext in PK --- include/mbedtls/pk.h | 3 +- include/mbedtls/pk_internal.h | 8 ++++ library/pk.c | 69 ++++++++++++++++++++++++++++++----- library/pk_wrap.c | 38 +++++++++++++++++++ 4 files changed, 108 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 55b0668c2..8ec69856b 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -135,7 +135,8 @@ typedef struct */ typedef struct { - mbedtls_ecdsa_restart_ctx ecdsa; /* temporary */ + const mbedtls_pk_info_t * pk_info; /**< Public key informations */ + void * rs_ctx; /**< Underlying restart context */ } mbedtls_pk_restart_ctx; #else /* Now we can declare functions that take a pointer to that */ diff --git a/include/mbedtls/pk_internal.h b/include/mbedtls/pk_internal.h index e996b6cad..d56b0b334 100644 --- a/include/mbedtls/pk_internal.h +++ b/include/mbedtls/pk_internal.h @@ -94,6 +94,14 @@ struct mbedtls_pk_info_t /** Free the given context */ void (*ctx_free_func)( void *ctx ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + /** Allocate the restart context */ + void * (*rs_alloc_func)( void ); + + /** Free the restart context */ + void (*rs_free_func)( void *rs_ctx ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + /** Interface with the debug module */ void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items ); diff --git a/library/pk.c b/library/pk.c index 27ca5f3eb..70691d6e8 100644 --- a/library/pk.c +++ b/library/pk.c @@ -79,7 +79,8 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ) */ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) { - mbedtls_ecdsa_restart_init( &ctx->ecdsa ); + ctx->pk_info = NULL; + ctx->rs_ctx = NULL; } /* @@ -87,10 +88,16 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) */ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) { - if( ctx == NULL ) + if( ctx == NULL || ctx->pk_info == NULL || + ctx->pk_info->rs_free_func == NULL ) + { return; + } - mbedtls_ecdsa_restart_free( &ctx->ecdsa ); + ctx->pk_info->rs_free_func( ctx->rs_ctx ); + + ctx->pk_info = NULL; + ctx->rs_ctx = NULL; } #endif /* MBEDTLS_ECP_RESTARTABLE */ @@ -196,6 +203,30 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len return( 0 ); } +#if defined(MBEDTLS_ECP_RESTARTABLE) +/* + * Helper to set up a restart context if needed + */ +static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx, + const mbedtls_pk_info_t *info ) +{ + /* Don't do anything it already set up */ + if( ctx->pk_info != NULL ) + return( 0 ); + + /* Should never happen when we're called */ + if( info->rs_alloc_func == NULL || info->rs_free_func == NULL ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL ) + return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + + ctx->pk_info = info; + + return( 0 ); +} +#endif /* MBEDTLS_ECP_RESTARTABLE */ + /* * Verify a signature (restartable) */ @@ -210,10 +241,20 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ctx->pk_info->verify_rs_func != NULL ) + if( rs_ctx != NULL && ctx->pk_info->verify_rs_func != NULL ) { - return( ctx->pk_info->verify_rs_func( ctx->pk_ctx, - md_alg, hash, hash_len, sig, sig_len, rs_ctx ) ); + int ret; + + if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) + return( ret ); + + ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx, + md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx ); + + if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + mbedtls_pk_restart_free( rs_ctx ); + + return( ret ); } #else (void) rs_ctx; @@ -310,10 +351,20 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ctx->pk_info->sign_rs_func != NULL ) + if( rs_ctx != NULL && ctx->pk_info->sign_rs_func != NULL ) { - return( ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg, - hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx ) ); + int ret; + + if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) + return( ret ); + + ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg, + hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx ); + + if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + mbedtls_pk_restart_free( rs_ctx ); + + return( ret ); } #else (void) rs_ctx; diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 8b94d8129..0f935b2ad 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -189,6 +189,10 @@ const mbedtls_pk_info_t mbedtls_rsa_info = { rsa_check_pair_wrap, rsa_alloc_wrap, rsa_free_wrap, +#if defined(MBEDTLS_ECP_RESTARTABLE) + NULL, + NULL, +#endif rsa_debug, }; #endif /* MBEDTLS_RSA_C */ @@ -401,6 +405,24 @@ static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items ) items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q ); } +#if defined(MBEDTLS_ECP_RESTARTABLE) +static void *eckey_rs_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) ); + + if( ctx != NULL ) + mbedtls_ecdsa_restart_init( ctx ); + + return( ctx ); +} + +static void eckey_rs_free( void *ctx ) +{ + mbedtls_ecdsa_restart_free( ctx ); + mbedtls_free( ctx ); +} +#endif /* MBEDTLS_ECP_RESTARTABLE */ + const mbedtls_pk_info_t mbedtls_eckey_info = { MBEDTLS_PK_ECKEY, "EC", @@ -426,6 +448,10 @@ const mbedtls_pk_info_t mbedtls_eckey_info = { eckey_check_pair, eckey_alloc_wrap, eckey_free_wrap, +#if defined(MBEDTLS_ECP_RESTARTABLE) + eckey_rs_alloc, + eckey_rs_free, +#endif eckey_debug, }; @@ -454,6 +480,10 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = { eckey_check_pair, eckey_alloc_wrap, /* Same underlying key structure */ eckey_free_wrap, /* Same underlying key structure */ +#if defined(MBEDTLS_ECP_RESTARTABLE) + NULL, + NULL, +#endif eckey_debug, /* Same underlying key structure */ }; #endif /* MBEDTLS_ECP_C */ @@ -555,6 +585,10 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = { eckey_check_pair, /* Compatible key structures */ ecdsa_alloc_wrap, ecdsa_free_wrap, +#if defined(MBEDTLS_ECP_RESTARTABLE) + eckey_rs_alloc, + eckey_rs_free, +#endif eckey_debug, /* Compatible key structures */ }; #endif /* MBEDTLS_ECDSA_C */ @@ -677,6 +711,10 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { #endif rsa_alt_alloc_wrap, rsa_alt_free_wrap, +#if defined(MBEDTLS_ECP_RESTARTABLE) + NULL, + NULL, +#endif NULL, }; From fe6877034d01306d073bbc3f8bee454ca7f2a58d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 18 Aug 2017 17:04:07 +0200 Subject: [PATCH 095/368] Keep PK layer context in the PK layer Previously we kept the ecdsa context created by the PK layer for ECDSA operations on ECKEY in the ecdsa_restart_ctx structure, which was wrong, and caused by the fact that we didn't have a proper handling of restart sub-contexts in the PK layer. --- include/mbedtls/ecdsa.h | 3 - library/ecdsa.c | 9 --- library/pk_wrap.c | 174 +++++++++++++++++++--------------------- 3 files changed, 82 insertions(+), 104 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 77842526c..ce94af871 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -91,9 +91,6 @@ typedef struct #if defined(MBEDTLS_ECDSA_DETERMINISTIC) mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */ #endif -#if defined(MBEDTLS_PK_C) - mbedtls_ecdsa_context *ecdsa; /*!< used by the PK layer */ -#endif } mbedtls_ecdsa_restart_ctx; #else /* MBEDTLS_ECP_RESTARTABLE */ diff --git a/library/ecdsa.c b/library/ecdsa.c index 8d1f9d632..487bbd8e5 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -780,9 +780,6 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) #if defined(MBEDTLS_ECDSA_DETERMINISTIC) ctx->det = NULL; #endif -#if defined(MBEDTLS_PK_C) - ctx->ecdsa = NULL; -#endif } /* @@ -805,12 +802,6 @@ void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ) mbedtls_free( ctx->det ); ctx->det = NULL; #endif - -#if defined(MBEDTLS_PK_C) - mbedtls_ecdsa_free( ctx->ecdsa ); - mbedtls_free( ctx->ecdsa ); - ctx->ecdsa = NULL; -#endif } #endif /* MBEDTLS_ECP_RESTARTABLE */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 0f935b2ad..824c9d435 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -273,53 +273,69 @@ static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, void *rs_ctx ); +/* + * Restart context for ECDSA operations with ECKEY context + * + * We need to store an actual ECDSA context, as we need to pass the same to + * the underlying ecdsa function, so we can't create it on the fly every time. + */ +typedef struct +{ + mbedtls_ecdsa_restart_ctx ecdsa_rs; + mbedtls_ecdsa_context ecdsa_ctx; +} eckey_restart_ctx; + +static void *eckey_rs_alloc( void ) +{ + eckey_restart_ctx *rs_ctx; + + void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) ); + + if( ctx != NULL ) + { + rs_ctx = ctx; + mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs ); + mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx ); + } + + return( ctx ); +} + +static void eckey_rs_free( void *ctx ) +{ + eckey_restart_ctx *rs_ctx; + + if( ctx == NULL) + return; + + rs_ctx = ctx; + mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs ); + mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx ); + + mbedtls_free( ctx ); +} + static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len, - void *p_rs_ctx ) + void *rs_ctx ) { int ret; - mbedtls_ecdsa_context ecdsa, *p_ecdsa = &ecdsa; - mbedtls_ecdsa_restart_ctx *rs_ctx = p_rs_ctx; + eckey_restart_ctx *rs = rs_ctx; - mbedtls_ecdsa_init( &ecdsa ); + /* Should never happen */ + if( rs == NULL ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); /* set up our own sub-context if needed */ - if( mbedtls_ecp_restart_enabled() && - rs_ctx != NULL && rs_ctx->ecdsa == NULL ) - { - rs_ctx->ecdsa = mbedtls_calloc( 1, sizeof( *rs_ctx->ecdsa ) ); - if( rs_ctx->ecdsa == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if( rs->ecdsa_ctx.grp.pbits == 0 ) + MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); - mbedtls_ecdsa_init( rs_ctx->ecdsa ); - MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( rs_ctx->ecdsa, ctx ) ); - } - - if( rs_ctx != NULL && rs_ctx->ecdsa != NULL ) - { - /* redirect to our context */ - p_ecdsa = rs_ctx->ecdsa; - } - else - { - MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( p_ecdsa, ctx ) ); - } - - MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( p_ecdsa, md_alg, hash, hash_len, - sig, sig_len, rs_ctx ) ); + MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx, + md_alg, hash, hash_len, + sig, sig_len, &rs->ecdsa_rs ) ); cleanup: - /* clear our sub-context when not in progress (done or error) */ - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) - { - mbedtls_ecdsa_free( rs_ctx->ecdsa ); - mbedtls_free( rs_ctx->ecdsa ); - rs_ctx->ecdsa = NULL; - } - - mbedtls_ecdsa_free( &ecdsa ); - return( ret ); } @@ -327,50 +343,24 @@ static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - void *p_rs_ctx ) + void *rs_ctx ) { int ret; - mbedtls_ecdsa_context ecdsa, *p_ecdsa = &ecdsa; - mbedtls_ecdsa_restart_ctx *rs_ctx = p_rs_ctx; + eckey_restart_ctx *rs = rs_ctx; - mbedtls_ecdsa_init( &ecdsa ); + /* Should never happen */ + if( rs == NULL ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); /* set up our own sub-context if needed */ - if( mbedtls_ecp_restart_enabled() && - rs_ctx != NULL && rs_ctx->ecdsa == NULL ) - { - rs_ctx->ecdsa = mbedtls_calloc( 1, sizeof( *rs_ctx->ecdsa ) ); - if( rs_ctx->ecdsa == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if( rs->ecdsa_ctx.grp.pbits == 0 ) + MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); - mbedtls_ecdsa_init( rs_ctx->ecdsa ); - MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( rs_ctx->ecdsa, ctx ) ); - } - - if( rs_ctx != NULL && rs_ctx->ecdsa != NULL ) - { - /* redirect to our context */ - p_ecdsa = rs_ctx->ecdsa; - } - else - { - MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( p_ecdsa, ctx ) ); - } - - MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( p_ecdsa, md_alg, hash, hash_len, - sig, sig_len, f_rng, p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg, + hash, hash_len, sig, sig_len, + f_rng, p_rng, &rs->ecdsa_rs ) ); cleanup: - /* clear our sub-context when not in progress (done or error) */ - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) - { - mbedtls_ecdsa_free( rs_ctx->ecdsa ); - mbedtls_free( rs_ctx->ecdsa ); - rs_ctx->ecdsa = NULL; - } - - mbedtls_ecdsa_free( &ecdsa ); - return( ret ); } #endif /* MBEDTLS_ECP_RESTARTABLE */ @@ -405,24 +395,6 @@ static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items ) items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q ); } -#if defined(MBEDTLS_ECP_RESTARTABLE) -static void *eckey_rs_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) ); - - if( ctx != NULL ) - mbedtls_ecdsa_restart_init( ctx ); - - return( ctx ); -} - -static void eckey_rs_free( void *ctx ) -{ - mbedtls_ecdsa_restart_free( ctx ); - mbedtls_free( ctx ); -} -#endif /* MBEDTLS_ECP_RESTARTABLE */ - const mbedtls_pk_info_t mbedtls_eckey_info = { MBEDTLS_PK_ECKEY, "EC", @@ -569,6 +541,24 @@ static void ecdsa_free_wrap( void *ctx ) mbedtls_free( ctx ); } +#if defined(MBEDTLS_ECP_RESTARTABLE) +static void *ecdsa_rs_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) ); + + if( ctx != NULL ) + mbedtls_ecdsa_restart_init( ctx ); + + return( ctx ); +} + +static void ecdsa_rs_free( void *ctx ) +{ + mbedtls_ecdsa_restart_free( ctx ); + mbedtls_free( ctx ); +} +#endif /* MBEDTLS_ECP_RESTARTABLE */ + const mbedtls_pk_info_t mbedtls_ecdsa_info = { MBEDTLS_PK_ECDSA, "ECDSA", @@ -586,8 +576,8 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = { ecdsa_alloc_wrap, ecdsa_free_wrap, #if defined(MBEDTLS_ECP_RESTARTABLE) - eckey_rs_alloc, - eckey_rs_free, + ecdsa_rs_alloc, + ecdsa_rs_free, #endif eckey_debug, /* Compatible key structures */ }; From aaa9814879d5a99d386a18b67a868d1f3e718cf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 18 Aug 2017 17:30:37 +0200 Subject: [PATCH 096/368] Uniformize ifdefs to ECDSA_C+ECP_RESTARTABLE Some parts were already implicitly using this as the two ifdefs were nested, and some others didn't, which resulted in compile errors in some configs. This fixes those errors and saves a bit of code+RAM that was previously wasted when ECP_RESTARTABLE was defined but ECDSA_C wasn't --- include/mbedtls/pk.h | 10 +++++----- include/mbedtls/pk_internal.h | 8 ++++---- library/pk.c | 20 ++++++++++---------- library/pk_wrap.c | 18 +++++++----------- 4 files changed, 26 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 8ec69856b..1326b90d5 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -129,7 +129,7 @@ typedef struct void * pk_ctx; /**< Underlying public key context */ } mbedtls_pk_context; -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Context for resuming operations */ @@ -138,10 +138,10 @@ typedef struct const mbedtls_pk_info_t * pk_info; /**< Public key informations */ void * rs_ctx; /**< Underlying restart context */ } mbedtls_pk_restart_ctx; -#else +#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /* Now we can declare functions that take a pointer to that */ typedef void mbedtls_pk_restart_ctx; -#endif +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ #if defined(MBEDTLS_RSA_C) /** @@ -202,7 +202,7 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx ); */ void mbedtls_pk_free( mbedtls_pk_context *ctx ); -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Initialize a restart context */ @@ -212,7 +212,7 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ); * \brief Free the components of a restart context */ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /** * \brief Initialize a PK context with the information given diff --git a/include/mbedtls/pk_internal.h b/include/mbedtls/pk_internal.h index d56b0b334..8370dc219 100644 --- a/include/mbedtls/pk_internal.h +++ b/include/mbedtls/pk_internal.h @@ -58,7 +58,7 @@ struct mbedtls_pk_info_t int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** Verify signature (restartable) */ int (*verify_rs_func)( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, @@ -71,7 +71,7 @@ struct mbedtls_pk_info_t unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, void *rs_ctx ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /** Decrypt message */ int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen, @@ -94,13 +94,13 @@ struct mbedtls_pk_info_t /** Free the given context */ void (*ctx_free_func)( void *ctx ); -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** Allocate the restart context */ void * (*rs_alloc_func)( void ); /** Free the restart context */ void (*rs_free_func)( void *rs_ctx ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /** Interface with the debug module */ void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items ); diff --git a/library/pk.c b/library/pk.c index 70691d6e8..fae517a85 100644 --- a/library/pk.c +++ b/library/pk.c @@ -73,7 +73,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ) mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) ); } -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* * Initialize a restart context */ @@ -99,7 +99,7 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) ctx->pk_info = NULL; ctx->rs_ctx = NULL; } -#endif /* MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /* * Get pk_info structure from type @@ -203,7 +203,7 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len return( 0 ); } -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* * Helper to set up a restart context if needed */ @@ -225,7 +225,7 @@ static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx, return( 0 ); } -#endif /* MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /* * Verify a signature (restartable) @@ -240,7 +240,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && ctx->pk_info->verify_rs_func != NULL ) { int ret; @@ -256,9 +256,9 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, return( ret ); } -#else +#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ (void) rs_ctx; -#endif /* MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ if( ctx->pk_info->verify_func == NULL ) return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); @@ -350,7 +350,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && ctx->pk_info->sign_rs_func != NULL ) { int ret; @@ -366,9 +366,9 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, return( ret ); } -#else +#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ (void) rs_ctx; -#endif /* MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ if( ctx->pk_info->sign_func == NULL ) return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 824c9d435..9ca555672 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -180,7 +180,7 @@ const mbedtls_pk_info_t mbedtls_rsa_info = { rsa_can_do, rsa_verify_wrap, rsa_sign_wrap, -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) NULL, NULL, #endif @@ -189,7 +189,7 @@ const mbedtls_pk_info_t mbedtls_rsa_info = { rsa_check_pair_wrap, rsa_alloc_wrap, rsa_free_wrap, -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) NULL, NULL, #endif @@ -410,17 +410,13 @@ const mbedtls_pk_info_t mbedtls_eckey_info = { #else /* MBEDTLS_ECDSA_C */ NULL, NULL, -#if defined(MBEDTLS_ECP_RESTARTABLE) - NULL, - NULL, -#endif #endif /* MBEDTLS_ECDSA_C */ NULL, NULL, eckey_check_pair, eckey_alloc_wrap, eckey_free_wrap, -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) eckey_rs_alloc, eckey_rs_free, #endif @@ -443,7 +439,7 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = { eckeydh_can_do, NULL, NULL, -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) NULL, NULL, #endif @@ -452,7 +448,7 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = { eckey_check_pair, eckey_alloc_wrap, /* Same underlying key structure */ eckey_free_wrap, /* Same underlying key structure */ -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) NULL, NULL, #endif @@ -688,7 +684,7 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { rsa_alt_can_do, NULL, rsa_alt_sign_wrap, -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) NULL, NULL, #endif @@ -701,7 +697,7 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { #endif rsa_alt_alloc_wrap, rsa_alt_free_wrap, -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) NULL, NULL, #endif From d55f776cb778c85cc017de4a3fbde059ad673691 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 18 Aug 2017 17:40:15 +0200 Subject: [PATCH 097/368] Skip context allocation if restart disabled --- library/pk.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/pk.c b/library/pk.c index fae517a85..9a6e86233 100644 --- a/library/pk.c +++ b/library/pk.c @@ -241,7 +241,10 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ctx->pk_info->verify_rs_func != NULL ) + /* optimization: use non-restartable version if restart disabled */ + if( rs_ctx != NULL && + mbedtls_ecp_restart_enabled() && + ctx->pk_info->verify_rs_func != NULL ) { int ret; @@ -351,7 +354,10 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ctx->pk_info->sign_rs_func != NULL ) + /* optimization: use non-restartable version if restart disabled */ + if( rs_ctx != NULL && + mbedtls_ecp_restart_enabled() && + ctx->pk_info->sign_rs_func != NULL ) { int ret; From 8b7b96bbd3ae77657c512a0addd5a8d9f2084c00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 10:02:51 +0200 Subject: [PATCH 098/368] Fix typo --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index fbfab63b0..d400dee97 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -571,7 +571,7 @@ * again later with the same arguments in order to further progress and * eventually complete the operation, see \c mbedtls_ecp_set_max_ops(). * - * This is usefull in non-threaded environments if you want to avoid blocking + * This is useful in non-threaded environments if you want to avoid blocking * for too long on ECC (hence, X509 or SSL/TLS) operations. * * Uncomment this macro to enable restartable ECC computations. From 83e923ba2b0a01215c0e230426191e82e589ca0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 10:55:41 +0200 Subject: [PATCH 099/368] Better initialisation of ver_chain Use dedicated function for consistency, and initialise flags to -1 as this is the safe value. --- library/x509_crt.c | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index a6f6a78d8..7d60a5786 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -207,6 +207,23 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, return( -1 ); } +/* + * Reset (init or clear) a verify_chain + */ +static void x509_crt_verify_chain_reset( + mbedtls_x509_crt_verify_chain *ver_chain ) +{ + size_t i; + + for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) + { + ver_chain->items[i].crt = NULL; + ver_chain->items[i].flags = -1; + } + + ver_chain->len = 0; +} + /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ @@ -2258,8 +2275,9 @@ static int x509_crt_verify_chain( /* Add certificate to the verification chain */ cur = &ver_chain->items[ver_chain->len]; cur->crt = child; - flags = &cur->flags; + cur->flags = 0; ver_chain->len++; + flags = &cur->flags; /* Check time-validity (all certificates) */ if( mbedtls_x509_time_is_past( &child->valid_to ) ) @@ -2499,10 +2517,11 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, int ret; mbedtls_pk_type_t pk_type; mbedtls_x509_crt_verify_chain ver_chain; - uint32_t *ee_flags = &ver_chain.items[0].flags; + uint32_t ee_flags; *flags = 0; - memset( &ver_chain, 0, sizeof( ver_chain ) ); + ee_flags = 0; + x509_crt_verify_chain_reset( &ver_chain ); if( profile == NULL ) { @@ -2512,16 +2531,16 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, /* check name if requested */ if( cn != NULL ) - x509_crt_verify_name( crt, cn, ee_flags ); + x509_crt_verify_name( crt, cn, &ee_flags ); /* Check the type and size of the key */ pk_type = mbedtls_pk_get_type( &crt->pk ); if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) - *ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; + ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 ) - *ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; + ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; /* Check the chain */ ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, @@ -2530,6 +2549,9 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, if( ret != 0 ) goto exit; + /* Merge end-entity flags */ + ver_chain.items[0].flags |= ee_flags; + /* Build final flags, calling callback on the way if any */ ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); @@ -2663,8 +2685,7 @@ void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) ctx->child = NULL; ctx->self_cnt = 0; - memset( ctx->ver_chain.items, 0, sizeof( ctx->ver_chain.items ) ); - ctx->ver_chain.len = 0; + x509_crt_verify_chain_reset( &ctx->ver_chain ); } /* From 3627a8b2f63bafeba916eeed7408e3ff97b0f20b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 11:20:48 +0200 Subject: [PATCH 100/368] Clarify state handling in find_parent(_in)() --- library/x509_crt.c | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 7d60a5786..1a3eb2d96 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1992,13 +1992,20 @@ static int x509_crt_find_parent_in( int signature_is_good, fallback_sign_good; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - /* restore state if we have some stored */ + /* did we have something in progress? */ if( rs_ctx != NULL && rs_ctx->parent != NULL ) { + /* restore saved state */ parent = rs_ctx->parent; fallback_parent = rs_ctx->fallback_parent; fallback_sign_good = rs_ctx->fallback_sign_good; + /* clear saved state */ + rs_ctx->parent = NULL; + rs_ctx->fallback_parent = NULL; + rs_ctx->fallback_sign_good = 0; + + /* resume where we left */ goto check_signature; } #endif @@ -2070,16 +2077,6 @@ check_signature: *r_signature_is_good = fallback_sign_good; } -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL ) - { - /* reset state */ - rs_ctx->parent = NULL; - rs_ctx->fallback_parent = NULL; - rs_ctx->fallback_sign_good = 0; - } -#endif - return( 0 ); } @@ -2116,9 +2113,12 @@ static int x509_crt_find_parent( *parent_is_trusted = 1; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - /* restore state if we have some stored */ - if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) + /* restore then clear saved state if we have some stored */ + if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 ) + { *parent_is_trusted = rs_ctx->parent_is_trusted; + rs_ctx->parent_is_trusted = -1; + } #endif while( 1 ) { @@ -2155,12 +2155,6 @@ static int x509_crt_find_parent( signature_is_good = 0; } -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - /* reset state */ - if( rs_ctx != NULL ) - rs_ctx->parent_is_trusted = -1; -#endif - return( 0 ); } @@ -2254,7 +2248,7 @@ static int x509_crt_verify_chain( /* resume if we had an operation in progress */ if( rs_ctx != NULL && rs_ctx->child != NULL ) { - /* save state */ + /* restore saved state */ child = rs_ctx->child; self_cnt = rs_ctx->self_cnt; *ver_chain = rs_ctx->ver_chain; From a96884342928667f40ea8e27f178b701a2faea86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 11:23:59 +0200 Subject: [PATCH 101/368] Improve some comments in verify_chain() --- library/x509_crt.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 1a3eb2d96..69cec4db8 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2219,6 +2219,8 @@ static int x509_crt_check_ee_locally_trusted( * - [in] trust_ca: the trusted list R1, ..., Rp * - [in] ca_crl, profile: as in verify_with_profile() * - [out] ver_chain: the built and verified chain + * Only valid when return value is 0, may contain garbage otherwise! + * Restart note: need not be the same when calling again to resume. * - [in-out] rs_ctx: context for restarting operations * * Return value: @@ -2234,6 +2236,8 @@ static int x509_crt_verify_chain( mbedtls_x509_crt_verify_chain *ver_chain, mbedtls_x509_crt_restart_ctx *rs_ctx ) { + /* Don't initialize any of those variables here, so that the compiler can + * catch potential issues with jumping ahead when restarting */ int ret; uint32_t *flags; mbedtls_x509_crt_verify_chain_item *cur; @@ -2251,7 +2255,7 @@ static int x509_crt_verify_chain( /* restore saved state */ child = rs_ctx->child; self_cnt = rs_ctx->self_cnt; - *ver_chain = rs_ctx->ver_chain; + *ver_chain = rs_ctx->ver_chain; /* struct copy */ cur = &ver_chain->items[ver_chain->len - 1]; flags = &cur->flags; @@ -2312,7 +2316,7 @@ find_parent: /* save state */ rs_ctx->child = child; rs_ctx->self_cnt = self_cnt; - rs_ctx-> ver_chain = *ver_chain; + rs_ctx->ver_chain = *ver_chain; /* struct copy */ return( ret ); } From daf049144e84c9cb76511c61aa0b31159cfbc1c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 12:32:19 +0200 Subject: [PATCH 102/368] Rework state saving for verify_chain() Child was almost redundant as it's already saved in ver_chain, except it was multiplexed to also indicate whether an operation is in progress. This commit removes it and introduces an explicit state variable instead. This state can be useful later if we start returning IN_PROGRESS at other points than find_parent() (for example when checking CRL). Note that the state goes none -> find_parent and stays there until the context is free(), as it's only on the first call that nothing was in progress. --- include/mbedtls/x509_crt.h | 5 ++++- library/x509_crt.c | 11 ++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 3388c3b93..2f652b76d 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -183,7 +183,10 @@ typedef struct int parent_is_trusted; /* -1 if find_parent is not in progress */ /* for verify_chain() */ - mbedtls_x509_crt *child; /* non-null iff in progress */ + enum { + x509_crt_rs_none, + x509_crt_rs_find_parent, + } in_progress; /* none if no operation is in progress */ int self_cnt; mbedtls_x509_crt_verify_chain ver_chain; diff --git a/library/x509_crt.c b/library/x509_crt.c index 69cec4db8..586ec8375 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2250,14 +2250,15 @@ static int x509_crt_verify_chain( #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* resume if we had an operation in progress */ - if( rs_ctx != NULL && rs_ctx->child != NULL ) + if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent ) { /* restore saved state */ - child = rs_ctx->child; - self_cnt = rs_ctx->self_cnt; *ver_chain = rs_ctx->ver_chain; /* struct copy */ + self_cnt = rs_ctx->self_cnt; + /* restore derived state */ cur = &ver_chain->items[ver_chain->len - 1]; + child = cur->crt; flags = &cur->flags; goto find_parent; @@ -2314,7 +2315,7 @@ find_parent: if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { /* save state */ - rs_ctx->child = child; + rs_ctx->in_progress = x509_crt_rs_find_parent; rs_ctx->self_cnt = self_cnt; rs_ctx->ver_chain = *ver_chain; /* struct copy */ @@ -2681,7 +2682,7 @@ void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) ctx->parent_is_trusted = -1; - ctx->child = NULL; + ctx->in_progress = x509_crt_rs_none; ctx->self_cnt = 0; x509_crt_verify_chain_reset( &ctx->ver_chain ); } From 7037e222ea661ca3b655c387fb8ff18951809f9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 14:30:36 +0200 Subject: [PATCH 103/368] Improve comments and doc for ECP --- include/mbedtls/ecp.h | 19 +++++++--- library/ecp.c | 87 +++++++++++++++++++++++++++++++++++++------ 2 files changed, 90 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 04a557bdb..07ed110cd 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -310,9 +310,15 @@ typedef void mbedtls_ecp_restart_ctx; * MBEDTLS_ERR_ECP_IN_PROGRESS will be returned by the * function performing the computation. It is then the * caller's responsibility to either call again with the same - * arguments until it returns 0 or an error code; or to free + * parameters until it returns 0 or an error code; or to free * the restart context if the operation is to be aborted. * + * It is strictly required that all input parameters and the + * restart context be the same on successive calls for the + * same operation, but output parameters need not be the + * same; they must not be used until the function finally + * returns 0. + * * This only affects functions that accept a pointer to a * \c mbedtls_ecp_restart_ctx as an argument, and only works * if that pointer valid (in particular, not NULL). @@ -334,10 +340,13 @@ typedef void mbedtls_ecp_restart_ctx; * operations, and will do so even if max_ops is set to a * lower value. That minimum depends on the curve size, and * can be made lower by decreasing the value of - * \c MBEDTLS_ECP_WINDOW_SIZE. As an indication, with that - * parameter set to 4, the minimum amount of blocking is: - * - around 165 basic operations for P-256 - * - around 330 basic operations for P-384 + * \c MBEDTLS_ECP_WINDOW_SIZE. As an indication, here is the + * lowest effective value for various curves and values of + * that parameter (w for short): + * w=6 w=5 w=4 w=3 w=2 + * P-256 208 208 160 136 124 + * P-384 682 416 320 272 248 + * P-521 1364 832 640 544 496 * * \note This setting is currently ignored by Curve25519 */ diff --git a/library/ecp.c b/library/ecp.c index 74a19eecb..9a8f552b7 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -89,6 +89,13 @@ static unsigned long add_count, dbl_count, mul_count; #if defined(MBEDTLS_ECP_RESTARTABLE) /* * Maximum number of "basic operations" to be done in a row. + * + * Default value 0 means that ECC operations will not yield. + * Note that regardless of the value of ecp_max_ops, always at + * least one step is performed before yielding. + * + * Setting ecp_max_ops=1 can be suitable for testing purposes + * as it will interrupt computation at all possible points. */ static unsigned ecp_max_ops = 0; @@ -1341,11 +1348,38 @@ cleanup: * modified version that provides resistance to SPA by avoiding zero * digits in the representation as in [3]. We modify the method further by * requiring that all K_i be odd, which has the small cost that our - * representation uses one more K_i, due to carries. + * representation uses one more K_i, due to carries, but saves on the size of + * the precomputed table. * - * Also, for the sake of compactness, only the seven low-order bits of x[i] - * are used to represent K_i, and the msb of x[i] encodes the the sign (s_i in - * the paper): it is set if and only if if s_i == -1; + * Summary of the comb method and its modifications: + * + * - The goal is to compute m*P for some w*d-bit integer m. + * + * - The basic comb method splits m into the w-bit integers + * x[0] .. x[d-1] where x[i] consists of the bits in m whose + * index has residue i modulo d, and computes m * P as + * S[x[0]] + 2 * S[x[1]] + .. + 2^(d-1) S[x[d-1]], where + * S[i_{w-1} .. i_0] := i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + i_0 P. + * + * - If it happens that, say, x[i+1]=0 (=> S[x[i+1]]=0), one can replace the sum by + * .. + 2^{i-1} S[x[i-1]] - 2^i S[x[i]] + 2^{i+1} S[x[i]] + 2^{i+2} S[x[i+2]] .., + * thereby successively converting it into a form where all summands + * are nonzero, at the cost of negative summands. This is the basic idea of [3]. + * + * - More generally, even if x[i+1] != 0, we can first transform the sum as + * .. - 2^i S[x[i]] + 2^{i+1} ( S[x[i]] + S[x[i+1]] ) + 2^{i+2} S[x[i+2]] .., + * and then replace S[x[i]] + S[x[i+1]] = S[x[i] ^ x[i+1]] + 2 S[x[i] & x[i+1]]. + * Performing and iterating this procedure for those x[i] that are even + * (keeping track of carry), we can transform the original sum into one of the form + * S[x'[0]] +- 2 S[x'[1]] +- .. +- 2^{d-1} S[x'[d-1]] + 2^d S[x'[d]] + * with all x'[i] odd. It is therefore only necessary to know S at odd indices, + * which is why we are only computing half of it in the first place in + * ecp_precompute_comb and accessing it with index abs(i) / 2 in ecp_select_comb. + * + * - For the sake of compactness, only the seven low-order bits of x[i] + * are used to represent its absolute value (K_i in the paper), and the msb + * of x[i] encodes the the sign (s_i in the paper): it is set if and only if + * if s_i == -1; * * Calling conventions: * - x is an array of size d + 1 @@ -1385,14 +1419,41 @@ static void ecp_comb_recode_core( unsigned char x[], size_t d, } /* - * Precompute points for the comb method + * Precompute points for the adapted comb method * - * If i = i_{w-1} ... i_1 is the binary representation of i, then - * T[i] = i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + P + * Assumption: T must be able to hold 2^{w - 1} elements. * - * T must be able to hold 2^{w - 1} elements + * Operation: If i = i_{w-1} ... i_1 is the binary representation of i, + * sets T[i] = i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + P. * * Cost: d(w-1) D + (2^{w-1} - 1) A + 1 N(w-1) + 1 N(2^{w-1} - 1) + * + * Note: Even comb values (those where P would be omitted from the + * sum defining T[i] above) are not needed in our adaption + * the the comb method. See ecp_comb_recode_core(). + * + * This function currently works in four steps: + * (1) Computation of intermediate T[i] for 2-powers values of i + * (restart state is ecp_rsm_init). + * (2) Normalization of coordinates of these T[i] + * (restart state is ecp_rsm_pre_norm_dbl). + * (3) Computation of all T[i] (restart state is ecp_rsm_pre_add). + * (4) Normalization of all T[i] (restart state is ecp_rsm_pre_norm_add) + * The final restart state is ecp_rsm_T_done. + * + * Step 1 can be interrupted but not the others; together with the final + * coordinate normalization they are the largest steps done at once, depending + * on the window size. Here are operation counts for P-256: + * + * step (2) (3) (4) + * w = 5 142 165 208 + * w = 4 136 77 160 + * w = 3 130 33 136 + * w = 2 124 11 124 + * + * So if ECC operations are blocking for too long even with a low max_ops + * value, it's useful to set MBEDTLS_ECP_WINDOW_SIZE to a lower value in order + * to minimize maximum blocking time. */ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point T[], const mbedtls_ecp_point *P, @@ -1534,6 +1595,8 @@ cleanup: /* * Select precomputed point: R = sign(i) * T[ abs(i) / 2 ] + * + * See ecp_comb_recode_core() for background */ static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_ecp_point T[], unsigned char t_len, @@ -1637,6 +1700,8 @@ cleanup: * As the actual scalar recoding needs an odd scalar as a starting point, * this wrapper ensures that by replacing m by N - m if necessary, and * informs the caller that the result of multiplication will be negated. + * + * See ecp_comb_recode_core() for background. */ static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp, const mbedtls_mpi *m, @@ -1824,8 +1889,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* Pre-computed table: do we have it already for the base point? */ if( p_eq_g && grp->T != NULL ) { - /* second pointer to the same table - * no ownership transfer as other threads might be using T too */ + /* second pointer to the same table, will be deleted on exit */ T = grp->T; T_ok = 1; } @@ -1862,9 +1926,10 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, if( p_eq_g ) { + /* almost transfer ownership of T to the group, but keep a copy of + * the pointer to use for caling the next function more easily */ grp->T = T; grp->T_size = pre_len; - /* now have two pointers to the same table */ } } From eaf55beeadb90016fa0d6d6676844c0cca774306 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 14:40:21 +0200 Subject: [PATCH 104/368] Misc documentation fixes/improvements --- include/mbedtls/ecdh.h | 6 +++++- include/mbedtls/ecdsa.h | 4 ++++ include/mbedtls/x509_crt.h | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 6f3fe137c..435ba00cb 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -40,6 +40,10 @@ typedef enum /** * \brief ECDH context structure + * + * \warning Performing multiple operations concurrently on the same + * ECDSA context is not supported; objects of this type + * should not be shared between multiple threads. */ typedef struct { @@ -159,7 +163,7 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, * ServerKeyEchange for static ECDH: import ECDH parameters * from a certificate's EC key information.) * - * \param ctx ECDH constext to set + * \param ctx ECDH context to set * \param key EC key to use * \param side Is it our key (1) or the peer's key (0) ? * diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index ce94af871..3440a84fe 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -52,6 +52,10 @@ extern "C" { /** * \brief ECDSA context structure + * + * \warning Performing multiple operations concurrently on the same + * ECDSA context is not supported; objects of this type + * should not be shared between multiple threads. */ typedef mbedtls_ecp_keypair mbedtls_ecdsa_context; diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 2f652b76d..683181270 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -425,7 +425,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, * \param flags result of the verification * \param f_vrfy verification function * \param p_vrfy verification parameter - * \param rs_ctx resart context + * \param rs_ctx restart context * * \return See \c mbedtls_crt_verify_with_profile(), or * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of From ebac5d3797504870e7997f29c5a95f21ee6c4e42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 16:23:36 +0200 Subject: [PATCH 105/368] Fix some whitespace & style issues --- library/ecdsa.c | 2 -- library/ecp.c | 71 +++++++++++++++---------------------------------- 2 files changed, 21 insertions(+), 52 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index 487bbd8e5..19d0004b5 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -268,7 +268,6 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, pk = &rs_ctx->sig->k; pr = &rs_ctx->sig->r; - /* jump to current step */ if( rs_ctx->sig->state == ecdsa_sig_mul ) goto mul; @@ -315,7 +314,6 @@ mul: } while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 ); - #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->sig != NULL ) rs_ctx->sig->state++; diff --git a/library/ecp.c b/library/ecp.c index 9a8f552b7..5217b55bd 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -85,7 +85,6 @@ static void mbedtls_zeroize( void *v, size_t n ) { static unsigned long add_count, dbl_count, mul_count; #endif - #if defined(MBEDTLS_ECP_RESTARTABLE) /* * Maximum number of "basic operations" to be done in a row. @@ -927,11 +926,10 @@ static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p return( 0 ); #if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - if ( mbedtls_internal_ecp_grp_capable( grp ) ) - { - return mbedtls_internal_ecp_normalize_jac( grp, pt ); - } + if( mbedtls_internal_ecp_grp_capable( grp ) ) + return( mbedtls_internal_ecp_normalize_jac( grp, pt ) ); #endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */ + mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); /* @@ -981,10 +979,8 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, return( ecp_normalize_jac( grp, *T ) ); #if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - if ( mbedtls_internal_ecp_grp_capable( grp ) ) - { - return mbedtls_internal_ecp_normalize_jac_many(grp, T, t_len); - } + if( mbedtls_internal_ecp_grp_capable( grp ) ) + return( mbedtls_internal_ecp_normalize_jac_many( grp, T, t_len ) ); #endif if( ( c = mbedtls_calloc( t_len, sizeof( mbedtls_mpi ) ) ) == NULL ) @@ -1104,10 +1100,8 @@ static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #endif #if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - if ( mbedtls_internal_ecp_grp_capable( grp ) ) - { - return mbedtls_internal_ecp_double_jac( grp, R, P ); - } + if( mbedtls_internal_ecp_grp_capable( grp ) ) + return( mbedtls_internal_ecp_double_jac( grp, R, P ) ); #endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */ mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U ); @@ -1202,10 +1196,8 @@ static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #endif #if defined(MBEDTLS_ECP_ADD_MIXED_ALT) - if ( mbedtls_internal_ecp_grp_capable( grp ) ) - { - return mbedtls_internal_ecp_add_mixed( grp, R, P, Q ); - } + if( mbedtls_internal_ecp_grp_capable( grp ) ) + return( mbedtls_internal_ecp_add_mixed( grp, R, P, Q ) ); #endif /* MBEDTLS_ECP_ADD_MIXED_ALT */ /* @@ -1289,10 +1281,8 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p int count = 0; #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - if ( mbedtls_internal_ecp_grp_capable( grp ) ) - { - return mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng ); - } + if( mbedtls_internal_ecp_grp_capable( grp ) ) + return( mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng ) ); #endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ p_size = ( grp->pbits + 7 ) / 8; @@ -1798,7 +1788,6 @@ cleanup: return( ret ); } - /* * Pick window size based on curve size and whether we optimize for base point */ @@ -2004,10 +1993,8 @@ static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P int ret; #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - if ( mbedtls_internal_ecp_grp_capable( grp ) ) - { - return mbedtls_internal_ecp_normalize_mxz( grp, P ); - } + if( mbedtls_internal_ecp_grp_capable( grp ) ) + return( mbedtls_internal_ecp_normalize_mxz( grp, P ) ); #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) ); @@ -2035,10 +2022,8 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P int count = 0; #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - if ( mbedtls_internal_ecp_grp_capable( grp ) ) - { - return mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ); - } + if( mbedtls_internal_ecp_grp_capable( grp ) ) + return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ); #endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ p_size = ( grp->pbits + 7 ) / 8; @@ -2090,10 +2075,8 @@ static int ecp_double_add_mxz( const mbedtls_ecp_group *grp, mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB; #if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - if ( mbedtls_internal_ecp_grp_capable( grp ) ) - { - return mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d ); - } + if( mbedtls_internal_ecp_grp_capable( grp ) ) + return( mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d ) ); #endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B ); @@ -2209,11 +2192,8 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #endif #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) - { + if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); - } - #endif /* MBEDTLS_ECP_INTERNAL_ALT */ #if defined(MBEDTLS_ECP_RESTARTABLE) && defined(ECP_SHORTWEIERSTRASS) @@ -2243,11 +2223,8 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, cleanup: #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if ( is_grp_capable ) - { + if( is_grp_capable ) mbedtls_internal_ecp_free( grp ); - } - #endif /* MBEDTLS_ECP_INTERNAL_ALT */ #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -2378,11 +2355,8 @@ int mbedtls_ecp_muladd_restartable( mbedtls_ecp_point_init( &mP ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) - { + if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); - } - #endif /* MBEDTLS_ECP_INTERNAL_ALT */ #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -2448,11 +2422,8 @@ norm: cleanup: #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if ( is_grp_capable ) - { + if( is_grp_capable ) mbedtls_internal_ecp_free( grp ); - } - #endif /* MBEDTLS_ECP_INTERNAL_ALT */ mbedtls_ecp_point_free( &mP ); From 92cceb29bd2cab4a75311742986e637ff1f45e86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 16:27:29 +0200 Subject: [PATCH 106/368] Make some names more consistent --- library/ecp.c | 54 +++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 5217b55bd..365372a44 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -969,21 +969,21 @@ cleanup: * Cost: 1N(t) := 1I + (6t - 3)M + 1S */ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *T[], size_t t_len ) + mbedtls_ecp_point *T[], size_t T_size ) { int ret; size_t i; mbedtls_mpi *c, u, Zi, ZZi; - if( t_len < 2 ) + if( T_size < 2 ) return( ecp_normalize_jac( grp, *T ) ); #if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_normalize_jac_many( grp, T, t_len ) ); + return( mbedtls_internal_ecp_normalize_jac_many( grp, T, T_size ) ); #endif - if( ( c = mbedtls_calloc( t_len, sizeof( mbedtls_mpi ) ) ) == NULL ) + if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL ) return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); @@ -992,7 +992,7 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, * c[i] = Z_0 * ... * Z_i */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &c[0], &T[0]->Z ) ); - for( i = 1; i < t_len; i++ ) + for( i = 1; i < T_size; i++ ) { MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &c[i], &c[i-1], &T[i]->Z ) ); MOD_MUL( c[i] ); @@ -1001,9 +1001,9 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, /* * u = 1 / (Z_0 * ... * Z_n) mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[t_len-1], &grp->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ) ); - for( i = t_len - 1; ; i-- ) + for( i = T_size - 1; ; i-- ) { /* * Zi = 1 / Z_i mod p @@ -1043,7 +1043,7 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, cleanup: mbedtls_mpi_free( &u ); mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi ); - for( i = 0; i < t_len; i++ ) + for( i = 0; i < T_size; i++ ) mbedtls_mpi_free( &c[i] ); mbedtls_free( c ); @@ -1453,7 +1453,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, int ret; unsigned char i; size_t j = 0; - const unsigned char T_len = 1U << ( w - 1 ); + const unsigned char T_size = 1U << ( w - 1 ); mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; #if !defined(MBEDTLS_ECP_RESTARTABLE) @@ -1515,7 +1515,7 @@ norm_dbl: #endif j = 0; - for( i = 1; i < T_len; i <<= 1 ) + for( i = 1; i < T_size; i <<= 1 ) TT[j++] = T + i; MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); @@ -1535,9 +1535,9 @@ norm_dbl: add: #endif - MBEDTLS_ECP_BUDGET( ( T_len - 1 ) * MBEDTLS_ECP_OPS_ADD ); + MBEDTLS_ECP_BUDGET( ( T_size - 1 ) * MBEDTLS_ECP_OPS_ADD ); - for( i = 1; i < T_len; i <<= 1 ) + for( i = 1; i < T_size; i <<= 1 ) { j = i; while( j-- ) @@ -1558,7 +1558,7 @@ add: norm_add: #endif - for( j = 0; j + 1 < T_len; j++ ) + for( j = 0; j + 1 < T_size; j++ ) TT[j] = T + j + 1; MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); @@ -1589,7 +1589,7 @@ cleanup: * See ecp_comb_recode_core() for background */ static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point T[], unsigned char t_len, + const mbedtls_ecp_point T[], unsigned char T_size, unsigned char i ) { int ret; @@ -1599,7 +1599,7 @@ static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, ii = ( i & 0x7Fu ) >> 1; /* Read the whole table to thwart cache-based timing attacks */ - for( j = 0; j < t_len; j++ ) + for( j = 0; j < T_size; j++ ) { MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) ); @@ -1619,7 +1619,7 @@ cleanup: * Cost: d A + d D + 1 R */ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point T[], unsigned char t_len, + const mbedtls_ecp_point T[], unsigned char T_size, const unsigned char x[], size_t d, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, @@ -1646,7 +1646,7 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R { /* Start with a non-zero point and randomize its coordinates */ i = d; - MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, t_len, x[i] ) ); + MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); if( f_rng != 0 ) MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); @@ -1656,7 +1656,7 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R { MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD ); MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) ); - MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, t_len, x[i] ) ); + MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) ); MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) ); } @@ -1739,7 +1739,7 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *T, - unsigned char pre_len, + unsigned char T_size, unsigned char w, size_t d, int (*f_rng)(void *, unsigned char *, size_t), @@ -1767,7 +1767,7 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, { MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, &parity_trick ) ); - MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, pre_len, k, d, + MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d, f_rng, p_rng, rs_ctx ) ); MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); @@ -1845,7 +1845,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int ret; unsigned char w, p_eq_g = 0, i; size_t d; - unsigned char pre_len = 0, T_ok = 0; + unsigned char T_size = 0, T_ok = 0; mbedtls_ecp_point *T = NULL; #if !defined(MBEDTLS_ECP_RESTARTABLE) @@ -1872,7 +1872,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* Pick window size and deduce related sizes */ w = ecp_pick_window_size( grp, p_eq_g ); - pre_len = 1U << ( w - 1 ); + T_size = 1U << ( w - 1 ); d = ( grp->nbits + w - 1 ) / w; /* Pre-computed table: do we have it already for the base point? */ @@ -1900,7 +1900,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* Allocate table if we didn't have any */ if( T == NULL ) { - T = mbedtls_calloc( pre_len, sizeof( mbedtls_ecp_point ) ); + T = mbedtls_calloc( T_size, sizeof( mbedtls_ecp_point ) ); if( T == NULL ) { ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; @@ -1918,13 +1918,13 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* almost transfer ownership of T to the group, but keep a copy of * the pointer to use for caling the next function more easily */ grp->T = T; - grp->T_size = pre_len; + grp->T_size = T_size; } } /* Actual comb multiplication using precomputed points */ MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m, - T, pre_len, w, d, + T, T_size, w, d, f_rng, p_rng, rs_ctx ) ); cleanup: @@ -1938,7 +1938,7 @@ cleanup: if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) { /* transfer ownership of T from local function to rsm */ - rs_ctx->rsm->T_size = pre_len; + rs_ctx->rsm->T_size = T_size; rs_ctx->rsm->T = T; T = NULL; } @@ -1947,7 +1947,7 @@ cleanup: /* did T belong to us? then let's destroy it! */ if( T != NULL ) { - for( i = 0; i < pre_len; i++ ) + for( i = 0; i < T_size; i++ ) mbedtls_ecp_point_free( &T[i] ); mbedtls_free( T ); } From 5bd38b1144420d234c4411914433ff31256e9168 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 16:55:59 +0200 Subject: [PATCH 107/368] Replace memset() calls with xxx_init() calls And follow calloc() calls with xxx_init() too --- library/ecdh.c | 17 ++++++++++++++--- library/ecdsa.c | 18 ++++++++++-------- library/ecp.c | 48 +++++++++++++++++++++++++++++++++++++----------- 3 files changed, 61 insertions(+), 22 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index cae3b290f..b8a7dbf0a 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -126,9 +126,18 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, */ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) { - memset( ctx, 0, sizeof( mbedtls_ecdh_context ) ); + mbedtls_ecp_group_init( &ctx->grp ); + mbedtls_mpi_init( &ctx->d ); + mbedtls_ecp_point_init( &ctx->Q ); + mbedtls_ecp_point_init( &ctx->Qp ); + mbedtls_mpi_init( &ctx->z ); + ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; + mbedtls_ecp_point_init( &ctx->Vi ); + mbedtls_ecp_point_init( &ctx->Vf ); + mbedtls_mpi_init( &ctx->_d ); #if defined(MBEDTLS_ECP_RESTARTABLE) + ctx->restart_enabled = 0; mbedtls_ecp_restart_init( &ctx->rs ); #endif } @@ -142,17 +151,19 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) return; mbedtls_ecp_group_free( &ctx->grp ); + mbedtls_mpi_free( &ctx->d ); mbedtls_ecp_point_free( &ctx->Q ); mbedtls_ecp_point_free( &ctx->Qp ); + mbedtls_mpi_free( &ctx->z ); mbedtls_ecp_point_free( &ctx->Vi ); mbedtls_ecp_point_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->d ); - mbedtls_mpi_free( &ctx->z ); mbedtls_mpi_free( &ctx->_d ); #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_free( &ctx->rs ); #endif + + mbedtls_ecdh_init( ctx ); } #if defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/library/ecdsa.c b/library/ecdsa.c index 19d0004b5..f3b3cf26d 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -69,7 +69,9 @@ struct mbedtls_ecdsa_restart_ver */ static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx ) { - memset( ctx, 0, sizeof( *ctx ) ); + mbedtls_mpi_init( &ctx->u1 ); + mbedtls_mpi_init( &ctx->u2 ); + ctx->state = ecdsa_ver_init; } /* @@ -83,7 +85,7 @@ static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx ) mbedtls_mpi_free( &ctx->u1 ); mbedtls_mpi_free( &ctx->u2 ); - memset( ctx, 0, sizeof( *ctx ) ); + ecdsa_restart_ver_init( ctx ); } /* @@ -107,10 +109,11 @@ struct mbedtls_ecdsa_restart_sig */ static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx ) { - memset( ctx, 0, sizeof( *ctx ) ); - + ctx->sign_tries = 0; + ctx->key_tries = 0; mbedtls_mpi_init( &ctx->k ); mbedtls_mpi_init( &ctx->r ); + ctx->state = ecdsa_sig_init; } /* @@ -124,7 +127,7 @@ static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx ) mbedtls_mpi_free( &ctx->k ); mbedtls_mpi_free( &ctx->r ); - memset( ctx, 0, sizeof( *ctx ) ); + ecdsa_restart_sig_init( ctx ); } #if defined(MBEDTLS_ECDSA_DETERMINISTIC) @@ -145,9 +148,8 @@ struct mbedtls_ecdsa_restart_det */ static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx ) { - memset( ctx, 0, sizeof( *ctx ) ); - mbedtls_hmac_drbg_init( &ctx->rng_ctx ); + ctx->state = ecdsa_det_init; } /* @@ -160,7 +162,7 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) mbedtls_hmac_drbg_free( &ctx->rng_ctx ); - memset( ctx, 0, sizeof( *ctx ) ); + ecdsa_restart_det_init( ctx ); } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ diff --git a/library/ecp.c b/library/ecp.c index 365372a44..6675c475c 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -138,7 +138,11 @@ struct mbedtls_ecp_restart_mul */ static void ecp_restart_mul_init( mbedtls_ecp_restart_mul_ctx *ctx ) { - memset( ctx, 0, sizeof( mbedtls_ecp_restart_mul_ctx ) ); + mbedtls_ecp_point_init( &ctx->R ); + ctx->i = 0; + ctx->T = NULL; + ctx->T_size = 0; + ctx->state = ecp_rsm_init; } /* @@ -160,7 +164,7 @@ static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx ) mbedtls_free( ctx->T ); } - memset( ctx, 0, sizeof( mbedtls_ecp_restart_mul_ctx ) ); + ecp_restart_mul_init( ctx ); } /* @@ -183,7 +187,9 @@ struct mbedtls_ecp_restart_muladd */ static void ecp_restart_muladd_init( mbedtls_ecp_restart_muladd_ctx *ctx ) { - memset( ctx, 0, sizeof( *ctx ) ); + mbedtls_ecp_point_init( &ctx->mP ); + mbedtls_ecp_point_init( &ctx->R ); + ctx->state = ecp_rsma_mul1; } /* @@ -197,7 +203,7 @@ static void ecp_restart_muladd_free( mbedtls_ecp_restart_muladd_ctx *ctx ) mbedtls_ecp_point_free( &ctx->mP ); mbedtls_ecp_point_free( &ctx->R ); - memset( ctx, 0, sizeof( *ctx ) ); + ecp_restart_muladd_init( ctx ); } /* @@ -205,7 +211,10 @@ static void ecp_restart_muladd_free( mbedtls_ecp_restart_muladd_ctx *ctx ) */ void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) { - memset( ctx, 0, sizeof( *ctx ) ); + ctx->ops_done = 0; + ctx->depth = 0; + ctx->rsm = NULL; + ctx->ma = NULL; } /* @@ -216,16 +225,13 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) if( ctx == NULL ) return; - ctx->ops_done = 0; - ctx->depth = 0; - ecp_restart_mul_free( ctx->rsm ); mbedtls_free( ctx->rsm ); - ctx->rsm = NULL; ecp_restart_muladd_free( ctx->ma ); mbedtls_free( ctx->ma ); - ctx->ma = NULL; + + mbedtls_ecp_restart_init( ctx ); } /* @@ -463,7 +469,21 @@ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) if( grp == NULL ) return; - memset( grp, 0, sizeof( mbedtls_ecp_group ) ); + grp->id = 0; + mbedtls_mpi_init( &grp->P ); + mbedtls_mpi_init( &grp->A ); + mbedtls_mpi_init( &grp->B ); + mbedtls_ecp_point_init( &grp->G ); + mbedtls_mpi_init( &grp->N ); + grp->pbits = 0; + grp->nbits = 0; + grp->h = 0; + grp->modp = NULL; + grp->t_pre = NULL; + grp->t_post = NULL; + grp->t_data = NULL; + grp->T = NULL; + grp->T_size = 0; } /* @@ -986,6 +1006,9 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL ) return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + for( i = 0; i < T_size; i++ ) + mbedtls_mpi_init( &c[i] ); + mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); /* @@ -1906,6 +1929,9 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; goto cleanup; } + + for( i = 0; i < T_size; i++ ) + mbedtls_ecp_point_init( &T[i] ); } /* Compute table (or finish computing it) if not done already */ From 28d162829b2a136f9e57b9b260ea2f43315fb597 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 17:33:27 +0200 Subject: [PATCH 108/368] Avoid unnecessary xxx_copy() calls The call would anyway check for pointer equality and return early, but it doesn't hurt to save a function call, and also this follows more uniformly the pattern that those two lines go together: #if defined(MBEDTLS_ECP_RESTARTBLE) if( rs_ctx != NULL && ... --- library/ecdsa.c | 3 ++- library/ecp.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index f3b3cf26d..835d3de88 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -353,7 +353,8 @@ modn: while( mbedtls_mpi_cmp_int( s, 0 ) == 0 ); #if defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_mpi_copy( r, pr ); + if( rs_ctx != NULL && rs_ctx->sig != NULL ) + mbedtls_mpi_copy( r, pr ); #endif cleanup: diff --git a/library/ecp.c b/library/ecp.c index 6675c475c..a8c367a3d 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1804,7 +1804,8 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) ); + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) ); #endif cleanup: From bfa1972b4fa47c9c6ce0230829109b42c4bc2ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 17:39:18 +0200 Subject: [PATCH 109/368] Remove redundant checks, save a few muls ecp_mul() already checks for this, and this check is not going away, so no need to do it twice (didn't even result in better error reporting) --- library/ecdh.c | 5 ----- library/ecdsa.c | 9 ++------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index b8a7dbf0a..25a788b93 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -87,11 +87,6 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point_init( &P ); - /* - * Make sure Q is a valid pubkey before using it - */ - MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &P, d, Q, f_rng, p_rng, rs_ctx ) ); diff --git a/library/ecdsa.c b/library/ecdsa.c index 835d3de88..3fddc4e4d 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -498,13 +498,6 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, goto cleanup; } - /* - * Additional precaution: make sure Q is valid - * For ops count, group that together with step 4 - */ - ECDSA_BUDGET( MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2 ); - MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) ); - /* * Step 3: derive MPI from hashed message */ @@ -513,6 +506,8 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, /* * Step 4: u1 = e / s mod n, u2 = r / s mod n */ + ECDSA_BUDGET( MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2 ); + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &s_inv, s, &grp->N ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu1, &e, &s_inv ) ); From b948f7dc20a67a2a9dfd1cee78c721da10d42223 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 17:58:40 +0200 Subject: [PATCH 110/368] Don't bother to free NULL subcontexts --- library/ecdsa.c | 5 ++++- library/ecp.c | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index 3fddc4e4d..73389bb94 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -172,6 +172,7 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) #define ECDSA_BUDGET( ops ) \ MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, &rs_ctx->ecp, ops ) ); +/* Call this when entering a function that needs its own sub-context */ #define ECDSA_RS_ENTER( SUB ) do { \ /* reset ops count for this call if top-level */ \ if( rs_ctx != NULL && rs_ctx->ecp.depth++ == 0 ) \ @@ -189,9 +190,11 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) } \ } while( 0 ) +/* Call this when leaving a function that needs its own sub-context */ #define ECDSA_RS_LEAVE( SUB ) do { \ /* clear our sub-context when not in progress (done or error) */ \ - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \ + if( rs_ctx != NULL && rs_ctx->SUB != NULL && \ + ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \ { \ ecdsa_restart_## SUB ##_free( rs_ctx->SUB ); \ mbedtls_free( rs_ctx->SUB ); \ diff --git a/library/ecp.c b/library/ecp.c index a8c367a3d..0c9feae3f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1989,7 +1989,8 @@ cleanup: /* clear our sub-context when not in progress (done or error) */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL && + ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { ecp_restart_mul_free( rs_ctx->rsm ); mbedtls_free( rs_ctx->rsm ); @@ -2457,7 +2458,8 @@ cleanup: #if defined(MBEDTLS_ECP_RESTARTABLE) /* clear our sub-context when not in progress (done or error) */ - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + if( rs_ctx != NULL && rs_ctx->ma != NULL && + ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { ecp_restart_muladd_free( rs_ctx->ma ); mbedtls_free( rs_ctx->ma ); From db4a8eb992f0d563a86ddf3998d8c45c619dad31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 18:18:22 +0200 Subject: [PATCH 111/368] Use ECP_RS_ENTER/LEAVE() macros, as in ECDSA --- library/ecp.c | 115 ++++++++++++++++++++++---------------------------- 1 file changed, 51 insertions(+), 64 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 0c9feae3f..f2c7448a3 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -136,7 +136,7 @@ struct mbedtls_ecp_restart_mul /* * Init restart_mul sub-context */ -static void ecp_restart_mul_init( mbedtls_ecp_restart_mul_ctx *ctx ) +static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx ) { mbedtls_ecp_point_init( &ctx->R ); ctx->i = 0; @@ -148,7 +148,7 @@ static void ecp_restart_mul_init( mbedtls_ecp_restart_mul_ctx *ctx ) /* * Free the components of a restart_mul sub-context */ -static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx ) +static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx ) { unsigned char i; @@ -164,7 +164,7 @@ static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx ) mbedtls_free( ctx->T ); } - ecp_restart_mul_init( ctx ); + ecp_restart_rsm_init( ctx ); } /* @@ -185,7 +185,7 @@ struct mbedtls_ecp_restart_muladd /* * Init restart_muladd sub-context */ -static void ecp_restart_muladd_init( mbedtls_ecp_restart_muladd_ctx *ctx ) +static void ecp_restart_ma_init( mbedtls_ecp_restart_muladd_ctx *ctx ) { mbedtls_ecp_point_init( &ctx->mP ); mbedtls_ecp_point_init( &ctx->R ); @@ -195,7 +195,7 @@ static void ecp_restart_muladd_init( mbedtls_ecp_restart_muladd_ctx *ctx ) /* * Free the components of a restart_muladd sub-context */ -static void ecp_restart_muladd_free( mbedtls_ecp_restart_muladd_ctx *ctx ) +static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx ) { if( ctx == NULL ) return; @@ -203,7 +203,7 @@ static void ecp_restart_muladd_free( mbedtls_ecp_restart_muladd_ctx *ctx ) mbedtls_ecp_point_free( &ctx->mP ); mbedtls_ecp_point_free( &ctx->R ); - ecp_restart_muladd_init( ctx ); + ecp_restart_ma_init( ctx ); } /* @@ -225,10 +225,10 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) if( ctx == NULL ) return; - ecp_restart_mul_free( ctx->rsm ); + ecp_restart_rsm_free( ctx->rsm ); mbedtls_free( ctx->rsm ); - ecp_restart_muladd_free( ctx->ma ); + ecp_restart_ma_free( ctx->ma ); mbedtls_free( ctx->ma ); mbedtls_ecp_restart_init( ctx ); @@ -261,6 +261,44 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, return( 0 ); } +/* Call this when entering a function that needs its own sub-context */ +#define ECP_RS_ENTER( SUB ) do { \ + /* reset ops count for this call if top-level */ \ + if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) \ + rs_ctx->ops_done = 0; \ + \ + /* set up our own sub-context if needed */ \ + if( mbedtls_ecp_restart_enabled() && \ + rs_ctx != NULL && rs_ctx->SUB == NULL ) \ + { \ + rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \ + if( rs_ctx->SUB == NULL ) \ + return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \ + \ + ecp_restart_## SUB ##_init( rs_ctx->SUB ); \ + } \ +} while( 0 ) + +/* Call this when leaving a function that needs its own sub-context */ +#define ECP_RS_LEAVE( SUB ) do { \ + /* clear our sub-context when not in progress (done or error) */ \ + if( rs_ctx != NULL && rs_ctx->SUB != NULL && \ + ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \ + { \ + ecp_restart_## SUB ##_free( rs_ctx->SUB ); \ + mbedtls_free( rs_ctx->SUB ); \ + rs_ctx->SUB = NULL; \ + } \ + \ + if( rs_ctx != NULL ) \ + rs_ctx->depth--; \ +} while( 0 ) + +#else /* MBEDTLS_ECP_RESTARTABLE */ + +#define ECP_RS_ENTER( sub ) (void) rs_ctx; +#define ECP_RS_LEAVE( sub ) (void) rs_ctx; + #endif /* MBEDTLS_ECP_RESTARTABLE */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ @@ -1872,21 +1910,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, unsigned char T_size = 0, T_ok = 0; mbedtls_ecp_point *T = NULL; -#if !defined(MBEDTLS_ECP_RESTARTABLE) - (void) rs_ctx; -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* set up our own sub-context if needed */ - if( ecp_max_ops != 0 && rs_ctx != NULL && rs_ctx->rsm == NULL ) - { - rs_ctx->rsm = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_mul_ctx ) ); - if( rs_ctx->rsm == NULL ) - return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - - ecp_restart_mul_init( rs_ctx->rsm ); - } -#endif + ECP_RS_ENTER( rsm ); /* Is P the base point ? */ #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 @@ -1987,16 +2011,7 @@ cleanup: if( ret != 0 ) mbedtls_ecp_point_free( R ); - /* clear our sub-context when not in progress (done or error) */ -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && - ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) - { - ecp_restart_mul_free( rs_ctx->rsm ); - mbedtls_free( rs_ctx->rsm ); - rs_ctx->rsm = NULL; - } -#endif + ECP_RS_LEAVE( rsm ); return( ret ); } @@ -2373,10 +2388,6 @@ int mbedtls_ecp_muladd_restartable( char is_grp_capable = 0; #endif -#if !defined(MBEDTLS_ECP_RESTARTABLE) - (void) rs_ctx; -#endif - if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS ) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); @@ -2387,21 +2398,9 @@ int mbedtls_ecp_muladd_restartable( MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ + ECP_RS_ENTER( ma ); + #if defined(MBEDTLS_ECP_RESTARTABLE) - /* reset ops count for this call if top-level */ - if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) - rs_ctx->ops_done = 0; - - /* set up our own sub-context if needed */ - if( ecp_max_ops != 0 && rs_ctx != NULL && rs_ctx->ma == NULL ) - { - rs_ctx->ma = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_muladd_ctx ) ); - if( rs_ctx->ma == NULL ) - return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - - ecp_restart_muladd_init( rs_ctx->ma ); - } - if( rs_ctx != NULL && rs_ctx->ma != NULL ) { /* redirect intermediate results to restart context */ @@ -2456,19 +2455,7 @@ cleanup: mbedtls_ecp_point_free( &mP ); -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* clear our sub-context when not in progress (done or error) */ - if( rs_ctx != NULL && rs_ctx->ma != NULL && - ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) - { - ecp_restart_muladd_free( rs_ctx->ma ); - mbedtls_free( rs_ctx->ma ); - rs_ctx->ma = NULL; - } - - if( rs_ctx != NULL ) - rs_ctx->depth--; -#endif /* MBEDTLS_ECP_RESTARTABLE */ + ECP_RS_LEAVE( ma ); return( ret ); } From c9efa00871a253203be3a3fa1d618d4fd5567236 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 Aug 2017 10:25:06 +0200 Subject: [PATCH 112/368] ECP: Use explicit state assignments Incrementing the state is error-prone as we can end up doing it too many times (loops) or not enough (skipped branches), or just make programming mistakes (eg. the state was incremented twice at the end, so it ended up with a value not in the enum...) This is the first step of the rework, the next one will rationalize where the state assignments are done. --- library/ecp.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index f2c7448a3..fc4838a0d 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1563,7 +1563,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, if( rs_ctx != NULL && rs_ctx->rsm != NULL ) { rs_ctx->rsm->i = 0; - rs_ctx->rsm->state++; + rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl; } #endif @@ -1585,7 +1585,7 @@ norm_dbl: #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - rs_ctx->rsm->state++; + rs_ctx->rsm->state = ecp_rsm_pre_add; #endif /* @@ -1607,7 +1607,7 @@ add: #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - rs_ctx->rsm->state++; + rs_ctx->rsm->state = ecp_rsm_pre_norm_add; #endif /* @@ -1628,7 +1628,7 @@ norm_add: #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - rs_ctx->rsm->state++; + rs_ctx->rsm->state = ecp_rsm_T_done; #endif cleanup: @@ -1730,7 +1730,7 @@ cleanup: { if( ret == 0 ) { - rs_ctx->rsm->state++; + rs_ctx->rsm->state = ecp_rsm_final_norm; rs_ctx->rsm->i = 0; } else if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) @@ -1834,7 +1834,7 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - rs_ctx->rsm->state++; + rs_ctx->rsm->state = ecp_rsm_final_norm; #endif } @@ -2420,14 +2420,14 @@ int mbedtls_ecp_muladd_restartable( MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->ma != NULL ) - rs_ctx->ma->state++; + rs_ctx->ma->state = ecp_rsma_mul2; mul2: #endif MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->ma != NULL ) - rs_ctx->ma->state++; + rs_ctx->ma->state = ecp_rsma_add; add: #endif @@ -2435,7 +2435,7 @@ add: MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->ma != NULL ) - rs_ctx->ma->state++; + rs_ctx->ma->state = ecp_rsma_norm; norm: #endif From 4ed1dab474bbdbaaa6fb3191a533028d6442dca1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 Aug 2017 11:02:04 +0200 Subject: [PATCH 113/368] ECP: move state changes closer to operations Systematically assign state just before the next operation that may return, rather that just after the previous one. This makes things more local. (For example, previously precompute_comb() has to handle a state reset for mul_comb_core(), a kind of coupling that's best avoided.) Note that this change doesn't move the location of state updates relative to any potential return point, which is all that matters. --- library/ecp.c | 137 ++++++++++++++++++++++++-------------------------- 1 file changed, 66 insertions(+), 71 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index fc4838a0d..5f2c41b00 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -123,12 +123,13 @@ struct mbedtls_ecp_restart_mul size_t i; /* current index in various loops, 0 outside */ mbedtls_ecp_point *T; /* table for precomputed points */ unsigned char T_size; /* number of points in table T */ - enum { /* what's the next step ? */ - ecp_rsm_init = 0, /* just getting started */ + enum { /* what were we doing last time we returned? */ + ecp_rsm_init = 0, /* nothing so far, dummy initial state */ + ecp_rsm_pre_dbl, /* precompute 2^n multiples */ ecp_rsm_pre_norm_dbl, /* normalize precomputed 2^n multiples */ ecp_rsm_pre_add, /* precompute remaining points by adding */ ecp_rsm_pre_norm_add, /* normalize all precomputed points */ - ecp_rsm_T_done, /* call ecp_mul_comb_after_precomp() */ + ecp_rsm_comb_core, /* ecp_mul_comb_core() */ ecp_rsm_final_norm, /* do the final normalization */ } state; }; @@ -1484,13 +1485,10 @@ static void ecp_comb_recode_core( unsigned char x[], size_t d, * the the comb method. See ecp_comb_recode_core(). * * This function currently works in four steps: - * (1) Computation of intermediate T[i] for 2-powers values of i - * (restart state is ecp_rsm_init). - * (2) Normalization of coordinates of these T[i] - * (restart state is ecp_rsm_pre_norm_dbl). - * (3) Computation of all T[i] (restart state is ecp_rsm_pre_add). - * (4) Normalization of all T[i] (restart state is ecp_rsm_pre_norm_add) - * The final restart state is ecp_rsm_T_done. + * (1) [dbl] Computation of intermediate T[i] for 2-powers values of i + * (2) [norm_dbl] Normalization of coordinates of these T[i] + * (3) [add] Computation of all T[i] + * (4) [norm_add] Normalization of all T[i] * * Step 1 can be interrupted but not the others; together with the final * coordinate normalization they are the largest steps done at once, depending @@ -1524,12 +1522,14 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) { - if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add ) - goto norm_add; - if( rs_ctx->rsm->state == ecp_rsm_pre_add ) - goto add; + if( rs_ctx->rsm->state == ecp_rsm_pre_dbl ) + goto dbl; if( rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl ) goto norm_dbl; + if( rs_ctx->rsm->state == ecp_rsm_pre_add ) + goto add; + if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add ) + goto norm_add; } #endif @@ -1537,6 +1537,18 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, * Set T[0] = P and * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) */ +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + { + rs_ctx->rsm->state = ecp_rsm_pre_dbl; + + /* initial state for the loop */ + rs_ctx->rsm->i = 0; + } + +dbl: +#endif + MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -1559,19 +1571,14 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); } -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - { - rs_ctx->rsm->i = 0; - rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl; - } -#endif - /* * Normalize current elements in T. As T has holes, * use an auxiliary array of pointers to elements in T. */ #if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl; + norm_dbl: #endif @@ -1583,16 +1590,14 @@ norm_dbl: MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - rs_ctx->rsm->state = ecp_rsm_pre_add; -#endif - /* * Compute the remaining ones using the minimal number of additions * Be careful to update T[2^l] only after using it! */ #if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + rs_ctx->rsm->state = ecp_rsm_pre_add; + add: #endif @@ -1605,17 +1610,15 @@ add: MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) ); } -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - rs_ctx->rsm->state = ecp_rsm_pre_norm_add; -#endif - /* * Normalize final elements in T. Even though there are no holes now, * we still need the auxiliary array for homogeneity with last time. * Also, skip T[0] which is already normalised, being a copy of P. */ #if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + rs_ctx->rsm->state = ecp_rsm_pre_norm_add; + norm_add: #endif @@ -1626,17 +1629,12 @@ norm_add: MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - rs_ctx->rsm->state = ecp_rsm_T_done; -#endif - cleanup: #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - if( rs_ctx->rsm->state == ecp_rsm_init ) + if( rs_ctx->rsm->state == ecp_rsm_pre_dbl ) rs_ctx->rsm->i = j; } #endif @@ -1697,6 +1695,14 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R #endif #if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->rsm != NULL && + rs_ctx->rsm->state != ecp_rsm_comb_core ) + { + rs_ctx->rsm->i = 0; + rs_ctx->rsm->state = ecp_rsm_comb_core; + } + + /* new 'if' instead of nested for the sake of the 'else' branch */ if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) { /* restore current index (R already pointing to rs_ctx->rsm->R) */ @@ -1726,19 +1732,12 @@ cleanup: mbedtls_ecp_point_free( &Txi ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL && + ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - if( ret == 0 ) - { - rs_ctx->rsm->state = ecp_rsm_final_norm; - rs_ctx->rsm->i = 0; - } - else if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { - /* was decreased before actually doing it */ - rs_ctx->rsm->i = i + 1; - /* no need to save R, already pointing to rs_ctx->rsm->R */ - } + /* was decreased before actually doing it */ + rs_ctx->rsm->i = i + 1; + /* no need to save R, already pointing to rs_ctx->rsm->R */ } #endif @@ -1812,32 +1811,28 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, unsigned char k[COMB_MAX_D + 1]; mbedtls_ecp_point *RR = R; -#if !defined(MBEDTLS_ECP_RESTARTABLE) - (void) rs_ctx; +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + { + RR = &rs_ctx->rsm->R; + + if( rs_ctx->rsm->state == ecp_rsm_final_norm ) + goto final_norm; + } #endif + MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, + &parity_trick ) ); + MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d, + f_rng, p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); + #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - RR = &rs_ctx->rsm->R; -#endif + rs_ctx->rsm->state = ecp_rsm_final_norm; -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx == NULL || rs_ctx->rsm == NULL || - rs_ctx->rsm->state < ecp_rsm_final_norm ) +final_norm: #endif - { - MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, - &parity_trick ) ); - MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d, - f_rng, p_rng, rs_ctx ) ); - MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - rs_ctx->rsm->state = ecp_rsm_final_norm; -#endif - } - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); @@ -1940,7 +1935,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, rs_ctx->rsm->T = NULL; rs_ctx->rsm->T_size = 0; - if( rs_ctx->rsm->state >= ecp_rsm_T_done ) + if( rs_ctx->rsm->state >= ecp_rsm_comb_core ) T_ok = 1; } #endif From 6348181da956c97da6658f0e38b307ac0be0497d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 Aug 2017 11:16:01 +0200 Subject: [PATCH 114/368] Explicit state assignments in ecdsa too --- library/ecdsa.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index 73389bb94..981846bb4 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -307,9 +307,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->sig != NULL ) - { - rs_ctx->sig->state++; - } + rs_ctx->sig->state = ecdsa_sig_mul; mul: #endif @@ -321,7 +319,7 @@ mul: #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->sig != NULL ) - rs_ctx->sig->state++; + rs_ctx->sig->state = ecdsa_sig_modn; modn: #endif @@ -426,7 +424,7 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->det != NULL ) - rs_ctx->det->state++; + rs_ctx->det->state = ecdsa_det_sign; sign: #endif @@ -521,7 +519,7 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->ver != NULL ) - rs_ctx->ver->state++; + rs_ctx->ver->state = ecdsa_ver_muladd; muladd: #endif From 0b23f167ba288083a46deb7655e9d9c1f8821c8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 Aug 2017 12:08:33 +0200 Subject: [PATCH 115/368] SSL: rework restart state handling As done by previous commits for ECC and ECDSA: - use explicit state assignments rather than increment - always place the state update right before the operation label This will make it easier to add restart support for other operations later if desired. SSL-specific changes: - remove useless states: when the last restartable operation on a message is complete, ssl->state is incremented already, so we don't need any additional state update: ecrs_state is only meant to complement ssl->state - rename remaining states consistently as _ - move some labels closer to the actual operation when possible (no assignment to variables used after the label between its previous and current position) --- include/mbedtls/ssl_internal.h | 20 +++++-------- library/ssl_cli.c | 54 +++++++++++++--------------------- library/ssl_tls.c | 9 ++---- 3 files changed, 30 insertions(+), 53 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 4cfe1540c..036b60a06 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -229,18 +229,14 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) int ecrs_enabled; /*!< Handshake supports EC restart? */ mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */ - enum { - ssl_ecrs_init = 0, /*!< just getting started */ - ssl_ecrs_crt_parsed, /*!< server certificate was parsed */ - ssl_ecrs_crt_verified, /*!< server certificate was verified*/ - ssl_ecrs_ske_read, /*!< ServerKeyExchange was read */ - ssl_ecrs_ske_verified, /*!< ServerKeyExchange was verified */ - ssl_ecrs_ecdh_public_done, /*!< wrote ECDHE public share */ - ssl_ecrs_ecdh_completed, /*!< completed ECDHE key exchange */ - ssl_ecrs_keys_derived, /*!< ssl_derive_keys() done */ - ssl_ecrs_pk_sign_done, /*!< done writing CertificateVerify */ - } ecrs_state; /*!< state for restartable ECC */ - size_t ecrs_n; /*!< place for seving a length */ + enum { /* this complements ssl->state with info on intra-state operations */ + ssl_ecrs_none = 0, /*!< nothing going on (yet) */ + ssl_ecrs_crt_verify, /*!< Certificate: crt_verify() */ + ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: step 1 */ + ssl_ecrs_ske_ecdh_calc_secret, /*!< ServerKeyExchange: ECDH step 2 */ + ssl_ecrs_crt_vrfy_sign, /*!< CertificateVerify: pk_sign() */ + } ecrs_state; /*!< current (or last) operation */ + size_t ecrs_n; /*!< place for saving a length */ #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index d53f7b227..cf83e8fae 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2305,9 +2305,9 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_ske_read ) + ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing ) { - goto ske_process; + goto start_processing; } #endif @@ -2317,12 +2317,6 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) return( ret ); } -#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ssl->handshake->ecrs_enabled ) - ssl->handshake->ecrs_state++; - -ske_process: -#endif if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); @@ -2354,6 +2348,12 @@ ske_process: return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_enabled ) + ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing; + +start_processing: +#endif p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); end = ssl->in_msg + ssl->in_hslen; MBEDTLS_SSL_DEBUG_BUF( 3, "server key exchange", p, end - p ); @@ -2630,11 +2630,6 @@ ske_process: MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); return( ret ); } - -#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ssl->handshake->ecrs_enabled ) - ssl->handshake->ecrs_state++; -#endif } #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */ @@ -2901,7 +2896,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled ) { - if( ssl->handshake->ecrs_state == ssl_ecrs_ecdh_public_done ) + if( ssl->handshake->ecrs_state == ssl_ecrs_ske_ecdh_calc_secret ) goto ecdh_calc_secret; mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); @@ -2924,7 +2919,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) if( ssl->handshake->ecrs_enabled ) { ssl->handshake->ecrs_n = n; - ssl->handshake->ecrs_state++; + ssl->handshake->ecrs_state = ssl_ecrs_ske_ecdh_calc_secret; } ecdh_calc_secret: @@ -2942,11 +2937,6 @@ ecdh_calc_secret: } MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); - -#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ssl->handshake->ecrs_enabled ) - ssl->handshake->ecrs_state++; -#endif } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || @@ -3167,9 +3157,9 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_keys_derived ) + ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign ) { - goto keys_derived; + goto sign; } #endif @@ -3179,12 +3169,6 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) return( ret ); } -#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ssl->handshake->ecrs_enabled ) - ssl->handshake->ecrs_state++; - -keys_derived: -#endif if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || @@ -3210,8 +3194,15 @@ keys_derived: } /* - * Make an RSA signature of the handshake digests + * Make a signature of the handshake digests */ +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_enabled ) + ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign; + +sign: +#endif + ssl->handshake->calc_verify( ssl, hash ); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ @@ -3302,11 +3293,6 @@ keys_derived: return( ret ); } -#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ssl->handshake->ecrs_enabled ) - ssl->handshake->ecrs_state++; -#endif - ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); ssl->out_msg[5 + offset] = (unsigned char)( n ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f3cde7f0a..6d9420c61 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4554,7 +4554,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_crt_parsed ) + ssl->handshake->ecrs_state == ssl_ecrs_crt_verify ) { goto crt_verify; } @@ -4584,7 +4584,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled) - ssl->handshake->ecrs_state++; + ssl->handshake->ecrs_state = ssl_ecrs_crt_verify; crt_verify: if( ssl->handshake->ecrs_enabled) @@ -4726,11 +4726,6 @@ crt_verify: #endif /* MBEDTLS_DEBUG_C */ } -#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ssl->handshake->ecrs_enabled) - ssl->handshake->ecrs_state++; -#endif - ssl->state++; MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); From 11556e2846728f33f70155e58831a6079740b71b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 Aug 2017 13:41:19 +0200 Subject: [PATCH 116/368] Clarify initialization of T in mul_comb() Exactly one of three ways will be used, so make that clear by using an if 1 else if 2 else 3 structure. While at it, don't initialize variables at declaration, just to make extra sure they're properly initialized afterwards in all code paths. --- library/ecp.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 5f2c41b00..428dc68cf 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1885,7 +1885,7 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, * * This function is mainly responsible for administrative work: * - managing the restart context if enabled - * - managing the table of precomputed points (passed between the above two + * - managing the table of precomputed points (passed between the below two * functions): allocation, computation, ownership tranfer, freeing. * * It delegates the actual arithmetic work to: @@ -1900,10 +1900,10 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, mbedtls_ecp_restart_ctx *rs_ctx ) { int ret; - unsigned char w, p_eq_g = 0, i; + unsigned char w, p_eq_g, i; size_t d; - unsigned char T_size = 0, T_ok = 0; - mbedtls_ecp_point *T = NULL; + unsigned char T_size, T_ok; + mbedtls_ecp_point *T; ECP_RS_ENTER( rsm ); @@ -1925,23 +1925,21 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, T = grp->T; T_ok = 1; } - + else #if defined(MBEDTLS_ECP_RESTARTABLE) /* Pre-computed table: do we have one in progress? complete? */ - if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL && T == NULL ) + if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL ) { /* transfer ownership of T from rsm to local function */ T = rs_ctx->rsm->T; rs_ctx->rsm->T = NULL; rs_ctx->rsm->T_size = 0; - if( rs_ctx->rsm->state >= ecp_rsm_comb_core ) - T_ok = 1; + T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core; } + else #endif - /* Allocate table if we didn't have any */ - if( T == NULL ) { T = mbedtls_calloc( T_size, sizeof( mbedtls_ecp_point ) ); if( T == NULL ) @@ -1952,6 +1950,8 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, for( i = 0; i < T_size; i++ ) mbedtls_ecp_point_init( &T[i] ); + + T_ok = 0; } /* Compute table (or finish computing it) if not done already */ From 95aedfea331344b381db9c90cd11c0fcf3ce9532 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 Aug 2017 13:47:04 +0200 Subject: [PATCH 117/368] Remove redundant test on curve type If rsm != NULL then the curve type has to be Short Weierstrass, as we don't implement restartable Montgomery now. If and when we do, then it's better to check for the subcontext only, and not for the curve type. --- library/ecp.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 428dc68cf..454820ae5 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2234,10 +2234,9 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ -#if defined(MBEDTLS_ECP_RESTARTABLE) && defined(ECP_SHORTWEIERSTRASS) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* skip argument check when restarting */ - if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS || - rs_ctx == NULL || rs_ctx->rsm == NULL ) + if( rs_ctx == NULL || rs_ctx->rsm == NULL ) #endif { /* check_privkey is free */ From fd87e354f6e1b24b1b2c5f34899e5a97754293fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 Aug 2017 14:21:05 +0200 Subject: [PATCH 118/368] Improve comments on parity trick --- include/mbedtls/ecp.h | 2 +- library/ecp.c | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 07ed110cd..a30e87611 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -119,7 +119,7 @@ mbedtls_ecp_point; * 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492) * 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft) * In both cases, a generator G for a prime-order subgroup is fixed. In the - * short weierstrass, this subgroup is actually the whole curve, and its + * Short Weierstrass case, this subgroup is actually the whole curve, and its * cardinal is denoted by N. * * In the case of Short Weierstrass curves, our code requires that N is an odd diff --git a/library/ecp.c b/library/ecp.c index 454820ae5..41bf03d31 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1751,6 +1751,9 @@ cleanup: * this wrapper ensures that by replacing m by N - m if necessary, and * informs the caller that the result of multiplication will be negated. * + * This works because we only support large prime order for Short Weierstrass + * curves, so N is always odd hence either m or N - m is. + * * See ecp_comb_recode_core() for background. */ static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp, @@ -1766,7 +1769,7 @@ static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp, mbedtls_mpi_init( &M ); mbedtls_mpi_init( &mm ); - /* N is odd with all real-world curves, just make extra sure */ + /* N is always odd (see above), just make extra sure */ if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); From 46ba7f3a92203852e04d79912e008fb0d4a9c5dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 28 Aug 2017 12:20:39 +0200 Subject: [PATCH 119/368] Avoid running useless code in tests With max_ops set to 0 or a very large value, we would always be doing an extra full operation for no testing value. --- tests/suites/test_suite_ecdsa.function | 24 +++++++++----- tests/suites/test_suite_ecp.function | 46 ++++++++++++-------------- tests/suites/test_suite_pk.function | 22 +++++++----- 3 files changed, 50 insertions(+), 42 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 9205627be..5db01a6cc 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -254,10 +254,14 @@ void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str, TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); sig[sig_len - 1]--; - /* do we leak memory when aborting? */ - ret = mbedtls_ecdsa_read_signature_restartable( &ctx, - hash, hash_len, sig, sig_len, &rs_ctx ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + /* Do we leak memory when aborting an operation? + * This test only makes sense when we actually restart */ + if( min_restart > 0 ) + { + ret = mbedtls_ecdsa_read_signature_restartable( &ctx, + hash, hash_len, sig, sig_len, &rs_ctx ); + TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + } exit: mbedtls_ecdsa_free( &ctx ); @@ -311,10 +315,14 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, TEST_ASSERT( cnt_restart >= min_restart ); TEST_ASSERT( cnt_restart <= max_restart ); - /* do we leak memory when aborting? */ - ret = mbedtls_ecdsa_write_signature_restartable( &ctx, - md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + /* Do we leak memory when aborting an operation? + * This test only makes sense when we actually restart */ + if( min_restart > 0 ) + { + ret = mbedtls_ecdsa_write_signature_restartable( &ctx, + md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); + TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + } exit: mbedtls_ecdsa_restart_free( &rs_ctx ); diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 3ec7caf54..c60d0d349 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -103,13 +103,9 @@ void ecp_test_vect_restart( int id, cnt_restarts = 0; do { ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G, NULL, NULL, &ctx ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); - - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - cnt_restarts++; - } - while( ret != 0 ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); + TEST_ASSERT( ret == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 ); @@ -120,22 +116,22 @@ void ecp_test_vect_restart( int id, cnt_restarts = 0; do { ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &R, NULL, NULL, &ctx ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); - - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - cnt_restarts++; - } - while( ret != 0 ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); + TEST_ASSERT( ret == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 ); TEST_ASSERT( cnt_restarts >= min_restarts ); TEST_ASSERT( cnt_restarts <= max_restarts ); - /* Do we leak memory when not finishing an operation? */ - ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &R, NULL, NULL, &ctx ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + /* Do we leak memory when aborting an operation? + * This test only makes sense when we actually restart */ + if( min_restarts > 0 ) + { + ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &R, NULL, NULL, &ctx ); + TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + } exit: mbedtls_ecp_restart_free( &ctx ); @@ -188,23 +184,23 @@ void ecp_muladd_restart( int id, char *xR_str, char *yR_str, do { ret = mbedtls_ecp_muladd_restartable( &grp, &R, &u1, &grp.G, &u2, &Q, &ctx ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); - - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - cnt_restarts++; - } - while( ret != 0 ); + } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); + TEST_ASSERT( ret == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xR ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yR ) == 0 ); TEST_ASSERT( cnt_restarts >= min_restarts ); TEST_ASSERT( cnt_restarts <= max_restarts ); - /* Do we leak memory when aborting? */ - ret = mbedtls_ecp_muladd_restartable( &grp, &R, - &u1, &grp.G, &u2, &Q, &ctx ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + /* Do we leak memory when aborting an operation? + * This test only makes sense when we actually restart */ + if( min_restarts > 0 ) + { + ret = mbedtls_ecp_muladd_restartable( &grp, &R, + &u1, &grp.G, &u2, &Q, &ctx ); + TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + } exit: mbedtls_ecp_restart_free( &ctx ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 176b08f98..d7edb755c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -347,16 +347,20 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, TEST_ASSERT( ret != 0 ); sig[0]--; - /* Do we leak memory when aborting? try verify then sign */ - ret = mbedtls_pk_verify_restartable( &pub, md_alg, - hash, hlen, sig, slen, &rs_ctx ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); - mbedtls_pk_restart_free( &rs_ctx ); + /* Do we leak memory when aborting? try verify then sign + * This test only makes sense when we actually restart */ + if( min_restart > 0 ) + { + ret = mbedtls_pk_verify_restartable( &pub, md_alg, + hash, hlen, sig, slen, &rs_ctx ); + TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + mbedtls_pk_restart_free( &rs_ctx ); - slen = sizeof( sig ); - ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen, - sig, &slen, NULL, NULL, &rs_ctx ); - TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + slen = sizeof( sig ); + ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen, + sig, &slen, NULL, NULL, &rs_ctx ); + TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); + } exit: mbedtls_pk_restart_free( &rs_ctx ); From 196d1338bab65c5321f77401e28d252eabe9704b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 28 Aug 2017 13:14:27 +0200 Subject: [PATCH 120/368] Fix uninitialised variable in some configs --- library/ecp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ecp.c b/library/ecp.c index 41bf03d31..126e50675 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1914,6 +1914,8 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 ); +#else + p_eq_g = 0; #endif /* Pick window size and deduce related sizes */ From bb216bd94040c848f6cd6310fb103da00161aa7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 28 Aug 2017 13:25:55 +0200 Subject: [PATCH 121/368] Fix MSVC 64-bit warnings "conversion from size_t to int, possible loss of data" --- include/mbedtls/x509_crt.h | 2 +- library/x509_crt.c | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 683181270..a168d7628 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -161,7 +161,7 @@ typedef struct { typedef struct { mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; - size_t len; + unsigned len; } mbedtls_x509_crt_verify_chain; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/library/x509_crt.c b/library/x509_crt.c index 586ec8375..b3fc6e40c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1983,8 +1983,8 @@ static int x509_crt_find_parent_in( mbedtls_x509_crt **r_parent, int *r_signature_is_good, int top, - int path_cnt, - int self_cnt, + unsigned path_cnt, + unsigned self_cnt, mbedtls_x509_crt_restart_ctx *rs_ctx ) { int ret; @@ -2021,7 +2021,7 @@ static int x509_crt_find_parent_in( /* +1 because stored max_pathlen is 1 higher that the actual value */ if( parent->max_pathlen > 0 && - parent->max_pathlen < 1 + path_cnt - self_cnt ) + (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt ) { continue; } @@ -2103,8 +2103,8 @@ static int x509_crt_find_parent( mbedtls_x509_crt **parent, int *parent_is_trusted, int *signature_is_good, - int path_cnt, - int self_cnt, + unsigned path_cnt, + unsigned self_cnt, mbedtls_x509_crt_restart_ctx *rs_ctx ) { int ret; @@ -2246,7 +2246,7 @@ static int x509_crt_verify_chain( int parent_is_trusted; int child_is_trusted; int signature_is_good; - int self_cnt; + unsigned self_cnt; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* resume if we had an operation in progress */ @@ -2445,7 +2445,7 @@ static int x509_crt_merge_flags_with_cb( void *p_vrfy ) { int ret; - size_t i; + unsigned i; uint32_t cur_flags; const mbedtls_x509_crt_verify_chain_item *cur; @@ -2455,7 +2455,7 @@ static int x509_crt_merge_flags_with_cb( cur_flags = cur->flags; if( NULL != f_vrfy ) - if( ( ret = f_vrfy( p_vrfy, cur->crt, i-1, &cur_flags ) ) != 0 ) + if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 ) return( ret ); *flags |= cur_flags; From a4dd7839094a120e306887e7ec231fc0a2b570d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 7 Sep 2017 11:11:39 +0200 Subject: [PATCH 122/368] Fix some typos in comments --- library/ecdsa.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index 981846bb4..b7c810e4e 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -53,7 +53,7 @@ #if defined(MBEDTLS_ECP_RESTARTABLE) /* - * Sub-contect for ecdsa_verify() + * Sub-context for ecdsa_verify() */ struct mbedtls_ecdsa_restart_ver { @@ -89,7 +89,7 @@ static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx ) } /* - * Sub-contect for ecdsa_sign() + * Sub-context for ecdsa_sign() */ struct mbedtls_ecdsa_restart_sig { @@ -132,7 +132,7 @@ static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx ) #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /* - * Sub-contect for ecdsa_sign_det() + * Sub-context for ecdsa_sign_det() */ struct mbedtls_ecdsa_restart_det { From ceb7b1209c52ff875fe8754030bc09a0d97ac360 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Jan 2018 23:27:47 +0100 Subject: [PATCH 123/368] Readme with a short description of each sample program --- README.md | 2 +- programs/README.md | 123 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 programs/README.md diff --git a/README.md b/README.md index 4270e8069..a9934871c 100644 --- a/README.md +++ b/README.md @@ -138,7 +138,7 @@ The solution file `mbedTLS.sln` contains all the basic projects needed to build Example programs ---------------- -We've included example programs for a lot of different features and uses in `programs/`. Most programs only focus on a single feature or usage scenario, so keep that in mind when copying parts of the code. +We've included example programs for a lot of different features and uses in [`programs/`](programs/README.md). Most programs only focus on a single feature or usage scenario, so keep that in mind when copying parts of the code. Tests ----- diff --git a/programs/README.md b/programs/README.md new file mode 100644 index 000000000..fec8a60e4 --- /dev/null +++ b/programs/README.md @@ -0,0 +1,123 @@ +Mbed TLS sample programs +======================== + +This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. + +## Symmetric cryptography (AES) examples + +* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication, demonstrating the low-level AES interface and HMAC. + Warning: this program illustrates how to roll your own block cipher mode. Most applications should not do this and should instead use the standard library functions (e.g. `mbedtls_aes_crypt_cbc`). + +* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface. + +## Hash (digest) examples + +* [`hash/generic_sum.c`](hash/generic_sum.c): file hash calculator and verifier, demonstrating the message digest (`md`) interface. + +* [`hash/hello.c`](hash/hello.c): hello-world program for MD5. + +## Public-key cryptography examples + +### Generic public-key cryptography (`pk`) examples + +* [`pkey/gen_key.c`](pkey/gen_key.c): generate a key for any of the supported public-key algorithms (RSA or ECC) and write it to a file that can be used by the other pk sample programs. + +* [`pkey/key_app.c`](pkey/key_app.c): Load a PEM or DER public key or private key file and dump its content. + +* [`pkey/key_app_writer.c`](pkey/key_app_writer.c): Load a PEM or DER public key or private key file and write it to a new PEM or DER file. + +* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): Load a PEM or DER public/private key file and use the key to encrypt/decrypt a short string through the generic public-key interface. + +* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): Load a PEM or DER private/public key file and use the key to sign/verify a short string. + +### ECDSA and RSA signature examples + +* [`pkey/ecdsa.c`](pkey/ecdsa.c): generate an ECDSA key, sign a fixed message and verify the signature. + +* [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): load an RSA public/private key and use it to encrypt/decrypt a short string through the low-level RSA interface. + +* [`pkey/rsa_genkey.c`](pkey/rsa_genkey.c): generate an RSA key and write it to a file that can be used with the other RSA sample programs. + +* [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): load an RSA private/public key and use it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm. + +* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): load an RSA private/public key and use it to sign/verify a short string with the RSASSA-PSS algorithm. + +### Diffie-Hellman key exchange examples + +* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrator (client, server). Illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to set up a shared AES session key. + +* [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement. + +### Bignum (`mpi`) usage examples + +* [`pkey/dh_genprime.c`](pkey/dh_genprime.c): illustrates the bignum (`mpi`) interface by generating Diffie-Hellman parameters. + +* [`pkey/mpi_demo.c`](pkey/mpi_demo.c): demonstrates operations on big integers. + +## Random number generator (RNG) examples + +* [`random/gen_entropy.c`](random/gen_entropy.c): illustrates using the default entropy sources to generate random data. + Note: most applications should use the entropy generator only to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. + +* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): illustrates using the default entropy sources to seed a pseudorandom generator, and using the resulting random generator to generate random data. + +* [`random/gen_random_havege.c`](random/gen_random_havege.c): illustrates the HAVEGE entropy collector. + +## SSL/TLS examples + +### SSL/TLS sample applications + +* [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program which sends one datagram to the server and reads one datagram in response. + +* [`ssl/dtls_server.c`](ssl/dtls_server.c): a simple DTLS server program which expects one datagram from the client and writes one datagram in response. This program supports DTLS cookies for hello verification. + +* [`ssl/mini_client.c`](ssl/mini_client.c): a minimalistic SSL client which sends a short string and disconnects. This is intended more as a benchmark; for a better example of a typical TLS client, see `ssl/ssl_client1.c`. + +* [`ssl/ssl_client1.c`](ssl/ssl_client1.c): a simple HTTPS client that sends a fixed request and displays the response. + +* [`ssl/ssl_fork_server.c`](ssl/ssl_fork_server.c): a simple HTTPS server using one process per client to send a fixed response. This program requires a Unix/POSIX environment implementing the `fork` system call. + +* [`ssl/ssl_mail_client.c`](ssl/ssl_mail_client.c): a simple SMTP-over-TLS or SMTP-STARTTLS client. This client sends an email with a fixed content. + +* [`ssl/ssl_pthread_server.c`](ssl/ssl_pthread_server.c): a simple HTTPS server using one thread per client to send a fixed response. This program requires a the pthread library. + +* [`ssl/ssl_server.c`](ssl/ssl_server.c): a simple HTTPS server that sends a fixed response. This server serves a single client at a time. + +### SSL/TLS feature demonstrators + +Note: unlike most of the other programs under the `programs/` directory, these two programs are not intended as a basis to start writing an application. They combine most of the features supported by the library, and most applications require only a few features. It is recommended to start with `ssl_client1.c` or `ssl_server.c`, and to look inside `ssl/ssl_client2.c` or `ssl/ssl_server2.c` to see how to use the specific features that your application needs. + +* [`ssl/ssl_client2.c`](ssl/ssl_client2.c): an HTTPS client that sends a fixed request and displays the response, with options to select TLS protocol features and Mbed TLS library features. + +* [`ssl/ssl_server2.c`](ssl/ssl_server2.c): an HTTPS server that sends a fixed response, with options to select TLS protocol features and Mbed TLS library features. + +These programs have options to trigger certain behaviors (e.g. reconnection, renegotiation) so the `ssl_server2` program can be useful to test features in your TLS client and the `ssl_client2` program can be useful to test features in your TLS server. + +## Test utilities + +* [`test/benchmark.c`](test/benchmark.c): benchmark for cryptographic algorithms. + +* [`test/selftest.c`](test/selftest.c): runs the self-test functions in all the library modules. + +* [`test/ssl_cert_test.c`](test/ssl_cert_test.c): verify some X.509 certificates, and verify that each certificate matches the corresponding private key (supported for RSA keys only). + +* [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful to test DTLS. + +## Development utilities + +* [`util/pem2der.c`](util/pem2der.c): a PEM to DER converter. Mbed TLS can read PEM files directly, but this utility can be useful to interact with other tools or with minimal Mbed TLS builds that lack PEM support. + +* [`util/strerror.c`](util/strerror.c): print the error description corresponding to an integer status returned by an Mbed TLS function. + +## X.509 certificate examples + +* [`x509/cert_app.c`](x509/cert_app.c): connect to a TLS server and verify its certificate chain. + +* [`x509/cert_req.c`](x509/cert_req.c): generate a certificate signing request (CSR) for a private key. + +* [`x509/cert_write.c`](x509/cert_write.c): sign a certificate signing request, or self-sign a certificate. + +* [`x509/crl_app.c`](x509/crl_app.c): load and dump a certificate revocation list (CRL). + +* [`x509/req_app.c`](x509/req_app.c): load and dump a certificate signing request (CSR). + From 6fd96addf4e8caec48f69fed77f11ea1c3b374c2 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 12 May 2018 18:23:32 +0100 Subject: [PATCH 124/368] Change the default IP addresses for DTLS samples Changes the IP address to bind to for dtls_server.c to be "::" or optionally "0.0.0.0" if the preprocessor symbol FORCE_IPV4 is defined. Also changes the destinaton IP address for dtls_client.c to be "::1" or if FORCE_IPV4 symbol is defined "127.0.0.1". This change allows on compilation dtls_server.c and dtls_client.c to both be compiled to use either IPv4 or IPv6 so out of the box they will work together without problem, and to avoid dtls_server.c binding to IPv6 and dtls_client.c binding to IPv4. --- programs/ssl/dtls_client.c | 11 ++++++++++- programs/ssl/dtls_server.c | 11 ++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index f271bad30..c29ab34a6 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -60,9 +60,18 @@ int main( void ) #include "mbedtls/certs.h" #include "mbedtls/timing.h" +/* Uncomment out the following line to default to IPv4 and disable IPv6 */ +//#define FORCE_IPV4 + #define SERVER_PORT "4433" #define SERVER_NAME "localhost" -#define SERVER_ADDR "127.0.0.1" /* forces IPv4 */ + +#ifdef FORCE_IPV4 +#define SERVER_ADDR "127.0.0.1" /* Forces IPv4 */ +#else +#define SERVER_ADDR "::1" +#endif + #define MESSAGE "Echo this" #define READ_TIMEOUT_MS 1000 diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 9d0dda4d1..b4ad6b53a 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -34,6 +34,15 @@ #define mbedtls_time_t time_t #endif +/* Uncomment out the following line to default to IPv4 and disable IPv6 */ +//#define FORCE_IPV4 + +#ifdef FORCE_IPV4 +#define BIND_IP "0.0.0.0" /* Forces IPv4 */ +#else +#define BIND_IP "::" +#endif + #if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ !defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ @@ -170,7 +179,7 @@ int main( void ) printf( " . Bind on udp/*/4433 ..." ); fflush( stdout ); - if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 ) + if( ( ret = mbedtls_net_bind( &listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 ) { printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret ); goto exit; From 3efa8889b7fe6c4caeaae187ff9d667e95d54e95 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 12 May 2018 20:28:56 +0100 Subject: [PATCH 125/368] Update ChangeLog with dtls sample IPv6 change --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 7b50534ca..95fdfd503 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ API Changes Therefore, mbedtls_platform_zeroize() is moved to the platform module to facilitate testing and maintenance. +Changes + * Change the dtls_client and dtls_server samples to work by default over + IPv6 and optionally by a build option over IPv4. + = mbed TLS 2.9.0 branch released 2018-04-30 Security From c150f0d05064e8d14ef9af4047538854e0c27a3c Mon Sep 17 00:00:00 2001 From: tdoe Date: Fri, 18 May 2018 12:12:45 +0200 Subject: [PATCH 126/368] fixed missing initializer --- library/x509_create.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_create.c b/library/x509_create.c index fa66caeb5..863009651 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -73,7 +73,7 @@ static const x509_attr_descriptor_t x509_attrs[] = { ADD_STRLEN( "generationQualifier" ), MBEDTLS_OID_AT_GENERATION_QUALIFIER, MBEDTLS_ASN1_UTF8_STRING }, { ADD_STRLEN( "domainComponent" ), MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, { ADD_STRLEN( "DC" ), MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, - { NULL, 0, NULL } + { NULL, 0, NULL, MBEDTLS_ASN1_NULL } }; static const x509_attr_descriptor_t *x509_at_oid_from_name( const char *name, size_t name_len ) From 020c823f62204588584ee00dd63c0b61cf9051ab Mon Sep 17 00:00:00 2001 From: tdoe Date: Fri, 18 May 2018 13:09:12 +0200 Subject: [PATCH 127/368] fixed segmentation fault --- library/x509_create.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/x509_create.c b/library/x509_create.c index 863009651..ab5f85b93 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -85,6 +85,9 @@ static const x509_attr_descriptor_t *x509_at_oid_from_name( const char *name, si strncmp( cur->name, name, name_len ) == 0 ) break; + if ( cur->name == NULL ) + return( NULL ); + return( cur ); } From d0a66ccde3c0e7cb99d9f67aa436cf13535b2e3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jun 2018 09:53:21 +0200 Subject: [PATCH 128/368] post-merge: fix ECDSA test vector testing The way we do negative tests only works if the initial test was positive. This was not immediately apparent with the set of test data at the time the code for negative testing was introduced, but it became apparent with the addition of the "0 private value" / "overlong private value" tests that happened in development while this branch was developed. --- tests/suites/test_suite_ecdsa.function | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 4e4ee6d54..d87c98e4c 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -88,18 +88,18 @@ void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str, TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 ); + + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, + &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, + &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, + &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); } - TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 ); - - TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, - &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); - TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, - &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); - TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, - &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED ); - exit: mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &Q ); From b5d668a7a7eef6ca5b1b2e3d152cf0ecf5cf8ca0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jun 2018 11:22:01 +0200 Subject: [PATCH 129/368] post-merge: adapt ssl-opt.sh to new error values The numerical value of the error code was changed when merging development into this branch; now adapt ssl-opt.sh to the new value. --- tests/ssl-opt.sh | 80 ++++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d90c12ede..d45be5a6f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4076,10 +4076,10 @@ run_test "EC restart: TLS, default" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1" \ 0 \ - -C "x509_verify_cert.*4b80" \ - -C "mbedtls_pk_verify.*4b80" \ - -C "mbedtls_ecdh_make_public.*4b80" \ - -C "mbedtls_pk_sign.*4b80" + -C "x509_verify_cert.*4b00" \ + -C "mbedtls_pk_verify.*4b00" \ + -C "mbedtls_ecdh_make_public.*4b00" \ + -C "mbedtls_pk_sign.*4b00" requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, max_ops=0" \ @@ -4088,10 +4088,10 @@ run_test "EC restart: TLS, max_ops=0" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=0" \ 0 \ - -C "x509_verify_cert.*4b80" \ - -C "mbedtls_pk_verify.*4b80" \ - -C "mbedtls_ecdh_make_public.*4b80" \ - -C "mbedtls_pk_sign.*4b80" + -C "x509_verify_cert.*4b00" \ + -C "mbedtls_pk_verify.*4b00" \ + -C "mbedtls_ecdh_make_public.*4b00" \ + -C "mbedtls_pk_sign.*4b00" requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, max_ops=65535" \ @@ -4100,10 +4100,10 @@ run_test "EC restart: TLS, max_ops=65535" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=65535" \ 0 \ - -C "x509_verify_cert.*4b80" \ - -C "mbedtls_pk_verify.*4b80" \ - -C "mbedtls_ecdh_make_public.*4b80" \ - -C "mbedtls_pk_sign.*4b80" + -C "x509_verify_cert.*4b00" \ + -C "mbedtls_pk_verify.*4b00" \ + -C "mbedtls_ecdh_make_public.*4b00" \ + -C "mbedtls_pk_sign.*4b00" requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, max_ops=1000" \ @@ -4112,10 +4112,10 @@ run_test "EC restart: TLS, max_ops=1000" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b80" \ - -c "mbedtls_pk_verify.*4b80" \ - -c "mbedtls_ecdh_make_public.*4b80" \ - -c "mbedtls_pk_sign.*4b80" + -c "x509_verify_cert.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -c "mbedtls_ecdh_make_public.*4b00" \ + -c "mbedtls_pk_sign.*4b00" requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, max_ops=1000, badsign" \ @@ -4126,10 +4126,10 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=1000" \ 1 \ - -c "x509_verify_cert.*4b80" \ - -C "mbedtls_pk_verify.*4b80" \ - -C "mbedtls_ecdh_make_public.*4b80" \ - -C "mbedtls_pk_sign.*4b80" \ + -c "x509_verify_cert.*4b00" \ + -C "mbedtls_pk_verify.*4b00" \ + -C "mbedtls_ecdh_make_public.*4b00" \ + -C "mbedtls_pk_sign.*4b00" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ -c "X509 - Certificate verification failed" @@ -4143,10 +4143,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 0 \ - -c "x509_verify_cert.*4b80" \ - -c "mbedtls_pk_verify.*4b80" \ - -c "mbedtls_ecdh_make_public.*4b80" \ - -c "mbedtls_pk_sign.*4b80" \ + -c "x509_verify_cert.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -c "mbedtls_ecdh_make_public.*4b00" \ + -c "mbedtls_pk_sign.*4b00" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -4160,10 +4160,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=none" \ 0 \ - -C "x509_verify_cert.*4b80" \ - -c "mbedtls_pk_verify.*4b80" \ - -c "mbedtls_ecdh_make_public.*4b80" \ - -c "mbedtls_pk_sign.*4b80" \ + -C "x509_verify_cert.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -c "mbedtls_ecdh_make_public.*4b00" \ + -c "mbedtls_pk_sign.*4b00" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -4175,10 +4175,10 @@ run_test "EC restart: DTLS, max_ops=1000" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ dtls=1 debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b80" \ - -c "mbedtls_pk_verify.*4b80" \ - -c "mbedtls_ecdh_make_public.*4b80" \ - -c "mbedtls_pk_sign.*4b80" + -c "x509_verify_cert.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -c "mbedtls_ecdh_make_public.*4b00" \ + -c "mbedtls_pk_sign.*4b00" requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, max_ops=1000 no client auth" \ @@ -4186,10 +4186,10 @@ run_test "EC restart: TLS, max_ops=1000 no client auth" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b80" \ - -c "mbedtls_pk_verify.*4b80" \ - -c "mbedtls_ecdh_make_public.*4b80" \ - -C "mbedtls_pk_sign.*4b80" + -c "x509_verify_cert.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -c "mbedtls_ecdh_make_public.*4b00" \ + -C "mbedtls_pk_sign.*4b00" requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ @@ -4197,10 +4197,10 @@ run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ psk=abc123 debug_level=1 ec_max_ops=1000" \ 0 \ - -C "x509_verify_cert.*4b80" \ - -C "mbedtls_pk_verify.*4b80" \ - -C "mbedtls_ecdh_make_public.*4b80" \ - -C "mbedtls_pk_sign.*4b80" + -C "x509_verify_cert.*4b00" \ + -C "mbedtls_pk_verify.*4b00" \ + -C "mbedtls_ecdh_make_public.*4b00" \ + -C "mbedtls_pk_sign.*4b00" # Tests for DTLS HelloVerifyRequest From 558da9c3feee5d4376fcb9f481af18152165a467 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jun 2018 12:02:12 +0200 Subject: [PATCH 130/368] Make SSL error code more generic It's undesirable to have users of the SSL layer check for an error code specific to a lower-level layer, both out of general layering principles, and also because if we later make another crypto module gain resume capabilities, we would need to change the contract again (checking for a new module-specific error code). --- include/mbedtls/error.h | 2 +- include/mbedtls/ssl.h | 1 + library/error.c | 2 ++ library/ssl_cli.c | 20 ++++++++++++++++++++ library/ssl_tls.c | 2 +- programs/ssl/ssl_client2.c | 18 +++++++++--------- 6 files changed, 34 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 22895e1c2..29c1c21a9 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -90,7 +90,7 @@ * ECP 4 10 (Started from top) * MD 5 5 * CIPHER 6 8 - * SSL 6 17 (Started from top) + * SSL 6 22 (Started from top) * SSL 7 31 * * Module dependent error code (5 bits 0x.00.-0x.F8.) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 250031a6d..def20dbec 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -120,6 +120,7 @@ #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */ #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */ #define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */ +#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x6500 /**< A cryptographic operation is in progress. Try again later. */ /* * Various constants diff --git a/library/error.c b/library/error.c index a2de27563..4dc13a426 100644 --- a/library/error.c +++ b/library/error.c @@ -499,6 +499,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" ); if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) ) mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" ); + if( use_ret == -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) ) + mbedtls_snprintf( buf, buflen, "SSL - A cryptographic operation is in progress. Try again later" ); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 7a6ffe044..1937ec519 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2055,6 +2055,10 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, (const unsigned char **) p, end ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret ); +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; +#endif return( ret ); } @@ -2619,6 +2623,10 @@ start_processing: mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; +#endif return( ret ); } } @@ -2933,6 +2941,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; +#endif return( ret ); } @@ -2956,6 +2968,10 @@ ecdh_calc_secret: ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; +#endif return( ret ); } @@ -3313,6 +3329,10 @@ sign: ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; +#endif return( ret ); } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8364eb868..2ebf12877 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4683,7 +4683,7 @@ crt_verify: #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - return( ret ); + return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ); #endif /* diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b11bedd46..0e3e1ed07 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1516,7 +1516,7 @@ int main( int argc, char *argv[] ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", -ret ); @@ -1533,7 +1533,7 @@ int main( int argc, char *argv[] ) } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) continue; #endif @@ -1630,7 +1630,7 @@ int main( int argc, char *argv[] ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret ); @@ -1695,7 +1695,7 @@ send_request: { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret ); @@ -1721,7 +1721,7 @@ send_request: ret = mbedtls_ssl_write( &ssl, buf, len ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) continue; #endif @@ -1779,7 +1779,7 @@ send_request: ret = mbedtls_ssl_read( &ssl, buf, len ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) continue; #endif @@ -1844,7 +1844,7 @@ send_request: ret = mbedtls_ssl_read( &ssl, buf, len ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) continue; #endif @@ -1911,7 +1911,7 @@ send_request: { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); @@ -2010,7 +2010,7 @@ reconnect: { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); From 30e731decd2cd4266b74d544ca81294d2947bf97 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 12 Oct 2017 13:50:29 +0200 Subject: [PATCH 131/368] Added buffer_size and response_size options for ssl-server2. Added appropriate tests. --- programs/ssl/ssl_server2.c | 64 ++++++++++-- tests/ssl-opt.sh | 193 +++++++++++++++++++++++++++++++------ 2 files changed, 220 insertions(+), 37 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3a413ad5e..74d3a1d01 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -99,6 +99,7 @@ int main( void ) #define DFL_SERVER_ADDR NULL #define DFL_SERVER_PORT "4433" +#define DFL_RESPONSE_SIZE -1 #define DFL_DEBUG_LEVEL 0 #define DFL_NBIO 0 #define DFL_EVENT 0 @@ -171,7 +172,7 @@ int main( void ) * You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh * if you change this value to something outside the range <= 100 or > 500 */ -#define IO_BUF_LEN 200 +#define DFL_IO_BUF_LEN 200 #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_FS_IO) @@ -346,6 +347,11 @@ int main( void ) " server_addr=%%s default: (all interfaces)\n" \ " server_port=%%d default: 4433\n" \ " debug_level=%%d default: 0 (disabled)\n" \ + " buffer_size=%%d default: 200 \n" \ + " (minimum: 1, max: 16385)\n" \ + " response_size=%%d default: about 152 (basic response)\n" \ + " (minimum: 0, max: 16384)\n" \ + " increases buffer_size if bigger\n"\ " nbio=%%d default: 0 (blocking I/O)\n" \ " options: 1 (non-blocking), 2 (added delays)\n" \ " event=%%d default: 0 (loop)\n" \ @@ -421,6 +427,8 @@ struct options int nbio; /* should I/O be blocking? */ int event; /* loop or event-driven IO? level or edge triggered? */ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ + int response_size; /* pad response with header to requested size */ + uint16_t buffer_size; /* IO buffer size */ const char *ca_file; /* the file with the CA certificate(s) */ const char *ca_path; /* the path with the CA certificate(s) reside */ const char *crt_file; /* the file with the server certificate */ @@ -1154,7 +1162,7 @@ int main( int argc, char *argv[] ) { int ret = 0, len, written, frags, exchanges_left; int version_suites[4][2]; - unsigned char buf[IO_BUF_LEN]; + unsigned char* buf = 0; #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; @@ -1285,10 +1293,12 @@ int main( int argc, char *argv[] ) goto exit; } + opt.buffer_size = DFL_IO_BUF_LEN; opt.server_addr = DFL_SERVER_ADDR; opt.server_port = DFL_SERVER_PORT; opt.debug_level = DFL_DEBUG_LEVEL; opt.event = DFL_EVENT; + opt.response_size = DFL_RESPONSE_SIZE; opt.nbio = DFL_NBIO; opt.read_timeout = DFL_READ_TIMEOUT; opt.ca_file = DFL_CA_FILE; @@ -1379,6 +1389,20 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "read_timeout" ) == 0 ) opt.read_timeout = atoi( q ); + else if( strcmp( p, "buffer_size" ) == 0 ) + { + opt.buffer_size = atoi( q ); + if( opt.buffer_size < 1 || opt.buffer_size > MBEDTLS_SSL_MAX_CONTENT_LEN + 1 ) + goto usage; + } + else if( strcmp( p, "response_size" ) == 0 ) + { + opt.response_size = atoi( q ); + if( opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) + goto usage; + if( opt.buffer_size < opt.response_size ) + opt.buffer_size = opt.response_size; + } else if( strcmp( p, "ca_file" ) == 0 ) opt.ca_file = q; else if( strcmp( p, "ca_path" ) == 0 ) @@ -1700,7 +1724,14 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold( opt.debug_level ); #endif - + buf = malloc( opt.buffer_size ); + if( buf == NULL ) + { + mbedtls_printf("Could not allocate %u bytes\n", opt.buffer_size); + ret = 3; + goto exit; + } + if( opt.force_ciphersuite[0] > 0 ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -2708,8 +2739,8 @@ data_exchange: do { int terminated = 0; - len = sizeof( buf ) - 1; - memset( buf, 0, sizeof( buf ) ); + len = opt.buffer_size - 1; + memset( buf, 0, opt.buffer_size ); ret = mbedtls_ssl_read( &ssl, buf, len ); if( mbedtls_status_is_ssl_in_progress( ret ) ) @@ -2809,8 +2840,8 @@ data_exchange: } else /* Not stream, so datagram */ { - len = sizeof( buf ) - 1; - memset( buf, 0, sizeof( buf ) ); + len = opt.buffer_size - 1; + memset( buf, 0, opt.buffer_size ); do { @@ -2908,6 +2939,25 @@ data_exchange: len = sprintf( (char *) buf, HTTP_RESPONSE, mbedtls_ssl_get_ciphersuite( &ssl ) ); + /* Add padding to the response to reach opt.response_size in length */ + if( opt.response_size != DFL_RESPONSE_SIZE && + len < opt.response_size ) + { + memset( buf + len, 'B', opt.response_size - len ); + len += opt.response_size - len; + } + + /* Truncate if response size is smaller than the "natural" size */ + if( opt.response_size != DFL_RESPONSE_SIZE && + len > opt.response_size ) + { + len = opt.response_size; + + /* Still end with \r\n unless that's really not possible */ + if( len >= 2 ) buf[len - 2] = '\r'; + if( len >= 1 ) buf[len - 1] = '\n'; + } + if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ) { for( written = 0, frags = 0; written < len; written += ret, frags++ ) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9faeb6703..a9dd5c03f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3968,10 +3968,10 @@ run_test "SSLv3 with extensions, server side" \ -S "dumping 'client hello extensions'" \ -S "server hello, total extension length:" -# Test for large packets +# Test for large client packets requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 -run_test "Large packet SSLv3 BlockCipher" \ +run_test "Large client packet SSLv3 BlockCipher" \ "$P_SRV min_version=ssl3" \ "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3980,7 +3980,7 @@ run_test "Large packet SSLv3 BlockCipher" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 -run_test "Large packet SSLv3 StreamCipher" \ +run_test "Large client packet SSLv3 StreamCipher" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ @@ -3988,7 +3988,7 @@ run_test "Large packet SSLv3 StreamCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.0 BlockCipher" \ +run_test "Large client packet TLS 1.0 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3996,7 +3996,7 @@ run_test "Large packet TLS 1.0 BlockCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.0 BlockCipher, without EtM" \ +run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -4004,7 +4004,7 @@ run_test "Large packet TLS 1.0 BlockCipher, without EtM" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \ +run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -4013,21 +4013,21 @@ run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.0 StreamCipher" \ +run_test "Large client packet TLS 1.0 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.0 StreamCipher, without EtM" \ +run_test "Large client packet TLS 1.0 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -4035,7 +4035,7 @@ run_test "Large packet TLS 1.0 StreamCipher, without EtM" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \ +run_test "Large client packet TLS 1.0 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -4043,7 +4043,7 @@ run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ @@ -4051,7 +4051,7 @@ run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.1 BlockCipher" \ +run_test "Large client packet TLS 1.1 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -4059,7 +4059,7 @@ run_test "Large packet TLS 1.1 BlockCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.1 BlockCipher, without EtM" \ +run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -4067,7 +4067,7 @@ run_test "Large packet TLS 1.1 BlockCipher, without EtM" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \ +run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -4075,14 +4075,14 @@ run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.1 StreamCipher" \ +run_test "Large client packet TLS 1.1 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ @@ -4090,7 +4090,7 @@ run_test "Large packet TLS 1.1 StreamCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.1 StreamCipher, without EtM" \ +run_test "Large client packet TLS 1.1 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -4099,7 +4099,7 @@ run_test "Large packet TLS 1.1 StreamCipher, without EtM" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \ +run_test "Large client packet TLS 1.1 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -4107,7 +4107,7 @@ run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ @@ -4115,7 +4115,7 @@ run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 BlockCipher" \ +run_test "Large client packet TLS 1.2 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -4123,14 +4123,14 @@ run_test "Large packet TLS 1.2 BlockCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 BlockCipher, without EtM" \ +run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 etm=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ +run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ @@ -4139,7 +4139,7 @@ run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \ +run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -4147,7 +4147,7 @@ run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ @@ -4155,7 +4155,7 @@ run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 StreamCipher" \ +run_test "Large client packet TLS 1.2 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ @@ -4163,7 +4163,7 @@ run_test "Large packet TLS 1.2 StreamCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 StreamCipher, without EtM" \ +run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -4171,7 +4171,7 @@ run_test "Large packet TLS 1.2 StreamCipher, without EtM" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \ +run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -4179,7 +4179,7 @@ run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ @@ -4187,7 +4187,7 @@ run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 AEAD" \ +run_test "Large client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ @@ -4195,7 +4195,7 @@ run_test "Large packet TLS 1.2 AEAD" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 AEAD shorter tag" \ +run_test "Large client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ @@ -4203,6 +4203,139 @@ run_test "Large packet TLS 1.2 AEAD shorter tag" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" +# Test for large server packets + +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +run_test "Large server packet SSLv3 BlockCipher" \ + "$P_SRV response_size=16384 min_version=ssl3" \ + "$P_CLI force_version=ssl3 recsplit=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +run_test "Large server packet SSLv3 StreamCipher" \ + "$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=ssl3 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 16384 bytes read" + +# Checking next 2 tests logs for 1n-1 split against BEAST too +run_test "Large server packet TLS 1.0 BlockCipher" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1 recsplit=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read"\ + -c "16383 bytes read"\ + -C "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1 recsplit=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read"\ + -c "16383 bytes read"\ + -C "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.1 BlockCipher" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.1 StreamCipher" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 BlockCipher" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ + 0 \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 StreamCipher" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 AEAD" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 AEAD shorter tag" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + 0 \ + -c "Read from server: 16384 bytes read" + # Tests of asynchronous private key support in SSL requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE From c19fc55538eff85877ce5aeb9ccbb4c57130d6fc Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 19 Jun 2018 09:37:30 -0400 Subject: [PATCH 132/368] Add missing large and small packet tests for ssl_server2 --- tests/ssl-opt.sh | 486 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 443 insertions(+), 43 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a9dd5c03f..92151fd87 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3669,10 +3669,10 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data" \ 0 \ -s "Read from client: 500 bytes read (.*+.*)" -# Tests for small packets +# Tests for small client packets requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 -run_test "Small packet SSLv3 BlockCipher" \ +run_test "Small client packet SSLv3 BlockCipher" \ "$P_SRV min_version=ssl3" \ "$P_CLI request_size=1 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3680,21 +3680,21 @@ run_test "Small packet SSLv3 BlockCipher" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 -run_test "Small packet SSLv3 StreamCipher" \ +run_test "Small client packet SSLv3 StreamCipher" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.0 BlockCipher" \ +run_test "Small client packet TLS 1.0 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.0 BlockCipher, without EtM" \ +run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1 etm=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3702,7 +3702,7 @@ run_test "Small packet TLS 1.0 BlockCipher, without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \ +run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -3710,21 +3710,21 @@ run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.0 StreamCipher" \ +run_test "Small client packet TLS 1.0 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.0 StreamCipher, without EtM" \ +run_test "Small client packet TLS 1.0 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -3732,7 +3732,7 @@ run_test "Small packet TLS 1.0 StreamCipher, without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \ +run_test "Small client packet TLS 1.0 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -3740,21 +3740,21 @@ run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.1 BlockCipher" \ +run_test "Small client packet TLS 1.1 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.1 BlockCipher, without EtM" \ +run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ @@ -3762,7 +3762,7 @@ run_test "Small packet TLS 1.1 BlockCipher, without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \ +run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -3770,21 +3770,21 @@ run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.1 StreamCipher" \ +run_test "Small client packet TLS 1.1 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.1 StreamCipher, without EtM" \ +run_test "Small client packet TLS 1.1 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -3792,7 +3792,7 @@ run_test "Small packet TLS 1.1 StreamCipher, without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \ +run_test "Small client packet TLS 1.1 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -3800,28 +3800,28 @@ run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 BlockCipher" \ +run_test "Small client packet TLS 1.2 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 BlockCipher, without EtM" \ +run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 BlockCipher larger MAC" \ +run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ @@ -3829,7 +3829,7 @@ run_test "Small packet TLS 1.2 BlockCipher larger MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \ +run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -3837,21 +3837,21 @@ run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 StreamCipher" \ +run_test "Small client packet TLS 1.2 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 StreamCipher, without EtM" \ +run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -3859,7 +3859,7 @@ run_test "Small packet TLS 1.2 StreamCipher, without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \ +run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -3867,31 +3867,31 @@ run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 AEAD" \ +run_test "Small client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 AEAD shorter tag" \ +run_test "Small client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 0 \ -s "Read from client: 1 bytes read" -# Tests for small packets in DTLS +# Tests for small client packets in DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small packet DTLS 1.0" \ +run_test "Small client packet DTLS 1.0" \ "$P_SRV dtls=1 force_version=dtls1" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3899,7 +3899,7 @@ run_test "Small packet DTLS 1.0" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small packet DTLS 1.0, without EtM" \ +run_test "Small client packet DTLS 1.0, without EtM" \ "$P_SRV dtls=1 force_version=dtls1 etm=0" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3908,7 +3908,7 @@ run_test "Small packet DTLS 1.0, without EtM" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet DTLS 1.0, truncated hmac" \ +run_test "Small client packet DTLS 1.0, truncated hmac" \ "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \ "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3917,7 +3917,7 @@ run_test "Small packet DTLS 1.0, truncated hmac" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet DTLS 1.0, without EtM, truncated MAC" \ +run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \ "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ @@ -3925,7 +3925,7 @@ run_test "Small packet DTLS 1.0, without EtM, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small packet DTLS 1.2" \ +run_test "Small client packet DTLS 1.2" \ "$P_SRV dtls=1 force_version=dtls1_2" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3933,7 +3933,7 @@ run_test "Small packet DTLS 1.2" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small packet DTLS 1.2, without EtM" \ +run_test "Small client packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 force_version=dtls1_2 etm=0" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3942,7 +3942,7 @@ run_test "Small packet DTLS 1.2, without EtM" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet DTLS 1.2, truncated hmac" \ +run_test "Small client packet DTLS 1.2, truncated hmac" \ "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -3951,13 +3951,302 @@ run_test "Small packet DTLS 1.2, truncated hmac" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet DTLS 1.2, without EtM, truncated MAC" \ +run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \ "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 0 \ -s "Read from client: 1 bytes read" +# Tests for small server packets + +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +run_test "Small server packet SSLv3 BlockCipher" \ + "$P_SRV response_size=1 min_version=ssl3" \ + "$P_CLI force_version=ssl3 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +run_test "Small server packet SSLv3 StreamCipher" \ + "$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=ssl3 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.0 BlockCipher" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1 etm=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.0 StreamCipher" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.0 StreamCipher, without EtM" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.0 StreamCipher, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.1 BlockCipher" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.1 StreamCipher" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.1 StreamCipher, without EtM" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.1 StreamCipher, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 BlockCipher" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 StreamCipher" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 AEAD" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 AEAD shorter tag" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + 0 \ + -c "Read from server: 1 bytes read" + +# Tests for small server packets in DTLS + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small server packet DTLS 1.0" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small server packet DTLS 1.0, without EtM" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet DTLS 1.0, truncated hmac" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \ + "$P_CLI dtls=1 trunc_hmac=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small server packet DTLS 1.2" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small server packet DTLS 1.2, without EtM" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet DTLS 1.2, truncated hmac" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ + 0 \ + -c "Read from server: 1 bytes read" + # A test for extensions in SSLv3 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 @@ -4231,6 +4520,15 @@ run_test "Large server packet TLS 1.0 BlockCipher" \ -c "16383 bytes read"\ -C "Read from server: 16384 bytes read" +run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1 etm=0 recsplit=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read"\ + -c "16383 bytes read"\ + -C "Read from server: 16384 bytes read" + requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \ "$P_SRV response_size=16384" \ @@ -4249,6 +4547,41 @@ run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.0 StreamCipher" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.0 StreamCipher, without EtM" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.0 StreamCipher, truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" run_test "Large server packet TLS 1.1 BlockCipher" \ @@ -4258,11 +4591,12 @@ run_test "Large server packet TLS 1.1 BlockCipher" \ 0 \ -c "Read from server: 16384 bytes read" -run_test "Large server packet TLS 1.1 StreamCipher" \ - "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ - "$P_CLI force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ +run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_1 etm=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ + -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC @@ -4274,6 +4608,30 @@ run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \ 0 \ -c "Read from server: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=16384 trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.1 StreamCipher" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.1 StreamCipher, without EtM" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ @@ -4283,6 +4641,14 @@ run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \ 0 \ -c "Read from server: 16384 bytes read" +run_test "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + run_test "Large server packet TLS 1.2 BlockCipher" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls1_2 \ @@ -4290,6 +4656,14 @@ run_test "Large server packet TLS 1.2 BlockCipher" \ 0 \ -c "Read from server: 16384 bytes read" +run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 etm=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls1_2 \ @@ -4306,11 +4680,28 @@ run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \ 0 \ -c "Read from server: 16384 bytes read" +run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=16384 trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + run_test "Large server packet TLS 1.2 StreamCipher" \ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC @@ -4322,6 +4713,15 @@ run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \ 0 \ -c "Read from server: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + run_test "Large server packet TLS 1.2 AEAD" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls1_2 \ From 95e2ecae95dde7772b1f0e98d572d8a7ba158ebf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 20 Jun 2018 10:29:47 +0200 Subject: [PATCH 133/368] Fix IAR warning The IAR compiler doesn't like it when we assign an int to an enum variable. "C:\builds\ws\mbedtls-restricted-pr\library\ecp.c",509 Error[Pe188]: enumerated type mixed with another type --- library/ecp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp.c b/library/ecp.c index 52d6d9c38..bbc1ff082 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -506,7 +506,7 @@ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) if( grp == NULL ) return; - grp->id = 0; + grp->id = MBEDTLS_ECP_DP_NONE; mbedtls_mpi_init( &grp->P ); mbedtls_mpi_init( &grp->A ); mbedtls_mpi_init( &grp->B ); From da4029d665a37a290fa4d33e0ed8a3bb29b76f5e Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 20 Jun 2018 07:07:55 -0400 Subject: [PATCH 134/368] ssl_server2: add buffer overhead for a termination character Switch to mbedtls style of memory allocation --- programs/ssl/ssl_server2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 74d3a1d01..b201c8bda 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1724,7 +1724,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold( opt.debug_level ); #endif - buf = malloc( opt.buffer_size ); + buf = mbedtls_calloc( 1, opt.buffer_size + 1 ); if( buf == NULL ) { mbedtls_printf("Could not allocate %u bytes\n", opt.buffer_size); @@ -3116,6 +3116,7 @@ exit: mbedtls_memory_buffer_alloc_free(); #endif + mbedtls_free(buf); mbedtls_printf( " done.\n" ); #if defined(_WIN32) From 5c7e76eb4a4a9a284066896a40f6e026fbe27f59 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 20 Jun 2018 08:17:04 -0400 Subject: [PATCH 135/368] Remove trailing whitespace --- programs/ssl/ssl_server2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b201c8bda..a08d6b2f1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1731,7 +1731,7 @@ int main( int argc, char *argv[] ) ret = 3; goto exit; } - + if( opt.force_ciphersuite[0] > 0 ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; From e931d0efe592461d0237f5c3f3b4ac5bcb027044 Mon Sep 17 00:00:00 2001 From: irwir Date: Sat, 23 Jun 2018 18:55:14 +0300 Subject: [PATCH 136/368] Replace Windows API threading with CRT functions --- library/timing.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/library/timing.c b/library/timing.c index 6a30e5125..db186ee29 100644 --- a/library/timing.c +++ b/library/timing.c @@ -51,6 +51,7 @@ #include #include +#include struct _hr_time { @@ -266,18 +267,16 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int /* It's OK to use a global because alarm() is supposed to be global anyway */ static DWORD alarmMs; -static DWORD WINAPI TimerProc( LPVOID TimerContext ) +static void TimerProc( void *TimerContext ) { - ((void) TimerContext); + (void)TimerContext; Sleep( alarmMs ); mbedtls_timing_alarmed = 1; - return( TRUE ); + // Implicit call of _endthread() is better (see MS online docs) } void mbedtls_set_alarm( int seconds ) { - DWORD ThreadId; - if( seconds == 0 ) { /* No need to create a thread for this simple case. @@ -288,7 +287,7 @@ void mbedtls_set_alarm( int seconds ) mbedtls_timing_alarmed = 0; alarmMs = seconds * 1000; - CloseHandle( CreateThread( NULL, 0, TimerProc, NULL, 0, &ThreadId ) ); + (void)_beginthread( TimerProc, 0, NULL ); } #else /* _WIN32 && !EFIX64 && !EFI32 */ From 755890f5293902086e1ff53d88565c737069d921 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 20 Jun 2018 08:17:04 -0400 Subject: [PATCH 137/368] Remove trailing whitespace --- programs/ssl/ssl_server2.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b201c8bda..cef910054 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1727,11 +1727,11 @@ int main( int argc, char *argv[] ) buf = mbedtls_calloc( 1, opt.buffer_size + 1 ); if( buf == NULL ) { - mbedtls_printf("Could not allocate %u bytes\n", opt.buffer_size); + mbedtls_printf( "Could not allocate %u bytes\n", opt.buffer_size ); ret = 3; goto exit; } - + if( opt.force_ciphersuite[0] > 0 ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -3116,7 +3116,7 @@ exit: mbedtls_memory_buffer_alloc_free(); #endif - mbedtls_free(buf); + mbedtls_free( buf ); mbedtls_printf( " done.\n" ); #if defined(_WIN32) From 597dbf8802757d4b3f636865906584a16cdd4b43 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 27 Jun 2018 16:16:39 +0100 Subject: [PATCH 138/368] Adds a filter to run-test-suites.pl to exclude data files The run-test-suites.pl script was executing all files of the form 'test_suite*' which were either executable or ended with a .exe extension. On some filesystems, such as through network shares or VMs, which are abstracting one set of file permissions to Unix permissions, may set the executable permissions on all files, whether they're executable or not. That was leading to the run-test-suites.pl script to attempt to execute the .c intermediate files because they followed the form 'test_suite_*.c'. This change now excludes them, just in case they accidentally have execute permissions. --- tests/scripts/run-test-suites.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 7e2974bbc..02f9a2f6f 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -35,8 +35,9 @@ if ( defined($switch) && ( $switch eq "-v" || $switch eq "--verbose" ) ) { # All test suites = executable files, excluding source files, debug # and profiling information, etc. We can't just grep {! /\./} because -#some of our test cases' base names contain a dot. +# some of our test cases' base names contain a dot. my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*'; +@suites = grep { !/\.c$/ && !/\.data$/ } @suites; die "$0: no test suite found\n" unless @suites; # in case test suites are linked dynamically From 823c915e594c2bbff0b8d77fb1dceb4b3d73341d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 2 Jul 2018 12:05:49 +0200 Subject: [PATCH 139/368] Fix mis-merged ChangeLog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1d1ec7c04..ab5a01742 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ Features in ECP, ECDSA, PK and X509 (CRL not supported yet), and using existing functions in ECDH and SSL (currently only implemented client-side, for ECDHE-ECDSA ciphersuites with TLS 1.2, including client authentication). + += mbed TLS 2.11.0 branch released 2018-06-18 + +Features * Add additional block mode, OFB (Output Feedback), to the AES module and cipher abstraction module. * Implement the HMAC-based extract-and-expand key derivation function From 4edb9cbbc0a07a650946c0e83c7325093672c902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 2 Jul 2018 12:23:23 +0200 Subject: [PATCH 140/368] Justify some max_ops settings in test_suite_pk --- tests/suites/test_suite_pk.function | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index a2158360b..2cdc363bb 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -137,7 +137,8 @@ void pk_rsa_verify_test_vec( char *message_hex_string, int digest, rs_ctx = &ctx; mbedtls_pk_restart_init( rs_ctx ); - mbedtls_ecp_set_max_ops( 42 ); + // this setting would ensure restart would happen if ECC was used + mbedtls_ecp_set_max_ops( 1 ); #endif mbedtls_pk_init( &pk ); @@ -385,6 +386,9 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret ) rs_ctx = &ctx; mbedtls_pk_restart_init( rs_ctx ); + /* This value is large enough that the operation will complete in one run. + * See comments at the top of ecp_test_vect_restart in + * test_suite_ecp.function for estimates of operation counts. */ mbedtls_ecp_set_max_ops( 42000 ); #endif From 78d7e8cbc78443660c1a4e4c94ac109edbddf368 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 2 Jul 2018 12:33:14 +0200 Subject: [PATCH 141/368] Rename internal variable for consistency --- include/mbedtls/x509_crt.h | 2 +- library/x509_crt.c | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 1c3007d8d..d794b6630 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -178,7 +178,7 @@ typedef struct /* for find_parent_in() */ mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */ mbedtls_x509_crt *fallback_parent; - int fallback_sign_good; + int fallback_signature_is_good; /* for find_parent() */ int parent_is_trusted; /* -1 if find_parent is not in progress */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 4022ceee8..588b484f1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2010,7 +2010,7 @@ static int x509_crt_find_parent_in( { int ret; mbedtls_x509_crt *parent, *fallback_parent; - int signature_is_good, fallback_sign_good; + int signature_is_good, fallback_signature_is_good; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* did we have something in progress? */ @@ -2019,12 +2019,12 @@ static int x509_crt_find_parent_in( /* restore saved state */ parent = rs_ctx->parent; fallback_parent = rs_ctx->fallback_parent; - fallback_sign_good = rs_ctx->fallback_sign_good; + fallback_signature_is_good = rs_ctx->fallback_signature_is_good; /* clear saved state */ rs_ctx->parent = NULL; rs_ctx->fallback_parent = NULL; - rs_ctx->fallback_sign_good = 0; + rs_ctx->fallback_signature_is_good = 0; /* resume where we left */ goto check_signature; @@ -2032,7 +2032,7 @@ static int x509_crt_find_parent_in( #endif fallback_parent = NULL; - fallback_sign_good = 0; + fallback_signature_is_good = 0; for( parent = candidates; parent != NULL; parent = parent->next ) { @@ -2059,7 +2059,7 @@ check_signature: /* save state */ rs_ctx->parent = parent; rs_ctx->fallback_parent = fallback_parent; - rs_ctx->fallback_sign_good = fallback_sign_good; + rs_ctx->fallback_signature_is_good = fallback_signature_is_good; return( ret ); } @@ -2078,7 +2078,7 @@ check_signature: if( fallback_parent == NULL ) { fallback_parent = parent; - fallback_sign_good = signature_is_good; + fallback_signature_is_good = signature_is_good; } continue; @@ -2095,7 +2095,7 @@ check_signature: else { *r_parent = fallback_parent; - *r_signature_is_good = fallback_sign_good; + *r_signature_is_good = fallback_signature_is_good; } return( 0 ); @@ -2704,7 +2704,7 @@ void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) ctx->parent = NULL; ctx->fallback_parent = NULL; - ctx->fallback_sign_good = 0; + ctx->fallback_signature_is_good = 0; ctx->parent_is_trusted = -1; From c8c12b6007b4249e1fbc67c94bb28b3ec2dadc3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 2 Jul 2018 13:09:39 +0200 Subject: [PATCH 142/368] Add NULL pointer check for consistency Most other functions in this module have a similar check. --- library/pk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/pk.c b/library/pk.c index c793fd8e4..ba8950e8d 100644 --- a/library/pk.c +++ b/library/pk.c @@ -206,8 +206,8 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx, const mbedtls_pk_info_t *info ) { - /* Don't do anything it already set up */ - if( ctx->pk_info != NULL ) + /* Don't do anything if already set up or invalid */ + if( ctx == NULL || ctx->pk_info != NULL ) return( 0 ); /* Should never happen when we're called */ From 278af4536ccedd9f5ab9d814ece2a3f5146842c4 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 20 Jun 2018 18:40:21 +0300 Subject: [PATCH 143/368] Fix hmac_drbg failure in benchmark, with threading Remove redunadnat calls to `hmac_drbg_free()` between seeding operations, which make the mutex invalid. Fixes #1095 --- ChangeLog | 2 ++ programs/test/benchmark.c | 5 +---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 44533d2ae..5e00c0ecc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ Bugfix Changes * Change the shebang line in Perl scripts to look up perl in the PATH. Contributed by fbrosson. + * Fix efailure in hmac_drbg in the benchmark sample application, when + MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 = mbed TLS 2.11.0 branch released 2018-06-18 diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 5277ceb79..e7d29c396 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -700,7 +700,6 @@ int main( int argc, char *argv[] ) mbedtls_exit(1); TIME_AND_TSC( "HMAC_DRBG SHA-1 (NOPR)", mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) ); - mbedtls_hmac_drbg_free( &hmac_drbg ); if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); @@ -708,7 +707,6 @@ int main( int argc, char *argv[] ) MBEDTLS_HMAC_DRBG_PR_ON ); TIME_AND_TSC( "HMAC_DRBG SHA-1 (PR)", mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) ); - mbedtls_hmac_drbg_free( &hmac_drbg ); #endif #if defined(MBEDTLS_SHA256_C) @@ -719,7 +717,6 @@ int main( int argc, char *argv[] ) mbedtls_exit(1); TIME_AND_TSC( "HMAC_DRBG SHA-256 (NOPR)", mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) ); - mbedtls_hmac_drbg_free( &hmac_drbg ); if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); @@ -727,8 +724,8 @@ int main( int argc, char *argv[] ) MBEDTLS_HMAC_DRBG_PR_ON ); TIME_AND_TSC( "HMAC_DRBG SHA-256 (PR)", mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) ); - mbedtls_hmac_drbg_free( &hmac_drbg ); #endif + mbedtls_hmac_drbg_free( &hmac_drbg ); } #endif From 636179a277200cb05bb6b0bcfafb46afec3498cc Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 4 Jul 2018 17:35:29 +0300 Subject: [PATCH 144/368] Fix typo Fix typo in ChangeLog entry. --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 5e00c0ecc..81dca1a3e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,7 +22,7 @@ Bugfix Changes * Change the shebang line in Perl scripts to look up perl in the PATH. Contributed by fbrosson. - * Fix efailure in hmac_drbg in the benchmark sample application, when + * Fix failure in hmac_drbg in the benchmark sample application, when MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 = mbed TLS 2.11.0 branch released 2018-06-18 From 604ccc660847d5ba59db420f3ca2aad6bd71402e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Jul 2018 15:55:52 +0200 Subject: [PATCH 145/368] Add ChangeLog entry --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 027a97174..8c2d90d4f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.xx.xx branch released xxxx-xx-xx + +Changes + * Close a test gap in (D)TLS between the client side and the server side: + test the handling of large packets and small packets on the client side + in the same way as on the server side. + = mbed TLS 2.11.0 branch released 2018-06-18 Features From 7b01244b993a9d53dfab1937aa333ab30d69ee77 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 25 Sep 2017 17:03:12 +0300 Subject: [PATCH 146/368] Add tests for mbedtls_cipher_crypt API 1. Add tests for 'mbedtls_cipher_crypt()' API 2. Resolves #1091, by ignoring IV when the cipher mode is MBEDTLS_MODE_ECB --- ChangeLog | 3 + library/cipher.c | 9 +- tests/suites/test_suite_cipher.aes.data | 620 ++++++++++++++++++++++++ tests/suites/test_suite_cipher.function | 57 ++- 4 files changed, 686 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a7e6288ee..2fc5e5028 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,10 +34,13 @@ Bugfix i386 with SSE2. Found by László Langó. Fixes #1550 * Fix namespacing in header files. Remove the `mbedtls` namespacing in the `#include` in the header files. Resolves #857 + * Ignore iv in mbedtls_cipher_set_iv() when the cipher mode is MBEDTLS_MODE_ECB + Fix for #1091 raised by ezdevelop Changes * Change the shebang line in Perl scripts to look up perl in the PATH. Contributed by fbrosson. + * Add tests for the mbedtls_cipher_crypt() API = mbed TLS 2.11.0 branch released 2018-06-18 diff --git a/library/cipher.c b/library/cipher.c index 7ae6c4ac5..2771b05fc 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -237,10 +237,15 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len ) { size_t actual_iv_size; - - if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv ) + if( NULL == ctx || NULL == ctx->cipher_info || + ( NULL == iv && ( ctx->cipher_info->mode != MBEDTLS_MODE_ECB ) ) ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if ( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) + { + ctx->iv_size = 0; + return ( 0 ); + } /* avoid buffer overflow in ctx->iv */ if( iv_len > MBEDTLS_MAX_IV_LENGTH ) return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index baab3586b..fbe658b96 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1510,6 +1510,626 @@ AES-256-ECB Decrypt NIST KAT #12 depends_on:MBEDTLS_AES_C test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0 +AES-128-ECB crypt Encrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0 + +AES-128-ECB crypt Encrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"9798c4640bad75c7c3227db910174e72":"a9a1631bf4996954ebc093957b234589":0 + +AES-128-ECB crypt Encrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"96ab5c2ff612d9dfaae8c31f30c42168":"ff4f8391a6a40ca5b25d23bedd44a597":0 + +AES-128-ECB crypt Encrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"e0000000000000000000000000000000":"":"00000000000000000000000000000000":"72a1da770f5d7ac4c9ef94d822affd97":0 + +AES-128-ECB crypt Encrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"f0000000000000000000000000000000":"":"00000000000000000000000000000000":"970014d634e2b7650777e8e84d03ccd8":0 + +AES-128-ECB crypt Encrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"f8000000000000000000000000000000":"":"00000000000000000000000000000000":"f17e79aed0db7e279e955b5f493875a7":0 + +AES-128-ECB crypt Encrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"fffffffffffff0000000000000000000":"":"00000000000000000000000000000000":"7b90785125505fad59b13c186dd66ce3":0 + +AES-128-ECB crypt Encrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"fffffffffffff8000000000000000000":"":"00000000000000000000000000000000":"8b527a6aebdaec9eaef8eda2cb7783e5":0 + +AES-128-ECB crypt Encrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"fffffffffffffc000000000000000000":"":"00000000000000000000000000000000":"43fdaf53ebbc9880c228617d6a9b548b":0 + +AES-128-ECB crypt Encrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffc000":"":"00000000000000000000000000000000":"70c46bb30692be657f7eaa93ebad9897":0 + +AES-128-ECB crypt Encrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0 + +AES-128-ECB crypt Encrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffffff000":"":"00000000000000000000000000000000":"1dbf57877b7b17385c85d0b54851e371":0 + +AES-128-ECB crypt Encrypt NIST KAT #13 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffc00000000000000000":"3a4d354f02bb5a5e47d39666867f246a":0 + +AES-128-ECB crypt Encrypt NIST KAT #14 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffe00000000000000000":"d451b8d6e1e1a0ebb155fbbf6e7b7dc3":0 + +AES-128-ECB crypt Encrypt NIST KAT #15 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"fffffffffffffff00000000000000000":"6898d4f42fa7ba6a10ac05e87b9f2080":0 + +AES-128-ECB crypt Encrypt NIST KAT #16 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffffffffffffe0000000":"082eb8be35f442fb52668e16a591d1d6":0 + +AES-128-ECB crypt Encrypt NIST KAT #17 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"fffffffffffffffffffffffff0000000":"e656f9ecf5fe27ec3e4a73d00c282fb3":0 + +AES-128-ECB crypt Encrypt NIST KAT #18 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"fffffffffffffffffffffffff8000000":"2ca8209d63274cd9a29bb74bcd77683a":0 + +AES-128-ECB crypt Decrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0 + +AES-128-ECB crypt Decrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"a81738252621dd180a34f3455b4baa2f":"ff800000000000000000000000000000":0 + +AES-128-ECB crypt Decrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"77e2b508db7fd89234caf7939ee5621a":"ffc00000000000000000000000000000":0 + +AES-128-ECB crypt Decrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"dc43be40be0e53712f7e2bf5ca707209":"6a118a874519e64e9963798a503f1d35":0 + +AES-128-ECB crypt Decrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"92beedab1895a94faa69b632e5cc47ce":"cb9fceec81286ca3e989bd979b0cb284":0 + +AES-128-ECB crypt Decrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"459264f4798f6a78bacb89c15ed3d601":"b26aeb1874e47ca8358ff22378f09144":0 + +AES-128-ECB crypt Decrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0 + +AES-128-ECB crypt Decrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"71b5c08a1993e1362e4d0ce9b22b78d5":"":"c2dabd117f8a3ecabfbb11d12194d9d0":"00000000000000000000000000000000":0 + +AES-128-ECB crypt Decrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"e234cdca2606b81f29408d5f6da21206":"":"fff60a4740086b3b9c56195b98d91a7b":"00000000000000000000000000000000":0 + +AES-128-ECB crypt Decrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff0000000000000000":"":"84be19e053635f09f2665e7bae85b42d":"00000000000000000000000000000000":0 + +AES-128-ECB crypt Decrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0 + +AES-192-ECB crypt Encrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"fffffffffffffffffffff80000000000":"156f07767a85a4312321f63968338a01":0 + +AES-192-ECB crypt Encrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"fffffffffffffffffffffc0000000000":"15eec9ebf42b9ca76897d2cd6c5a12e2":0 + +AES-192-ECB crypt Encrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"fffffffffffffffffffffe0000000000":"db0d3a6fdcc13f915e2b302ceeb70fd8":0 + +AES-192-ECB crypt Encrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"51719783d3185a535bd75adc65071ce1":"4f354592ff7c8847d2d0870ca9481b7c":0 + +AES-192-ECB crypt Encrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"26aa49dcfe7629a8901a69a9914e6dfd":"d5e08bf9a182e857cf40b3a36ee248cc":0 + +AES-192-ECB crypt Encrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"941a4773058224e1ef66d10e0a6ee782":"067cd9d3749207791841562507fa9626":0 + +AES-192-ECB crypt Encrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"d2926527e0aa9f37b45e2ec2ade5853ef807576104c7ace3":"":"00000000000000000000000000000000":"dd619e1cf204446112e0af2b9afa8f8c":0 + +AES-192-ECB crypt Encrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"982215f4e173dfa0fcffe5d3da41c4812c7bcc8ed3540f93":"":"00000000000000000000000000000000":"d4f0aae13c8fe9339fbf9e69ed0ad74d":0 + +AES-192-ECB crypt Encrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"98c6b8e01e379fbd14e61af6af891596583565f2a27d59e9":"":"00000000000000000000000000000000":"19c80ec4a6deb7e5ed1033dda933498f":0 + +AES-192-ECB crypt Encrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffff800000000000000000000":"":"00000000000000000000000000000000":"8dd274bd0f1b58ae345d9e7233f9b8f3":0 + +AES-192-ECB crypt Encrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffffc00000000000000000000":"":"00000000000000000000000000000000":"9d6bdc8f4ce5feb0f3bed2e4b9a9bb0b":0 + +AES-192-ECB crypt Encrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffffe00000000000000000000":"":"00000000000000000000000000000000":"fd5548bcf3f42565f7efa94562528d46":0 + +AES-192-ECB crypt Decrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0 + +AES-192-ECB crypt Decrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff800000000000000":"":"1b9f5fbd5e8a4264c0a85b80409afa5e":"00000000000000000000000000000000":0 + +AES-192-ECB crypt Decrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffc00000000000000":"":"30dab809f85a917fe924733f424ac589":"00000000000000000000000000000000":0 + +AES-192-ECB crypt Decrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0 + +AES-192-ECB crypt Decrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"b0ab0a6a818baef2d11fa33eac947284fb7d748cfb75e570":"":"d2eafd86f63b109b91f5dbb3a3fb7e13":"00000000000000000000000000000000":0 + +AES-192-ECB crypt Decrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ee053aa011c8b428cdcc3636313c54d6a03cac01c71579d6":"":"9b9fdd1c5975655f539998b306a324af":"00000000000000000000000000000000":0 + +AES-192-ECB crypt Decrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0 + +AES-192-ECB crypt Decrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"c9b8135ff1b5adc413dfd053b21bd96d":"9c2d8842e5f48f57648205d39a239af1":0 + +AES-192-ECB crypt Decrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"4a3650c3371ce2eb35e389a171427440":"bff52510095f518ecca60af4205444bb":0 + +AES-192-ECB crypt Decrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0 + +AES-192-ECB crypt Decrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"a6cae46fb6fadfe7a2c302a34242817b":"ffffffffffffffffffffe00000000000":0 + +AES-192-ECB crypt Decrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"026a7024d6a902e0b3ffccbaa910cc3f":"fffffffffffffffffffff00000000000":0 + +AES-256-ECB crypt Encrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":0 + +AES-256-ECB crypt Encrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"984ca75f4ee8d706f46c2d98c0bf4a45f5b00d791c2dfeb191b5ed8e420fd627":"":"00000000000000000000000000000000":"4307456a9e67813b452e15fa8fffe398":0 + +AES-256-ECB crypt Encrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"b43d08a447ac8609baadae4ff12918b9f68fc1653f1269222f123981ded7a92f":"":"00000000000000000000000000000000":"4663446607354989477a5c6f0f007ef4":0 + +AES-256-ECB crypt Encrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"0b24af36193ce4665f2825d7b4749c98":"a9ff75bd7cf6613d3731c77c3b6d0c04":0 + +AES-256-ECB crypt Encrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"761c1fe41a18acf20d241650611d90f1":"623a52fcea5d443e48d9181ab32c7421":0 + +AES-256-ECB crypt Encrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"8a560769d605868ad80d819bdba03771":"38f2c7ae10612415d27ca190d27da8b4":0 + +AES-256-ECB crypt Encrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ffffff80000000000000000000000000":"36aff0ef7bf3280772cf4cac80a0d2b2":0 + +AES-256-ECB crypt Encrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ffffffc0000000000000000000000000":"1f8eedea0f62a1406d58cfc3ecea72cf":0 + +AES-256-ECB crypt Encrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ffffffe0000000000000000000000000":"abf4154a3375a1d3e6b1d454438f95a6":0 + +AES-256-ECB crypt Encrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffff8000000000000000000000000000":"":"00000000000000000000000000000000":"45d089c36d5c5a4efc689e3b0de10dd5":0 + +AES-256-ECB crypt Encrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffc000000000000000000000000000":"":"00000000000000000000000000000000":"b4da5df4becb5462e03a0ed00d295629":0 + +AES-256-ECB crypt Encrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffe000000000000000000000000000":"":"00000000000000000000000000000000":"dcf4e129136c1a4b7a0f38935cc34b2b":0 + +AES-256-ECB crypt Decrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0 + +AES-256-ECB crypt Decrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff80000000000000000":"":"6168b00ba7859e0970ecfd757efecf7c":"00000000000000000000000000000000":0 + +AES-256-ECB crypt Decrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffffc0000000000000000":"":"d1415447866230d28bb1ea18a4cdfd02":"00000000000000000000000000000000":0 + +AES-256-ECB crypt Decrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0 + +AES-256-ECB crypt Decrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"797f8b3d176dac5b7e34a2d539c4ef367a16f8635f6264737591c5c07bf57a3e":"":"a74289fe73a4c123ca189ea1e1b49ad5":"00000000000000000000000000000000":0 + +AES-256-ECB crypt Decrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"6838d40caf927749c13f0329d331f448e202c73ef52c5f73a37ca635d4c47707":"":"b91d4ea4488644b56cf0812fa7fcf5fc":"00000000000000000000000000000000":0 + +AES-256-ECB crypt Decrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0 + +AES-256-ECB crypt Decrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"38f2c7ae10612415d27ca190d27da8b4":"8a560769d605868ad80d819bdba03771":0 + +AES-256-ECB crypt Decrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"1bc704f1bce135ceb810341b216d7abe":"91fbef2d15a97816060bee1feaa49afe":0 + +AES-256-ECB crypt Decrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0 + +AES-256-ECB crypt Decrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"0a6bdc6d4c1e6280301fd8e97ddbe601":"c0000000000000000000000000000000":0 + +AES-256-ECB crypt Decrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0 + +AES-128-CBC crypt Encrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":0 + +AES-128-CBC crypt Encrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"c0000000000000000000000000000000":"aae5939c8efdf2f04e60b9fe7117b2c2":0 + +AES-128-CBC crypt Encrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"e0000000000000000000000000000000":"f031d4d74f5dcbf39daaf8ca3af6e527":0 + +AES-128-CBC crypt Encrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"f0000000000000000000000000000000":"96d9fd5cc4f07441727df0f33e401a36":0 + +AES-128-CBC crypt Encrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"ff000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"b1d758256b28fd850ad4944208cf1155":0 + +AES-128-CBC crypt Encrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"ffffc000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"df556a33438db87bc41b1752c55e5e49":0 + +AES-128-CBC crypt Encrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0 + +AES-128-CBC crypt Encrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":0 + +AES-128-CBC crypt Encrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"caea65cdbb75e9169ecd22ebe6e54675":"00000000000000000000000000000000":"00000000000000000000000000000000":"6e29201190152df4ee058139def610bb":0 + +AES-128-CBC crypt Encrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"b6364ac4e1de1e285eaf144a2415f7a0":"00000000000000000000000000000000":"00000000000000000000000000000000":"5d9b05578fc944b3cf1ccf0e746cd581":0 + +AES-128-CBC crypt Encrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0 + +AES-128-CBC crypt Encrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"9798c4640bad75c7c3227db910174e72":"a9a1631bf4996954ebc093957b234589":0 + +AES-128-CBC crypt Encrypt NIST KAT #13 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"96ab5c2ff612d9dfaae8c31f30c42168":"ff4f8391a6a40ca5b25d23bedd44a597":0 + +AES-128-CBC crypt Decrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0 + +AES-128-CBC crypt Decrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"aae5939c8efdf2f04e60b9fe7117b2c2":"c0000000000000000000000000000000":0 + +AES-128-CBC crypt Decrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"f031d4d74f5dcbf39daaf8ca3af6e527":"e0000000000000000000000000000000":0 + +AES-128-CBC crypt Decrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"96d9fd5cc4f07441727df0f33e401a36":"f0000000000000000000000000000000":0 + +AES-128-CBC crypt Decrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"ff000000000000000000000000000000":"00000000000000000000000000000000":"b1d758256b28fd850ad4944208cf1155":"00000000000000000000000000000000":0 + +AES-128-CBC crypt Decrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"00000000000000000000000000000000":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0 + +AES-128-CBC crypt Decrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":"00000000000000000000000000000000":0 + +AES-128-CBC crypt Decrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0 + +AES-128-CBC crypt Decrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"caea65cdbb75e9169ecd22ebe6e54675":"00000000000000000000000000000000":"6e29201190152df4ee058139def610bb":"00000000000000000000000000000000":0 + +AES-128-CBC crypt Decrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"b6364ac4e1de1e285eaf144a2415f7a0":"00000000000000000000000000000000":"5d9b05578fc944b3cf1ccf0e746cd581":"00000000000000000000000000000000":0 + +AES-128-CBC crypt Decrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0 + +AES-128-CBC crypt Decrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"a9a1631bf4996954ebc093957b234589":"9798c4640bad75c7c3227db910174e72":0 + +AES-128-CBC crypt Decrypt NIST KAT #13 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"ff4f8391a6a40ca5b25d23bedd44a597":"96ab5c2ff612d9dfaae8c31f30c42168":0 + +AES-192-CBC crypt Encrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":0 + +AES-192-CBC crypt Encrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"c0000000000000000000000000000000":"2ce1f8b7e30627c1c4519eada44bc436":0 + +AES-192-CBC crypt Encrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"e0000000000000000000000000000000":"9946b5f87af446f5796c1fee63a2da24":0 + +AES-192-CBC crypt Encrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"f0000000000000000000000000000000":"2a560364ce529efc21788779568d5555":0 + +AES-192-CBC crypt Encrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"ff0000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"833f71258d53036b02952c76c744f5a1":0 + +AES-192-CBC crypt Encrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"ffffc0000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"b2f8b409b0585909aad3a7b5a219072a":0 + +AES-192-CBC crypt Encrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"75db7cfd4a7b2b62ab78a48f3ddaf4af":0 + +AES-192-CBC crypt Encrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":0 + +AES-192-CBC crypt Encrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"15d20f6ebc7e649fd95b76b107e6daba967c8a9484797f29":"00000000000000000000000000000000":"00000000000000000000000000000000":"8e4e18424e591a3d5b6f0876f16f8594":0 + +AES-192-CBC crypt Encrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"a8a282ee31c03fae4f8e9b8930d5473c2ed695a347e88b7c":"00000000000000000000000000000000":"00000000000000000000000000000000":"93f3270cfc877ef17e106ce938979cb0":0 + +AES-192-CBC crypt Encrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0 + +AES-192-CBC crypt Encrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"9c2d8842e5f48f57648205d39a239af1":"c9b8135ff1b5adc413dfd053b21bd96d":0 + +AES-192-CBC crypt Encrypt NIST KAT #13 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"bff52510095f518ecca60af4205444bb":"4a3650c3371ce2eb35e389a171427440":0 + +AES-192-CBC crypt Decrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0 + +AES-192-CBC crypt Decrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"2ce1f8b7e30627c1c4519eada44bc436":"c0000000000000000000000000000000":0 + +AES-192-CBC crypt Decrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"9946b5f87af446f5796c1fee63a2da24":"e0000000000000000000000000000000":0 + +AES-192-CBC crypt Decrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"2a560364ce529efc21788779568d5555":"f0000000000000000000000000000000":0 + +AES-192-CBC crypt Decrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0 + +AES-192-CBC crypt Decrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"ffffc0000000000000000000000000000000000000000000":"00000000000000000000000000000000":"b2f8b409b0585909aad3a7b5a219072a":"00000000000000000000000000000000":0 + +AES-192-CBC crypt Decrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"ffffffffffffffffffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"75db7cfd4a7b2b62ab78a48f3ddaf4af":"00000000000000000000000000000000":0 + +AES-192-CBC crypt Decrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0 + +AES-192-CBC crypt Decrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"15d20f6ebc7e649fd95b76b107e6daba967c8a9484797f29":"00000000000000000000000000000000":"8e4e18424e591a3d5b6f0876f16f8594":"00000000000000000000000000000000":0 + +AES-192-CBC crypt Decrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"a8a282ee31c03fae4f8e9b8930d5473c2ed695a347e88b7c":"00000000000000000000000000000000":"93f3270cfc877ef17e106ce938979cb0":"00000000000000000000000000000000":0 + +AES-192-CBC crypt Decrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0 + +AES-192-CBC crypt Decrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"c9b8135ff1b5adc413dfd053b21bd96d":"9c2d8842e5f48f57648205d39a239af1":0 + +AES-192-CBC crypt Decrypt NIST KAT #13 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"4a3650c3371ce2eb35e389a171427440":"bff52510095f518ecca60af4205444bb":0 + +AES-256-CBC crypt Encrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":0 + +AES-256-CBC crypt Encrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"c0000000000000000000000000000000":"0a6bdc6d4c1e6280301fd8e97ddbe601":0 + +AES-256-CBC crypt Encrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"e0000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":0 + +AES-256-CBC crypt Encrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"f0000000000000000000000000000000":"7f2c5ece07a98d8bee13c51177395ff7":0 + +AES-256-CBC crypt Encrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"ff00000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"ec52a212f80a09df6317021bc2a9819e":0 + +AES-256-CBC crypt Encrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"ffffc00000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"27ef2495dabf323885aab39c80f18d8b":0 + +AES-256-CBC crypt Encrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"50e6d3c9b6698a7cd276f96b1473f35a":0 + +AES-256-CBC crypt Encrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":0 + +AES-256-CBC crypt Encrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"28d46cffa158533194214a91e712fc2b45b518076675affd910edeca5f41ac64":"00000000000000000000000000000000":"00000000000000000000000000000000":"4bf3b0a69aeb6657794f2901b1440ad4":0 + +AES-256-CBC crypt Encrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":0 + +AES-256-CBC crypt Encrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0 + +AES-256-CBC crypt Encrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"0b24af36193ce4665f2825d7b4749c98":"a9ff75bd7cf6613d3731c77c3b6d0c04":0 + +AES-256-CBC crypt Encrypt NIST KAT #13 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"761c1fe41a18acf20d241650611d90f1":"623a52fcea5d443e48d9181ab32c7421":0 + +AES-256-CBC crypt Decrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0 + +AES-256-CBC crypt Decrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"0a6bdc6d4c1e6280301fd8e97ddbe601":"c0000000000000000000000000000000":0 + +AES-256-CBC crypt Decrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0 + +AES-256-CBC crypt Decrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"7f2c5ece07a98d8bee13c51177395ff7":"f0000000000000000000000000000000":0 + +AES-256-CBC crypt Decrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0 + +AES-256-CBC crypt Decrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"ffffc00000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"27ef2495dabf323885aab39c80f18d8b":"00000000000000000000000000000000":0 + +AES-256-CBC crypt Decrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"50e6d3c9b6698a7cd276f96b1473f35a":"00000000000000000000000000000000":0 + +AES-256-CBC crypt Decrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0 + +AES-256-CBC crypt Decrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"28d46cffa158533194214a91e712fc2b45b518076675affd910edeca5f41ac64":"00000000000000000000000000000000":"4bf3b0a69aeb6657794f2901b1440ad4":"00000000000000000000000000000000":0 + +AES-256-CBC crypt Decrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":"00000000000000000000000000000000":0 + +AES-256-CBC crypt Decrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0 + +AES-256-CBC crypt Decrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"a9ff75bd7cf6613d3731c77c3b6d0c04":"0b24af36193ce4665f2825d7b4749c98":0 + +AES-256-CBC crypt Decrypt NIST KAT #13 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0 + Cipher Corner Case behaviours depends_on:MBEDTLS_AES_C cipher_special_behaviours: diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 52526a898..9b7c30167 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -107,7 +107,7 @@ void cipher_special_behaviours( ) memset( iv, 0, sizeof( iv ) ); /* Check and get info structures */ - cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); + cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC ); TEST_ASSERT( NULL != cipher_info ); TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); @@ -120,6 +120,12 @@ void cipher_special_behaviours( ) TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, 0 ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + mbedtls_cipher_free( &ctx ); + cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); + TEST_ASSERT( NULL != cipher_info ); + + TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); + /* Update ECB with partial block */ TEST_ASSERT( mbedtls_cipher_update( &ctx, input, 1, output, &olen ) == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); @@ -690,6 +696,55 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ +void test_vec_crypt( int cipher_id, int operation, char *hex_key, + char *hex_iv, char *hex_input, char *hex_result, + int finish_result ) +{ + unsigned char key[50]; + unsigned char input[16]; + unsigned char result[16]; + unsigned char iv[16]; + size_t key_len, iv_len, inputlen, resultlen; + mbedtls_cipher_context_t ctx; + unsigned char output[32]; + size_t outlen; + + mbedtls_cipher_init( &ctx ); + + memset( key, 0x00, sizeof( key ) ); + memset( input, 0x00, sizeof( input ) ); + memset( result, 0x00, sizeof( result ) ); + memset( output, 0x00, sizeof( output ) ); + memset( iv, 0x00, sizeof( iv ) ); + + /* Prepare context */ + TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, + mbedtls_cipher_info_from_type( cipher_id ) ) ); + + key_len = unhexify( key, hex_key ); + inputlen = unhexify( input, hex_input ); + resultlen = unhexify( result, hex_result ); + + TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) ); + if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode ) + TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) ); + + iv_len = unhexify( iv, hex_iv ); + + TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv_len ? iv : NULL, + iv_len, input, inputlen, + output, &outlen ) ); + TEST_ASSERT( resultlen == outlen ); + /* check plaintext only if everything went fine */ + if( 0 == finish_result ) + TEST_ASSERT( 0 == memcmp( output, result, outlen ) ); + +exit: + mbedtls_cipher_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ void set_padding( int cipher_id, int pad_mode, int ret ) { From 4e64e0b9223718a378c0a7ac53fd21bd9dda106c Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 25 Sep 2017 18:22:32 +0300 Subject: [PATCH 147/368] Fix after PR comments 1. Don't set IV onECB 2. Fix style issues 3. reduce number of tests --- ChangeLog | 1 - library/cipher.c | 17 +- library/cipher_wrap.c | 6 +- tests/suites/test_suite_cipher.aes.data | 480 ++---------------------- tests/suites/test_suite_cipher.function | 6 +- 5 files changed, 36 insertions(+), 474 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2fc5e5028..b8e4b9851 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,7 +40,6 @@ Bugfix Changes * Change the shebang line in Perl scripts to look up perl in the PATH. Contributed by fbrosson. - * Add tests for the mbedtls_cipher_crypt() API = mbed TLS 2.11.0 branch released 2018-06-18 diff --git a/library/cipher.c b/library/cipher.c index 2771b05fc..da5520651 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -237,15 +237,11 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len ) { size_t actual_iv_size; - if( NULL == ctx || NULL == ctx->cipher_info || - ( NULL == iv && ( ctx->cipher_info->mode != MBEDTLS_MODE_ECB ) ) ) + if( NULL == ctx || NULL == ctx->cipher_info ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + else if( NULL == iv && iv_len != 0 ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - if ( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) - { - ctx->iv_size = 0; - return ( 0 ); - } /* avoid buffer overflow in ctx->iv */ if( iv_len > MBEDTLS_MAX_IV_LENGTH ) return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); @@ -273,8 +269,11 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, } #endif - memcpy( ctx->iv, iv, actual_iv_size ); - ctx->iv_size = actual_iv_size; + if ( actual_iv_size ) + { + memcpy( ctx->iv, iv, actual_iv_size ); + ctx->iv_size = actual_iv_size; + } return( 0 ); } diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 893490acc..6dd8c5d3a 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -258,7 +258,7 @@ static const mbedtls_cipher_info_t aes_128_ecb_info = { MBEDTLS_MODE_ECB, 128, "AES-128-ECB", - 16, + 0, 0, 16, &aes_info @@ -269,7 +269,7 @@ static const mbedtls_cipher_info_t aes_192_ecb_info = { MBEDTLS_MODE_ECB, 192, "AES-192-ECB", - 16, + 0, 0, 16, &aes_info @@ -280,7 +280,7 @@ static const mbedtls_cipher_info_t aes_256_ecb_info = { MBEDTLS_MODE_ECB, 256, "AES-256-ECB", - 16, + 0, 0, 16, &aes_info diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index fbe658b96..e81086360 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1516,113 +1516,21 @@ test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"000000000000000000000 AES-128-ECB crypt Encrypt NIST KAT #2 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"9798c4640bad75c7c3227db910174e72":"a9a1631bf4996954ebc093957b234589":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"f0000000000000000000000000000000":"":"00000000000000000000000000000000":"970014d634e2b7650777e8e84d03ccd8":0 AES-128-ECB crypt Encrypt NIST KAT #3 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"96ab5c2ff612d9dfaae8c31f30c42168":"ff4f8391a6a40ca5b25d23bedd44a597":0 - -AES-128-ECB crypt Encrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"e0000000000000000000000000000000":"":"00000000000000000000000000000000":"72a1da770f5d7ac4c9ef94d822affd97":0 - -AES-128-ECB crypt Encrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"f0000000000000000000000000000000":"":"00000000000000000000000000000000":"970014d634e2b7650777e8e84d03ccd8":0 - -AES-128-ECB crypt Encrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"f8000000000000000000000000000000":"":"00000000000000000000000000000000":"f17e79aed0db7e279e955b5f493875a7":0 - -AES-128-ECB crypt Encrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"fffffffffffff0000000000000000000":"":"00000000000000000000000000000000":"7b90785125505fad59b13c186dd66ce3":0 - -AES-128-ECB crypt Encrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"fffffffffffff8000000000000000000":"":"00000000000000000000000000000000":"8b527a6aebdaec9eaef8eda2cb7783e5":0 - -AES-128-ECB crypt Encrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"fffffffffffffc000000000000000000":"":"00000000000000000000000000000000":"43fdaf53ebbc9880c228617d6a9b548b":0 - -AES-128-ECB crypt Encrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffc000":"":"00000000000000000000000000000000":"70c46bb30692be657f7eaa93ebad9897":0 - -AES-128-ECB crypt Encrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0 - -AES-128-ECB crypt Encrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffffff000":"":"00000000000000000000000000000000":"1dbf57877b7b17385c85d0b54851e371":0 - -AES-128-ECB crypt Encrypt NIST KAT #13 -depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffc00000000000000000":"3a4d354f02bb5a5e47d39666867f246a":0 -AES-128-ECB crypt Encrypt NIST KAT #14 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffe00000000000000000":"d451b8d6e1e1a0ebb155fbbf6e7b7dc3":0 - -AES-128-ECB crypt Encrypt NIST KAT #15 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"fffffffffffffff00000000000000000":"6898d4f42fa7ba6a10ac05e87b9f2080":0 - -AES-128-ECB crypt Encrypt NIST KAT #16 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffffffffffffe0000000":"082eb8be35f442fb52668e16a591d1d6":0 - -AES-128-ECB crypt Encrypt NIST KAT #17 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"fffffffffffffffffffffffff0000000":"e656f9ecf5fe27ec3e4a73d00c282fb3":0 - -AES-128-ECB crypt Encrypt NIST KAT #18 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"fffffffffffffffffffffffff8000000":"2ca8209d63274cd9a29bb74bcd77683a":0 - AES-128-ECB crypt Decrypt NIST KAT #1 depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0 AES-128-ECB crypt Decrypt NIST KAT #2 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"a81738252621dd180a34f3455b4baa2f":"ff800000000000000000000000000000":0 - -AES-128-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"77e2b508db7fd89234caf7939ee5621a":"ffc00000000000000000000000000000":0 - -AES-128-ECB crypt Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"dc43be40be0e53712f7e2bf5ca707209":"6a118a874519e64e9963798a503f1d35":0 - -AES-128-ECB crypt Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"92beedab1895a94faa69b632e5cc47ce":"cb9fceec81286ca3e989bd979b0cb284":0 - -AES-128-ECB crypt Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"459264f4798f6a78bacb89c15ed3d601":"b26aeb1874e47ca8358ff22378f09144":0 - -AES-128-ECB crypt Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0 -AES-128-ECB crypt Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"71b5c08a1993e1362e4d0ce9b22b78d5":"":"c2dabd117f8a3ecabfbb11d12194d9d0":"00000000000000000000000000000000":0 - -AES-128-ECB crypt Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"e234cdca2606b81f29408d5f6da21206":"":"fff60a4740086b3b9c56195b98d91a7b":"00000000000000000000000000000000":0 - -AES-128-ECB crypt Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff0000000000000000":"":"84be19e053635f09f2665e7bae85b42d":"00000000000000000000000000000000":0 - -AES-128-ECB crypt Decrypt NIST KAT #11 +AES-128-ECB crypt Decrypt NIST KAT #3 depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0 @@ -1632,504 +1540,160 @@ test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000 AES-192-ECB crypt Encrypt NIST KAT #2 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"fffffffffffffffffffffc0000000000":"15eec9ebf42b9ca76897d2cd6c5a12e2":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"51719783d3185a535bd75adc65071ce1":"4f354592ff7c8847d2d0870ca9481b7c":0 AES-192-ECB crypt Encrypt NIST KAT #3 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"fffffffffffffffffffffe0000000000":"db0d3a6fdcc13f915e2b302ceeb70fd8":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"d2926527e0aa9f37b45e2ec2ade5853ef807576104c7ace3":"":"00000000000000000000000000000000":"dd619e1cf204446112e0af2b9afa8f8c":0 AES-192-ECB crypt Encrypt NIST KAT #4 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"51719783d3185a535bd75adc65071ce1":"4f354592ff7c8847d2d0870ca9481b7c":0 - -AES-192-ECB crypt Encrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"26aa49dcfe7629a8901a69a9914e6dfd":"d5e08bf9a182e857cf40b3a36ee248cc":0 - -AES-192-ECB crypt Encrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"941a4773058224e1ef66d10e0a6ee782":"067cd9d3749207791841562507fa9626":0 - -AES-192-ECB crypt Encrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"d2926527e0aa9f37b45e2ec2ade5853ef807576104c7ace3":"":"00000000000000000000000000000000":"dd619e1cf204446112e0af2b9afa8f8c":0 - -AES-192-ECB crypt Encrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"982215f4e173dfa0fcffe5d3da41c4812c7bcc8ed3540f93":"":"00000000000000000000000000000000":"d4f0aae13c8fe9339fbf9e69ed0ad74d":0 - -AES-192-ECB crypt Encrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"98c6b8e01e379fbd14e61af6af891596583565f2a27d59e9":"":"00000000000000000000000000000000":"19c80ec4a6deb7e5ed1033dda933498f":0 - -AES-192-ECB crypt Encrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffff800000000000000000000":"":"00000000000000000000000000000000":"8dd274bd0f1b58ae345d9e7233f9b8f3":0 -AES-192-ECB crypt Encrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffffc00000000000000000000":"":"00000000000000000000000000000000":"9d6bdc8f4ce5feb0f3bed2e4b9a9bb0b":0 - -AES-192-ECB crypt Encrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffffe00000000000000000000":"":"00000000000000000000000000000000":"fd5548bcf3f42565f7efa94562528d46":0 - AES-192-ECB crypt Decrypt NIST KAT #1 depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0 AES-192-ECB crypt Decrypt NIST KAT #2 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff800000000000000":"":"1b9f5fbd5e8a4264c0a85b80409afa5e":"00000000000000000000000000000000":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0 AES-192-ECB crypt Decrypt NIST KAT #3 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffc00000000000000":"":"30dab809f85a917fe924733f424ac589":"00000000000000000000000000000000":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0 AES-192-ECB crypt Decrypt NIST KAT #4 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0 - -AES-192-ECB crypt Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"b0ab0a6a818baef2d11fa33eac947284fb7d748cfb75e570":"":"d2eafd86f63b109b91f5dbb3a3fb7e13":"00000000000000000000000000000000":0 - -AES-192-ECB crypt Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ee053aa011c8b428cdcc3636313c54d6a03cac01c71579d6":"":"9b9fdd1c5975655f539998b306a324af":"00000000000000000000000000000000":0 - -AES-192-ECB crypt Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0 - -AES-192-ECB crypt Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"c9b8135ff1b5adc413dfd053b21bd96d":"9c2d8842e5f48f57648205d39a239af1":0 - -AES-192-ECB crypt Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"4a3650c3371ce2eb35e389a171427440":"bff52510095f518ecca60af4205444bb":0 - -AES-192-ECB crypt Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0 -AES-192-ECB crypt Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"a6cae46fb6fadfe7a2c302a34242817b":"ffffffffffffffffffffe00000000000":0 - -AES-192-ECB crypt Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"026a7024d6a902e0b3ffccbaa910cc3f":"fffffffffffffffffffff00000000000":0 - AES-256-ECB crypt Encrypt NIST KAT #1 depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":0 AES-256-ECB crypt Encrypt NIST KAT #2 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"984ca75f4ee8d706f46c2d98c0bf4a45f5b00d791c2dfeb191b5ed8e420fd627":"":"00000000000000000000000000000000":"4307456a9e67813b452e15fa8fffe398":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"0b24af36193ce4665f2825d7b4749c98":"a9ff75bd7cf6613d3731c77c3b6d0c04":0 AES-256-ECB crypt Encrypt NIST KAT #3 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"b43d08a447ac8609baadae4ff12918b9f68fc1653f1269222f123981ded7a92f":"":"00000000000000000000000000000000":"4663446607354989477a5c6f0f007ef4":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ffffff80000000000000000000000000":"36aff0ef7bf3280772cf4cac80a0d2b2":0 AES-256-ECB crypt Encrypt NIST KAT #4 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"0b24af36193ce4665f2825d7b4749c98":"a9ff75bd7cf6613d3731c77c3b6d0c04":0 - -AES-256-ECB crypt Encrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"761c1fe41a18acf20d241650611d90f1":"623a52fcea5d443e48d9181ab32c7421":0 - -AES-256-ECB crypt Encrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"8a560769d605868ad80d819bdba03771":"38f2c7ae10612415d27ca190d27da8b4":0 - -AES-256-ECB crypt Encrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ffffff80000000000000000000000000":"36aff0ef7bf3280772cf4cac80a0d2b2":0 - -AES-256-ECB crypt Encrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ffffffc0000000000000000000000000":"1f8eedea0f62a1406d58cfc3ecea72cf":0 - -AES-256-ECB crypt Encrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ffffffe0000000000000000000000000":"abf4154a3375a1d3e6b1d454438f95a6":0 - -AES-256-ECB crypt Encrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffff8000000000000000000000000000":"":"00000000000000000000000000000000":"45d089c36d5c5a4efc689e3b0de10dd5":0 -AES-256-ECB crypt Encrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffc000000000000000000000000000":"":"00000000000000000000000000000000":"b4da5df4becb5462e03a0ed00d295629":0 - -AES-256-ECB crypt Encrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffe000000000000000000000000000":"":"00000000000000000000000000000000":"dcf4e129136c1a4b7a0f38935cc34b2b":0 - AES-256-ECB crypt Decrypt NIST KAT #1 depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0 AES-256-ECB crypt Decrypt NIST KAT #2 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff80000000000000000":"":"6168b00ba7859e0970ecfd757efecf7c":"00000000000000000000000000000000":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0 AES-256-ECB crypt Decrypt NIST KAT #3 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffffc0000000000000000":"":"d1415447866230d28bb1ea18a4cdfd02":"00000000000000000000000000000000":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0 AES-256-ECB crypt Decrypt NIST KAT #4 depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0 - -AES-256-ECB crypt Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"797f8b3d176dac5b7e34a2d539c4ef367a16f8635f6264737591c5c07bf57a3e":"":"a74289fe73a4c123ca189ea1e1b49ad5":"00000000000000000000000000000000":0 - -AES-256-ECB crypt Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"6838d40caf927749c13f0329d331f448e202c73ef52c5f73a37ca635d4c47707":"":"b91d4ea4488644b56cf0812fa7fcf5fc":"00000000000000000000000000000000":0 - -AES-256-ECB crypt Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0 - -AES-256-ECB crypt Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"38f2c7ae10612415d27ca190d27da8b4":"8a560769d605868ad80d819bdba03771":0 - -AES-256-ECB crypt Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"1bc704f1bce135ceb810341b216d7abe":"91fbef2d15a97816060bee1feaa49afe":0 - -AES-256-ECB crypt Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0 -AES-256-ECB crypt Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"0a6bdc6d4c1e6280301fd8e97ddbe601":"c0000000000000000000000000000000":0 - -AES-256-ECB crypt Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C -test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0 - AES-128-CBC crypt Encrypt NIST KAT #1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":0 AES-128-CBC crypt Encrypt NIST KAT #2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"c0000000000000000000000000000000":"aae5939c8efdf2f04e60b9fe7117b2c2":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0 AES-128-CBC crypt Encrypt NIST KAT #3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"e0000000000000000000000000000000":"f031d4d74f5dcbf39daaf8ca3af6e527":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":0 AES-128-CBC crypt Encrypt NIST KAT #4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"f0000000000000000000000000000000":"96d9fd5cc4f07441727df0f33e401a36":0 - -AES-128-CBC crypt Encrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"ff000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"b1d758256b28fd850ad4944208cf1155":0 - -AES-128-CBC crypt Encrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"ffffc000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"df556a33438db87bc41b1752c55e5e49":0 - -AES-128-CBC crypt Encrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0 - -AES-128-CBC crypt Encrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":0 - -AES-128-CBC crypt Encrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"caea65cdbb75e9169ecd22ebe6e54675":"00000000000000000000000000000000":"00000000000000000000000000000000":"6e29201190152df4ee058139def610bb":0 - -AES-128-CBC crypt Encrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"b6364ac4e1de1e285eaf144a2415f7a0":"00000000000000000000000000000000":"00000000000000000000000000000000":"5d9b05578fc944b3cf1ccf0e746cd581":0 - -AES-128-CBC crypt Encrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0 -AES-128-CBC crypt Encrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"9798c4640bad75c7c3227db910174e72":"a9a1631bf4996954ebc093957b234589":0 - -AES-128-CBC crypt Encrypt NIST KAT #13 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"96ab5c2ff612d9dfaae8c31f30c42168":"ff4f8391a6a40ca5b25d23bedd44a597":0 - AES-128-CBC crypt Decrypt NIST KAT #1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0 AES-128-CBC crypt Decrypt NIST KAT #2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"aae5939c8efdf2f04e60b9fe7117b2c2":"c0000000000000000000000000000000":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"00000000000000000000000000000000":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0 AES-128-CBC crypt Decrypt NIST KAT #3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"f031d4d74f5dcbf39daaf8ca3af6e527":"e0000000000000000000000000000000":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0 AES-128-CBC crypt Decrypt NIST KAT #4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"96d9fd5cc4f07441727df0f33e401a36":"f0000000000000000000000000000000":0 - -AES-128-CBC crypt Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"ff000000000000000000000000000000":"00000000000000000000000000000000":"b1d758256b28fd850ad4944208cf1155":"00000000000000000000000000000000":0 - -AES-128-CBC crypt Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"00000000000000000000000000000000":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0 - -AES-128-CBC crypt Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":"00000000000000000000000000000000":0 - -AES-128-CBC crypt Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0 - -AES-128-CBC crypt Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"caea65cdbb75e9169ecd22ebe6e54675":"00000000000000000000000000000000":"6e29201190152df4ee058139def610bb":"00000000000000000000000000000000":0 - -AES-128-CBC crypt Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"b6364ac4e1de1e285eaf144a2415f7a0":"00000000000000000000000000000000":"5d9b05578fc944b3cf1ccf0e746cd581":"00000000000000000000000000000000":0 - -AES-128-CBC crypt Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0 -AES-128-CBC crypt Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"a9a1631bf4996954ebc093957b234589":"9798c4640bad75c7c3227db910174e72":0 - -AES-128-CBC crypt Decrypt NIST KAT #13 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"ff4f8391a6a40ca5b25d23bedd44a597":"96ab5c2ff612d9dfaae8c31f30c42168":0 - AES-192-CBC crypt Encrypt NIST KAT #1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":0 AES-192-CBC crypt Encrypt NIST KAT #2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"c0000000000000000000000000000000":"2ce1f8b7e30627c1c4519eada44bc436":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"ff0000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"833f71258d53036b02952c76c744f5a1":0 AES-192-CBC crypt Encrypt NIST KAT #3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"e0000000000000000000000000000000":"9946b5f87af446f5796c1fee63a2da24":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":0 AES-192-CBC crypt Encrypt NIST KAT #4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"f0000000000000000000000000000000":"2a560364ce529efc21788779568d5555":0 - -AES-192-CBC crypt Encrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"ff0000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"833f71258d53036b02952c76c744f5a1":0 - -AES-192-CBC crypt Encrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"ffffc0000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"b2f8b409b0585909aad3a7b5a219072a":0 - -AES-192-CBC crypt Encrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"75db7cfd4a7b2b62ab78a48f3ddaf4af":0 - -AES-192-CBC crypt Encrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":0 - -AES-192-CBC crypt Encrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"15d20f6ebc7e649fd95b76b107e6daba967c8a9484797f29":"00000000000000000000000000000000":"00000000000000000000000000000000":"8e4e18424e591a3d5b6f0876f16f8594":0 - -AES-192-CBC crypt Encrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"a8a282ee31c03fae4f8e9b8930d5473c2ed695a347e88b7c":"00000000000000000000000000000000":"00000000000000000000000000000000":"93f3270cfc877ef17e106ce938979cb0":0 - -AES-192-CBC crypt Encrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0 -AES-192-CBC crypt Encrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"9c2d8842e5f48f57648205d39a239af1":"c9b8135ff1b5adc413dfd053b21bd96d":0 - -AES-192-CBC crypt Encrypt NIST KAT #13 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"bff52510095f518ecca60af4205444bb":"4a3650c3371ce2eb35e389a171427440":0 - AES-192-CBC crypt Decrypt NIST KAT #1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0 AES-192-CBC crypt Decrypt NIST KAT #2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"2ce1f8b7e30627c1c4519eada44bc436":"c0000000000000000000000000000000":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0 AES-192-CBC crypt Decrypt NIST KAT #3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"9946b5f87af446f5796c1fee63a2da24":"e0000000000000000000000000000000":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0 AES-192-CBC crypt Decrypt NIST KAT #4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"2a560364ce529efc21788779568d5555":"f0000000000000000000000000000000":0 - -AES-192-CBC crypt Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0 - -AES-192-CBC crypt Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"ffffc0000000000000000000000000000000000000000000":"00000000000000000000000000000000":"b2f8b409b0585909aad3a7b5a219072a":"00000000000000000000000000000000":0 - -AES-192-CBC crypt Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"ffffffffffffffffffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"75db7cfd4a7b2b62ab78a48f3ddaf4af":"00000000000000000000000000000000":0 - -AES-192-CBC crypt Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0 - -AES-192-CBC crypt Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"15d20f6ebc7e649fd95b76b107e6daba967c8a9484797f29":"00000000000000000000000000000000":"8e4e18424e591a3d5b6f0876f16f8594":"00000000000000000000000000000000":0 - -AES-192-CBC crypt Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"a8a282ee31c03fae4f8e9b8930d5473c2ed695a347e88b7c":"00000000000000000000000000000000":"93f3270cfc877ef17e106ce938979cb0":"00000000000000000000000000000000":0 - -AES-192-CBC crypt Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0 -AES-192-CBC crypt Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"c9b8135ff1b5adc413dfd053b21bd96d":"9c2d8842e5f48f57648205d39a239af1":0 - -AES-192-CBC crypt Decrypt NIST KAT #13 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"4a3650c3371ce2eb35e389a171427440":"bff52510095f518ecca60af4205444bb":0 - AES-256-CBC crypt Encrypt NIST KAT #1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":0 AES-256-CBC crypt Encrypt NIST KAT #2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"c0000000000000000000000000000000":"0a6bdc6d4c1e6280301fd8e97ddbe601":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"ff00000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"ec52a212f80a09df6317021bc2a9819e":0 AES-256-CBC crypt Encrypt NIST KAT #3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"e0000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":0 AES-256-CBC crypt Encrypt NIST KAT #4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"f0000000000000000000000000000000":"7f2c5ece07a98d8bee13c51177395ff7":0 - -AES-256-CBC crypt Encrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"ff00000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"ec52a212f80a09df6317021bc2a9819e":0 - -AES-256-CBC crypt Encrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"ffffc00000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"27ef2495dabf323885aab39c80f18d8b":0 - -AES-256-CBC crypt Encrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"50e6d3c9b6698a7cd276f96b1473f35a":0 - -AES-256-CBC crypt Encrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":0 - -AES-256-CBC crypt Encrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"28d46cffa158533194214a91e712fc2b45b518076675affd910edeca5f41ac64":"00000000000000000000000000000000":"00000000000000000000000000000000":"4bf3b0a69aeb6657794f2901b1440ad4":0 - -AES-256-CBC crypt Encrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":0 - -AES-256-CBC crypt Encrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0 -AES-256-CBC crypt Encrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"0b24af36193ce4665f2825d7b4749c98":"a9ff75bd7cf6613d3731c77c3b6d0c04":0 - -AES-256-CBC crypt Encrypt NIST KAT #13 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"761c1fe41a18acf20d241650611d90f1":"623a52fcea5d443e48d9181ab32c7421":0 - AES-256-CBC crypt Decrypt NIST KAT #1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0 AES-256-CBC crypt Decrypt NIST KAT #2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"0a6bdc6d4c1e6280301fd8e97ddbe601":"c0000000000000000000000000000000":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0 AES-256-CBC crypt Decrypt NIST KAT #3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0 +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0 AES-256-CBC crypt Decrypt NIST KAT #4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"7f2c5ece07a98d8bee13c51177395ff7":"f0000000000000000000000000000000":0 - -AES-256-CBC crypt Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0 - -AES-256-CBC crypt Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"ffffc00000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"27ef2495dabf323885aab39c80f18d8b":"00000000000000000000000000000000":0 - -AES-256-CBC crypt Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"50e6d3c9b6698a7cd276f96b1473f35a":"00000000000000000000000000000000":0 - -AES-256-CBC crypt Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0 - -AES-256-CBC crypt Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"28d46cffa158533194214a91e712fc2b45b518076675affd910edeca5f41ac64":"00000000000000000000000000000000":"4bf3b0a69aeb6657794f2901b1440ad4":"00000000000000000000000000000000":0 - -AES-256-CBC crypt Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":"00000000000000000000000000000000":0 - -AES-256-CBC crypt Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0 -AES-256-CBC crypt Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"a9ff75bd7cf6613d3731c77c3b6d0c04":"0b24af36193ce4665f2825d7b4749c98":0 - -AES-256-CBC crypt Decrypt NIST KAT #13 -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0 - Cipher Corner Case behaviours depends_on:MBEDTLS_AES_C cipher_special_behaviours: diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 9b7c30167..2064474ad 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -120,8 +120,8 @@ void cipher_special_behaviours( ) TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, 0 ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - mbedtls_cipher_free( &ctx ); - cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); + mbedtls_cipher_free( &ctx ); + cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); TEST_ASSERT( NULL != cipher_info ); TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); @@ -730,7 +730,7 @@ void test_vec_crypt( int cipher_id, int operation, char *hex_key, if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode ) TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) ); - iv_len = unhexify( iv, hex_iv ); + iv_len = unhexify( iv, hex_iv ); TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv_len ? iv : NULL, iv_len, input, inputlen, From 6f90ed82b9213b7857e18dcb3a28f3db2351f1ee Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 26 Sep 2017 12:08:54 +0300 Subject: [PATCH 148/368] Fix CI failure Test IV special cases only if `MBEDTLS_CIPHER_MODE_CBC` is defined --- tests/suites/test_suite_cipher.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 2064474ad..c0aa831ea 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -98,12 +98,15 @@ void cipher_special_behaviours( ) mbedtls_cipher_context_t ctx; unsigned char input[32]; unsigned char output[32]; +#if defined (MBEDTLS_CIPHER_MODE_CBC) unsigned char iv[32]; +#endif size_t olen = 0; mbedtls_cipher_init( &ctx ); memset( input, 0, sizeof( input ) ); memset( output, 0, sizeof( output ) ); +#if defined (MBEDTLS_CIPHER_MODE_CBC) memset( iv, 0, sizeof( iv ) ); /* Check and get info structures */ @@ -121,6 +124,7 @@ void cipher_special_behaviours( ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); mbedtls_cipher_free( &ctx ); +#endif /* MBEDTLS_CIPHER_MODE_CBC */ cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); TEST_ASSERT( NULL != cipher_info ); From bb4bbbbbb481991b72575e2180ea86489e52d834 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 1 Oct 2017 17:04:54 +0300 Subject: [PATCH 149/368] Resolve PR review comments Address review comments: 1. add `mbedtls_cipher_init()` after freeing context, in test code 2. style comments 3. set `ctx->iv_size = 0` in case `IV == NULL && iv_len == 0` --- library/cipher.c | 5 ++++- tests/suites/test_suite_cipher.function | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index da5520651..d7acf34ee 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -242,6 +242,9 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, else if( NULL == iv && iv_len != 0 ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if( NULL == iv && iv_len == 0 ) + ctx->iv_size = 0; + /* avoid buffer overflow in ctx->iv */ if( iv_len > MBEDTLS_MAX_IV_LENGTH ) return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); @@ -269,7 +272,7 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, } #endif - if ( actual_iv_size ) + if ( actual_iv_size != 0 ) { memcpy( ctx->iv, iv, actual_iv_size ); ctx->iv_size = actual_iv_size; diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index c0aa831ea..1536c9d31 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -106,7 +106,7 @@ void cipher_special_behaviours( ) mbedtls_cipher_init( &ctx ); memset( input, 0, sizeof( input ) ); memset( output, 0, sizeof( output ) ); -#if defined (MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_CIPHER_MODE_CBC) memset( iv, 0, sizeof( iv ) ); /* Check and get info structures */ @@ -124,6 +124,7 @@ void cipher_special_behaviours( ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); mbedtls_cipher_free( &ctx ); + mbedtls_cipher_init( &ctx ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); TEST_ASSERT( NULL != cipher_info ); From 6b9cbb86855541cc7975fb3551fbe1def4682687 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 30 Jul 2018 20:06:19 +0200 Subject: [PATCH 150/368] Copyediting --- programs/README.md | 58 +++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/programs/README.md b/programs/README.md index fec8a60e4..31b7e2a2f 100644 --- a/programs/README.md +++ b/programs/README.md @@ -20,15 +20,15 @@ This subdirectory mostly contains sample programs that illustrate specific featu ### Generic public-key cryptography (`pk`) examples -* [`pkey/gen_key.c`](pkey/gen_key.c): generate a key for any of the supported public-key algorithms (RSA or ECC) and write it to a file that can be used by the other pk sample programs. +* [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs. -* [`pkey/key_app.c`](pkey/key_app.c): Load a PEM or DER public key or private key file and dump its content. +* [`pkey/key_app.c`](pkey/key_app.c): loads a PEM or DER public key or private key file and dumps its content. -* [`pkey/key_app_writer.c`](pkey/key_app_writer.c): Load a PEM or DER public key or private key file and write it to a new PEM or DER file. +* [`pkey/key_app_writer.c`](pkey/key_app_writer.c): loads a PEM or DER public key or private key file and writes it to a new PEM or DER file. -* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): Load a PEM or DER public/private key file and use the key to encrypt/decrypt a short string through the generic public-key interface. +* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): load a PEM or DER public/private key file and use the key to encrypt/decrypt a short string through the generic public-key interface. -* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): Load a PEM or DER private/public key file and use the key to sign/verify a short string. +* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): load a PEM or DER private/public key file and use the key to sign/verify a short string. ### ECDSA and RSA signature examples @@ -44,80 +44,80 @@ This subdirectory mostly contains sample programs that illustrate specific featu ### Diffie-Hellman key exchange examples -* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrator (client, server). Illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to set up a shared AES session key. +* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrators (client, server). Illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key. * [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement. ### Bignum (`mpi`) usage examples -* [`pkey/dh_genprime.c`](pkey/dh_genprime.c): illustrates the bignum (`mpi`) interface by generating Diffie-Hellman parameters. +* [`pkey/dh_genprime.c`](pkey/dh_genprime.c): shows how to use the bignum (`mpi`) interface to generate Diffie-Hellman parameters. * [`pkey/mpi_demo.c`](pkey/mpi_demo.c): demonstrates operations on big integers. ## Random number generator (RNG) examples -* [`random/gen_entropy.c`](random/gen_entropy.c): illustrates using the default entropy sources to generate random data. - Note: most applications should use the entropy generator only to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. +* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. + Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. -* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): illustrates using the default entropy sources to seed a pseudorandom generator, and using the resulting random generator to generate random data. +* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and using the resulting random generator to generate random data. -* [`random/gen_random_havege.c`](random/gen_random_havege.c): illustrates the HAVEGE entropy collector. +* [`random/gen_random_havege.c`](random/gen_random_havege.c): demonstrates the HAVEGE entropy collector. ## SSL/TLS examples ### SSL/TLS sample applications -* [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program which sends one datagram to the server and reads one datagram in response. +* [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response. -* [`ssl/dtls_server.c`](ssl/dtls_server.c): a simple DTLS server program which expects one datagram from the client and writes one datagram in response. This program supports DTLS cookies for hello verification. +* [`ssl/dtls_server.c`](ssl/dtls_server.c): a simple DTLS server program, which expects one datagram from the client and writes one datagram in response. This program supports DTLS cookies for hello verification. -* [`ssl/mini_client.c`](ssl/mini_client.c): a minimalistic SSL client which sends a short string and disconnects. This is intended more as a benchmark; for a better example of a typical TLS client, see `ssl/ssl_client1.c`. +* [`ssl/mini_client.c`](ssl/mini_client.c): a minimalistic SSL client, which sends a short string and disconnects. This is primarily intended as a benchmark; for a better example of a typical TLS client, see `ssl/ssl_client1.c`. * [`ssl/ssl_client1.c`](ssl/ssl_client1.c): a simple HTTPS client that sends a fixed request and displays the response. * [`ssl/ssl_fork_server.c`](ssl/ssl_fork_server.c): a simple HTTPS server using one process per client to send a fixed response. This program requires a Unix/POSIX environment implementing the `fork` system call. -* [`ssl/ssl_mail_client.c`](ssl/ssl_mail_client.c): a simple SMTP-over-TLS or SMTP-STARTTLS client. This client sends an email with a fixed content. +* [`ssl/ssl_mail_client.c`](ssl/ssl_mail_client.c): a simple SMTP-over-TLS or SMTP-STARTTLS client. This client sends an email with fixed content. -* [`ssl/ssl_pthread_server.c`](ssl/ssl_pthread_server.c): a simple HTTPS server using one thread per client to send a fixed response. This program requires a the pthread library. +* [`ssl/ssl_pthread_server.c`](ssl/ssl_pthread_server.c): a simple HTTPS server using one thread per client to send a fixed response. This program requires the pthread library. -* [`ssl/ssl_server.c`](ssl/ssl_server.c): a simple HTTPS server that sends a fixed response. This server serves a single client at a time. +* [`ssl/ssl_server.c`](ssl/ssl_server.c): a simple HTTPS server that sends a fixed response. This server accepts a single client at a time. ### SSL/TLS feature demonstrators -Note: unlike most of the other programs under the `programs/` directory, these two programs are not intended as a basis to start writing an application. They combine most of the features supported by the library, and most applications require only a few features. It is recommended to start with `ssl_client1.c` or `ssl_server.c`, and to look inside `ssl/ssl_client2.c` or `ssl/ssl_server2.c` to see how to use the specific features that your application needs. +Note: unlike most of the other programs under the `programs/` directory, these two programs are not intended as a basis for writing an application. They combine most of the features supported by the library, and most applications require only a few features. To write a new application, we recommended that you start with `ssl_client1.c` or `ssl_server.c`, and then look inside `ssl/ssl_client2.c` or `ssl/ssl_server2.c` to see how to use the specific features that your application needs. * [`ssl/ssl_client2.c`](ssl/ssl_client2.c): an HTTPS client that sends a fixed request and displays the response, with options to select TLS protocol features and Mbed TLS library features. * [`ssl/ssl_server2.c`](ssl/ssl_server2.c): an HTTPS server that sends a fixed response, with options to select TLS protocol features and Mbed TLS library features. -These programs have options to trigger certain behaviors (e.g. reconnection, renegotiation) so the `ssl_server2` program can be useful to test features in your TLS client and the `ssl_client2` program can be useful to test features in your TLS server. +In addition to providing options for testing client-side features, the `ssl_client2` program has options to exercise certain behaviors in the server (for example, to select ciphersuites, or to force a renegotiation), which are useful to test the corresponding features in a TLS server. Likewise, `ssl_server2` has options to activate certain behaviors that are useful to test a TLS client. ## Test utilities * [`test/benchmark.c`](test/benchmark.c): benchmark for cryptographic algorithms. -* [`test/selftest.c`](test/selftest.c): runs the self-test functions in all the library modules. +* [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module. -* [`test/ssl_cert_test.c`](test/ssl_cert_test.c): verify some X.509 certificates, and verify that each certificate matches the corresponding private key (supported for RSA keys only). +* [`test/ssl_cert_test.c`](test/ssl_cert_test.c): demonstrates how to verify X.509 certificates, and (for RSA keys only) how to check that each certificate matches the corresponding private key. This program requires some test data which is not provided. -* [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful to test DTLS. +* [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. ## Development utilities -* [`util/pem2der.c`](util/pem2der.c): a PEM to DER converter. Mbed TLS can read PEM files directly, but this utility can be useful to interact with other tools or with minimal Mbed TLS builds that lack PEM support. +* [`util/pem2der.c`](util/pem2der.c): a PEM to DER converter. Mbed TLS can read PEM files directly, but this utility can be useful for interacting with other tools or with minimal Mbed TLS builds that lack PEM support. -* [`util/strerror.c`](util/strerror.c): print the error description corresponding to an integer status returned by an Mbed TLS function. +* [`util/strerror.c`](util/strerror.c): prints the error description corresponding to an integer status returned by an Mbed TLS function. ## X.509 certificate examples -* [`x509/cert_app.c`](x509/cert_app.c): connect to a TLS server and verify its certificate chain. +* [`x509/cert_app.c`](x509/cert_app.c): connects to a TLS server and verifies its certificate chain. -* [`x509/cert_req.c`](x509/cert_req.c): generate a certificate signing request (CSR) for a private key. +* [`x509/cert_req.c`](x509/cert_req.c): generates a certificate signing request (CSR) for a private key. -* [`x509/cert_write.c`](x509/cert_write.c): sign a certificate signing request, or self-sign a certificate. +* [`x509/cert_write.c`](x509/cert_write.c): signs a certificate signing request, or self-sign a certificate. -* [`x509/crl_app.c`](x509/crl_app.c): load and dump a certificate revocation list (CRL). +* [`x509/crl_app.c`](x509/crl_app.c): loads and dumps a certificate revocation list (CRL). -* [`x509/req_app.c`](x509/req_app.c): load and dump a certificate signing request (CSR). +* [`x509/req_app.c`](x509/req_app.c): loads and dumps a certificate signing request (CSR). From c2e5cdd536c16f460555e00cf90ec51512db79ae Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 30 Jul 2018 20:11:05 +0200 Subject: [PATCH 151/368] Explain aescrypt2 better and warn that it doesn't do things properly --- programs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/README.md b/programs/README.md index 31b7e2a2f..7075ae2dd 100644 --- a/programs/README.md +++ b/programs/README.md @@ -5,8 +5,8 @@ This subdirectory mostly contains sample programs that illustrate specific featu ## Symmetric cryptography (AES) examples -* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication, demonstrating the low-level AES interface and HMAC. - Warning: this program illustrates how to roll your own block cipher mode. Most applications should not do this and should instead use the standard library functions (e.g. `mbedtls_aes_crypt_cbc`). +* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC. + Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the `pkcs5` module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module). * [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface. From 27a046058a660f9c177587071d10ddd9446a53d9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 6 Aug 2018 20:09:16 +0200 Subject: [PATCH 152/368] Unify the grammar of descriptions Use "program: does this and then does that" throughout. --- programs/README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/programs/README.md b/programs/README.md index 7075ae2dd..f9e961f88 100644 --- a/programs/README.md +++ b/programs/README.md @@ -26,25 +26,25 @@ This subdirectory mostly contains sample programs that illustrate specific featu * [`pkey/key_app_writer.c`](pkey/key_app_writer.c): loads a PEM or DER public key or private key file and writes it to a new PEM or DER file. -* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): load a PEM or DER public/private key file and use the key to encrypt/decrypt a short string through the generic public-key interface. +* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): loads a PEM or DER public/private key file and uses the key to encrypt/decrypt a short string through the generic public-key interface. -* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): load a PEM or DER private/public key file and use the key to sign/verify a short string. +* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string. ### ECDSA and RSA signature examples -* [`pkey/ecdsa.c`](pkey/ecdsa.c): generate an ECDSA key, sign a fixed message and verify the signature. +* [`pkey/ecdsa.c`](pkey/ecdsa.c): generates an ECDSA key, sign a fixed message and verify the signature. -* [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): load an RSA public/private key and use it to encrypt/decrypt a short string through the low-level RSA interface. +* [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): loads an RSA public/private key and uses it to encrypt/decrypt a short string through the low-level RSA interface. -* [`pkey/rsa_genkey.c`](pkey/rsa_genkey.c): generate an RSA key and write it to a file that can be used with the other RSA sample programs. +* [`pkey/rsa_genkey.c`](pkey/rsa_genkey.c): generates an RSA key and writes it to a file that can be used with the other RSA sample programs. -* [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): load an RSA private/public key and use it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm. +* [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm. -* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): load an RSA private/public key and use it to sign/verify a short string with the RSASSA-PSS algorithm. +* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and use it to sign/verify a short string with the RSASSA-PSS algorithm. ### Diffie-Hellman key exchange examples -* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrators (client, server). Illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key. +* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrators (client, server). This pair of programs illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key. * [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement. @@ -115,7 +115,7 @@ In addition to providing options for testing client-side features, the `ssl_clie * [`x509/cert_req.c`](x509/cert_req.c): generates a certificate signing request (CSR) for a private key. -* [`x509/cert_write.c`](x509/cert_write.c): signs a certificate signing request, or self-sign a certificate. +* [`x509/cert_write.c`](x509/cert_write.c): signs a certificate signing request, or self-signs a certificate. * [`x509/crl_app.c`](x509/crl_app.c): loads and dumps a certificate revocation list (CRL). From aa22030e21c7b2af27ee5095d823402af1e9072a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 6 Aug 2018 20:19:50 +0200 Subject: [PATCH 153/368] Further wording improvements --- programs/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/README.md b/programs/README.md index f9e961f88..ef20993e9 100644 --- a/programs/README.md +++ b/programs/README.md @@ -59,7 +59,7 @@ This subdirectory mostly contains sample programs that illustrate specific featu * [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. -* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and using the resulting random generator to generate random data. +* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data. * [`random/gen_random_havege.c`](random/gen_random_havege.c): demonstrates the HAVEGE entropy collector. @@ -81,7 +81,7 @@ This subdirectory mostly contains sample programs that illustrate specific featu * [`ssl/ssl_pthread_server.c`](ssl/ssl_pthread_server.c): a simple HTTPS server using one thread per client to send a fixed response. This program requires the pthread library. -* [`ssl/ssl_server.c`](ssl/ssl_server.c): a simple HTTPS server that sends a fixed response. This server accepts a single client at a time. +* [`ssl/ssl_server.c`](ssl/ssl_server.c): a simple HTTPS server that sends a fixed response. It serves a single client at a time. ### SSL/TLS feature demonstrators @@ -91,7 +91,7 @@ Note: unlike most of the other programs under the `programs/` directory, these t * [`ssl/ssl_server2.c`](ssl/ssl_server2.c): an HTTPS server that sends a fixed response, with options to select TLS protocol features and Mbed TLS library features. -In addition to providing options for testing client-side features, the `ssl_client2` program has options to exercise certain behaviors in the server (for example, to select ciphersuites, or to force a renegotiation), which are useful to test the corresponding features in a TLS server. Likewise, `ssl_server2` has options to activate certain behaviors that are useful to test a TLS client. +In addition to providing options for testing client-side features, the `ssl_client2` program has options that allow you to trigger certain behaviors in the server. For example, there are options to select ciphersuites, or to force a renegotiation. These options are useful for testing the corresponding features in a TLS server. Likewise, `ssl_server2` has options to activate certain behaviors that are useful for testing a TLS client. ## Test utilities From ce6eebb0b89ce7deaa87009404399e9511c2af0b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 7 Aug 2018 20:26:55 +0100 Subject: [PATCH 154/368] Use gmtime when target is not windows or posix --- include/mbedtls/threading.h | 9 +++++++++ library/threading.c | 17 +++++++++++++++++ library/x509.c | 24 +++++++++++++++++++++++- 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index c25daa5cd..4cfaadde2 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -99,6 +99,15 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); #if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif +#if defined(MBEDTLS_HAVE_TIME_DATE) +#if !defined(_WIN32) && (defined(__unix__) || \ + (defined(__APPLE__) && defined(__MACH__))) +#include +#if !defined(_POSIX_VERSION) +extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; +#endif /* !_POSIX_VERSION */ +#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ +#endif /* MBEDTLS_HAVE_TIME_DATE */ #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/threading.c b/library/threading.c index 7a32e672c..fa4f6c928 100644 --- a/library/threading.c +++ b/library/threading.c @@ -29,6 +29,14 @@ #include "mbedtls/threading.h" +#if !defined(_WIN32) && (defined(__unix__) || \ + (defined(__APPLE__) && defined(__MACH__))) +#include +#if !defined(_POSIX_VERSION) +#define MBEDTLS_THREADING_USE_GMTIME +#endif /* !_POSIX_VERSION */ +#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ + #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) { @@ -114,6 +122,9 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * #if defined(MBEDTLS_FS_IO) mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); #endif +#if defined(MBEDTLS_THREADING_USE_GMTIME) + mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); +#endif } /* @@ -124,6 +135,9 @@ void mbedtls_threading_free_alt( void ) #if defined(MBEDTLS_FS_IO) mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); #endif +#if defined(MBEDTLS_THREADING_USE_GMTIME) + mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); +#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -136,5 +150,8 @@ void mbedtls_threading_free_alt( void ) #if defined(MBEDTLS_FS_IO) mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; #endif +#if defined(MBEDTLS_THREADING_USE_GMTIME) +mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; +#endif #endif /* MBEDTLS_THREADING_C */ diff --git a/library/x509.c b/library/x509.c index 2e6795f75..b7e799b44 100644 --- a/library/x509.c +++ b/library/x509.c @@ -890,6 +890,14 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) } #if defined(MBEDTLS_HAVE_TIME_DATE) +#if !defined(_WIN32) && (defined(__unix__) || \ + (defined(__APPLE__) && defined(__MACH__))) +#include +#if !defined(_POSIX_VERSION) +#define MBEDTLS_X509_USE_GMTIME +#endif /* !_POSIX_VERSION */ +#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ + /* * Set the time structure to the current time. * Return 0 on success, non-zero on failure. @@ -900,11 +908,20 @@ static int x509_get_current_time( mbedtls_x509_time *now ) mbedtls_time_t tt; int ret = 0; + (void)tm_buf; + +#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME) + if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */ + tt = mbedtls_time( NULL ); #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) lt = gmtime_s( &tm_buf, &tt ) == 0 ? &tm_buf : NULL; -#else +#elif defined(_POSIX_VERSION) lt = gmtime_r( &tt, &tm_buf ); +#else + lt = gmtime( &tt ); #endif if( lt == NULL ) @@ -919,6 +936,11 @@ static int x509_get_current_time( mbedtls_x509_time *now ) now->sec = lt->tm_sec; } +#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME) + if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */ + return( ret ); } From 824dfb34b4b34854daefa71211a8896c634f33f4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 7 Aug 2018 20:29:57 +0100 Subject: [PATCH 155/368] Add ChangeLog entry for use of gmtime --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index bda3de8f5..d8b282990 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890 + * Fix build failures on where only gmtime() is available but neither + gmtime_r() nor gmtime_s() are present. Fixes #1907. = mbed TLS 2.12.0 branch released 2018-07-25 From 97f3ecb972f2901c55c9a490a69f175012e7e6d1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 7 Aug 2018 20:39:27 +0100 Subject: [PATCH 156/368] Document dependency on gmtime, gmtime_r & gmtime_s --- include/mbedtls/config.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 70820be56..9ee86ff24 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -137,12 +137,20 @@ /** * \def MBEDTLS_HAVE_TIME_DATE * - * System has time.h and time(), gmtime() and the clock is correct. + * System has time.h and time(), gmtime_s() (Windows), gmtime_r() (POSIX) or + * gmtime() and the clock is correct. * The time needs to be correct (not necesarily very accurate, but at least * the date should be correct). This is used to verify the validity period of * X.509 certificates. * * Comment if your system does not have a correct clock. + * + * \warning gmtime() is used if the target platform is neither Windows nor + * POSIX. Unfortunately, gmtime() is not thread-safe, so a mutex is used when + * MBEDTLS_THREADING_C is defined to guarantee sequential usage of gmtime() + * across Mbed TLS threads. However, applications must ensure that calls to + * gmtime() from outside the library also use the mutex to avoid concurrency + * issues. */ #define MBEDTLS_HAVE_TIME_DATE From d7177435e3eb9ec7c1c34e16da9b6385003543e9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 8 Aug 2018 09:41:17 +0100 Subject: [PATCH 157/368] Fix check-names.sh fail with USE_GMTIME macro --- library/threading.c | 8 ++++---- library/x509.c | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/library/threading.c b/library/threading.c index fa4f6c928..95ae8d144 100644 --- a/library/threading.c +++ b/library/threading.c @@ -33,7 +33,7 @@ (defined(__APPLE__) && defined(__MACH__))) #include #if !defined(_POSIX_VERSION) -#define MBEDTLS_THREADING_USE_GMTIME +#define THREADING_USE_GMTIME #endif /* !_POSIX_VERSION */ #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ @@ -122,7 +122,7 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * #if defined(MBEDTLS_FS_IO) mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); #endif -#if defined(MBEDTLS_THREADING_USE_GMTIME) +#if defined(THREADING_USE_GMTIME) mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); #endif } @@ -135,7 +135,7 @@ void mbedtls_threading_free_alt( void ) #if defined(MBEDTLS_FS_IO) mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); #endif -#if defined(MBEDTLS_THREADING_USE_GMTIME) +#if defined(THREADING_USE_GMTIME) mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); #endif } @@ -150,7 +150,7 @@ void mbedtls_threading_free_alt( void ) #if defined(MBEDTLS_FS_IO) mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; #endif -#if defined(MBEDTLS_THREADING_USE_GMTIME) +#if defined(THREADING_USE_GMTIME) mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; #endif diff --git a/library/x509.c b/library/x509.c index b7e799b44..03c3bbe1d 100644 --- a/library/x509.c +++ b/library/x509.c @@ -894,7 +894,7 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) (defined(__APPLE__) && defined(__MACH__))) #include #if !defined(_POSIX_VERSION) -#define MBEDTLS_X509_USE_GMTIME +#define X509_USE_GMTIME #endif /* !_POSIX_VERSION */ #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ @@ -910,10 +910,10 @@ static int x509_get_current_time( mbedtls_x509_time *now ) (void)tm_buf; -#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME) +#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME) if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */ +#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */ tt = mbedtls_time( NULL ); #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) @@ -936,10 +936,10 @@ static int x509_get_current_time( mbedtls_x509_time *now ) now->sec = lt->tm_sec; } -#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME) +#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME) if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */ +#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */ return( ret ); } From 0b54419bc8c7274bb66cbd5fe320eb82506ba29c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Aug 2018 11:32:11 +0200 Subject: [PATCH 158/368] More grammar alignment --- programs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/README.md b/programs/README.md index ef20993e9..d8e4cd62b 100644 --- a/programs/README.md +++ b/programs/README.md @@ -32,7 +32,7 @@ This subdirectory mostly contains sample programs that illustrate specific featu ### ECDSA and RSA signature examples -* [`pkey/ecdsa.c`](pkey/ecdsa.c): generates an ECDSA key, sign a fixed message and verify the signature. +* [`pkey/ecdsa.c`](pkey/ecdsa.c): generates an ECDSA key, signs a fixed message and verifies the signature. * [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): loads an RSA public/private key and uses it to encrypt/decrypt a short string through the low-level RSA interface. @@ -40,7 +40,7 @@ This subdirectory mostly contains sample programs that illustrate specific featu * [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm. -* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and use it to sign/verify a short string with the RSASSA-PSS algorithm. +* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm. ### Diffie-Hellman key exchange examples From ffbdc614493e9688ece2c11ab87fadff8aab9dde Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Aug 2018 11:48:52 +0200 Subject: [PATCH 159/368] Add test/zeroize.c --- programs/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/README.md b/programs/README.md index d8e4cd62b..eb25a7f69 100644 --- a/programs/README.md +++ b/programs/README.md @@ -103,6 +103,8 @@ In addition to providing options for testing client-side features, the `ssl_clie * [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. +* [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb). + ## Development utilities * [`util/pem2der.c`](util/pem2der.c): a PEM to DER converter. Mbed TLS can read PEM files directly, but this utility can be useful for interacting with other tools or with minimal Mbed TLS builds that lack PEM support. From 1abb368b8760569a53350f6d7f7cd628812f29d5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 16 Aug 2018 21:42:09 +0100 Subject: [PATCH 160/368] Make gmtime() configurable at compile-time --- include/mbedtls/config.h | 19 +++++++++++++ include/mbedtls/platform_util.h | 43 +++++++++++++++++++++++++++++ include/mbedtls/threading.h | 4 +-- library/platform_util.c | 49 +++++++++++++++++++++++++++++++++ library/threading.c | 4 +-- library/x509.c | 31 ++------------------- 6 files changed, 117 insertions(+), 33 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 9ee86ff24..18fbf92df 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3091,6 +3091,25 @@ */ //#define MBEDTLS_PLATFORM_ZEROIZE_ALT +/** + * Uncomment the macro to let Mbed TLS use your alternate implementation of + * mbedtls_platform_gmtime(). This replaces the default implementation in + * platform_util.c. + * + * gmtime() is not a thread safe function as defined in the C standard. The + * library will try to use safer implementations of this function, such as + * gmtime_r() when available. However, if Mbed TLS cannot identify the target + * system, the implementation of mbedtls_platform_gmtime() will default to + * using the standard gmtime(). In this case, calls from the library to + * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex + * if MBEDTLS_THREADING_C is enable. It is advised that calls from outside the + * library are also guarded with this mutex to avoid race conditions. However, + * if the macro MBEDTLS_PLATFORM_GMTIME_ALT is defined, Mbed TLS will + * unconditionally use the implementation for mbedtls_platform_time() supplied + * at compile time. + */ +//#define MBEDTLS_PLATFORM_GMTIME_ALT + /* \} name SECTION: Customisation configuration options */ /* Target and application specific configurations */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 84f0732ee..5f26fb82c 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -25,7 +25,18 @@ #ifndef MBEDTLS_PLATFORM_UTIL_H #define MBEDTLS_PLATFORM_UTIL_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "mbedtls/platform_time.h" + #include +#if defined(MBEDTLS_HAVE_TIME_DATE) +#include +#endif /* MBEDTLS_HAVE_TIME_DATE */ #ifdef __cplusplus extern "C" { @@ -55,6 +66,38 @@ extern "C" { */ void mbedtls_platform_zeroize( void *buf, size_t len ); +#if defined(MBEDTLS_HAVE_TIME_DATE) +/** + * \brief Thread safe implementation of gmtime() + * + * The function is an abstraction that when called behaves similar + * to the gmtime() function from the C standard, but is thread + * safe. + * + * Mbed TLS will try to identify the underlying platform and + * configure an appropriate underlying implementation (e.g. + * gmtime_r() for POSIX and gmtime_s() for Windows). If this is + * not possible, then gmtime() will be used. In this case, calls + * from the library to gmtime() will be guarded by the mutex + * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is + * enabled. It is recommended that calls from outside the library + * are also guarded by this mutex. + * + * If MBEDTLS_PLATFORM_GMTIME_ALT is defined, then Mbed TLS will + * unconditionally use the alternative implementation for + * mbedtls_platform_gmtime() supplied by the user at compile time + * + * \param tt Pointer to an object containing time (in seconds) since the + * Epoc to be converted + * \param tm Pointer to an object where the results will be stored + * + * \return Pointer to an object of type struct tm on success, otherwise + * NULL + */ +struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, + struct tm *tm_buf ); +#endif /* MBEDTLS_HAVE_TIME_DATE */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 4cfaadde2..070715259 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -103,9 +103,9 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #if !defined(_WIN32) && (defined(__unix__) || \ (defined(__APPLE__) && defined(__MACH__))) #include -#if !defined(_POSIX_VERSION) +#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#endif /* !_POSIX_VERSION */ +#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE */ #endif /* MBEDTLS_THREADING_C */ diff --git a/library/platform_util.c b/library/platform_util.c index 1a57de939..e41f3c49c 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -20,6 +20,12 @@ * This file is part of Mbed TLS (https://tls.mbed.org) */ +/* + * Ensure gmtime_r is available even with -std=c99; must be included before + * config.h, which pulls in glibc's features.h. Harmless on other platforms. + */ +#define _POSIX_C_SOURCE 200112L + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -27,6 +33,7 @@ #endif #include "mbedtls/platform_util.h" +#include "mbedtls/threading.h" #include #include @@ -65,3 +72,45 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) memset_func( buf, 0, len ); } #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ + +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) +#include +#if !defined(_WIN32) && (defined(__unix__) || \ + (defined(__APPLE__) && defined(__MACH__))) +#include +#if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS +#define PLATFORM_UTIL_USE_GMTIME +#endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ +#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ + +struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, + struct tm *tm_buf ) +{ +#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) + return ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL; +#elif !defined(PLATFORM_UTIL_USE_GMTIME) + return gmtime_r( tt, tm_buf ); +#else + struct tm *lt; + +#if defined(MBEDTLS_THREADING_C) + if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) + return( NULL ); +#endif /* MBEDTLS_THREADING_C */ + + lt = gmtime( tt ); + + if( lt != NULL ) + { + memcpy( tm_buf, lt, sizeof( struct tm ) ); + } + +#if defined(MBEDTLS_THREADING_C) + if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) + return( NULL ); +#endif /* MBEDTLS_THREADING_C */ + + return ( lt == NULL ) ? NULL : tm_buf; +#endif +} +#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_ALT */ diff --git a/library/threading.c b/library/threading.c index 95ae8d144..3d7f61b2e 100644 --- a/library/threading.c +++ b/library/threading.c @@ -32,9 +32,9 @@ #if !defined(_WIN32) && (defined(__unix__) || \ (defined(__APPLE__) && defined(__MACH__))) #include -#if !defined(_POSIX_VERSION) +#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS #define THREADING_USE_GMTIME -#endif /* !_POSIX_VERSION */ +#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ #if defined(MBEDTLS_THREADING_PTHREAD) diff --git a/library/x509.c b/library/x509.c index 03c3bbe1d..15c0123c3 100644 --- a/library/x509.c +++ b/library/x509.c @@ -29,10 +29,6 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -/* Ensure gmtime_r is available even with -std=c99; must be included before - * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ -#define _POSIX_C_SOURCE 200112L - #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -67,6 +63,7 @@ #include "mbedtls/platform_time.h" #endif #if defined(MBEDTLS_HAVE_TIME_DATE) +#include "mbedtls/platform_util.h" #include #endif @@ -890,14 +887,6 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) } #if defined(MBEDTLS_HAVE_TIME_DATE) -#if !defined(_WIN32) && (defined(__unix__) || \ - (defined(__APPLE__) && defined(__MACH__))) -#include -#if !defined(_POSIX_VERSION) -#define X509_USE_GMTIME -#endif /* !_POSIX_VERSION */ -#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ - /* * Set the time structure to the current time. * Return 0 on success, non-zero on failure. @@ -910,19 +899,8 @@ static int x509_get_current_time( mbedtls_x509_time *now ) (void)tm_buf; -#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME) - if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */ - tt = mbedtls_time( NULL ); -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - lt = gmtime_s( &tm_buf, &tt ) == 0 ? &tm_buf : NULL; -#elif defined(_POSIX_VERSION) - lt = gmtime_r( &tt, &tm_buf ); -#else - lt = gmtime( &tt ); -#endif + lt = mbedtls_platform_gmtime( &tt, &tm_buf ); if( lt == NULL ) ret = -1; @@ -936,11 +914,6 @@ static int x509_get_current_time( mbedtls_x509_time *now ) now->sec = lt->tm_sec; } -#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME) - if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */ - return( ret ); } From a7b9f15f2721850ba2d4a02d438e40e050358f12 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 16 Aug 2018 21:46:35 +0100 Subject: [PATCH 161/368] Add ChangeLog entry for configurable gmtime() in platform --- ChangeLog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index d8b282990..5aa54e57c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +API Changes + * Extend the platform module with an abstraction mbedtls_platform_gmtime() + whose implementation should behave as a thread safe version of gmtime(). + This allows users to configure such an implementation at compile time when + the target system cannot be deduced automatically. At this stage Mbed TLS + is only able to configure implementations for Windows and POSIX C + libraries. + Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890 From 248e27c487ed2aca15b335112bf909808ba8ba10 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 16 Aug 2018 21:50:23 +0100 Subject: [PATCH 162/368] Remove redundant statement from x509_get_current_time --- library/x509.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/x509.c b/library/x509.c index 15c0123c3..c17697b22 100644 --- a/library/x509.c +++ b/library/x509.c @@ -897,8 +897,6 @@ static int x509_get_current_time( mbedtls_x509_time *now ) mbedtls_time_t tt; int ret = 0; - (void)tm_buf; - tt = mbedtls_time( NULL ); lt = mbedtls_platform_gmtime( &tt, &tm_buf ); From a4588d49272ae93a7a4f8cd4907403c0fdc7e7bd Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Mon, 30 Jul 2018 16:59:36 +0300 Subject: [PATCH 163/368] enable the use of variable size keys in ctr_drbg (was hard-coded 256bit before) --- include/mbedtls/ctr_drbg.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 3a4b7f3f1..1323043ff 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -8,8 +8,11 @@ * Recommendation for Random Number Generation Using Deterministic Random * Bit Generators. * - * The Mbed TLS implementation of CTR_DRBG uses AES-256 as the underlying - * block cipher. + * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128 + * as the underlying block cipher. + * + * * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -45,7 +48,16 @@ #define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */ #define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ +#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_256) #define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */ +#else +#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128) +#warning Warning: using smaller (128bit) key size for CTR DRBG may reduce the security of some operations. +#define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher. */ +#else +#error for ctr DRBG either MBEDTLS_CTR_DRBG_KEYSIZE_256 (default) or MBEDTLS_CTR_DRBG_KEYSIZE_128 must be set +#endif +#endif #define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */ #define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */ From 604e60d915e3894db546bad2f543366162cacac2 Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Mon, 30 Jul 2018 17:01:10 +0300 Subject: [PATCH 164/368] add default value for CTR DRBG key size --- include/mbedtls/config.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 70820be56..a79dff83e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2018,7 +2018,7 @@ /** * \def MBEDTLS_CTR_DRBG_C * - * Enable the CTR_DRBG AES-256-based random generator. + * Enable the CTR_DRBG AES-256-based(default) or AES-128-based random generator. * * Module: library/ctr_drbg.c * Caller: @@ -2029,6 +2029,16 @@ */ #define MBEDTLS_CTR_DRBG_C +/** + * configure key size for ctr DRBG , either + * MBEDTLS_CTR_DRBG_KEYSIZE_256 (default) + * or + * MBEDTLS_CTR_DRBG_KEYSIZE_128 + * must be set. + */ +#if !defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128) +#define MBEDTLS_CTR_DRBG_KEY_SIZE_256 1 +#endif /** * \def MBEDTLS_DEBUG_C * From c9547cc23b118475a4428adf08d19166cf5c7ab7 Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Mon, 30 Jul 2018 17:03:40 +0300 Subject: [PATCH 165/368] add NIST test vector for 128 bit keys (not passing yet). --- tests/suites/test_suite_ctr_drbg.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 666165851..e0474468b 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -733,3 +733,6 @@ ctr_drbg_special_behaviours: CTR_DRBG self test ctr_drbg_selftest: +CTR_DRBG NIST Validation (AES-128 use df,True,256,128,0,0) #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +ctr_drbg_validate_pr:"d254fcff021e69d229c9cfad85fa486c":"c18081a65d44021619b3f180b1c920026a546f0c7081498b6ea662526d51b1cb583bfad5375ffbc9ff46d219c7223e95459d82e1e7229f633169d26b57474fa337c9981c0bfb91314d55b9e91c5a5ee49392cfc52312d5562c4a6effdc10d068":"":"":"34011656b429008f3563ecb5f2590723" From 04354b079621e7f2e5d0eca26a63b598a7ead5f6 Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Mon, 30 Jul 2018 17:22:13 +0300 Subject: [PATCH 166/368] add ChangeLog entry --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0598cfa1a..d43ba740f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -71,6 +71,8 @@ Features independently contributed again by Paul Sokolovsky. * Add support for key wrapping modes based on AES as defined by NIST SP 800-38F algorithms KW and KWP and by RFC 3394 and RFC 5649. + * Add support different keys sizes to CTR_CRBG. Note: using shorter keys + than 256 bit may decrease security. Bugfix * Fix the key_app_writer example which was writing a leading zero byte which From eb73f7ab6fdb5cfcec1f90cee52fa1c490e11b56 Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Mon, 30 Jul 2018 17:46:49 +0300 Subject: [PATCH 167/368] fix trailing white spaces --- include/mbedtls/config.h | 6 +++--- include/mbedtls/ctr_drbg.h | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a79dff83e..ad35f7b8e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2030,13 +2030,13 @@ #define MBEDTLS_CTR_DRBG_C /** - * configure key size for ctr DRBG , either + * configure key size for ctr DRBG , either * MBEDTLS_CTR_DRBG_KEYSIZE_256 (default) - * or + * or * MBEDTLS_CTR_DRBG_KEYSIZE_128 * must be set. */ -#if !defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128) +#if !defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128) #define MBEDTLS_CTR_DRBG_KEY_SIZE_256 1 #endif /** diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 1323043ff..f0f816312 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -8,9 +8,9 @@ * Recommendation for Random Number Generation Using Deterministic Random * Bit Generators. * - * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128 + * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128 * as the underlying block cipher. - * + * * * \warning ARC4 is considered a weak cipher and its use constitutes a * security risk. We recommend considering stronger ciphers instead. */ @@ -48,14 +48,14 @@ #define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */ #define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ -#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_256) +#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_256) #define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */ -#else -#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128) +#else +#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128) #warning Warning: using smaller (128bit) key size for CTR DRBG may reduce the security of some operations. #define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher. */ -#else -#error for ctr DRBG either MBEDTLS_CTR_DRBG_KEYSIZE_256 (default) or MBEDTLS_CTR_DRBG_KEYSIZE_128 must be set +#else +#error for ctr DRBG either MBEDTLS_CTR_DRBG_KEY_SIZE_256 (default) or MBEDTLS_CTR_DRBG_KEY_SIZE_128 must be set #endif #endif #define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */ From 954f9879e9a28a8ad613229bc14fada9324ae7d4 Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Thu, 2 Aug 2018 18:08:26 +0300 Subject: [PATCH 168/368] change warning about 128bit keys to print change was made because an actual warning may break CI or customers that compile using warnings as errors. --- include/mbedtls/ctr_drbg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index f0f816312..66bfc12df 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -52,7 +52,7 @@ #define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */ #else #if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128) -#warning Warning: using smaller (128bit) key size for CTR DRBG may reduce the security of some operations. +#pragma message("Warning: using smaller (128bit) key size for CTR DRBG may reduce the security of some operations.") #define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher. */ #else #error for ctr DRBG either MBEDTLS_CTR_DRBG_KEY_SIZE_256 (default) or MBEDTLS_CTR_DRBG_KEY_SIZE_128 must be set From ed7da5979877169ae5a8623f03a137b8aebd033e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Aug 2018 20:16:52 +0200 Subject: [PATCH 169/368] ctr_drbg: add comments relating the code with the NIST specification --- library/ctr_drbg.c | 63 +++++++++++++++++++++++ tests/suites/test_suite_ctr_drbg.function | 17 +++--- 2 files changed, 74 insertions(+), 6 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index d0e5ba862..fead18f72 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -66,6 +66,18 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) * Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow * NIST tests to succeed (which require known length fixed entropy) */ +/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2) + * mbedtls_ctr_drbg_seed_entropy_len(ctx, f_entropy, p_entropy, + * custom, len, entropy_len) + * implements + * CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string, + * security_strength) -> initial_working_state + * with inputs + * custom[:len] = nonce || personalization_string + * where entropy_input comes from f_entropy for entropy_len bytes + * and with outputs + * ctx = initial_working_state + */ int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *ctx, int (*f_entropy)(void *, unsigned char *, size_t), @@ -256,6 +268,14 @@ exit: return( ret ); } +/* CTR_DRBG_Update (SP 800-90A §10.2.1.2) + * ctr_drbg_update_internal(ctx, provided_data) + * implements + * CTR_DRBG_Update(provided_data, Key, V) + * with inputs and outputs + * ctx->aes_ctx = Key + * ctx->counter = V + */ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] ) { @@ -301,6 +321,18 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, return( 0 ); } +/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2) + * mbedtls_ctr_drbg_update(ctx, additional, add_len) + * implements + * CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string, + * security_strength) -> initial_working_state + * with inputs + * ctx->counter = all-bits-0 + * ctx->aes_ctx = context from all-bits-0 key + * additional[:add_len] = entropy_input || nonce || personalization_string + * and with outputs + * ctx = initial_working_state + */ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len ) { @@ -318,6 +350,18 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, } } +/* CTR_DRBG_Reseed with derivation function (SP 800-90A §10.2.1.4.2) + * mbedtls_ctr_drbg_reseed(ctx, additional, len) + * implements + * CTR_DRBG_Reseed(working_state, entropy_input, additional_input) + * -> new_working_state + * with inputs + * ctx contains working_state + * additional[:len] = additional_input + * and entropy_input comes from calling ctx->f_entropy + * and with output + * ctx contains new_working_state + */ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t len ) { @@ -371,6 +415,25 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, return( 0 ); } +/* CTR_DRBG_Generate with derivation function (SP 800-90A §10.2.1.5.2) + * mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, additional, add_len) + * implements + * CTR_DRBG_Reseed(working_state, entropy_input, additional[:add_len]) + * -> working_state_after_reseed + * if required, then + * CTR_DRBG_Generate(working_state_after_reseed, + * requested_number_of_bits, additional_input) + * -> status, returned_bits, new_working_state + * with inputs + * ctx contains working_state + * requested_number_of_bits = 8 * output_len + * additional[:add_len] = additional_input + * and entropy_input comes from calling ctx->f_entropy + * and with outputs + * status = SUCCESS (this function does the reseed internally) + * returned_bits = output[:output_len] + * ctx contains new_working_state + */ int mbedtls_ctr_drbg_random_with_add( void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len ) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index c8d2aff4d..efa5161f7 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -62,12 +62,15 @@ void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy, test_offset_idx = 0; - TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy->x, add_init->x, add_init->len, 32 ) == 0 ); + /* CTR_DRBG_Instantiate(entropy[:entropy_len/3], nonce, perso, ) + * where nonce||perso = add_init[add_init_len] */ mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON ); - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1->x, add1->len ) == 0 ); - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2->x, add2->len ) == 0 ); + /* CTR_DRBG_Generate(result_len * 8 bits, add1[:add1_len]) -> buf */ + /* Then reseed because of prediction resistance. */ TEST_ASSERT( hexcmp( buf, result_str->x, 16, result_str->len ) == 0 ); + /* CTR_DRBG_Generate(result_len * 8 bits, add2[:add2_len]) -> buf */ + /* Then reseed because of prediction resistance. */ exit: mbedtls_ctr_drbg_free( &ctx ); @@ -86,12 +89,14 @@ void ctr_drbg_validate_nopr( data_t * add_init, data_t * entropy, test_offset_idx = 0; - TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy->x, add_init->x, add_init->len, 32 ) == 0 ); + /* CTR_DRBG_Instantiate(entropy[:entropy_len/2], nonce, perso, ) + * where nonce||perso = add_init[add_init_len] */ - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1->x, add1->len ) == 0 ); + /* CTR_DRBG_Generate(16 * 8 bits, add1[:add1_len]) -> buf */ TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, add_reseed->x, add_reseed->len ) == 0 ); - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2->x, add2->len ) == 0 ); + /* CTR_DRBG_Reseed(entropy[entropy_len/2:entropy_len], add_reseed[:add_reseed_len]) */ TEST_ASSERT( hexcmp( buf, result_str->x, 16, result_str->len ) == 0 ); + /* CTR_DRBG_Generate(16 * 8 bits, add2[:add2_len]) -> buf */ exit: mbedtls_ctr_drbg_free( &ctx ); From ef0624f7919a7b1ea14aa8a4d09e192a8da226b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Aug 2018 20:23:09 +0200 Subject: [PATCH 170/368] ctr_drbg tests: make input sizes flexible The ctr_drbg_validate_xxx test functions had hard-coded sizes for the entropy and the output size. Generalize the sizes. Keep track of the current entropy size. Unhexify the expected output and compare with the actual output, rather than hexifying the actual output and comparing the hex. --- tests/suites/test_suite_ctr_drbg.function | 33 ++++++++++++++++++----- 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index efa5161f7..09626ec13 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -1,11 +1,15 @@ /* BEGIN_HEADER */ +#include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "string.h" -static int test_offset_idx; +static size_t test_offset_idx; +static size_t test_max_idx; static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len ) { const unsigned char *p = (unsigned char *) data; + if( test_offset_idx + len > test_max_idx ) + return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); memcpy( buf, p + test_offset_idx, len ); test_offset_idx += len; return( 0 ); @@ -53,24 +57,32 @@ exit: /* BEGIN_CASE */ void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy, data_t * add1, data_t * add2, - data_t * result_str ) + char *result_string ) { mbedtls_ctr_drbg_context ctx; unsigned char buf[512]; + unsigned char result[512]; + size_t entropy_len, add_init_len, add1_len, add2_len, result_len; mbedtls_ctr_drbg_init( &ctx ); + entropy_len = unhexify( entropy, entropy_string ); + result_len = unhexify( result, result_string ); test_offset_idx = 0; + test_max_idx = entropy_len; /* CTR_DRBG_Instantiate(entropy[:entropy_len/3], nonce, perso, ) * where nonce||perso = add_init[add_init_len] */ + TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, entropy_len / 3 ) == 0 ); mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON ); /* CTR_DRBG_Generate(result_len * 8 bits, add1[:add1_len]) -> buf */ /* Then reseed because of prediction resistance. */ - TEST_ASSERT( hexcmp( buf, result_str->x, 16, result_str->len ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add1, add1_len ) == 0 ); /* CTR_DRBG_Generate(result_len * 8 bits, add2[:add2_len]) -> buf */ /* Then reseed because of prediction resistance. */ + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add2, add2_len ) == 0 ); + TEST_ASSERT( memcmp( buf, result, result_len ) == 0 ); exit: mbedtls_ctr_drbg_free( &ctx ); @@ -80,23 +92,31 @@ exit: /* BEGIN_CASE */ void ctr_drbg_validate_nopr( data_t * add_init, data_t * entropy, data_t * add1, data_t * add_reseed, - data_t * add2, data_t * result_str ) + char *add2_string, char *result_string ) { mbedtls_ctr_drbg_context ctx; unsigned char buf[512]; + unsigned char result[512]; + size_t entropy_len, add_init_len, add1_len, add_reseed_len, add2_len, result_len; mbedtls_ctr_drbg_init( &ctx ); + entropy_len = unhexify( entropy, entropy_string ); + result_len = unhexify( result, result_string ); test_offset_idx = 0; + test_max_idx = entropy_len; /* CTR_DRBG_Instantiate(entropy[:entropy_len/2], nonce, perso, ) * where nonce||perso = add_init[add_init_len] */ + TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, entropy_len / 2 ) == 0 ); /* CTR_DRBG_Generate(16 * 8 bits, add1[:add1_len]) -> buf */ - TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, add_reseed->x, add_reseed->len ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add1, add1_len ) == 0 ); /* CTR_DRBG_Reseed(entropy[entropy_len/2:entropy_len], add_reseed[:add_reseed_len]) */ TEST_ASSERT( hexcmp( buf, result_str->x, 16, result_str->len ) == 0 ); /* CTR_DRBG_Generate(16 * 8 bits, add2[:add2_len]) -> buf */ + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add2, add2_len ) == 0 ); + TEST_ASSERT( memcmp( buf, result, result_len ) == 0 ); exit: mbedtls_ctr_drbg_free( &ctx ); @@ -111,10 +131,11 @@ void ctr_drbg_entropy_usage( ) unsigned char entropy[1024]; mbedtls_ctr_drbg_context ctx; size_t i, reps = 10; - int last_idx; + size_t last_idx; mbedtls_ctr_drbg_init( &ctx ); test_offset_idx = 0; + test_max_idx = sizeof( entropy ); memset( entropy, 0, sizeof( entropy ) ); memset( out, 0, sizeof( out ) ); memset( add, 0, sizeof( add ) ); From 4c78665ccd510bf885c89bf6efdfe20605b69517 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Aug 2018 20:24:54 +0200 Subject: [PATCH 171/368] ctr_drbg tests: new validation function that doesn't reseed This is one of the test scenarios from the CAVP test vectors. --- tests/suites/test_suite_ctr_drbg.function | 41 +++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 09626ec13..7f7d4950d 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -55,8 +55,45 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy, - data_t * add1, data_t * add2, + +/* BEGIN_CASE */ +void ctr_drbg_validate_no_reseed( char *add_init_string, char *entropy_string, + char *add1_string, char *add2_string, + char *result_string ) +{ + unsigned char entropy[512]; + unsigned char add_init[512]; + unsigned char add1[512]; + unsigned char add2[512]; + mbedtls_ctr_drbg_context ctx; + unsigned char buf[512]; + unsigned char result[512]; + size_t entropy_len, add_init_len, add1_len, add2_len, result_len; + + mbedtls_ctr_drbg_init( &ctx ); + + entropy_len = unhexify( entropy, entropy_string ); + add_init_len = unhexify( add_init, add_init_string ); + add1_len = unhexify( add1, add1_string ); + add2_len = unhexify( add2, add2_string ); + result_len = unhexify( result, result_string ); + + test_offset_idx = 0; + test_max_idx = entropy_len; + /* CTR_DRBG_Instantiate(entropy[:entropy_len], nonce, perso, ) + * where nonce||perso = add_init[add_init_len] */ + TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, entropy_len ) == 0 ); + + /* CTR_DRBG_Generate(result_len * 8 bits, add1[:add1_len]) -> buf */ + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add1, add1_len ) == 0 ); + /* CTR_DRBG_Generate(result_len * 8 bits, add2[:add2_len]) -> buf */ + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add2, add2_len ) == 0 ); + TEST_ASSERT( memcmp( buf, result, result_len ) == 0 ); + +exit: + mbedtls_ctr_drbg_free( &ctx ); +} +/* END_CASE */ char *result_string ) { mbedtls_ctr_drbg_context ctx; From 5ef5a9aeb40a9c2433eb847b7e2c858aab5ce55b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Aug 2018 20:27:50 +0200 Subject: [PATCH 172/368] ctr_drbg tests: unify validate functions Unify the three existing validation functions (with prediction resistance, with manual reseeding between generations, and with no reseeding) into a single function that supports these three scenarios plus a fourth one (reseed before the first generation). The four supported scenarios cover the three scenarios from the current CAVP test vectors (no reseed, reseed before generating, prediction resistance) plus a fourth scenario used by the existing test vectors (reseed after generating). (cherry picked from commit cee9bedee6bc1a8e2b22fa8a31647b62ebb8a0a4) --- tests/suites/test_suite_ctr_drbg.function | 167 ++++++++++++---------- 1 file changed, 94 insertions(+), 73 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 7f7d4950d..714af5598 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -3,6 +3,15 @@ #include "mbedtls/ctr_drbg.h" #include "string.h" +/* Modes for ctr_drbg_validate */ +enum reseed_mode +{ + RESEED_NEVER, /* never reseed */ + RESEED_FIRST, /* instantiate, reseed, generate, generate */ + RESEED_SECOND, /* instantiate, generate, reseed, generate */ + RESEED_ALWAYS /* prediction resistance, no explicit reseed */ +}; + static size_t test_offset_idx; static size_t test_max_idx; static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len ) @@ -55,74 +64,107 @@ exit: /* END_CASE */ /* BEGIN_CASE */ - -/* BEGIN_CASE */ -void ctr_drbg_validate_no_reseed( char *add_init_string, char *entropy_string, - char *add1_string, char *add2_string, - char *result_string ) +void ctr_drbg_validate( int reseed_mode, char *nonce_string, + int entropy_len_arg, char *entropy_string, + char *reseed_string, + char *add1_string, char *add2_string, + char *result_string ) { - unsigned char entropy[512]; - unsigned char add_init[512]; - unsigned char add1[512]; - unsigned char add2[512]; + unsigned char entropy[144]; + unsigned char nonce[64]; + unsigned char reseed[32]; + unsigned char add1[48]; + unsigned char add2[48]; mbedtls_ctr_drbg_context ctx; - unsigned char buf[512]; - unsigned char result[512]; - size_t entropy_len, add_init_len, add1_len, add2_len, result_len; + unsigned char buf[64]; + unsigned char result[64]; + size_t entropy_chunk_len = (size_t) entropy_len_arg; + size_t nonce_len, reseed_len, add1_len, add2_len, result_len; + test_offset_idx = 0; mbedtls_ctr_drbg_init( &ctx ); - entropy_len = unhexify( entropy, entropy_string ); - add_init_len = unhexify( add_init, add_init_string ); + test_max_idx = unhexify( entropy, entropy_string ); + nonce_len = unhexify( nonce, nonce_string ); + reseed_len = unhexify( reseed, reseed_string ); add1_len = unhexify( add1, add1_string ); add2_len = unhexify( add2, add2_string ); result_len = unhexify( result, result_string ); - test_offset_idx = 0; - test_max_idx = entropy_len; /* CTR_DRBG_Instantiate(entropy[:entropy_len], nonce, perso, ) - * where nonce||perso = add_init[add_init_len] */ - TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, entropy_len ) == 0 ); + * where nonce||perso = nonce[nonce_len] */ + TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( + &ctx, + mbedtls_test_entropy_func, entropy, + nonce, nonce_len, + entropy_chunk_len ) == 0 ); + if( reseed_mode == RESEED_ALWAYS ) + mbedtls_ctr_drbg_set_prediction_resistance( + &ctx, + MBEDTLS_CTR_DRBG_PR_ON ); + + if( reseed_mode == RESEED_FIRST ) + { + /* CTR_DRBG_Reseed(entropy[idx:idx+entropy_len], + * reseed[:reseed_len]) */ + TEST_ASSERT( mbedtls_ctr_drbg_reseed( + &ctx, + reseed, reseed_len ) == 0 ); + } /* CTR_DRBG_Generate(result_len * 8 bits, add1[:add1_len]) -> buf */ - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add1, add1_len ) == 0 ); + /* Then reseed if prediction resistance is enabled. */ + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( + &ctx, + buf, result_len, + add1, add1_len ) == 0 ); + + + if( reseed_mode == RESEED_SECOND ) + { + /* CTR_DRBG_Reseed(entropy[idx:idx+entropy_len], + * reseed[:reseed_len]) */ + TEST_ASSERT( mbedtls_ctr_drbg_reseed( + &ctx, + reseed, reseed_len ) == 0 ); + } + /* CTR_DRBG_Generate(result_len * 8 bits, add2[:add2_len]) -> buf */ - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add2, add2_len ) == 0 ); + /* Then reseed if prediction resistance is enabled. */ + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( + &ctx, + buf, result_len, + add2, add2_len ) == 0 ); TEST_ASSERT( memcmp( buf, result, result_len ) == 0 ); exit: mbedtls_ctr_drbg_free( &ctx ); } /* END_CASE */ + +/* BEGIN_CASE */ +void ctr_drbg_validate_no_reseed( char *add_init_string, char *entropy_string, + char *add1_string, char *add2_string, + char *result_string ) +{ + test_suite_ctr_drbg_validate( RESEED_NEVER, add_init_string, + strlen( entropy_string ) / 2, entropy_string, + "", add1_string, add2_string, + result_string ); + goto exit; +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ctr_drbg_validate_pr( char *add_init_string, char *entropy_string, + char *add1_string, char *add2_string, char *result_string ) { - mbedtls_ctr_drbg_context ctx; - unsigned char buf[512]; - unsigned char result[512]; - size_t entropy_len, add_init_len, add1_len, add2_len, result_len; - - mbedtls_ctr_drbg_init( &ctx ); - - entropy_len = unhexify( entropy, entropy_string ); - result_len = unhexify( result, result_string ); - - test_offset_idx = 0; - test_max_idx = entropy_len; - /* CTR_DRBG_Instantiate(entropy[:entropy_len/3], nonce, perso, ) - * where nonce||perso = add_init[add_init_len] */ - TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, entropy_len / 3 ) == 0 ); - mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON ); - - /* CTR_DRBG_Generate(result_len * 8 bits, add1[:add1_len]) -> buf */ - /* Then reseed because of prediction resistance. */ - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add1, add1_len ) == 0 ); - /* CTR_DRBG_Generate(result_len * 8 bits, add2[:add2_len]) -> buf */ - /* Then reseed because of prediction resistance. */ - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add2, add2_len ) == 0 ); - TEST_ASSERT( memcmp( buf, result, result_len ) == 0 ); - -exit: - mbedtls_ctr_drbg_free( &ctx ); + test_suite_ctr_drbg_validate( RESEED_ALWAYS, add_init_string, + strlen( entropy_string ) / 6, entropy_string, + "", add1_string, add2_string, + result_string ); + goto exit; } /* END_CASE */ @@ -131,32 +173,11 @@ void ctr_drbg_validate_nopr( data_t * add_init, data_t * entropy, data_t * add1, data_t * add_reseed, char *add2_string, char *result_string ) { - mbedtls_ctr_drbg_context ctx; - unsigned char buf[512]; - unsigned char result[512]; - size_t entropy_len, add_init_len, add1_len, add_reseed_len, add2_len, result_len; - - mbedtls_ctr_drbg_init( &ctx ); - - entropy_len = unhexify( entropy, entropy_string ); - result_len = unhexify( result, result_string ); - - test_offset_idx = 0; - test_max_idx = entropy_len; - /* CTR_DRBG_Instantiate(entropy[:entropy_len/2], nonce, perso, ) - * where nonce||perso = add_init[add_init_len] */ - TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, entropy_len / 2 ) == 0 ); - - /* CTR_DRBG_Generate(16 * 8 bits, add1[:add1_len]) -> buf */ - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add1, add1_len ) == 0 ); - /* CTR_DRBG_Reseed(entropy[entropy_len/2:entropy_len], add_reseed[:add_reseed_len]) */ - TEST_ASSERT( hexcmp( buf, result_str->x, 16, result_str->len ) == 0 ); - /* CTR_DRBG_Generate(16 * 8 bits, add2[:add2_len]) -> buf */ - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, result_len, add2, add2_len ) == 0 ); - TEST_ASSERT( memcmp( buf, result, result_len ) == 0 ); - -exit: - mbedtls_ctr_drbg_free( &ctx ); + test_suite_ctr_drbg_validate( RESEED_SECOND, add_init_string, + strlen( entropy_string ) / 4, entropy_string, + add_reseed_string, add1_string, add2_string, + result_string ); + goto exit; } /* END_CASE */ From cfc1de766b6488a13c671af77bfae92853a37b0d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Aug 2018 20:31:41 +0200 Subject: [PATCH 173/368] ctr_drbg: sample vectors from NIST Test vectors from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/CTR_DRBG_withDF.pdf --- tests/suites/test_suite_ctr_drbg.data | 32 +++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index e0474468b..9a2dc9d12 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1,3 +1,35 @@ +CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=no, add=no +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"":"":"8da6cc59e703ced07d58d96e5b6d7836c32599735b734f88c1a73b53c7a6d82e" + +CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=no, add=yes +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"81daaf9800c34ff0a104e51d87e36f5b17eb14b9abc5064cadda976ec4f77d34" + +CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=yes, add=no +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"":"":"bb2a0f5f0ca6d30634ba6068eb94aae8701437db7223a1b5afe8771547da3cee" + +CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=yes, add=yes +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"98a28e3b1ba363c9daf0f6887a1cf52b833d3354d77a7c10837dd63dd2e645f8" + +CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=no, add=no +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"":"":"259dc78ccfaec4210c30af815e4f75a5662b7da4b41013bdc00302dfb6076492" + +CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=no, add=yes +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"386debbbf091bbf0502957b0329938fb836b82e594a2f5fdd5eb28d4e35528f4" + +CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=yes, add=no +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"":"":"601f95384f0d85946301d1eace8f645a825ce38f1e2565b0c0c439448e9ca8ac" + +CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=yes, add=yes +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"738e99c95af59519aad37ff3d5180986adebab6e95836725097e50a8d1d0bd28" + CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #0 ctr_drbg_validate_pr:"d254fcff021e69d229c9cfad85fa486c":"c18081a65d44021619b3f180b1c920026a546f0c7081498b6ea662526d51b1cb583bfad5375ffbc9ff46d219c7223e95459d82e1e7229f633169d26b57474fa337c9981c0bfb91314d55b9e91c5a5ee49392cfc52312d5562c4a6effdc10d068":"":"":"34011656b429008f3563ecb5f2590723" From e4b77b96398625f29e02c9be38ece27000fb0fcb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Aug 2018 20:32:38 +0200 Subject: [PATCH 174/368] ctr_drbg: add a few test vectors from CAVP 14.3 These test vectors are from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip --- tests/suites/test_suite_ctr_drbg.data | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 9a2dc9d12..687e0077a 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -750,6 +750,18 @@ ctr_drbg_validate_nopr:"898064243e44ff67151736ce8bb6f1c759cab4aaca9b87543a1ac984 CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #14 ctr_drbg_validate_nopr:"50de72903b9d99764123ffaa0c721e14ad1ab5c46a34c040f25324ba1d937b8ef10467161fcf2978c2a680ac5570c6d2":"5c9954fd0143e62c3bf2d5734052e3c9370f7b9d75c70f58fe33b12e3997ee2c8db84f8467affd7cfd9a9e7ec60da6f31bf9bf32aedf644e4934bd1fc916bc8d":"d5dc4c9fc7171fcbfdaead558a565ffd55d245a58b22ad1666ee05131e33f49e":"ea3114e92e6a19f53b207a0a54cd363a6d053fed0a827f92556f0a8580f7a342":"53686f069b455af4692888d11fac15cf7b4bd38e198de4e62b7098f875198a75":"9fb0df053e0345e5640aa97fedef50a6" +CTR_DRBG CAVS 14.3 (AES-256 use df,no reseed,256,128,0,0) #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate_no_reseed:"496f25b0f1301b4f501be30380a137eb":"36401940fa8b1fba91a1661f211d78a0b9389a74e5bccfece8d766af1a6d3b14":"":"":"5862eb38bd558dd978a696e6df164782ddd887e7e9a6c9f3f1fbafb78941b535a64912dfd224c6dc7454e5250b3d97165e16260c2faf1cc7735cb75fb4f07e1d" + +CTR_DRBG CAVS 14.3 (AES-256 use df,False,256,128,0,0) #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate:RESEED_FIRST:"0bf814b411f65ec4866be1abb59d3c32":32:"2d4c9f46b981c6a0b2b5d8c69391e569ff13851437ebc0fc00d616340252fed593500fae4fa32b86033b7a7bac9d37e710dcc67ca266bc8607d665937766d207":"":"":"":"322dd28670e75c0ea638f3cb68d6a9d6e50ddfd052b772a7b1d78263a7b8978b6740c2b65a9550c3a76325866fa97e16d74006bc96f26249b9f0a90d076f08e5" + +CTR_DRBG CAVS 14.3 (AES-256 use df,True,256,128,0,0) #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate_pr:"a2d015f22d854e29de278d910c573de5":"16a1f035388cd8d956026e3b0117cb524dd3eb563f9a7720bb7dcb0fc6fbe743cf140bcd4d7130e7e3ea14046c56442b57c43b34ad219553e7105c18f6e561afe27c9f0be60d82d6cc474efb7fc737b16a6895d9a3a45b971d19b743c1a4ac8f":"":"":"b4e8395bcb7503410a94633f70e9904a5b30e62c35bc6dd2a03496c4a49932e184fbffdbcf1de1c72c50d36dc2ae8f04f40f96aae159c3fb816ca16df99b6c3e" + CTR_DRBG entropy usage ctr_drbg_entropy_usage: From aecf8c941adf001a2aa5382656e77b9845240a0f Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Sun, 5 Aug 2018 23:49:18 +0300 Subject: [PATCH 175/368] adding more ctr_drbg test vectors (CAVP 14.3) addtional test vectors add tests for both AES-256 and AES-128 variants of ctr_drbg --- tests/suites/test_suite_ctr_drbg.data | 73 +++++++++++++++++++++++++-- 1 file changed, 69 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 687e0077a..81d17d318 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -750,18 +750,86 @@ ctr_drbg_validate_nopr:"898064243e44ff67151736ce8bb6f1c759cab4aaca9b87543a1ac984 CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #14 ctr_drbg_validate_nopr:"50de72903b9d99764123ffaa0c721e14ad1ab5c46a34c040f25324ba1d937b8ef10467161fcf2978c2a680ac5570c6d2":"5c9954fd0143e62c3bf2d5734052e3c9370f7b9d75c70f58fe33b12e3997ee2c8db84f8467affd7cfd9a9e7ec60da6f31bf9bf32aedf644e4934bd1fc916bc8d":"d5dc4c9fc7171fcbfdaead558a565ffd55d245a58b22ad1666ee05131e33f49e":"ea3114e92e6a19f53b207a0a54cd363a6d053fed0a827f92556f0a8580f7a342":"53686f069b455af4692888d11fac15cf7b4bd38e198de4e62b7098f875198a75":"9fb0df053e0345e5640aa97fedef50a6" -CTR_DRBG CAVS 14.3 (AES-256 use df,no reseed,256,128,0,0) #0 +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0)a #0 depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 ctr_drbg_validate_no_reseed:"496f25b0f1301b4f501be30380a137eb":"36401940fa8b1fba91a1661f211d78a0b9389a74e5bccfece8d766af1a6d3b14":"":"":"5862eb38bd558dd978a696e6df164782ddd887e7e9a6c9f3f1fbafb78941b535a64912dfd224c6dc7454e5250b3d97165e16260c2faf1cc7735cb75fb4f07e1d" +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256)a #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate_no_reseed:"41c71a24d17d974190982bb7515ce7f5":"8148d65d86513ce7d38923ec2f26b9e7c677dcc8997e325b7372619e753ed944":"55b446046c2d14bdd0cdba4b71873fd4762650695a11507949462da8d964ab6a":"91468f1a097d99ee339462ca916cb4a10f63d53850a4f17f598eac490299b02e":"54603d1a506132bbfa05b153a04f22a1d516cc46323cef15111af221f030f38d6841d4670518b4914a4631af682e7421dffaac986a38e94d92bfa758e2eb101f" + +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0)b #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate_no_reseed:"bac0fdc0c417aa269bbdea77e928f9f8":"8b0bcb3f932170416739ea42e7dcdc6fa960645bc018820134f714b3c6912b56":"":"":"d9c4fd81f6621a8cf06d612e9a84b80fa13d098dceaf2c083dc81cd80caedd105c7f2789963a167d72f76e81178001fd93de4623c260fe9eebced89f7b4b047a" + +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256)b #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate_no_reseed:"69ff3310141dbf3ece409ade58745113":"d67439abf1e162e5b25941605a8aeba7d686dec133257f6c220e1c595e954a07":"03e795be8379c481cb32534011ca6bf524dc754978ee5ebee475129ad39eca98":"5685c7330f33004515f8c0ab27f2a1cbe0c8a4a6806d6c8486e0217b43e859f2":"a6d22a4370251c51978fedc7e7753c78179ed1943d2ff1b5a374860106041a304b124d47cfa304c909f7d417843846d52dcc7ebcf5c93afef885c893b40c81ed" + +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0)c #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate_no_reseed:"aaa46610681167ff8d4d2c51e77911d4":"58a5f79da44b9f23a98a39352972ad16031fe13637bd18d6cb6c9f5269d8e240":"":"":"c1714f89459ce746b151509e5066d4811a06ad06c1e9b13b50c0fc7cdd77ceedc233908ebe1ea8140ec2dc262a43201be667008e081e5476b19b27214111d325" + +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256)c #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate_no_reseed:"6ca848651d420fb02f9b66f06b377e59":"001ec3b192ddc765553e15742dffeb21cc7d97a4bcf866e3664d8a5ecb4c2463":"99f139ab5ee4f7eed6148e82d79ad5f2b9fa638d574e5db79b650c0e682ca466":"6e7bf0ae28a797ccbb47101f26bfe5a0b1e450c57aedf731272411fa7b6c4ed4":"865b6dd4363c5940d6228cc90ba8f1a21efbaa99b0c7b37361f7fed7e969a97b68d550dd6ad4bbfaf6626779bfb43c66845c2923df9f55307c8bc9f0a3872fa7" + +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0)d #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate_no_reseed:"1c6a80d82012c39c9f14a808643f08e7":"4ee68b3352b874e1cc29375028851dee9d5dfd88a40664c79e2b724fb11b2808":"":"":"7c58d2a5522a88341fb55facefdb6e24840cae283948d53148a384e13b5407d7712c33434bd3d19448b43270c54860bf3495579057c70bff3084dddff08a091d" + +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256)d #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate_no_reseed:"70bdedbc6825c4fe0a9f7e45290ddd51":"481e505bf7a36f9d96690d49154d98d6a247c14a703dbfed7cf1b7a71bee737f":"5b07610c2c946eda2975a26ddadf7d73e3d287e923d9b1a2d2070776a446d8e6":"2792a988ebb2e768eee0d5c263bcd76a675d6f339e5f1ab2ca595e6b3b4d024a":"303448a355fc0a69a130b6ab194997b220970bf680914913da904e92109dee3d9f23871130c407045cf463ce783a5dfafd603a8384790573af385d479acd7206" + +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0)a #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +ctr_drbg_validate_no_reseed:"aad471ef3ef1d203":"890eb067acf7382eff80b0c73bc872c6":"":"":"a5514ed7095f64f3d0d3a5760394ab42062f373a25072a6ea6bcfd8489e94af6cf18659fea22ed1ca0a9e33f718b115ee536b12809c31b72b08ddd8be1910fa3" + +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128)a #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +ctr_drbg_validate_no_reseed:"026c768fd577b92a":"b408cefb5bc7157d3f26cb95a8b1d7ac":"5737ef81dee365b6dadb3feebf5d1084":"3368a516b3431a3daaa60dc8743c8297":"4e909ebb24147a0004063a5e47ee044fead610d62324bd0f963f756fb91361e8b87e3a76a398143fe88130fe1b547b661a6480c711b739f18a9df3ae51d41bc9" + +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0)b #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +ctr_drbg_validate_no_reseed:"259195269ec11af6":"2d2ab564202918c4ef5b102dda385a18":"":"":"2c5cd79ed87622a91b8654c8903d852242cd49cb5df2d4b4150584301c59f01fd95a702ac157c84cc15f42c8211335672d8ce1291ef9b1def78149a04fa2697c" + +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128)b #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +ctr_drbg_validate_no_reseed:"b25716931b6e3cc1":"adf5711f93d8c8997349429ccaedae0a":"abf8cd66dd39758b01d7dbb99ab17dc3":"4be0f6b2755377c6e881fbb261b56beb":"d420604dee6467492db5957c86207a708fd242ed67942aed299425335c83b41437418582f41bc7fc0ef0d6927f34d83acd67c70133644fd711dd5a65731f9f02" + +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0)c #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +ctr_drbg_validate_no_reseed:"38aa5590f6bfaa4b":"2e1724db482232a3e61f92c1c266faf8":"":"":"4438b48a45fb0141e31f0a9624dfe6fcc2f9edc075c0a52bc5fc46d85a966c853feee6af913234b3f9a679f667898dc15a24aaed89f035bfa5da516e435bbad1" + +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128)c #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +ctr_drbg_validate_no_reseed:"111d8612a0f04e2a":"9bfaefb698b1b5fcc62db2c16498c33a":"aedbe02847b1b08b6a673bdf25b0224c":"9901ead62ce56573b0f71cd020fe3469":"dff8bf2aec531f8532607e738bd79f91d6085cb19568b7b0240ce6a6b371a282bafcdba02137df990535d9ebf0ba77117751626b2678aca7be4decfd6b9d4b38" + +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0)d #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +ctr_drbg_validate_no_reseed:"e78c5571c5f926f9":"6bdf5332bdce4655d45c2cfea897b000":"":"":"e0715688765a3285e7b7db555f277924e7171f7541bf26122b13dbaaa39f9e2b0345c659583ff8c9cfd888f1abd2f3b36a7c9d47c687b01c819a9f9888542e0f" + +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128)d #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +ctr_drbg_validate_no_reseed:"7ee2614ead3c128e":"8b80936e69c67edb771c28f9b9452124":"fc35cba97a1e211bc420e8af53f8e13c":"fba438aaa75a3cd4cd0cce399bfec74a":"6721cc1ada5ebc1713f74c759000765652eeb5f3f9c24fb9341b36a369cec1d27ea80d6b73b56047af07138c5a43c99a87753115c471b8587ea65fa2065e3ce0" + CTR_DRBG CAVS 14.3 (AES-256 use df,False,256,128,0,0) #0 depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 ctr_drbg_validate:RESEED_FIRST:"0bf814b411f65ec4866be1abb59d3c32":32:"2d4c9f46b981c6a0b2b5d8c69391e569ff13851437ebc0fc00d616340252fed593500fae4fa32b86033b7a7bac9d37e710dcc67ca266bc8607d665937766d207":"":"":"":"322dd28670e75c0ea638f3cb68d6a9d6e50ddfd052b772a7b1d78263a7b8978b6740c2b65a9550c3a76325866fa97e16d74006bc96f26249b9f0a90d076f08e5" +CTR_DRBG CAVS 14.3 (AES-128 use df,False,128,64,0,0) #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +ctr_drbg_validate:RESEED_FIRST:"5209e5b4ed82a234":16:"0f65da13dca407999d4773c2b4a11d851dea0a12c52bf64339dd291c80d8ca89":"":"":"":"2859cc468a76b08661ffd23b28547ffd0997ad526a0f51261b99ed3a37bd407bf418dbe6c6c3e26ed0ddefcb7474d899bd99f3655427519fc5b4057bcaf306d4" + CTR_DRBG CAVS 14.3 (AES-256 use df,True,256,128,0,0) #0 depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 ctr_drbg_validate_pr:"a2d015f22d854e29de278d910c573de5":"16a1f035388cd8d956026e3b0117cb524dd3eb563f9a7720bb7dcb0fc6fbe743cf140bcd4d7130e7e3ea14046c56442b57c43b34ad219553e7105c18f6e561afe27c9f0be60d82d6cc474efb7fc737b16a6895d9a3a45b971d19b743c1a4ac8f":"":"":"b4e8395bcb7503410a94633f70e9904a5b30e62c35bc6dd2a03496c4a49932e184fbffdbcf1de1c72c50d36dc2ae8f04f40f96aae159c3fb816ca16df99b6c3e" +CTR_DRBG CAVS 14.3 (AES-128 use df,True,128,64,0,0) #0 +depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +ctr_drbg_validate_pr:"d4f1f4ae08bcb3e1":"5d4041942bcf68864a4997d8171f1f9fef55a769b7eaf03fe082029bb32a2b9d8239e865c0a42e14b964b9c09de85a20":"":"":"4155320287eedcf7d484c2c2a1e2eb64b9c9ce77c87202a1ae1616c7a5cfd1c687c7a0bfcc85bda48fdd4629fd330c22d0a76076f88fc7cd04037ee06b7af602" + CTR_DRBG entropy usage ctr_drbg_entropy_usage: @@ -777,6 +845,3 @@ ctr_drbg_special_behaviours: CTR_DRBG self test ctr_drbg_selftest: -CTR_DRBG NIST Validation (AES-128 use df,True,256,128,0,0) #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 -ctr_drbg_validate_pr:"d254fcff021e69d229c9cfad85fa486c":"c18081a65d44021619b3f180b1c920026a546f0c7081498b6ea662526d51b1cb583bfad5375ffbc9ff46d219c7223e95459d82e1e7229f633169d26b57474fa337c9981c0bfb91314d55b9e91c5a5ee49392cfc52312d5562c4a6effdc10d068":"":"":"34011656b429008f3563ecb5f2590723" From 1d7399351e8e3685c5811d0008f9e80d0aac7ad7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 21 Aug 2018 13:55:22 +0100 Subject: [PATCH 176/368] ssl-opt.sh: Add DTLS session resumption tests Fixes #1969. --- tests/ssl-opt.sh | 160 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 937a27b76..92b7686ed 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1364,6 +1364,71 @@ run_test "Session resume using tickets: openssl client" \ -s "session successfully restored from ticket" \ -s "a session has been resumed" +# Tests for Session Tickets with DTLS + +run_test "Session resume using tickets, DTLS: basic" \ + "$P_SRV debug_level=3 dtls=1 tickets=1" \ + "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \ + 0 \ + -c "client hello, adding session ticket extension" \ + -s "found session ticket extension" \ + -s "server hello, adding session ticket extension" \ + -c "found session_ticket extension" \ + -c "parse new session ticket" \ + -S "session successfully restored from cache" \ + -s "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + +run_test "Session resume using tickets, DTLS: cache disabled" \ + "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ + "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \ + 0 \ + -c "client hello, adding session ticket extension" \ + -s "found session ticket extension" \ + -s "server hello, adding session ticket extension" \ + -c "found session_ticket extension" \ + -c "parse new session ticket" \ + -S "session successfully restored from cache" \ + -s "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + +run_test "Session resume using tickets, DTLS: timeout" \ + "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ + "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 reco_delay=2" \ + 0 \ + -c "client hello, adding session ticket extension" \ + -s "found session ticket extension" \ + -s "server hello, adding session ticket extension" \ + -c "found session_ticket extension" \ + -c "parse new session ticket" \ + -S "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -S "a session has been resumed" \ + -C "a session has been resumed" + +run_test "Session resume using tickets, DTLS: openssl server" \ + "$O_SRV -dtls1" \ + "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ + 0 \ + -c "client hello, adding session ticket extension" \ + -c "found session_ticket extension" \ + -c "parse new session ticket" \ + -c "a session has been resumed" + +run_test "Session resume using tickets, DTLS: openssl client" \ + "$P_SRV dtls=1 debug_level=3 tickets=1" \ + "( $O_CLI -dtls1 -sess_out $SESSION; \ + $O_CLI -dtls1 -sess_in $SESSION; \ + rm -f $SESSION )" \ + 0 \ + -s "found session ticket extension" \ + -s "server hello, adding session ticket extension" \ + -S "session successfully restored from cache" \ + -s "session successfully restored from ticket" \ + -s "a session has been resumed" + # Tests for Session Resume based on session-ID and cache run_test "Session resume using cache: tickets enabled on client" \ @@ -1459,6 +1524,101 @@ run_test "Session resume using cache: openssl server" \ -C "parse new session ticket" \ -c "a session has been resumed" +# Tests for Session Resume based on session-ID and cache, DTLS + +run_test "Session resume using cache, DTLS: tickets enabled on client" \ + "$P_SRV dtls=1 debug_level=3 tickets=0" \ + "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ + 0 \ + -c "client hello, adding session ticket extension" \ + -s "found session ticket extension" \ + -S "server hello, adding session ticket extension" \ + -C "found session_ticket extension" \ + -C "parse new session ticket" \ + -s "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + +run_test "Session resume using cache, DTLS: tickets enabled on server" \ + "$P_SRV dtls=1 debug_level=3 tickets=1" \ + "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ + 0 \ + -C "client hello, adding session ticket extension" \ + -S "found session ticket extension" \ + -S "server hello, adding session ticket extension" \ + -C "found session_ticket extension" \ + -C "parse new session ticket" \ + -s "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + +run_test "Session resume using cache, DTLS: cache_max=0" \ + "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ + "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ + 0 \ + -S "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -S "a session has been resumed" \ + -C "a session has been resumed" + +run_test "Session resume using cache, DTLS: cache_max=1" \ + "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ + "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ + 0 \ + -s "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + +run_test "Session resume using cache, DTLS: timeout > delay" \ + "$P_SRV dtls=1 debug_level=3 tickets=0" \ + "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ + 0 \ + -s "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + +run_test "Session resume using cache, DTLS: timeout < delay" \ + "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ + "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ + 0 \ + -S "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -S "a session has been resumed" \ + -C "a session has been resumed" + +run_test "Session resume using cache, DTLS: no timeout" \ + "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ + "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ + 0 \ + -s "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + +run_test "Session resume using cache, DTLS: openssl client" \ + "$P_SRV dtls=1 debug_level=3 tickets=0" \ + "( $O_CLI -dtls1 -sess_out $SESSION; \ + $O_CLI -dtls1 -sess_in $SESSION; \ + rm -f $SESSION )" \ + 0 \ + -s "found session ticket extension" \ + -S "server hello, adding session ticket extension" \ + -s "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -s "a session has been resumed" + +run_test "Session resume using cache, DTLS: openssl server" \ + "$O_SRV -dtls1" \ + "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ + 0 \ + -C "found session_ticket extension" \ + -C "parse new session ticket" \ + -c "a session has been resumed" + # Tests for Max Fragment Length extension if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then From aa71500173ada7bb0c2d7f533d461f29a752932a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 21 Aug 2018 13:55:31 +0100 Subject: [PATCH 177/368] Fix bug in SSL ticket implementation removing keys of age < 1s Fixes #1968. --- library/ssl_ticket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index a2b304869..985b7cd50 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -97,7 +97,7 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx ) uint32_t current_time = (uint32_t) mbedtls_time( NULL ); uint32_t key_time = ctx->keys[ctx->active].generation_time; - if( current_time > key_time && + if( current_time >= key_time && current_time - key_time < ctx->ticket_lifetime ) { return( 0 ); From 5e863e02ac202341beceb33942fa6f63ec37d56d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 21 Aug 2018 17:51:53 +0100 Subject: [PATCH 178/368] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0598cfa1a..fb1e91810 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ Bugfix * Replace printf with mbedtls_printf in aria. Found by TrinityTonic in #1908. * Fix potential use-after-free in mbedtls_ssl_get_max_frag_len() and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941. + * Fix a bug in the update function for SSL ticket keys which previously + invalidated keys of a lifetime of less than a 1s. Fixes #1968. Changes * Copy headers preserving timestamps when doing a "make install". @@ -21,6 +23,7 @@ Changes Drozd. Fixes #1215 raised by randombit. * Improve compatibility with some alternative CCM implementations by using CCM test vectors from RAM. + * Add tests for session resumption in DTLS. = mbed TLS 2.12.0 branch released 2018-07-25 From c99b12b158b7897fd91b821849358db7f695f266 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 21 Aug 2018 19:32:44 +0100 Subject: [PATCH 179/368] Fix documentation for MBEDTLS_HAVE_DATE_TIME --- include/mbedtls/config.h | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 18fbf92df..ff123560c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -137,20 +137,25 @@ /** * \def MBEDTLS_HAVE_TIME_DATE * - * System has time.h and time(), gmtime_s() (Windows), gmtime_r() (POSIX) or - * gmtime() and the clock is correct. + * System has time.h, time(), an implementation for mbedtls_platform_gmtime(), + * and the clock is correct. * The time needs to be correct (not necesarily very accurate, but at least * the date should be correct). This is used to verify the validity period of * X.509 certificates. * * Comment if your system does not have a correct clock. * - * \warning gmtime() is used if the target platform is neither Windows nor - * POSIX. Unfortunately, gmtime() is not thread-safe, so a mutex is used when - * MBEDTLS_THREADING_C is defined to guarantee sequential usage of gmtime() - * across Mbed TLS threads. However, applications must ensure that calls to - * gmtime() from outside the library also use the mutex to avoid concurrency - * issues. + * \note mbedtls_platform_gmtime() is an abstraction in platform_util.h that + * when called behaves similar to the gmtime() function from the C standard, + * but is thread safe. Mbed TLS will try to identify the underlying platform + * and configure an appropriate underlying implementation (e.g. gmtime_r() for + * POSIX and gmtime_s() for Windows). If this is not possible, then gmtime() + * will be used. Refer to the documentation for mbedtls_platform_gmtime() for + * more information. + * + * \note It is possible to configure an implementation for + * mbedtls_platform_gmtime() at compile-time by using the macro + * MBEDTLS_PLATFORM_GMTIME_ALT. */ #define MBEDTLS_HAVE_TIME_DATE From a658d7dd9ddbf1dd7e00ccc9862eee51ba62f092 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 21 Aug 2018 19:33:02 +0100 Subject: [PATCH 180/368] Fix style for mbedtls_platform_gmtime() --- library/platform_util.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index e41f3c49c..68d2522b5 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -87,9 +87,9 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, struct tm *tm_buf ) { #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - return ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL; + return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); #elif !defined(PLATFORM_UTIL_USE_GMTIME) - return gmtime_r( tt, tm_buf ); + return( gmtime_r( tt, tm_buf ) ); #else struct tm *lt; @@ -110,7 +110,7 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, return( NULL ); #endif /* MBEDTLS_THREADING_C */ - return ( lt == NULL ) ? NULL : tm_buf; -#endif + return( ( lt == NULL ) ? NULL : tm_buf ); +#endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_ALT */ From 6a4f224ac3406d8afa6ed5753aa77110a132c454 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 27 Aug 2018 08:00:13 -0400 Subject: [PATCH 181/368] ssl-opt.sh: change expected output for large srv packet test with SSLv3 This test also exercises a protection against BEAST and should expect message splitting. --- tests/ssl-opt.sh | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 92151fd87..9903aad73 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4493,15 +4493,6 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \ -s "Read from client: 16384 bytes read" # Test for large server packets - -requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 -run_test "Large server packet SSLv3 BlockCipher" \ - "$P_SRV response_size=16384 min_version=ssl3" \ - "$P_CLI force_version=ssl3 recsplit=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -c "Read from server: 16384 bytes read" - requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Large server packet SSLv3 StreamCipher" \ "$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ @@ -4510,7 +4501,17 @@ run_test "Large server packet SSLv3 StreamCipher" \ 0 \ -c "Read from server: 16384 bytes read" -# Checking next 2 tests logs for 1n-1 split against BEAST too +# Checking next 4 tests logs for 1n-1 split against BEAST too +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +run_test "Large server packet SSLv3 BlockCipher" \ + "$P_SRV response_size=16384 min_version=ssl3" \ + "$P_CLI force_version=ssl3 recsplit=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read"\ + -c "16383 bytes read"\ + -C "Read from server: 16384 bytes read" + run_test "Large server packet TLS 1.0 BlockCipher" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls1 recsplit=0 \ From ce266e4ca221fca99f5af2d582476e71bf071d5b Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Wed, 29 Aug 2018 10:11:46 +0300 Subject: [PATCH 182/368] use single define for 128bit key for ctr_drbg and update test dependencies the change is designed to make configuring 128bit keys for ctr_drbg more similar to other configuration options. Tests have been updated accordingly. also clarified test naming. --- include/mbedtls/config.h | 15 +- include/mbedtls/ctr_drbg.h | 8 +- tests/suites/test_suite_ctr_drbg.data | 329 ++++++++++++++++++++++---- 3 files changed, 291 insertions(+), 61 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ad35f7b8e..58b2f2593 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2018,7 +2018,9 @@ /** * \def MBEDTLS_CTR_DRBG_C * - * Enable the CTR_DRBG AES-256-based(default) or AES-128-based random generator. + * Enable the CTR_DRBG AES-based random generator. + * The CTR_DRBG generator uses AES-256 by default. + * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below. * * Module: library/ctr_drbg.c * Caller: @@ -2029,16 +2031,6 @@ */ #define MBEDTLS_CTR_DRBG_C -/** - * configure key size for ctr DRBG , either - * MBEDTLS_CTR_DRBG_KEYSIZE_256 (default) - * or - * MBEDTLS_CTR_DRBG_KEYSIZE_128 - * must be set. - */ -#if !defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128) -#define MBEDTLS_CTR_DRBG_KEY_SIZE_256 1 -#endif /** * \def MBEDTLS_DEBUG_C * @@ -2920,6 +2912,7 @@ //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ +//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */ /* HMAC_DRBG options */ //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 66bfc12df..5e0d1f03c 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -48,15 +48,11 @@ #define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */ #define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ -#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_256) + +#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) /* Use default 256-bit key for CTR_DRBG. */ #define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */ #else -#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128) -#pragma message("Warning: using smaller (128bit) key size for CTR DRBG may reduce the security of some operations.") #define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher. */ -#else -#error for ctr DRBG either MBEDTLS_CTR_DRBG_KEY_SIZE_256 (default) or MBEDTLS_CTR_DRBG_KEY_SIZE_128 must be set -#endif #endif #define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */ #define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */ diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 81d17d318..972836c82 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1,833 +1,1073 @@ CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=no, add=no -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"":"":"8da6cc59e703ced07d58d96e5b6d7836c32599735b734f88c1a73b53c7a6d82e" CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=no, add=yes -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"81daaf9800c34ff0a104e51d87e36f5b17eb14b9abc5064cadda976ec4f77d34" CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=yes, add=no -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"":"":"bb2a0f5f0ca6d30634ba6068eb94aae8701437db7223a1b5afe8771547da3cee" CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=yes, add=yes -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"98a28e3b1ba363c9daf0f6887a1cf52b833d3354d77a7c10837dd63dd2e645f8" CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=no, add=no -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"":"":"259dc78ccfaec4210c30af815e4f75a5662b7da4b41013bdc00302dfb6076492" CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=no, add=yes -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"386debbbf091bbf0502957b0329938fb836b82e594a2f5fdd5eb28d4e35528f4" CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=yes, add=no -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"":"":"601f95384f0d85946301d1eace8f645a825ce38f1e2565b0c0c439448e9ca8ac" CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=yes, add=yes -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"738e99c95af59519aad37ff3d5180986adebab6e95836725097e50a8d1d0bd28" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"d254fcff021e69d229c9cfad85fa486c":"c18081a65d44021619b3f180b1c920026a546f0c7081498b6ea662526d51b1cb583bfad5375ffbc9ff46d219c7223e95459d82e1e7229f633169d26b57474fa337c9981c0bfb91314d55b9e91c5a5ee49392cfc52312d5562c4a6effdc10d068":"":"":"34011656b429008f3563ecb5f2590723" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"7be87545266dadd1d73546c0927afc8d":"a7f38c750bd6ff41c4e79f5b7dd3024d58ca3f1f4c096486c4a73c4f74a2410c4c9c5143eb8c09df842ba4427f385bbf65c350b0bf2c87242c7a23c8c2e0e419e44e500c250f6bc0dc25ec0ce929c4ad5ffb7a87950c618f8cee1af4831b4b8e":"":"":"d5b1da77f36ce58510b75dfde71dbd5d" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"3771416b162f4d9c5f48a05b7aa73938":"d20a0e5cdb714f01b48e00bae51909f345af05de13217e5d55fc6c2d705aea550420d9a458594d825b71e16b36130020cf5948fe813462061c1a222d1ff0e1e4b3d21ae8eee31d3260330d668d24ef3c8941b8720e8591b7deec4bd35a3a1f1a":"":"":"3cbd7d53ac1772c959311419adad836e" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"f2bad8f7dab3f5886faa1cf6e1f52c87":"4df54a483b4510ed76049faae14b962fbb16459d1f6b4f4dbeca85deded6018361223c893f9442719c51eb5695e1304a1c2be8c05d0846b6510a9525a28831a8efcbd82aa50540d7e7864e2b8a42d44380cdc6e02eebb48d0b5a840b7cdd6e04":"":"":"0062d822bc549bea292c37846340789b" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"1c5760aa0fd4ce308735b28682b67246":"89defd4445061c080e4762afac194b9f79c4bb1ed88c961af41d9d37bd388a1d45c82ca46f404348a2ae5e22ce00aa35ebc7c5051d8800890d44d25284489efcbd1f5e2b16e403f6921f71bbdfcf7b9aeddef65bc92fbd1cb9e4ea389aee5179":"":"":"3baf81155548afca67d57c503d00a5b4" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"b72b9451a5e866e226978623d36b3491":"2713d74affed98e3433559e17d240288bb1a1790904cd7754cad97007e205a157b8ddca704a3624413f2ec8361ccd85442fb0b7cc60a247f0fd102cef44677321514ea4186d0203ab7387925d0222800ce2078c4588bc50cdfccbc04fbecd593":"":"":"047a50890c282e26bfede4c0904f5369" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"91b955a3e7eccd7f07290cba4464baff":"b160465448894c7d5ee1963bb3e1a2f3f75fcd167ffa332c41c4c91c1830b7c07413bd580302958aa6fa81588ad2b3173698a4afafda468acb368dbbd524207196b9a3be37ac21ba7a072b4c8223492ee18b48551524d5c3449c5c8d3517212e":"":"":"af2c062fedb98ee599ae1f47fc202071" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"d08114670c4f6016a4cf9d2da3e3a674":"38dfbfb52c185acf74de00b5a50f0cd9688286747ab340cfe9ad30d38b390fd2443bfd7ea93941d8262ae0f66b0eab4ff64ba59a2ff940c3c26fda103e0d798dbcaa1318e842143975673af8408b5af48dfbaa56ca4f9ddc87100028b4a95549":"":"":"55030fef65c679ecaffb0dc070bfd4d2" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"e2af9abe8770e33798a5f05b22057d24":"88fb2a8020e604ea64a620f4704078857062cc97e24604c30de4c70cbf5e5bea0f0db79d16f4db636a2d6cd992c5890389a40cfe93967eac609e5b9f66788944285758547c7136ef2ee3b38724ed340d61763d0d5991ece4924bb72483b96945":"":"":"a44f0cfa383916811fffb2e0cfc9bfc3" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"ae30f1642753c5cb6e118d7ff5d59f1d":"340def3420b608420d81b4ea8252a3d86d3e1dd7597e6063ed923a73a7b8e981e6079f7f0c42deb9f4ef11d2f3581abadf44b06d882afdc47896777ce8dafd85ec040f7873d0e25c4be709c614a28b708e547266ac8f07f5fdb450d63bc0c999":"":"":"c7e7670145573581842bd1f3e0c6e90b" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"711ecfe467d6f83bcc82e566729669af":"21d6c822706d1af09e4d233c0ebac7f4ec60c7be2500dd41a85a19b2dc5c7da27f8a82164bd2a644218cb5ac283c547da1064784413eed5ecf32fadd00357abaae81225ac8d0391ead533362cff56798825445d639b0b45e0312aa7047c00b4d":"":"":"d3a0d2c457f5e9d1328a9e1d22b6eaf6" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"f9b22152bc0eff1ebf0bfafeea40aecf":"4ee32f0aeadb3936e17f1aa3b18c10f773def5f83500c2ba96f84408a2521c1258f6be9aa5cee528746629aa2b8118ac41dd98ef1b3de31d26b8c2ad3442081203f5ef21df409df3381fbf2e064fbaec64d731dc93b3218e34bb3b03bfd88373":"":"":"86009b14c4906a409abe6ca9b0718cbe" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"5174e76e904ff1471367ccace9c66ed9":"fa81535670275e8ab74121377cf88a4742dd0d7a99cf06eb9c2b4fe2b03423dbe441201144c22a9fc0ca49f5ef614987a2271cc1089d10ee01b25163c090a1f263797e4f130920cdc3b890a078e8abbb070ded2e8fd717f4389f06ff2c10d180":"":"":"18d6fcd35457d2678175df36df5e215d" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"73c372f60519e8eca371eaa13fb54f88":"930c290a797b85d58b52d0d92356436977b2f636f07d5a80c987fb7eea6b750cceb9eb87860547ab4029865a6810fc5c3663c4e369f290994461d2e9c7160a8b5985853bd9088b3e969f988fe6923b3994040eeee09ad353b969d58938237cfe":"":"":"f62c7cfbe74555744790bcc7930e03c3" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"75ba8ddeef24f9f5b00b426a362c4f02":"7065d128ddb2fc6ea31f4110b6c0934ed112c51d74a4a0741a0843d8befac22902a01353322674c3d58935144a0f8f171a99dbeab71272ff7518c46cc7ebb573adbf95bff8ec68eeba5e8ec1221655aed8420086bda89c7de34f217dce73ccab":"":"":"700761857ea2763e8739b8f6f6481d1c" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"14051b57277bc3d3bbae51bdecfb9f5d":"82c80d922c47bbec0f664dd623e22a11a3b84d308351e45e30ee286e89547d22c43e17b3ca0fa08f77eef1001ba696932e9ee890e7aac4661c138e5b5ce36773d3120c35f8c94e0a78ffbf407a63ca435392e17c07461522fdc1f63f037aacff":"b70e7c1c4b8e0f1770e05b29a93f9d7a6540f23ab84136b05b161d85e5f19251":"5a737c128bd69f927f8f3ad68f93f6356d5f4ec0e36b6b50ced43dcd5c44dbc2":"a4e6c754194a09614994b36ecce33b55" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"4526b268128ea35f8558b4e1d08388f2":"952f3f179cbbda27ebd30f4fc31bf96baccb2adbaa9c090bc0f37044a44e85b3bc668cd3533faaf56b5da9242844d65733f7ac1f55c38b175749b88e18d19672b7bdab54e0ababdd4519fb07e0c25578f64ad40d0beb0a26275d5e2f4906aa70":"6b167c7cebea2e585ab974b60c4d305a113102ca8c3dc87651665728c4c675ad":"a038f1ca1f420eae449791f13be4901bfb91e41e052e02635b1f1817bd8969b1":"745ec376282e20fd1f9151f7040ed94a" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"c1aafa90f394e0ba9a528032dc6780d3":"75fd042bfd994de2c92e5aa505945ec93bd7cf366d86a356723fca3c9479ee17fb59c6ca8ba89784d43f06cdad113e5081e02427ee0714439d88dc1a6257fc91d99c1a15e92527847ab10883cc8f471cad8cf0882f5b6d33a846a00dee154012":"c704164ce80a400cb2f54d1b2d7efa20f32b699fa881bfc7b56cfd7c4bee1ea6":"f3baff4b6f42c8e75b70c2a72a027b14a99ae49a5a47c7af0f538843c94e1a69":"7af9113cd607cdb4c6534f401fe4e96c" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"e6e726b72e7b264a36ec0cd60d4578b5":"0c3c6dd706076d6484478347559b495d7ee898c39cde06027bc99f7bf69ce1140ca04602265e1308af6dd6446a1cf151749b22a99e8a05d30cc3ccd00e663bc1bc37e08ee62834fcc52a4bc8c1d6442544187484f81dc729417d5bedfcab5a54":"d84b978483c0bd8f8c231d92ea88ac21e6e667215804b15725a7ed32f7fc5dd7":"9a8971f6c559f7f197c73a94a92f957d1919ad305f4167c56fe729d50e5754a5":"e16ee5bceca30f1fbcadb5de2d7cfc42" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"0272d86db283244eb7ee0ed8c8054b89":"a08ce39f2f671e1f934821a8db9070f39a734a7a20e70307fccca17db15bb4e8a421600df11d1a6e7806a14826739322c8043649ea707180f1d00dea752c2c36398030519465864c4d38163f5b0dd5be07dbc0ae29693ad4a67ca69f28414634":"aa97055cf46ba26465dfb3ef1cf93191625c352768b2d8e34459499a27502e50":"dddd0007eb29fdf942220e920ca0637db4b91cbf898efd2696576ff6bfacb9d1":"9db0057e39ca6e0f16e79b4f8a0ed5c7" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"4ad8f72a0d0e28a758722b20e3017d7e":"89af36a1c53f730c1b818b26aa510627b17e6f9da51c8e53930de883b7cc7a3e8c3c463c910646ac3ff08f05bca8e340daf9a322d133ae453fdf7e6860a27ff4495c89875431ba9de3e4f3247cda8c62acc86f7066448f639d8ba8b5249337f8":"9d060b7ed63bdb59263c75ebe6a54bf3a4ac9c9926ca8fb49caa905a2651eead":"016099232dc44bb7cdb492f4955ab1aabc5dc0b5731447cea2eb1d92e41482d1":"4b658e95adae4bf0c418fded4431c27f" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"aa19b944c2e1b9d27933bc87322bdf14":"dc8c60dd42c85fed86cb32af035bbde5737526eb07991397c853256f2f0cb311bce70e1c5e32fc3510402d7d7e3de36fa5e584234daf391bc53cc651e001ab7fcf760679b3c82057f9d09bfdcab8e158d4daa63b20c0e1102f7a06bf5a2788dd":"6b98fec5f7de8098ff9df80f62473c73831edace832a767abf5965ea8bf789ba":"cc998bd5752f9c96ec35d9658cc8b3833dd6ab80c7accd6777c06c2cf7c01e59":"fc58833e0e27f7705e4937dd2aadb238" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"10c8c17a25041e2ef0d3cc80671e4cfe":"513fb96b6164ece801e52855aad28cb80131e7872d8432d27a974fb62d8d0100bb7ebcb8f5c066e230377a8847d6798c3d8090469b9719a80ac956ac33186b00eb8ca64c5530421f93932bc7c98ee92651e85dab562483bdb189676802726647":"240f36a0a598fe2116ffa682824f25acc35132f137f5221bc0ff05b501f5fd97":"22a5eb5aa00309a762ab60a8c2647eebe1083f8905104b5d375ed1661b4c8478":"145a16109ec39b0615a9916d07f0854e" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"cea0c3c12be683c0f27693650a6a3d7d":"df8bc70e45fe14abb02c1b9a9754c37497fc2f67709edd854196fc4d074b12797ce7cb292f14cb1d6904abf32bf229299db5ccf5a791a3b8cd3e40a64f38f6b57df759a863e09d7676d2f3ff2762cdab221151000dba32a67f38cab93d5b7a55":"bf2ac545d94e318066ff88f39791a8385e1a8539e99ac4fa5a6b97a4caead9d4":"846efef8672d256c63aa05a61de86a1bbc6950de8bfb9808d1c1066aef7f7d70":"8d8f0389d41adcac8ca7b61fc02409c3" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"1b782af2545352631983dc89945ffc37":"51930fb7095edef3fc20aca2a24127f03d3c4b983329e013ad8a35016f581dd7b2d11bafbf971c1fdefd95a0024195e6e90a60ec39b1a8dbe0cb0c3aabf9cf56b662efc722b2dffa6c3be651f199cbc3da2315b4d55aeafd1492283889e1c34f":"1b6295986f6fb55dc4c4c19a3dba41066fdc0297d50fb14e9501ba4378d662ed":"6e66ff63fc457014550b85210a18f00beab765f9e12aa16818f29d1449620d28":"78dfcb662736a831efaa592153a9aff9" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"6580f6df5c8de7c4a105c11ed44435c2":"d37403db6f84a7ba162e1cc351fe2e44d674ae8606280c9dac3e3975f30cbe1c9925e502a9804b91aada5cc97b259b90ccb5b8103394d9a28f0709fc9b5ffe9d73ad3672e02064ea68cebe3face5d823ee605c46c173db591135f564558dab4c":"97486a5e6ce6c6cf9d3f9a313d346cbc34b2bd54db80c5f8d74d6f6939f89519":"8377fcb52556f9974f1aa325d6e141d7b81355bd160abbc86e0007571b3c1904":"77031d3474303470dca9336b1692c504" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"f5303f148d6d6faca90aa88b07ab2ba9":"a0de51b8efa44b8245dba31d78f7840b2b7abced4e265b4cd9628eabc6ebbccb0f118dd8cc958b36dc959e22c4a03dafa212eeedec7d25ee6c5961187bee83b1ed3a75c7bdd9d0713b16cc67e68231f4cb274c8f3dfcc7e5d288c426a0d43b8f":"8d1fddc11dbad007e9b14679a5599e5e8a836197f14d010f3329d164c02d46d6":"9ceb6570568455d42a7397f8ca8b8af7a961a33a73770544cca563c04bc919ca":"9882f0bd1f6129a78b51d108e752b2d9" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"5a799c58985aa2898cc8fe8e5bc4a9f8":"dbdbef9d217e9051025c321b628c1cc823d508ffdd13fc4edbe8677658a57ef5b64395a6b7d62c0e93dc0956ee0217ec48ae054f1d4680023cc1b2af666efa9e1458cf6b0dae72eef2392e93687bd1fb5f366bb2cdd12937ad09724e39db4189":"8c179b35739e75719e74f7c3e038bc06eb3e212d6ade85275cfebf12b2dce2a2":"af617f2e228adde3edaf52a7e5979476dbb9cd2956a1737d93a16563bbbb4888":"49a04f3b4ef052747c7f4e77c91603e8" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"8f5b51983a8156a529f559ac3afebbf0":"bf22b182d39622e941017285adbdfe446c3d1a72601d0e5a15674f3b1b260170b1b2ab6b588a0267d86776a5d4ce80e132d7135a581af75ea6de65153680e28ce35ce78d0917b4932000d62260149e5a3ae72bc250548390b664f53c697dac45":"4cbb5b2d6e666d5dd3dd99b951ea435cae5a75d2e1eb41a48c775829b860e98b":"a4b4171c2592516404434932ad0a8ee67bd776a03479b507c406405b3d8962bc":"cab49631733f06e3fb3e0898e5ad22e7" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"9f305a77cbaec1ab408cfc0eb89c6cbb":"1e50fada1e76a0d243e6f64c36a173ddc1f47a1dab834f5cd492568792958d5be22cce3110c8e8958b47f07b5c63f86b254942361d4d553e47d36103f47cd7f0bbee27d2e238b1d85671afe8284ee1fd2a431a5f69b2df73e95341c3a2e4fe4b":"c254f3b40e773eb09053b226820f68cafa3458ad403ad36f715245a854752a93":"699e177b7be3353c45ce7b7a0d573b00087d700a9f2c1cd2e370e05d4ddadc86":"bb6b02b25a496f29245315f58a16febc" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"e09f65dcffc0d3a4d84bacc41617a4e46ce5184eca011049ab657566f728e4aa28315ffac166ebe50e1269b01c95b3a2":"545a783ae97d827ed0b81d9752ad0f7e965f511b1f5dae0f872e9ec37cfe63af86c1d15e153887989b605773b16ad5505e65f617cfa8ef46547c4c3f9d0c4fd0b6e1cff5ca0f1929266fe43ba8f45ad664cfe5e90903a9cb722b42ae8989c148":"":"":"1e77d7cc18775fef9a3d3e00903da01b" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"056cd44c8847d89da05fbef95e9660d589046b0c02f9b42c17fd8b069f831c73cd896005ec080113589b6f07be6e42ea":"dde6c0850fe642602eb222ca7371213c598cef8c3e71e0593ea8edb54e1bed130b9b0aebe0893093b950c52f56eb9b338aa4bd01dae030515726ece1bf751660b4a3602da6400e4b94edebba646b5c3d4e64ceea1c4f14b7a19f0142783247df":"":"":"a790ab939e63555d02ea1e9696051725" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"73c72c7dfe138ef4b9817d41b9722b3940762b59bda26b3f6bb8b30583e01d088a29726b71d36ffeebdb387010cb1bb6":"6fe09520e26f5abece0fceadc54913c650a9f55725af45a9a5f373d09b9970b8706b9041d0189a204f6a4eb527dfa86584a3bee3265b809c3932ae5e7228194a3cf7592fc9301c833b45a53be32b9caec9f0f91ba86519f12b0b235f68419c1e":"":"":"798d997f46ff7cc4206994085340325e" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"cdba7c7033c34852b7bc1a6b33edab36f41d563bd0395d1001c02ffc0c42ec8595ed2b5ddabc923372e3b6bb457833fa":"532960c23c8c8b2146576dde52fadc985134914abf42ca1c5f47206937fda41289ae5d9f935dc4ce45f77cad230a4f345599e3bae4071188324483a0b93593c96d8b6ac6c0d8b52f8795c44171f0d8cd0b1e85dc75ce8abe65d5f25460166ba0":"":"":"9d48160aca60f1a82baaa8a7d804a3d8" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"02cef01aca992f60aa12db4b2c441689e4972a6f9deaf3663082afed642c1502b67b42d490af1c52c7e6eaf459882eca":"9216c9a833f81953792260a688eb7c3dfc85565ae6a6033203741a763db056247808e0ecd5ba1fc4549c3a757eba535adc786e810ddaae9a2714d31f5154f2c3ee81108669f1239f4f4efd6e18aabfa2d88f0ac25f4740108f6cfebffeb2d857":"":"":"d6378bcf43be1ad42da83780c1dab314" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"d7d80084e9d1fbb9315c3bce1510dbf22cf11fa54177d913a3b04b64cb30957395bd6f3d7e3d866d1be41b29db9ed81d":"80d4741e4e646748bb65e1289f1f9b3c21bffec4d0a666b301f199d76b4a83464583057079b069946b03d6ac81ebf9e6fa8d4081120f18bf58286a0c4de7576f36f3c7c353126f481a065ac28bdf28e13cd0c1e7911db6343c47d613f1750dc6":"":"":"9165a92ed92248b2d237d9f46d39bde8" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"df5a68d3bede467fd69716f5f8fbac297594b8573921afb864ba76aaa6dd89e83b89e359a5a0dd1aac9b4acb9573d218":"52df6336f93781115c2a77bd8f99cb717871fe14707947a21f6093dd9205bc378acf61329f8831369b4b1af0a9edfb25d74f5863f26859ad9c920767b113c47ed2690053bf9a2f7c7a67a8d680e08865720b9e9f7b6ae697e3c93e66f24b6ddc":"":"":"c542cf248a163bbceee7b9f1453bd90b" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"2945527372ff71edfa5776f55f7e4a247544aa6de974e81b2eba5552843ab6dfa248695f4f3225a43d4bf3672c3a6b2e":"aa560af2132cbd0624a69c7a7e733cd59a4f2d4e61d2b830087bd88f30fa792c7e4d3168fa86a10f7619d5b9dcf4f7bb08b350ba6a6bfc0fdfb7ee7aca07260c9a11abe49963c36efaefa94d2978ed09472bf93cc873d0f24c000762bb1402cd":"":"":"33af0134eeca279dce5e69c2cda3f3f4" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"b30cb767125674f6099a5cf7cb2e4f5b6c1cd1e32ffc1e393b1c5698b52b37f971f12521a7c1ffaaf3233d5391bc4c86":"2d42b00248d95d9378a2aece40d636bc1ab22edaaa64daa34335195a9efa4c1b58f13ac184ca2be52e15c3a977abde2aa505243fc106c4ea6f0671fe0f209b106ea8965645af73d8ebb8a80251db2967149c701cfe1d157cc189b03bf1bff1ac":"":"":"1e10eff9ceebc7e5f66e5213cb07fca4" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"c962a2da4524f08adcdd5ceddc04e669ad6154aee06164645e80c832506b98f9919451c7ec1d3a6a9704f83def8f6e2d":"a1ff68a85e437475b1b518821dbaac1730071a4ddd3255361778194fb0cfe3293e38df81527d8b8da15d03acb26467b6b53d7952441b79f95b633f4a979d998fd0417b9193023288b657d30c0cb2dada264addf9d13f1f8ed10b74e2dd2b56b3":"":"":"58990069b72b7557c234d5caf4334853" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"a3cc1fe561d03a055e8eedaa0e713be490c4bd4c6839a5b98c2ac0139bf215bdc46783d2a3e6b9d15d9b7a8bfe15104b":"207267911c12125cb3012230e4fafd257777ccbfb91653f77e4c1287574f9b79d81af7fb304790349dd457983cc99b48d5f4677ccd979fcc6e545cbf5b5c8b98102c9a89ae354349dbdee31a362d47c7cdae128034c0f4c3e71e298fe1af33c6":"":"":"ffd1d259acd79111a6fb508181272831" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"ecf186071b81e0ed384d4ebfb5bf261b4054e2e6072b51d21dfb6817adc51ff1c8956ff3612767538cdc8d73fade78b3":"3b9aec9f8bf8495004c5e4e731e5c347988e787caf003f001e68584e3510a6abdedffa15895702c2d57c304300f4f0af80a89bcc36b3cea2f08a0740236b80cfd2ea6e5cfe4144bc4ae09270fb6bc58c313dbaaedc16d643fc0565171f963222":"":"":"a2d917f5ec39a090b55d51713006e49d" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"3fcedba86089709aa638d00713150df781d4a93e85f155338e90ff537bcbf017f37a2d62259f5d8cc40ddfb041592539":"6b1e9d45c2ec598de7527b6414a339f26192fc4e3f5eff4b3a3e2a80ee0f2e9743031804d1be12b3c7ff6fbc222db1d97226890addeef0e1579a860e2279292c2f769416b7068f582f6ffc192ae4c4f1eeb41d5f77f0a612b059c47aef8e3d8e":"":"":"aa414799c51957de97c0070fb00eb919" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"f4c45fb8f58b7ebf73a0cd81c6a26686977558d4b8bf1cedfc6bd3754de6aaed5008fd72208437c54d8feb9a16ce3224":"6d170cf472ea07da6146a7087ed15d3f5b6ad72b8c99e46bae3b89e49a6e63467199ee16096516c2362dbd181bf5343a29fd0932d72eeb019fc3bfea3a3b01ffc2b985e341cfb6479d9dc71e2197b5cffc402587182e5fe93b5a8cf75eac2e42":"":"":"f557f627688fe63c119cf0f25274aa74" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"7120742a7807b66c5a9b50995d5494a5b9451bb795393c0d8a30ae665879269408f8297d49ab87410a7f16a65a54b1cb":"c08a6f9797ea668cd14ba6338cb5d23c0921e637e66a96259f78e33e45aafd035edb44394cb459453b9b48beac1e32d3b6f281473cda42fb6fd6c6b9858e7a4143d81bfc2faf4ef4b632c473be50a87b982815be589a91ca750dc875a0808b89":"":"":"521973eac38e81de4e41ccc35db6193d" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"add2bbbab76589c3216c55332b36ffa46ecae72072d3845a32d34b2472c4632b9d12240c23268e8316370bd1064f686d":"6168fc1af0b5956b85099b743f1378493b85ec93133ba94f96ab2ce4c88fdd6a0b23afdff162d7d34397f87704a84220bdf60fc1172f9f54bb561786680ebaa9bf6c592a0d440fae9a5e0373d8a6e1cf25613824869e53e8a4df56f406079c0f":"7e084abbe3217cc923d2f8b07398ba847423ab068ae222d37bce9bd24a76b8de":"946bc99fab8dc5ec71881d008c8968e4c8077736176d7978c7064e99042829c3":"224ab4b8b6ee7db19ec9f9a0d9e29700" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"8964ebde61f0c4e23f8e91244ae9682ed0b17e424edd4c025b461a2d209a538583f29465df3f89cf04f703b771ff5c90":"4db8e8a27fe7a0378e37d4cc01b6a465d34be91f48c52fdc1023ef2ea1241082f522805bc8777fda6c10e3d441b58f648edcd7d4df3df8c8a398d7b005c4fd6f41c9b033bd38fc5f577069251529b58273f6a9175feb3978798fdeb78a043232":"5eb3fb44784f181852d80fcf7c2e3b8414ae797f7b9b013b59cf86b9d3a19006":"3eec358f7f9e789e4ad5a78dd73987addbf3ae5b06d826cec2d54425289dc9af":"9a66c015d2550e3f78c44b901075fabb" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"98784aa794df5400890e6803f06d886aeb0833b1fea28a5f7952397aa21092ceafdb9194079f3609bc68233147c778e7":"7338521e8e127e70da259b37f5f5cdf83079bdb4024234b8ceecfba8d8c3f1c8510ff91f3bd08f2c54f11b534048a320a15ba0fccec8da34d4ef7f49ade4847814c859831907992d0adab27046324d4d9a853eb986b8de25b34ea74eb3d11048":"b14c5314aac11cb43f45730e474b84fbf5d1480d94d0699b80e3570f6636aa72":"d6208912348236feee1d258092283dd9db75899769dd109cc2f0f26d88dcc6bf":"5ec75fdd1ed3a742328e11344784b681" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"fe9b7df306c4ccd02afd6142c6650418325617945147de436a55e78aa45866116d6678e013a0e2c5a13e0d01fbd84039":"c4da56f4239fde0bc49b1d852cb36c80205f9e99e5995a80be04bbbba15f25b8d054c397a34cff1326a71f0acc4f7942795cabc3fa46339dc54b4bf7f11c095af8503004d97c485acec8815d1404674592c896ecfabefcbf222f4fe5a3ced0af":"086d09a6ee20c69bf5c054ebc6250f06097c8da1a932fb3d4b1fb5f40af6268a":"44e64b14c49ebb75c536329bb41ab198848849ca121c960db99f7b26330b1f6d":"7aa3a7e159d194399fc8ef9eb531a704" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"c0d47ee2328185df2c299d270e11fee26df753a5b4f899fdc0dff79eb50748232f9f79cf3f5e9bd4a26a48e743843b02":"a6b5dd5f1bad95331caae5852be50a26267af655c98feb8b66c45a8ae2ddfca270ab0d8023e43e6e22a7b5904d63482f045e85556b9c105cde0f3eb7b1fff1026086c80b195196803b5f664362b659578894d6551fb7c4566eec02202fdc298f":"3b575d028046e7f6005dfcdfcdcf03ff77a9cacd2516bcdff7f3601a9a951317":"f13b58daed46f5bf3c62b518ab5c508dd2bc3e33d132939049421ff29c31c4f0":"8469dfa89453d1481abedd6cc62e4e44" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"a0db812a939fbf3942b00be018cff4578b9fb62629c766a50f3518fe634100b1cbc4244ae843fe32125c53b653705457":"7e3dca20a7a977b6616a684e309015cf6a37edd0d85819fe91d074c915b0c9540a8aa486f58685b064851d6164150b1c1b0e2e545c6358d28b2f5263b2fd12c503d271ab6de76d4fa4c604cae469335840328008d8ce5545586b9ea6b21da4f9":"554b297bc32866a52884fabfc6d837690de30467b8f9158b258869e6f4ed0831":"4f688cba5908e0699b33b508847f7dac32f233e6f02cf093efdacae74259f3b6":"9696dd6ed5875cdef4a918a6686455a8" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"ff6cd20443a32c9e938f2a617bbb969ba54040b12723b0d452a669b584ba16ffaacbe38af62b5a62e0c67d165d022344":"efcf7536f32932526fe82b3a2333508404727878723fc09cbd902581d82463cf6acf1ddf4217ea6404469193e8db0e7e8c864ae655b49c6a095f80f1ab16985453f0fb729c119d8a3b820034626a93b1f70eb99b6cd8c990dda34a1c6a4b6eea":"8d412208091b987ee0781ff679c50dbab9ef389156f570f27aaf3e699bdade48":"501381ce5e7718c92ee73e9c247965dd5f0bbde013c4b5e625e9af8907e40566":"4f323934adb8a2096f17d5c4d7444078" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"bd14779153ed9696d3e5143c50b2050b6acd3ea2f8b670ef0e5f4bedf01705727bf9e64ae859214abe6ef497163f0236":"bfb0931b05a3fe232614e1b1c3060b3b07fb75d23ac10190a47a7245a6ecad5f3834e6727b75acc37e9d512d01a4a9cef6cb17eb97e4d1d7c1df572296972f0437a89c19894f721cbe085cf3b89767291a82b999bf3925357d860f181a3681ce":"0b5dc1cdfc40cfdc225798da773411dc9a8779316ceb18d1e8f13809466c6366":"843eb7297570e536b5760c3158adb27c0c426c77d798c08314f53b59aa72d08b":"1e703f3122455a40536c39f9ea3ceaa6" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"64b155fd4b8634663a7e8a602e2b9fe2477be74692643ccfd0b316a025ea6f1fc0dfd0833248cb011082be36cba3c5d1":"a5b15cb1e039d7bbe2db80a32d4f402c7d3c59a45b05255401d1122770dbdb9894841964d5cadc9ae9af007d63e870d0510078885ca402bd222f16d2d27892e23292b65cf370b15d5e5a739ddd13e3e27f7c2e2b945f8e21897c3bbf05d8b043":"aea2fe995be77dfdca6ebaa1c05ba4c84d0e6b9a87905c398a3dfe08aeb26d38":"f4e9e7eb0eea4e2d419de6ad2909d36ec06c79097884bf98981e86dedae366ba":"4a28955dc97936b1c0aed0751a1afed5" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"e6c08e8b8d8e418477087911610096f7e0422083a376a77198e9c60fb2dc8c14aff33d7835878b65322f1561738b1ebb":"d4e0347c2158b882eb1e165f7f2aa1324d6606fe259ca730b2a3367435cb93b89108e49bd97355215063f63e78e8926b264c8a97571fd4d55882364915b7bd544254c25c2b67cdd979737c7811bcdeef5b052d8fe05a89b3291ef669d5579a61":"6607541177bc0c5f278c11cb2dcb187fc9f2c9a9e8eefa657ba92dee12d84b07":"7a439c8593b927867cfa853949e592baea0eeb394b0e2fe9ab0876243b7e11e2":"420888122f2e0334757c4af87bbc28a4" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"4413ff775c9b7d9a3003e0b727e34554e0f615471d52aeb4a059777b372d60332a1a4bcaf906e598581bc5a369b2c933":"a21cf567362fed0edddfd0b1c2d85ff6d2db5484fca8bf90a82da2ab76efcac9286e417628496f37effda150ef4912125aac68aac72e6f900a70192d4ef0b4cc4e9419c93ffb245965ae30c5f8abe20f732d76080bde5a1c6b3f075eb35622d1":"b924d145fc3ecd76f000f12638ef0a49a5d4cf887aa93fc9e5c536febc454f2d":"73dbb40b257e6598744f9107c8e7ff51a080407fc9e80d39d9a4db94f167c116":"84457ea753771ad7c97ce9c03ab08f43" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"5e409d56afb6940f9ffa45e0f92ef4972acedd3557b8e0f5418e302f2720ae5289294176045ad3096ea68db634cf5597":"c5a63c886af7ed7496473a6ae2f27f056c7e61c9aca8c5d095af11b2efe1a6b43344f92b37c7b6977ddbef1273e9511d9305fcbe7f32bc6a62f28d34841350362d2717dd00467224a35985b9fecc2739acd198743849dbfa97f458e2e7d6b1dc":"7fda133a23e929b17548a05013ff9c7085c5af9c979057b8f961ba7514509ff3":"bd061292b6bc3d3e71ed01af091f0169f70f23862efccd9e76345ff607dff3ec":"75b35dab3ad5e35c10ee39529a7f840f" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"ed2a52169791d7c7d332cf258ea4847c359335f9a6839ee767a8f76800ba28e94858cc9b7f526e62a93603fa2b1caa6b":"0a6155ff422ff6ae9814f81bf353bd3454d0c9892f9f3d730dcd8c87626f813cbe1dff1922fe73e4a319be53f4ec05e965c27f239b1e51869069a7e7cdd916fc1fd6f640bfe4b761a8040f8db37fb5ee7508e7d226c7695fb2a8bd791fe49ef2":"14073a1b4f07f3b594fa43d0c8781b8089dd2d9b8ad266e0321aaa6b71a0d058":"4247fc6886e8657b84369cf14469b42aa371d57d27093ee724f87bf20fa9e4e6":"f2aea2bc23e7c70f4ee2f7b60c59d24d" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"f0d3a46501da7ab23d8688725f53f4289ce3bfa627646fe301533ec585f866caafb8131e95460566270f68cd25e1f153":"223d49f99a56cfcf2eb8cca39a8a82ee306c6272d521257f3d7d2a87699111e442fc55a399994d57373141f2207d43a8bbc1e086d67343b7dc2a891853c860fe43fb6be32cf035aca582bf5590cb5001b09b4976ea617fa7bd56da81fdef2df9":"7d12673cad5ad5003400fb94547e2b987e934acf6b930c0e7aec72634bfb8388":"e8583b9983b3ac589a6bb7a8405edfc05d7aa5874a8643f9ac30a3d8945a9f96":"ce72c0ea0e76be6bc82331c9bddd7ffb" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"1e4644df1d01f9a0f31d1d0c67bc9fb9a1ee2223fbfb25520d3881cde2b183b73fe1a8cc5f17796cf22aaaed57607420":"cdac62b5e4ccee8609b1f4b7a8733e69068c71219b6292ecb318b9d3479516807af280cfa20e455d5e96eb6794a3b963957f3c099fd1e1199706d36a06011836af890f3b7b15cda6346a06fdd0f194de40bfbec12b021b02eeabaa34d35b30a3":"8169251ea55cce534c6efd0e8a2956d32ed73be71d12477cea8e0f1ab8251b50":"865d14cb37dd160a3f02f56ac32738f9e350da9e789a1f280ee7b7961ec918a7":"ff11ba8349daa9b9c87cf6ab4c2adfd7" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"1b54b8ff0642bff521f15c1c0b665f3f":"5a194d5e2b31581454def675fb7958fec7db873e5689fc9d03217c68d8033820f9e65e04d856f3a9c44a4cbdc1d00846f5983d771c1b137e4e0f9d8ef409f92e":"":"":"":"a054303d8a7ea9889d903e077c6f218f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"90bc3b555b9d6b6aeb1774a583f98cad":"93b7055d7888ae234bfb431e379069d00ae810fbd48f2e06c204beae3b0bfaf091d1d0e853525ead0e7f79abb0f0bf68064576339c3585cfd6d9b55d4f39278d":"":"":"":"aaf27fc2bf64b0320dd3564bb9b03377" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"4a2a7dcbde58b8b3c3f4697beb67bba2":"58364ceefad37581c518b7d42ac4f9aae22befd84cbc986c08d1fb20d3bd2400a899bafd470278fad8f0a50f8490af29f938471b4075654fda577dad20fa01ca":"":"":"":"20c5117a8aca72ee5ab91468daf44f29" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"911faab1347ae2b3093a607c8bc77bfe":"2f044b8651e1c9d99317084cc6c4fa1f502dd62466a57d4b88bc0d703cabc562708201ac19cdb5cf918fae29c009fb1a2cf42fd714cc9a53ca5acb715482456a":"":"":"":"aae0c0ac97f53d222b83578a2b3dd05d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"f959f1bc100ae30088017fae51289d8e":"77d0f0efbc7ca794a51dff96e85b8e7dfd4875fbfb6e5593ae17908bfbddc313e051cb7d659c838180d834fdd987ae3c7f605aaa1b3a936575384b002a35dd98":"":"":"":"5d80bc3fffa42b89ccb390e8447e33e5" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"45a8bb33062783eede09b05a35bd44dd":"6bb14dc34f669759f8fa5453c4899eb5ac4e33a69e35e89b19a46dbd0888429d1367f7f3191e911b3b355b6e3b2426e242ef4140ddcc9676371101209662f253":"":"":"":"0dfa9955a13a9c57a3546a04108b8e9e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"0ada129f9948073d628c11274cec3f69":"b3d01bcb1ec747fdb7feb5a7de92807afa4338aba1c81ce1eb50955e125af46b19aed891366ec0f70b079037a5aeb33f07f4c894fdcda3ff41e2867ace1aa05c":"":"":"":"f34710c9ebf9d5aaa5f797fd85a1c413" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"052a5ad4cd38de90e5d3c2fc430fa51e":"98482e58e44b8e4a6b09fa02c05fcc491da03a479a7fad13a83b6080d30b3b255e01a43568a9d6dd5cecf99b0ce9fd594d69eff8fa88159b2da24c33ba81a14d":"":"":"":"3f55144eec263aed50f9c9a641538e55" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"004cd2f28f083d1cee68975d5cbbbe4f":"6238d448015e86aa16af62cdc287f1c17b78a79809fa00b8c655e06715cd2b935bf4df966e3ec1f14b28cc1d080f882a7215e258430c91a4a0a2aa98d7cd8053":"":"":"":"b137119dbbd9d752a8dfceec05b884b6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"f985b3ea2d8b15db26a71895a2ff57cd":"50d3c4ecb1d6e95aebb87e9e8a5c869c11fb945dfad2e45ee90fb61931fcedd47d6005aa5df24bb9efc11bbb96bb21065d44e2532a1e17493f974a4bf8f8b580":"":"":"":"eb419628fbc441ae6a03e26aeecb34a6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"100f196991b6e96f8b96a3456f6e2baf":"d27cbeac39a6c899938197f0e61dc90be3a3a20fa5c5e1f7a76adde00598e59555c1e9fd102d4b52e1ae9fb004be8944bad85c58e341d1bee014057da98eb3bc":"":"":"":"e3e09d0ed827e4f24a20553fd1087c9d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"88f55d9ba8fef7828483298321133fec":"16f9f5354d624c5ab1f82c750e05f51f2a2eeca7e5b774fd96148ddba3b38d34ba7f1472567c52087252480d305ad1c69e4aac8472a154ae03511d0e8aac905a":"":"":"":"07cd821012ef03f16d8510c23b86baf3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"126479abd70b25acd891e1c4c92044f9":"70afbc83bf9ff09535d6f0ddc51278ad7909f11e6f198b59132c9e269deb41ba901c62346283e293b8714fd3241ae870f974ff33c35f9aff05144be039d24e50":"":"":"":"0f90df350741d88552a5b03b6488e9fb" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a45f2fca553089fe04e7832059dc7976":"5e5a9e1e3cb80738c238464ede1b6b6a321261a3b006a98a79265ad1f635573bba48dccf17b12f6868478252f556b77c3ec57a3bf6bb6599429453db2d050352":"":"":"":"6eb85ae2406c43814b687f74f4e942bc" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"52dbb43241002415966eaec2615aba27":"31cfe60e5ed12ff37d7f2270963def598726320c02b910b5c6c795e2209b4b4a95866c64cb097af1d6404d1e6182edf9600e1855345375b201801d6f4c4e4b32":"":"":"":"2a270f5ef815665ddd07527c48719ab1" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"176200bb44808b5400b24e1b5f56cf73":"f84d395b1734eac4600dbc36f6b1e1599bc7f2608dc8ecb3a55369d7b1b122a09f5ac9c16d9a2be37d2ff70a9bba732fc3785b23ff4ade3c8404da3f09f95a8f":"aef28c9169e9af74c73432d4aa6f5dff9ea4a53433de2ecb9bf380a8868c86e1":"0626ae19763c5313b627a8d65cf1cfba46dfd6773242738b9b81fde8d566ade1":"63c160ed6a6c1fffd0586f52fa488a9055533930b36d4fa5ea3467cda9ffe198":"e8f91633725d786081625fb99336a993" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"19c3d16197ac93bf58c4110c9e864804":"50755cc0178c68ae70befd7744f6f1e3f6a59b3bbe484a744436079c7fae8d83c4965516fb952c63e1d0561d92cccc56037465815c9e549c9adce4a064877128":"5cb82d2c297404f3db1909480c597dd081d94ca282ba9370786a50f3cbab6a9b":"96d130faf1a971920c2bf57bcd6c02d5a4af7d3c840706081e4a50e55f38bf96":"1b0d04f179690a30d501e8f6f82201dbab6d972ece2a0edfb5ca66a8c9bcf47d":"4628b26492e5cb3b21956d4160f0b911" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"4b1edd0f53bf4e012def80efd740140b":"e50c31ebbb735c4a53fc0535647ae1fff7a5ac4fa4068ba90f1fa03ca4ddedecd5b1898d5e38185054b0de7e348034b57067a82a478b0057e0c46de4a7280cd9":"e7154ec1f7ac369d0bd41238f603b5315314d1dc82f71191de9e74364226eb09":"9444238bd27c45128a25d55e0734d3adafecccb2c24abdaa50ac2ca479c3830b":"ab2488c8b7e819d8ce5ec1ffb77efc770453970d6b852b496426d5db05c03947":"a488a87c04eb1c7586b8141ed45e7761" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"1f89c914649ae8a234c0e9230f3460f9":"5e029c173dc28ab19851a8db008efbcf862f4187fca84e4e6f5ba686e3005dba5b95c5a0bcf78fb35ada347af58ec0aca09ed4799cd8a734739f3c425273e441":"b51f5fd5888552af0e9b667c2750c79106ce37c00c850afbe3776746d8c3bce1":"9b132a2cbffb8407aa06954ae6ebee265f986666757b5453601207e0cbb4871b":"f1c435e2ebf083a222218ee4602263872a2d3e097b536a8cc32a5a2220b8065f":"a065cc203881254ca81bd9595515e705" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"0ef2be2d00a16051404fc2a0faa74fdc":"b66c882ae02c5215ed3bcd9e9a40934b09bf48a15fe7558c9d9ceb0ebec63625ea18f7c3ab341d9f7edd8e1d8816edecb34dbd71ae02771327b5ebc74613dadd":"1ebe9893957a5c4a707793906d31bb201e88d88a22abd6baa6461fc61def7ffb":"f81e26744834413cb95af8d438d0050c7c968f929a33e35ee5c6715a0a520950":"687a848b2b6c715a0e613b3f3bb16cf2f056543eb9dd6b8aee8de8aa6fd8a1e6":"a6c4a7e99d08cc847ac0b8c8bcf22ec0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"eb2439d156c4f51fb1943c26f27de8af":"ad153fd266d9f73b21f4e5e88d3d13ba8325abdec427d5d8f671cfccdbd3510e9774d59a14d9b5472b217b7bcf355436a51965d2dff7c4ac586ab812f20d326e":"e24bd6b69a40fa0a02cefbbaa282f8f63a80e154be338d1b913418d4ff7a810d":"fd40baf11d7cdd77641a2b46916cb0c12980e02612ef59fb6fe7dabbbe7a85c0":"a40019e3b85d7d5775e793dd4c09b2bdc8253694b1dcb73e63a18b066a7f7d0c":"7cd8d2710147a0b7f053bb271edf07b5" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"b23796d88ee5ae75ff2ba4fbbd5e2de8":"b249d2d9b269b58c5355710aaae98be12d8fb2e79046b4e6deeec28adad7e789999847e20de11f7c3277216374f117e3e006bdf99bb8631aa4c4c542cd482840":"79f0214b6b0c5ffb21b1d521498b71d22c67be4607c16300ab8dde3b52498097":"582be1e080264b3e68ec184347a5b6db1e8be1811578206e14ad84029fe39f71":"f5e9c3356810793f461f889d8c5003b1c0b20a284cb348301ce7b2dd7a1c7dd7":"1aa8cf54994be6b329e9eb897007abf0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"081db0b1620a56afd87c2fd2bebb1db3":"3f1e90d88870a0bd03364036b655495e3e7d51bf67fb64ba0cbf003430af5585f5936b84ab3b8a55c02b8b6c54bea09cf2d77691858c5818991383add5f0c644":"5b98bc83ae8bed5c49cb71689dc39fee38d5d08bdfa2a01cee9d61e9f3d1e115":"aad3e58fdd98aa60fc2cae0df3fc734fff01a07f29f69c5ffeb96d299200d0d8":"bad9039ebb7c3a44061353542a2b1c1a89b3e9b493e9f59e438bfc80de3d1836":"8d01e3dc48b28f016fc34655c54be81f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a8427443d9c34abcdcca061a2bbcff52":"b0e9b2192adc8912653d90a634d5d40c53ca4383290a8764bdf92667f859d833c3e72ad0ff41e07fe257b1ead11649be655c58a5df233114e7eda2558b7214d7":"c6cad9fb17ada437d195d1f8b6a7fa463e20050e94024170d2ffc34b80a50108":"be461a9c1a72ebaf28ee732219e3ca54cbee36921daaa946917a7c63279a6b0e":"b6d110d6b746d7ccf7a48a4337ba341d52508d0336d017ae20377977163c1a20":"16ccd63dbf7b24b6b427126b863f7c86" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"86bd02976e6c50656372b8c212cf0a7a":"89900b0febf6b4e19ab8fc5babb4122a8aad86d658d0c2f98988c99fbd8530ff4ad365bd5fddaa15f96537bd72deb5384405b610e6ebae83e848307051fd6c82":"41bf3794ee54647a48a2588fdfdea686f1af6792e957d42f181f2631b207ac0c":"c4478afbea4eecb225448f069b02a74c2a222698c68e37eb144aff9e457f9610":"41a99e0d3f5b767f9bedcb2f878a5d99d42856bed29042d568b04e347624bf7f":"863337529aac9ab1e9f7f8187ea7aa7d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"e809ef8d4c3d82575833d51ac69481b2":"3e831b7715ce202c95ec85337e2c0061d972169955bd96fbe1f758508c0336b3226260ea5e66f943b538eb115ffe4d5e534cbe58262a610528641629bc12fc75":"4d40c6a961168445c1691fea02ebd693cb4b3f74b03d45a350c65f0aaccb118b":"b07dc50e6ca7544ed6fdebd8f00ed5fa9b1f2213b477de8568eb92dddaabfe3f":"cbac982aa9f1830d0dc7373d9907670f561642adb1888f66b4150d3487bf0b8d":"2814be767d79778ebb82a096976f30db" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"ad71caa50420d213b25f5558e0dc1170":"6a3fd23e7dc934e6de6eb4cc846c0dc3cf35ea4be3f561c34666aed1bbd6331004afba5a5b83fff1e7b8a957fbee7cd9f8142326c796ca129ec9fbacf295b882":"3042dd041b89aaa61f185fdda706c77667515c037f2a88c6d47f23ddadc828ae":"9b1e3f72aaab66b202f17c5cc075cfba7242817b2b38c19fe8924ca325b826ea":"8660b503329aaea56acdb73ca83763299bac0f30264702cb9d52cbaf3d71d69d":"c204a3174784d82b664e9a1c0a13ffa6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"5fd6606b08e7e625af788814bef7f263":"baf8750e07194fc7172c736e0fdea0a632810d45602dff17ce37adf106d652f87e31b6bd24d21481c86444d8109586118672a6f93731b7438a3f0f39648b83a3":"3c37193d40e79ce8d569d8aa7ef80aabaa294f1b6d5a8341805f5ac67a6abf42":"c7033b3b68be178d120379e7366980d076c73280e629dd6e82f5af1af258931b":"452218a426a58463940785a67cb34799a1787f39d376c9e56e4a3f2215785dad":"561e16a8b297e458c4ec39ba43f0b67e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"08def734914ecf74b9eccb5dfaa045b8":"6697f889fcf6dae16881dc1e540e5c07f9461d409acee31842b04f93c00efbba670dfbf6040c1c2e29ad89064eae283fd6d431832f356e492bc5b2049f229892":"a6ac87af21efd3508990aac51d36243d46237b3755a0e68680adb59e19e8ae23":"0052152872b21615775431eb51889a264fed6ca44fa0436b72a419b91f92604c":"ebadf71565d9a8cc2621403c36e6411e7bed67193a843b90ccf2f7aa9f229ca2":"c83fa5df210b63f4bf4a0aca63650aab" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"6437862e93060def199029ff2182f1e5":"719d1afcb6dc8ca26cba6a7c10f59cf82345b2a0c631a7879812d6f2d2663b49f9e92daecb81ff7c0790205d66694526477d6de54a269f542cb5e77fe4bc8db3":"5c961db0ac2ea8caf62c9acc44465dcfb4d721fcb2cd3e1c76cdcb61bfaa7e75":"24eabd392d37493e306705d0b287be11a4d72dd4b9577ac4098ef0dae69b0000":"9e4f05c1b85613e97958bc3863e521331b2bd78fdf2585f84607bf2238e82415":"21aaae76dc97c9bf7cf858054839653e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"cd7a1981c1b7079c1c38f5aeee86db22207cb9faed8c576b1724ca7817aa6abfb26c42a019eb4c2f4064f0587ea2b952":"7f88c3805ae0857c5cbb085a5d6259d26fb3a88dfe7084172ec959066f26296a800953ce19a24785b6acef451c4ce4c2dfb565cbe057f21b054a28633afbdd97":"":"":"":"76c1cdb0b95af271b52ac3b0c9289146" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"0ccdac2fd65a86bf8f8e9ddcabffb9d29a935139f627c165a815b23137eeee94cbb21be86ac5117379177d37728db6fd":"6f61703f92d3192cd982b2e52a8683e0d62918d51b12e084deae06c4a8e08ecfb3d2d30a980a70b083710bc45d9d407966b52829cf3813cc970b859aa4c871fe":"":"":"":"e6c73e159d73c2ba8950cd77acb39c10" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"fbbcc4abfd671296de3e0dcf409a139e35deae126c1941bf1afcc8d3da3a2d65f54a6d317bb6d683a3a77f6266b007ff":"c662ed723e7041877542fdcf629533d4a74393eb4dae4f3ec06d2d1c0d37ed7f519609a8485cb8deb578ae4cbb45c98ef7f2f2e677363e89fb3744286db6bfc1":"":"":"":"9d934d34417c6d0858f4a3faacbe759e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"1b824790b6b22b246bcc1bcfbbb61a76045476672f917b72e79cca358e650eb29ed49fb0a5739e097f5f5336d46fc619":"c57a5686486ebacc2422236b19110c754795a869a8157901cf71303de1adc6af16a952190a395d6c20e155e690f41922f6f721dc8e93da81afb844f68714cba7":"":"":"":"13e7bf23d88f3bb5a5106a8227c8c456" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"2ea7861e374232cb8ceecbbd9a18fc1f63c31f833fe394f1e19c8ef61092a56f28342fa5b591f7b951583d50c12ef081":"6a0873634094be7028b885c345cd5016295eec5e524f069de6510ae8ac843dba2cc05c10baa8aad75eac8e8d1a8570f4d2a3cf718914a199deb3edf8c993a822":"":"":"":"c008f46a242ae0babad17268c9e0839a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"39caa986b82b5303d98e07b211ddc5ce89a67506095cad1aeed63b8bfe0d9c3d3c906f0c05cfb6b26bab4af7d03c9e1a":"f2059f7fb797e8e22de14dac783c56942a33d092c1ab68a762528ae8d74b7ad0690694ede462edbd6527550677b6d080d80cdabe51c963d5d6830a4ae04c993f":"":"":"":"202d3b2870be8f29b518f2e3e52f1564" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a4e25102c1b04bafd66bfe1ce4a4b340797f776f54a2b3afe351eede44e75c28e3525155f837e7974269d398048c83c3":"0a03b7d026fab3773e9724dacb436197954b770eca3060535f2f8152aa136942915304dede1de0f5e89bd91d8e92531b5e39373013628fea4ee7622b9255d179":"":"":"":"be21cab637218ddffa3510c86271db7f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"6de33a116425ebfe01f0a0124ad3fad382ca28473f5fc53885639788f9b1a470ab523b649bad87e76dee768f6abacb55":"d88312da6acbe792d087012c0bf3c83f363fa6b7a9dd45c3501009fb47b4cfcfeb7b31386155fe3b967f46e2898a00ecf51ec38b6e420852bef0a16081d778cc":"":"":"":"2c285bfd758f0156e782bb4467f6832c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"b8ab42fd3f6306426602cae0c48eb02ffa7053940389900c17846e1d9726251762095383f2ec3406b3381d94a6d53dd8":"6a7873ccb7afb140e923acbec8256fa78232f40c0c8ba3dcbcf7074d26d6d18a7e78fffda328f097706b6d358048ee6a4728c92a6f62b3f2730a753b7bf5ec1f":"":"":"":"13504a2b09474f90d2e9ef40d1f2d0d5" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"042b524444b9903c1ecb80af21eef0e884115561a15a1ab2f9f3a322edcbf14174f54d315196a632940c2c6f56612c09":"31ba5f801aeaac790f2480fbd2373a76ba1685ebebc5ae7cd4844733ec3cfb112634b3899104dcc16050e1206f8b3fb787d43d54de2c804fd3d8eb98e512bb00":"":"":"":"0a0484c14e7868178e68d6d5c5f57c5c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"632758f92efaca39615862177c267906ab0424230d481ee0a5aa1a5f66697d3918d4aab3f310b72a7f2d71c0a96b9247":"46dc837620872a5ffa642399213b4eebfb28ca069c5eaaf2a636f5bd647de365c11402b10ecd7780c56d464f56b653e17af8550b90a54adb38173a0b2f9e2ea7":"":"":"":"90432ce3f7b580961abecde259aa5af6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"7b389118af3d0f8336b41cf58c2d810f0e5f9940703fd56a46c10a315fb09aafd7670c9e96ffa61e0cb750cb2aa6a7fe":"76e92e9f00fc7d0c525c48739a8b3601c51f8f5996117a7e07497afee36829636e714dbcb84c8f8d57e0850a361a5bdfc21084a1c30fb7797ce6280e057309b7":"":"":"":"7243964051082c0617e200fcbbe7ff45" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"e50d38434e9dfe3601e7ea1765d9fe777d467d9918974b5599ec19f42d7054b70ff6db63a3403d2fd09333eda17a5e76":"c9aa4739011c60f8e99db0580b3cad4269874d1dda1c81ffa872f01669e8f75215aaad1ccc301c12f90cd240bf99ad42bb06965afb0aa2bd3fcb681c710aa375":"":"":"":"28499495c94c6ceec1bd494e364ad97c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"3253cb074d610db602b0a0d2836df1f20c3ee162d80b90b31660bb86ef3f0789fa857af4f45a5897bdd73c2295f879b6":"b06960a92d32a9e9658d9800de87a3800f3595e173fdc46bef22966264953672e2d7c638cc7b1cada747026726baf6cea4c64ba956be8bb1d1801158bee5e5d4":"":"":"":"b6608d6e5fcb4591a718f9149b79f8f1" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"83e4733566f90c8d69e6bcbe9fb52521ff3e26f806d9b7b86e9344cca0305dbf106de855240f1d35492cc6d651b8b6ae":"0e0105b12af35ac87cb23cf9ca8fb6a44307c3dcdc5bc890eb5253f4034c1533392a1760c98ba30d7751af93dd865d4bd66fbbeb215d7ff239b700527247775d":"":"":"":"68d64d1522c09a859b9b85b528d0d912" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a94da55afdc50ce51c9a3b8a4c4484408b52a24a93c34ea71e1ca705eb829ba65de4d4e07fa3d86b37845ff1c7d5f6d2":"a53e371017439193591e475087aaddd5c1c386cdca0ddb68e002d80fdc401a47dd40e5987b2716731568d276bf0c6715757903d3dede914642ddd467c879c81e":"20f422edf85ca16a01cfbe5f8d6c947fae12a857db2aa9bfc7b36581808d0d46":"7fd81fbd2ab51c115d834e99f65ca54020ed388ed59ee07593fe125e5d73fb75":"cd2cff14693e4c9efdfe260de986004930bab1c65057772a62392c3b74ebc90d":"4f78beb94d978ce9d097feadfafd355e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"e8649d4f86b3de85fe39ff04d7afe6e4dd00770931330b27e975a7b1e7b5206ee2f247d50401a372c3a27197fec5da46":"78d7d65c457218a63e2eb1eba287f121c5466728ac4f963aeaabf593b9d72b6376daea6436e55415ad097dee10c40a1ff61fca1c30b8ab51ed11ff090d19ef9a":"cc57adc98b2540664403ad6fd50c9042f0bf0e0b54ed33584ee189e072d0fb8f":"ab2f99e2d983aa8dd05336a090584f4f84d485a4763e00ced42ddda72483cd84":"0ecd7680e2e9f0250a43e28f2f8936d7ef16f45d79c0fa3f69e4fafce4aeb362":"08e38625611bb0fb844f43439550bd7a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"6c79e1556889b3c074fc083a120d73784b888c5acb877899f17ce52e424b84178d144441aa9f328c730a951b02b048df":"c78ff6b9fc91cbce246c9fcc2366d5f7dd6d99fb1325d8997f36819232d5fcd12ccafdcbefd01409d90acd0e0ffb7427c820b2d729fe7e845e6a6168fc1af0b5":"60cba10826de22c5e85d06357de63d6b2ff0719694dafca6ab33283f3a4aacdd":"8943c22fb68b30811790a99b9cbb056e1a2c329185a199c76ba5aeceb2fcd769":"70671a50e8387bf232989d904c19215c7535ad2d0c5dec30a744c8d2706be6ec":"f6b94b671cae8dfa8387719bfd75ee84" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"f5ab77b2a8e370548b88febfd79772144cd5fc8d78062582addd4ff1e5c10094b390e66b3c4efb087510de1b9d25703f":"21a21c9314b37d4ade4a50a5d85995e0be07e358ed9bca19daa867a8d47847105dca7a424f32f715adb8fea5d3a41cfe388872a42ab18aa5cbcd7bde4adc3f8b":"023d582569a7ff1405e44cf09ceebb9d3254eef72286e4b87e6577a8ab091a06":"39597519872d49fbd186704241ba1dc10b1f84f9296fb61d597dbd655a18f997":"3091c9fe96109b41da63aa5fa00d716b5fa20e96d4f3e0f9c97666a706fa56f1":"1fb57058b3ba8751df5a99f018798983" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"f0b79e292d0e393e78b6d6117e06d2e725823fe35bde1146502967a78d99d6bca564f0e2f324272f968be5baab4aeb29":"192054dddac02157a35eb7f75ae8ebdb43d6b969e33942fb16ff06cd6d8a602506c41e4e743b8230e8239b71b31b2d5e3614e3a65d79e91d5b9fc9d2a66f8553":"b12241e90d80f129004287c5b9911a70f7159794e6f9c1023b3b68da9237e8b7":"59e9c3c0f90e91f22c35a3be0c65f16157c569c7e3c78a545d9840f648c60069":"089a59af69f47ddb4191bd27720bb4c29216f738c48c0e14d2b8afd68de63c17":"15287156e544617529e7eede4aa9c70e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"e3f33843aecb35d01001ff92ab9a0f1a5431ba9de3e4f3247cda8c62acc86f7066448f639d8ba8b5249337f8c353bbbd":"ef081af1f62400a3d193969d689a40234998afb646d99a7c4b9cbbf47e650cda93a90e754a16fffa25fc2a2edab09720b4520c47309ec4f6d9f76f0162af6cae":"e7cc55b72862544a8661b5034e15587b1e5a45eb5dc744f5fa1db9b267f1c3ff":"882d30c888eb8e344b1d17057074606fe232ceb42eb71055264ede7bb638f2a2":"9ce65e95c1e735fe950e52c324e7551403d0ef70ad865bd31fef1e22b129fdd6":"205e3a53367c4a5183be74bb875fa717" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"f30a18d597d8591a22dee908de95c5af74884b025f39b4f6707d28447d9d0a3114a57bc2d9eed8e621ec75e8ce389a16":"fae3d554d12a14e29de1b622922f27559559ca1518c9f800375a37a212e8b9a653cc3700223e9404d5bf781d15fccf638050a1394592caba001cfc65d61ef90b":"54240edd89016ed27e3bb3977a206836f5ef1fba0f000af95337d79caca9cf71":"250611e51852d933ff1a177b509c05e3228cb9f46dfb7b26848a68aad2ce4779":"f8b602d89fa1a0bfb31d0bd49246b458200a1adb28b64a68f7c197f335d69706":"7b63bfb325bafe7d9ef342cd14ea40a4" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"c8dbc3d39beb612811c52e2b46ef76d2b7bd5d3a90ceddf9fb864fe6f44e36687d88158d61014e192f9a3cd474338e13":"8e60115b4af9c8e5606223792539e9ba87e9ef46cd16fcc09046db1ef8d3c036241cae5d61141711818e9e861dbd833632069ebf5af1bd6d4e513f059ab1efd3":"9b56eba0838457f736fc5efa2cfbe698908340f07d4680e279d21dd530fdc8c8":"62c47ece469a7a409e4b2b76d1c793aaf11654e177cc8bf63faff3e6c5a5395c":"4251597013d0c949c53bbd945477b78aa91baa95f1ff757c3a039ccc4e1f4789":"af2f37160940f0cc27d144a043ddf79b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a37f9ed6c4e8f74ff16046b0678ef7bd24fcdca247b771ea1ce1fd48e3f5d2067e38aaf64ec59f1f49d96fa85e60ef03":"95da91f4185b254322ef0fc852473a9b9e4c274b242ded8a4eae6f1e2badde0664cf57f2128aa3dc83e436f7e80928a01d93bf25011eedf0190d0bf3619cd555":"b4a22f5598f79d34f0b9600763c081b0200ba489da7028ad0283828545c6d594":"fa3edc0962b20a9d9e1d0afcad907c8097c21d7a65c0e47c63d65cea94bf43bd":"49ba791a227e9e391e04225ad67f43f64754daac0b0bb4c6db77320943231ec3":"32f313ded225289793c14a71d1d32c9f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"87f85b9c19eba1d953b6613cf555c21bc74428d9a8fee15e6cd717e240506f3e80860423973a66c61820d4ce1c6bb77d":"f22dd3517350176e35e1b7ecc8c00bea4747f0ac17bda1b1ddf8cdf7be53ff8c326268366e89cf3b023a9646177a0dcca902f0c98bf3840c9cbdf5c0494bee3c":"611caa00f93d4456fd2abb90de4dbcd934afbf1a56c2c4633b704c998f649960":"cba68367dc2fc92250e23e2b1a547fb3231b2beaab5e5a2ee39c5c74c9bab5f5":"f4895c9653b44a96152b893b7c94db80057fb67824d61c5c4186b9d8f16d3d98":"a05de6531a1aa1b2ba3faea8ad6ac209" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"9670deb707caabc888a3b0df7270942934732e02be728a4bedb5fc9ca4d675b2f3b47c7132c364ce6292cef7c19b60c7":"bba34e6f4ee27e5d4e885e59f8bbb0dc7353a8912e66637d7515a66e5398d9a8cbd328fed32f71bdd34c73cdf97e0d211be6dabfb0144e1011fd136cf01ea4e4":"9f55da36babd6ea42082f5f5d4330f023440bb864f8ad5498a29cf89757eaeab":"8013a309058c91c80f4d966f98bce1d4291003ad547e915777a3fce8ae2eaf77":"c83106272d44e832e94c7096c9c11f6342e12ec06d5db336424af73d12451406":"bc8d4d00609662c1163dca930901821d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"6d984c8ab923a7e118447fd53ad287b8f01d1e6112cff12bfb338ecd3ed16bafdd634677c600bdd68f852a946f45c3d9":"ed0e524ed2990ef348dbb15b3f964b12ad3109978d6952ae193b21e94510a47406926620798e71a0ffcbdd2e54ec45509d784a8bfc9d59cb733f9f11fc474b5e":"0a3a32260d04dd7a82fb0873ecae7db5e5a4b6a51b09f4bf8a989e1afacbda3b":"3cbcabb83aab5a3e54836bbf12d3a7862a18e2dffeeb8bdd5770936d61fd839a":"f63b30a3efc0273eba03bf3cf90b1e4ac20b00e53a317dbf77b0fe70960e7c60":"ab9af144e8fad6a978a636ad84e0469e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"2c59520d6f8ce946dcc5222f4fc80ba83f38df9dce2861412eebb1614245331626e7fb93eedbad33a12e94c276deff0a":"2882d4a30b22659b87ad2d71db1d7cf093ffca80079a4ef21660de9223940969afec70b0384a54b1de9bcca6b43fb182e58d8dfcad82b0df99a8929201476ae9":"d3c17a2d9c5da051b2d1825120814eaee07dfca65ab4df01195c8b1fcea0ed41":"dcc39555b87f31973ae085f83eaf497441d22ab6d87b69e47296b0ab51733687":"9a8a1b4ccf8230e3d3a1be79e60ae06c393fe6b1ca245281825317468ca114c7":"fba523a09c587ecad4e7e7fd81e5ca39" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"1c1207f50b645aaed5c16fe36f6aae83af4924e6b98a7e2a2533a584c1bac123f8b6f0e05109e0132950ae97b389001a":"8ae9a5903da32a38b7c6fed92dd0c6a035ca5104a3528d71a3eacc2f1681379724991a0053e8dac65e35f3deee0435e99f86364577c8ebdba321872973dc9790":"568bfee681d7f9be23a175a3cbf441b513829a9cbdf0706c145fdcd7803ce099":"e32cb5fec72c068894aaeabfc1b8d5e0de0b5acdf287a82e130a46e846770dc2":"d4418c333687a1c15cac7d4021f7d8823a114bb98f92c8a6dccc59ff8ad51c1f":"194e3018377cef71610794006b95def5" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"28254014c5d6ebf9bd9e5f3946fc98e55fe351deee8fc70333e4f20f1f7719a522b3ea9a4424afe68208d1cc6c128c47":"98a0db985544c33990aee0f69655dba7198e6720ce56ff9d4662e26f0c6b4ee7ab599932c05295f6c5a4011085c5b2c861a5a8ae4f572ce614ff2dafc0fddb34":"64215cbe384f1f4cf548078ffd51f91eee9a8bae5aacdd19ca16bcaaf354f8ad":"2e21df638dabe24aebf62d97e25f701f781d12d0064f2f5a4a44d320c90b7260":"7f936274f74a466cbf69dbfe46db79f3c349377df683cb461f2da3b842ad438e":"25c469cc8407b82f42e34f11db3d8462" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"e26c8a13dae5c2da81023f27ab10b878":"fea104f90c5881df7ad1c863307bad22c98770ecd0d717513a2807682582e3e18e81d7935c8a7bacddd5176e7ca4911b9f8f5b1d9c349152fa215393eb006384":"":"":"":"fd87337c305a0a8ef8eef797601732c2" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"8d7dda20a9807804bfc37bd7472d3b0c":"1d723cbc2ff2c115160e7240340adbf31c717696d0fdfecf3ec21150fca00cde477d37e2abbe32f399a505b74d82e502fbff94cecac87e87127d1397d3d76532":"":"":"":"7221761b913b1f50125abca6c3b2f229" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"c02e3b6fd4fea7ec517a232f48aaa8cb":"0820fc21cecba6b2fe053a269a34e6a7637dedaf55ef46d266f672ca7cfd9cc21cd807e2b7f6a1c640b4f059952ae6da7282c5c32959fed39f734a5e88a408d2":"":"":"":"667d4dbefe938d6a662440a17965a334" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"9aee0326f9b16f88a4114e8d49b8e282":"ef0aae3f9c425253205215e5bf0ad70f141ad8cc72a332247cfe989601ca4fc52ba48b82db4d00fe1f279979b5aed1ae2ec2b02d2c921ee2d9cb89e3a900b97d":"":"":"":"651ad783fe3def80a8456552e405b98d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"1e7a4961d1cd2fd30f571b92a763c2c5":"a9262ed5b54880cc8ecd4119cce9afe3de8875d403f7ca6b8ed8c88559470b29e644fddd83e127c5f938bc8a425db169c33c5c2d0b0c5133c8f87bbc0b0a7d79":"":"":"":"1124c509ca52693977cf461b0f0a0da9" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"ae0b0d2e84f48c632f031356cdea60ac":"554cf6fad1c376ad6148cd40b53105c16e2f5dd5fa564865b26faa8c318150bfb2294e711735df5eb86ff4b4e778531793bad42403d93a80d05c5421229a53da":"":"":"":"1212e5d3070b1cdf52c0217866481c58" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"16b8c7495d43cd2ff5f65ad2ab48ecef":"7cffe2bef0d42374f7263a386b67fba991e59cefd73590cbcde3a4dc635a5a328f1a8e5edd3ada75854f251ee9f2de6cd247f64c6ca4f6c983805aa0fe9d3106":"":"":"":"d3869a9c5004b8a6ae8d8f0f461b602b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a2d5eff6f73f98e5b04c01967dffa69b":"59759bb91b3c4feb18c0f086269ec52e097b67698f4dfe91ebe8bef851caa35cadb3fd22d1309f13510e1252856c71394a8e210fdbf3c7aae7998865f98e8744":"":"":"":"a1f99bd9522342e963af2ec8eed25c08" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"ea1f47fe5e281136706419ea9b652967":"0ec7c617f85bec74044111020c977be32ab8050b326ebc03715bbbffa5a34622f2264d4b5141b7883281c21ea91981155a64fb7b902e674e9a41a8a86c32052b":"":"":"":"daf75b8288fc66802b23af5fd04a9434" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"6f072c681a82c00dcd0d9dd5b7ffa2af":"cd7ce90f0141e80f6bd6ff3d981d8a0a877d0ddae7c98f9091763b5946fc38b64c1ef698485007d53251ad278daf5d4ae94a725d617fc9a45a919a9e785a9849":"":"":"":"39c0144f28c5a490eff6221b62384602" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"9d730655366e2aa89ee09332bd0a5053":"854766e842eb165a31551f96008354bca1628a9520d29c3cc4f6a41068bf76d8054b75b7d69f5865266c310b5e9f0290af37c5d94535cb5dc9c854ea1cb36eb7":"":"":"":"baa2a3ed6fdc049d0f158693db8c70ef" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"3363881611bfd5d16814360e83d8544f":"6abfab14cbf222d553d0e930a38941f6f271b48943ea6f69e796e30135bc9eb30204b77ab416ac066da0a649c8558e5a0eac62f54f2f6e66c207cab461c71510":"":"":"":"5be410ce54288e881acd3e566964df78" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"14e589065423528ff84a1f89507ab519":"0d2e446cad387a962ff2217c7cf4826dcabb997ab7f74f64aa18fbcb69151993f263925ae71f9dfdff122bb61802480f2803930efce01a3f37c97101893c140f":"":"":"":"fc2d3df6c9aae68fb01d8382fcd82104" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"974c5ae90347d839475f0f994f2bf01d":"aa04d9fc56349fdd31d868e9efc2938f9104c0291e55ac0aa0c24ec4609731b8e0ac04b42180bde1af6ad1b26faff8a6de60a8a4a828cd6f8758c54b6037a0ee":"":"":"":"3caec482015003643d5a319a2af48fb4" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"b3a110587a16c1eafe51128a66816ecf":"203bba645fb5ccee3383cf402e04c713b7a6b6cca8b154e827520daac4ea3a0247bbdc3b2cd853e170587d22c70fb96c320ea71cb80c04826316c7317c797b8a":"":"":"":"9af4f67a30a4346e0cfcf51c45fd2589" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"55546068cd524c51496c5fc9622b64c6":"951e712d057028158831ca8c74d4ae303c6e4641c344a1c80292260bdd9d8e2f5b97606370e95903e3124659de3e3f6e021cd9ccc86aa4a619c0e94b2a9aa3cc":"2d6de8661c7a30a0ca6a20c13c4c04421ba200fbef4f6eb499c17aee1561faf1":"41797b2eeaccb8a002538d3480cb0b76060ee5ba9d7e4a2bb2b201154f61c975":"b744980bb0377e176b07f48e7994fffd7b0d8a539e1f02a5535d2f4051f054f3":"65b9f7382ed578af03efa2008dbdd56f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a0c92565640a3315cac8da6d0458fb07":"6e9b31755c1f45df7d685f86044ab3bc25433a3ff08ab5de7154e06b0867f4e3531ed2e2a15ab63c611fc2894240fdac1d3292d1b36da87caa2080d1c41bcf24":"c6c74690bdee26288d2f87a06435d664431206b23b24f426e847fb892d40d5d5":"4e7dc1adbc8bc16ba7b584c18a0d7e4383c470bff2f320af54ad5ade5f43265b":"c6fb8ee194a339726f5051b91925c6a214079a661ec78358e98fc4f41e8c4724":"c3f849ee7d87291301e11b467fa2162f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"63e143bd6a87065a00eea930593f9b29":"62c2c790cb56518ed2d8d65952bbd4ab85a56463495c940b94f403a93338bdc96129feea9335b1a3e0ada7cf4c207f4732013bc6a52db41407bf5d6fe9183b3c":"7b4e9ff0c8f8c90f8b324c7189226d3adccd79df2d0c22b52fb31dbb5dfefba6":"49e1aecf2b96a366325dc1892c016a5535dd2480360a382e9cc78bf75b2bba37":"f4ce1d27e759f3ba4a56aaab713642b4c56810c9995fbfc04ce285429f95a8f4":"513111abaae3069e599b56f7e5fb91d1" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"98dc16e95f97b5b9d8287875774d9d19":"2fab4a629e4b21f27488a0c9ed36fc8e75bee0c386346c6ec59a6f045975e29818440a6638eb3b9e952e19df82d6dc7b8b9c18530aef763d0709b3b55433ddc6":"2e9d2f52a55df05fb8b9549947f8690c9ce410268d1d3aa7d69e63cbb28e4eb8":"57ecdad71d709dcdb1eba6cf36e0ecf04aaccd7527ca44c6f96768968027274f":"7b2da3d1ae252a71bccbb318e0eec95493a236f0dec97f2600de9f0743030529":"841882e4d9346bea32b1216eebc06aac" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"5dbac5c313527d4d0e5ca9b6f5596ed7":"c00b28c78da4f9ce159741437fe7f90e4e23ecd01cd292f197202decbbc823d9ce46b8191c11e8f8d007d38e2ecd93b8bd9bbad5812aaf547ddf4c7a6738b777":"460c54f4c3fe49d9b25b069ff6664517ed3b234890175a59cde5c3bc230c0a9e":"bf5187f1f55ae6711c2bc1884324490bf2d29d29e95cad7a1c295045eed5a310":"28fd8277dcb807741d4d5cb255a8d9a32ef56a880ccf2b3dcca54645bd6f1013":"b488f5c13bb017b0d9de2092d577c76e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"254d5f5044415c694a89249b0b6e1a2c":"4c1cc9ebe7a03cde31860637d8222faeefa9cbf789fab62e99a98d83084fef29eafcf7177d62d55435a1acb77e7a61ad86c47d1950b8683e167fe3ece3f8c9e8":"71af584657160f0f0b81740ef93017a37c174bee5a02c8967f087fdbfd33bfde":"96e8522f6ed8e8a9772ffb19e9416a1c6293ad6d1ecd317972e2f6258d7d68dd":"3aaa5e4d6af79055742150e630c5e3a46288e216d6607793c021d6705349f96a":"66629af4a0e90550b9bd3811243d6b86" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"b46fceed0fcc29665815cc9459971913":"ff62d52aed55d8e966044f7f7c5013b4915197c73668e01b4487c3243bbf5f9248a4fdd6ef0f63b87fc8d1c5d514ff243319b2fbdfa474d5f83b935399655e15":"994d6b5393fbf0351f0bcfb48e1e763b377b732c73bf8e28dec720a2cadcb8a5":"118bb8c7a43b9c30afaf9ce4db3e6a60a3f9d01c30b9ab3572662955808b41e4":"bb47e443090afc32ee34873bd106bf867650adf5b5d90a2e7d0e58ed0ae83e8a":"1865fee6024db510690725f16b938487" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"e1a5dd32fc7cefb281d5d6ce3200f4ca":"bf1ba4166007b53fcaee41f9c54771c8a0b309a52ea7894a005783c1e3e43e2eb9871d7909a1c3567953aabdf75e38c8f5578c51a692d883755102a0c82c7c12":"32e9922bd780303828091a140274d04f879cd821f352bd18bcaa49ffef840010":"01830ddd2f0e323c90830beddedf1480e6c23b0d99c2201871f18cc308ab3139":"f36d792dbde7609b8bf4724d7d71362840b309c5f2961e2537c8b5979a569ae8":"7080e8379a43c2e28e07d0c7ed9705a8" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"d1b7be857a422b425ae62c61e90a192a":"6ac34c4ce22b644632283ab13e294df2093e939d32411340b046c26fcc449d0fd6d14132c7205df303dbb663190e6e86ad12e14e145b6603308241f38d94eb5d":"aacfe8553d5ffef6abc3fd8f94d796cae2079ff04f7ab1b41982003f02427c7a":"01d2d1bc29d6a6b52bb29bd6652be772096ca23c838c40730d5b4a4f8f735daa":"27af728ee07d3f5902f4e56453b6a9feb308ef14795eb5630b2651debdd36d5b":"b03fbcd03fa1cc69db0a4e3492a52bad" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a2c49aa6f3f92e36266bf267af5877ed":"5684c3eb99314127078484959314d52b3bc50cb3615c0eef6b48850d98aee04c528b0693be13ed1bb4040e8e96cb13c316143f0815cd68d1bb7931a3d9b88a3d":"566522085426b76bdef152adefd73ef0f76eee4614bc5a4391629ec49e0acffb":"30ef9585148dd2270c41540a4235328de8952f28cf5472df463e88e837419e99":"adc46e0afcf69302f62c84c5c4bfcbb7132f8db118d1a84dc2b910753fe86a2d":"4edc4383977ee91aaa2f5b9ac4257570" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"43852c53041a3a4f710435dbd3e4382b":"ab7bca5595084bccdba80ade7ac3df2a0ce198fa49d29414c0249ec3d1c50d271ca74ba5c3521576a89a1964e6deded2d5ba7ff28a364a8f9235981bec1bedfa":"c5612a9540b64fc134074cb36f4c9ea62fff993938709b5d354a917e5265adee":"eee2258aba665aa6d3f5b8c2207f135276f597adb2a0fbfb16a20460e8cc3c68":"a6d6d126bed13dbcf2b327aa884b7260a9c388cb03751dbe9feb28a3fe351d62":"e04c3de51a1ffe8cda89e881c396584b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"52628551ce90c338ed94b655d4f05811":"b3a4a3c4d3d53ffa41b85ce3b8f292b1cc8e5af7488286d4c581005f8c02c5545c09bb08d8470b8cffdf62731b1d4b75c036af7dc4f2f1fc7e9a496f3d235f2d":"f5f9d5b51075b12aa300afdc7b8ea3944fc8cf4d1e95625cc4e42fdfdcbeb169":"60bccbc7345f23733fe8f8eb9760975057238705d9cee33b3269f9bfedd72202":"c0fa3afd6e9decfbffa7ea6678d2481c5f55ec0a35172ff93214b997400e97c3":"5a113906e1ef76b7b75fefbf20d78ef8" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"0e4873c4cbcde280abc6711a66dbb81a":"1ab7c7d8fe8f505e1dd7ddb8e7cda962572f7004b2a14c7a7c5bcf24bd16616e2c42c50ae5db9981ccd7d0c79062ac572d3893486bd0ae1f99cbc1d28a9e4c1e":"e4b89e28663e853f8b380c8a4491b54121fe6927340a74342362c37d8d615b66":"619775878879eff9ee2189790ff6f187baed4ed1b156029b80e7a070a1072a09":"ba3d673e5e41bd1abbc7191cc4b9a945201b8fef0016e4774047ee2abf499e74":"4758fd021c34a5cf6bea760ad09438a0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"0684e8ef93c3363ba535c4e573af1c24":"748a5f5fde271c563a8f8d15520d6818f7ed0efb9b434adf2ff9471b391dd225b37868179ffa9a6e58df3b1b765b8945685a2f966d29648dd86a42078339650b":"e90c82153d2280f1ddb55bd65e7752bf6717fbe08c49414f6c129bf608578db7":"c17e97c93cfabe0b925ca5d22615a06430a201b7595ad0d9967cc89a4777947d":"3d554c430c8928dcdb1f6d5e5a4306b309856a9b78c5f431c55d7ebd519443bb":"d3da71af70e196483c951d95eb3f0135" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"89b885ddb12abc4f7422334f27c00439":"e2366eec626bfd9cb932bcaa0569de6a7a37cf1dfde1f25d00d1a0c89fe25fea592cbd2af7c8202521fa48e15f7cc7e97e431b222b516a3ad2bb7b55b7fcf7f4":"c77ee92bd17939efe9bee48af66589aee1d9fe4cd6c8ae26b74b3799e35342a6":"23e80d36ca72ecc38551e7e0a4f9502bed0e160f382d802f48fb2714ec6e3315":"6b83f7458dc813ce0b963b231c424e8bced599d002c0ef91a9c20dcc3f172ea5":"81d13a6b79f05137e233e3c3a1091360" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"ff568be02a46343113f06949a16cc7d9da315aef82f5681f0459650e5e180e65d1d77b00e5ce3e3f9eb6c18efff4db36":"77de4e5db3b308c38c814228583dfd1eb415771f4ae30f9cc2d35b48075286a4e8c2c6f441d1aac496d0d4be395d078519e31cb77d06d6f7fd4c033bc40fd659":"":"":"":"448ac707ba934c909335425de62944d6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"6f092b85eb9f96427642f69467911172cba6df86e0db08d04e824cde6fb91d9b9af2cea53f42d53c45ee3e69a2327172":"667d3ed9f41a154ea33b55182b8bee4d7d46eff8e890c7036cf7c2665d44c28f9e3a8cff166dabfaf262933d337e729e0b6a60a51d00ba18f877bdc9d0cc659e":"":"":"":"16a200f683ab862947e061cddaac5597" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"26e635a6a2b6402b968c1eea13c6a980a0ee9b8497abc14fccdc5bf8439008861f74de2c200505185bf5907d3adc9de2":"80e56f9893beb9f22b2b03caa8f1861d5b31b37f636f2ccbc7e4040ad3073aa20f2f3c6bfefc041df8e57e7100794c42732b6d4b63d8bb51329ca99671d53c7c":"":"":"":"807586c977febcf2ad28fcd45e1a1deb" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"b239c485d319ce964d69bd3dbc5b7ab9cc72ac9134a25e641bcd3c8b6f89e7e08ef2d0a45cf67667a4e2e634b32d73ff":"c963e17ef46b7b2c68756019704ec7435ec093c423600b3f2f99dd8989f8539a11b1b0598e93e84d50b65e816e794421ab546b202e4b224a8494538dda85da82":"":"":"":"2a3218b4d59f99bd3825631a6eefb09c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"0239545a23735b803ae7cb7766194917d6cce164f7ec4f65c6ccd5ec1db5297722d4b7466589da4d39f4585856bc1d7e":"71a440b70a2b5ce41b85de27d987fa2a0628d7990dd7cd1460fddc5410ce6e9bb0ae4f90231f45bc71188fd94e4170389a8bbe4a7e781c95c9a97ad78ba7d07b":"":"":"":"9dafaa8b727c4829dda10a831e67419d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"237e8916eadd65e3422fe59ab257b7e6957fe24f760b499fbd052241879e8294b01d2169ec2b98f52660d9f5170dee22":"d8908cfc1ea8518c1442e46731f30fdad85399894db262b8f4fdc0dbcbf11b60b60b25d3108f4b169fcbef621a14c635525fa3af8ccef6b91f808479509967f4":"":"":"":"593c39c56bb9e476550299ee8d85d2fc" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"28b6639b415c79012c749dc2a0d18433ec36eda55815f0841241453fa11b9d572b7c29208e01dbb0be91e1075f305d7f":"6767c3eb6ba1b19412c32bfe44e4d0317beba10f3abea328cda7b7c14109b72046c8691c1c7b28487037d381f77a3bbc8464a51b87de68bdc50ec9c658f915ab":"":"":"":"e390806219fa727e74a90011b4835ed6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"ce735a8549fc3f9dfc7b96bf0d48936a711439ac7271d715a278718aca9e2fe3c801030bc74b048ac1e40852345e87cc":"510b0dc06e84ceb901c7195c2f00ad7a04bdd75e0ab52b3d2cd47ddfcd89248dd58e3f1aa8c1ffe306f493905f65369eaed2a5b337dff8ac81c4c1e8903a6ad5":"":"":"":"ba871ba5843083b553a57cf8defa39d7" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"841ea92fa42c06769c5c52fe152d07837b8ff0048392caa5dd045054353d363b25439eb5885e96771dded4005f2baf42":"97511ae52590a0b64b75c37e10b89671880d2d6e8f90780ac27263dbc0e32d0824be5e80a88cf8fc3d4c607eb873c0322d09b9ca3498c4015c53ca6fee890093":"":"":"":"a8fb31362bd997adf4d9116e23dbaf10" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"55cd76fa5f004b97bb8e14170f79f52715d18c60f142b06d16e8e06c274798190a79c8b325163989d86323c03dbe0d68":"bafc0ba64669c9a36514bde6169034101f29e2a0a4b9a55c0aae7dff0c5aca2371b523e26dc44bf75493bdaa023d1555294178288b70f1ae72150d9f7265b4e6":"":"":"":"fa16dbdaf01b3c202426adabf61fa64a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"ff3f3098fa3d2b23b38ed982e7afb61d46b4848c878b9280f8e5ed6bd81176e76f0a2a85071a411829cf84421c22f23e":"92194e2c700fa724489683d0b6ddcf72c89b9c3f3ff584e802ae426be4908b1ade093bcf9baf7738b988dc0fde1739498a97c9610da853a7c83981c6a7b68096":"":"":"":"f85490426dc243ba09f9719bff73545a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"7242c1020a63770cccf6f8100970990232a9d11d61c9b0d38fe5e7a568a86252a66481212e5d53c868561298dd5bdeec":"7c3806a32ccf3252ac27a92a07209cd7000b160faa70b9024420b903587d1d77f002d3abe28b563d32ccc502b88f83bc5996f3dbbf0f57835839eadd94563b9d":"":"":"":"2232181f08c1569efaad1a82bcb5f3ba" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a2e445290fed8187df6d2a57e68385bb62d700cb8f140410766b53e69e6a0f2939bbfa7ce091525c9051f064e383a2e1":"fdae5f1ea253108fcb255d215a3ce1dc1d101acf89de4423b75a74619e95f3feaa35b5e0bec430b0ad9567df818989c36c77742129af335c90ceb6dd79c7d2c4":"":"":"":"3841e2d795b17cb9a2081d6016a1a71d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"bc885454e385d911336dda9b7a609a6a7079a4a5a860fcd704161c34658bd98685bb03418b7f24f2ed9475eb8ceb232e":"77bef884a91126564b3214029ac6842d86e4c1fa283e33d6828d428377416f66947e39a4a6708e10bfdae8337a6f302420a6649fc109d0f094c18c1e9361375a":"":"":"":"ea20780ed280d8109f811a6a398c3e76" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"c1825cf00cdc2da93adb3e7a33c1f3a76c49166887883744ea2683ddca23f31900f25c434364c992a6d913f753a9c42a":"56940a6fc4823c9e42e8ffed63fc3cf46d0a2b305c236a511b0b5ec7005ecd8989bf2006ebe52ed55845f7cc25d3d0086cece95f0bff6fa7e17ddf474704abfe":"":"":"":"b037c7f0f85f4d7eaeeb17f4c8643a74" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"19b83c0deea6463a3912d21ffc8d8041a5b30640352abc9652770cfca99dc53c9c09942ddd67b91f4da50a8615462ce4":"5d85c56d0d20ee39958a90f301d2f8bb136fa34d09b41a0c9375114a0df9c1dcdb2a62c4be398d9eaf2440949b806f0e5a977da608eeb652a41711d1e9b72655":"9c1db928b95c84cb674060a6d2f6b7a6a5d43e9ee967e9f821bf309ca5f8821f":"a3111cb57365c617df0b0bb3a1aada49ca789bc75903eeb21e42a7d3d0dd0825":"ce7f557c70676987d13aca60bc4585147efeed97be139871a1b29caa1e180af9":"4a49430277d64446e2fa75763eb79ec6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"239f21be6cda23e8660c8a5e04c79f6dad6f363ac6dcffd9228699ae43fbce5ac3c51645500cb3eae68f0b604dc4472c":"2975a099f7e6530e5576534c25171f39131d6bffb99259f7f2bbf7d77de9fb1e829052b54a9631a733113021692eba1097438347c6de82307a0c2bb308edf065":"d451a54584e6d1d634217379e7e60e67303e19dd4ba63b097899c7349a5a7433":"a33dc24c6a656eb26275415581d568b7c2424a9c5fb9e2944ca35ecbf641f713":"8dfccc62379af46844df136122b72a878d9d61b40ccaa029b09e6b9f0b4d0192":"005e91760d89ecb64b5fc3b0e222fca3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"e326abbe1db3ead3738d2ca4d9f1d62080cd23ff3396f43a0af992bed2420cec6661dfaac83c3c4d83347ac840f7dc14":"37c94d11ed0e93b8199d43d6eb242165dddd12fe39c0bea4cdef6bcfeb5d17bb866f080a9daef128f685fb3bc59c945927fb0aa3e17068515c3c92fbdf04a228":"1ff41405dbb3b12b8ddc973069edc2d2801af0e0dc9bde2cdd35c5b2d4091509":"138b6d2eabef4b32174afb0156ad1df570cf6e5f6ebde5d19cc30daffd9ca4f2":"f27cf7422808c54c58fcdde1cece92f5342c7a10ac43ab3b2e53362b2272e3ad":"506d6fae6fff9f222e65ac86df61a832" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"cb0229d2bb72d910b0169e8f93318905aef8dd93ed91a2f8388545db32db3f2489e7988b50de64c49a9f7feb5abe8630":"514ec8c02439290853434e75e3d0bd159eacd5ac13b8f202cfd5c36cdc0fe99b53a1b7a1619e94eb661ac825a48ea5ef8bb9120dd6efc351e39eb7cc5223f637":"a6ed69c9216c551793107f1bdaa04944f6d76fe4474f64bb08b0ebc10a18f337":"e0bc1cc56fdfeef686e0c7ec359e2e8bd48d76c8643c40d12325328170bbf702":"87c5b23aa3c100ff9e368fc47534ff8fa2f9e2bfd3599519ee6f60164485cf6d":"bd419968f636e374268ccdd62403f79c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"bdd156ef3c4e09b77fe8781c446eac55b562e4ee1b7d15515a966882d4c7fadb0fc7b37554ba03908838db40499ded5b":"9facd9f4587819acb358e4936d9f44b67ddf82616e79a44ffd6a2510f652f6b9cebc1424b5c642362b19f63c615f49686df66a8f80ddffb56ce0c0d8540150fb":"35ea316fe302786f626e3831530622b62eb33a3608d4af3384ecfcbd198f3f05":"8d4fae22290b6ef8618ded1c3412e85fab7b8d17fb9cbd09dbc87f97279cc72d":"2f54928372e4ce447201427a3ae05769ae1c54b2e83bdc86d380a90b07f2890c":"8045e8da88b1bc126785c8a771db5354" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"154876298a1b63334624b367da984eb31d7260abe79ced41de35ba68a716233a5df0937b90f89dde7fd55a9693c9031f":"36895f574e9e9d08e6c885d305eb4764c1e5689d1f99c2462b3ebdf659e8ce43818dfc886ec797843bfee361b554cd5f969b0c7b0381b53f4afc1bcadbf7eb1c":"c3a46105c50a167a5b0391053f3814a06c90cea2c1fa9329d97fdbc62887ff6d":"54c7d66c65dbddb4665981bff0f503de37d724362aeb67abce6a870fd6a7398a":"58204ca953cbd46dd6c8870b358cba77c436870db49bcd3e2f92697bb580b460":"cd903c0f11ea701214f91715cfec11a3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"94e273fde1e699f84aeef343eb0277c50d169bb5496575301021a2be50df6a555d1422ea88e0e4d905158e93fd8d0089":"1cd97b6e6e7f19401e409aea7b3ec33a8faefd71402b8f34a73c1cb1af215e0e87debe68bce590d41c1f90c6ad9db3d30b3901862e076d765ffdf58776e5fb7e":"6ee75e9f9aee6ac93e20f742f20427e5eb9b4ad2ed06fbba8c7b7870a96941ac":"0ba60399893ede284372bc4e0a37702a23b16aa8e5fe70ea95429af87ff291aa":"94bd2b51c32d29cd14e2123221e45ec0cf1f38766fb6bb0716856d0138f6fa39":"831793686abd406f7b385cd59e497b18" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"5a699113ebf98bff9cb780ce29747a61ba2d7581a5716065d018c89348d7c2ed3f5bba32442cd192c1e37b77b98f5791":"de6d2a3b6ad9af07058d3b1d1976cf61d49566b965eb4e9b74a4cad8e286e7a40b254b860e2e209a8cb4cff3a8e615b84f5ae7505957a758e266a4c3e915d251":"ed18c16a61ba5ecc0755f94c286390a6d46e6e26439dadd36c83ebdee42b4b4c":"7c4550d058b85580be2053fd9d933c87041c5c3f62a5b6b303259dafc90d9041":"ebebfcb9b4b3595e516939ca0688422bbdfc4b9f67b0d6619757cb315b7d7908":"1a5a496aa2268483444b3740c9cc4104" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"42450f2689b87a3dd940f3b9e3b32d4654c725a24ddd2c22f006694321dacf1980b50f7ac0401626453ec836039bfdc9":"4765399ccbbf3d33433bb992ee29e4381f28d800b05431f1c5b3e949c5db72c582bfe8ba08db1575b866816cabbe5e1d31d8a870ceed49fb75676c97020d1f22":"6ee5a7613c25ecec263a2fd2288948b2df9a05d50040c4031b0653878fdb067f":"68a1038481be7412d6a7c8474d4b2a2535c9b55ea301ee800d5a846127d345cb":"7a1915cf78e6da2dc7840cba40390d668d07571608b77857d2224c4531c17bb8":"80a6c622e64495f9a391f5a8a9c76818" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"873869e194201b822b140bdd7797dd1ed408f2190b759c068b7019e6707f60751e101d3465c4ec57dbf9d1ea7597fa44":"d2f92706ca3fb9ced8183c74704440d7eedee1542c2e812f65afc83f4b62dadf1c51fa68f8d5f457a893211c8afc82c93e6a1e15822eff0d4ada6efd25d271a0":"8d0393d2a1ae8930ea88773adfa47b49060f0bf2d3def2acc57786bfbd1e2d6f":"5bcf5ff4fbd9eaabf8bf82ec7c59b043fd64b0025ad1ab2b384e399b9e13147a":"6e2d05e286c90502a3abf2ee72ab7ffb520ce5facfb27e095787a09a412abec3":"e1ceda71b8feb4b0d14d35bbb57a79a2" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"1fecb5fe87c2a208b4f193e9c3ff810954c554150d544baea1685fb4774320315d5cb651be493ef120ef6966e3e7518c":"34bc292809674352ffb60786dca59ec799188aa401b366a48cdeddf37c12ee4c666f8fb3a0d53df4cd7191166d50ff01d992f94cd92da7a385ffe5795b197ced":"38249fed34a907768eac49267c2c613a65154eec5b73b541d7d7b314b5080061":"115be9cb914b50480fffe078d8170870b56129a0a74271dee063f8b2049e1be3":"69fa6faf7223f5bb1b55f35a544f78181579b1745990053357916fe507e51db6":"60cc92d3ba3ff0715f5627182334ed1b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"4d283eb5ecd85a1613c975e24832770643613c9a5aee0d8649bc0d68c89cf1ea6ec3a1a22eefd9e212d602c338d64c6e":"4aa6917a5c9f370590d70536fdd89c916fec5e5bcbade8c6a6cfcf5b232c98a6b3e6b79a2dfb0778fbc3f1da7b06044d7b0fa2c04ffc3b71324aca1ee19f936b":"05a7092a684ba7a7fbd33533f9be58a4140a3855d4c5f44a31d665a0720c1739":"557ef1bedc890d1543de6cfeb25642782683d77a46bc8aa0836b07157599c7c3":"e87e45073ff8e36c38b128cd2275a160e431787b5e81f6c2fd7a37909eb72ea5":"31ecfb1bcf3253ba5f71b185a66c7cff" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a6f488104a6c03e354d5d1805c62dcd3016322d218747fa83f9199e20f6ab1cfbc2b889536bda1187f59b7294d557ff2":"22f8ad57a2dfa8010e2865ad6263823652917b84dfea61f639efdb0fdbb35c6341ca7721095d69686212dffe78410c0d0db94f04756d52e7d76165d5a1d516d9":"fb9951d563f7aa88db545874b1a3049c5f79774d486e7a28aed1ed75f59224a5":"b1ea7c6b53e79e4e947e63086dee32dcc17bc4f27fba6142f8215ec081cdd5c9":"0d12cc0a39bfbf87194e4070f6b54caaabbe48fa192b96cfed2a794d95fa299d":"62a1c5678e6e8fc738d375e2ca48751f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"9d67e017e0abdd7c079bc0354f33dab696ad64146802f06d6cefd9cdefbf55b197f5899e5efaa269cc0432c87648ce18":"d8be0ec1119ff959c32c9cf29914e3f7bf2b01bdbf806c2d9ba119ae2a2cfb565871762b02ee7bf68f1d280532fd7ae7368517f6f751739b228d23df2f207f35":"74a5e24477e8759bedfbaa196f398777108392efb8c64c65c0c9ecd6cd3b5f04":"70cbc6cfe1d6ab4bc30d66fa162d5d4b3029e4b1b9d759f3eae17fb508e91a46":"d3c538e042f0eb796b4af9b4e65cd850425c72e2c896fcea741c17172faf27d9":"559a5e04b75cec250aac2433176a725e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"10914608a6d373a26c53ab83014283b678d73dfea65b4a3540af17f2fafa3b3cf698925b423edb9f946b906f43110795":"9ded87d289412dfda8935e5b08ec66b68abd1bae1fc5363e4341f58db954f1f9bc4b681c0d930ba080f85f8fd04c173cb2b77723ce67692efa7ade48b82b6926":"225159b4c679094f277516b2335b1e8b7d0a7ea33fd56822906d481fe412586d":"4967cd401cd466aba0be5f55615ca0d9fb8adbde5cb4e6ae3a0159fcd6c36bf0":"fec14f325b8b458ddf3e7f2e10938f4c2d04c8d9885bb5b9277bdc229c70b354":"1cd5c0bdeb87c79235bead416c565d32" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"b023f6a6f73d4749b36eb54867994432":"2462ad760ddbca4e013688bf61381f190c7b2de57cbeeec81d6ab7b6f067b75adc3545887f8d2aa5d9b9dfcbfa425d610faa9c247eb5d71145f302918e908ae5":"":"":"":"c0620c68515a4618e572db6e4c14473d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"7e0fcd953c1c8bb8d03d7a0e918fb59d":"56b2e11d5c2d87d2c9c90c285e0041beb4594a6efdd577580095612e50cf47c0b76208337e1e18453082d725629667d86226ab22944bbfb40c38b7986e489adb":"":"":"":"7194eee0d333fa5282dc44db964ecf5b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"0130217d4a3945402ed99d7b8504fe4b":"28e592fd9db72b40ae4888078aedde260f6de4f0472a7601258e694d7bb6af6810ff4eabdffb332932765fa1d66650fb78cc2be484c0ba803eb9a2502020e865":"":"":"":"4652f0545385fdbe02d05aec21668608" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"07854447e33521d2d997d90c0887f42d":"c561ab6acfbfb98879982ac7add92b80471e0154b77ccc9fd98e7c2013c411e8075948e97ab4db7505797a99d456e54e6585042efeff7e3970e399ea0d27537c":"":"":"":"1a14a810c11b4f0af23c6467c47bbde0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"68a8ec01581d6066391f3e5977465026":"747c7e9aace6d4f840c7b5261e0af796c516477421d52850a7072a0ab2c768fcc80c9ba8d18b228e77a7f6131c788a76515fe31aef4ed67376568231a4700fac":"":"":"":"a5723c43743442fae3637bb553891aeb" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"1459038c60b70bae7af0da6cfab707a2":"9f7d839310846bd452827a185539c0eb0f106acc7bc4de80d3521a970b23483d57826b1484d329a2d1c2ecfeaf8eeffbaa6e1a305e3f1e47b96ad48a711ad1aa":"":"":"":"5fcd6bf108fe68b85f61f85c0556f5c0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a3357db173df98da4dd02ee24ce5c303":"f1ce08587ac0338b4d0b8e075b42b6501e77758b30087de028a8622fb7abd7f65e3b4f802d1a472dedb9c1a6dc9263c65918d8b7fafd0ae7e9c39e2e8684af3f":"":"":"":"8a5fa11d8e78fbf1ca4e4ca3e1ae82b8" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"212f4c80c7e9287c8d25e3b965f91a3c":"bf1d715b3f56c433827c9cb429bee5ca61c80a8d9b2fd4498e1c86ce703637f8f7f34056ab0039e0baa63320df0ec61de60354f2ece06356d9be3c6d1cdcc4cf":"":"":"":"04ac2f969e828f375b03ee16317e8572" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"46e85752e0af82fc63932950120e4b5d":"ae4316424fa765179404188eb8839ce84ad8db92cb12f39089a93a2dbdc371e2fdbef1ad080eb354eecdda3a10ea66ef647aa095afa1786c01bd1c9f70d8da4f":"":"":"":"de576284d8ad36b31bd4f8f3da633e36" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"ec2459b1dd7f50df63e14e40aa4a4e66":"b964a24bf98264327c0b9e2e1c99ed1b35f534be801c996f318bc2074ed2500ba8488c4feb442b507c3220523c0041c9543133379365e65e092850a5e3f96cc9":"":"":"":"4d466e2f388aae40d1b31ce1f8ddc5e8" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"acf480d54f4c66d611519b72f2c0dca6":"d5b3277cf8badf6be86af27dd36f23ffc580847c5fcb56c4d8a42339336f185c38ffb86f4d8aa7646c1aaed6c2b0c7ae7e4d435f481d62bb01e632f6bbb2abf9":"":"":"":"746aaa5423ef77ea6b1eda47410262dd" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"edb80fddc595b234e3c5c03b2be3d721":"94aad8c772201435543efd9013c9f5f022038db6864e9ed4141ea75beb236844da6e6a17109262bc80f528427b37d9da6df03c7dd25be233774384a7f53197ea":"":"":"":"511927f10f800445b705ea3cfe6ec823" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"c7790c9888b0e731ca6ccd60c32bb98a":"967050c11050a6d99a5da428d1f0fc8068b29ba4c66965addbfd31b745cb07d2439d268ab32a5fa2b1934bf277ff586506a941768468905ed980537d8baa1d07":"":"":"":"978493f0cece6f94d21863a519e06dbe" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"58c75625771df61c48a82590eeed3378":"be3120e8515a98701b4b2fb0667de2bad3f32bcbf10fb9b820956f9aa7ffa1bbbafb70002a9c7fdd1cf7e76a735261798dc60a1163919d58e39ef0c38b54b27b":"":"":"":"90f5c486e7efe932258610e744506487" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"d3f64c11aa21bb2d12278847547fb11b":"855c0e3a7567730b11e197c136e5c22b1dc7271d4dbe04bcdfd2fc0ef806b3c05b4264ee6c60d526506622ebf6130738dba4bf35c13ce33db19487312ee691fe":"":"":"":"33ed7089ebae738c6a7e6e2390d573e4" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"132ad1c40afb066620f004f08409c59e":"2e5beadd89b663b3903d3a63c3ab5605bfb1a0045a42430e0220243c51a69f7ff7678c2f8edb7bb4a29b646f3edfaca2463f9defd342da87d22b1b8fdb012fd5":"150deb841d1a4d90e66e85b036d9f5a7efca726b907ae3e8f05e1d1338cdfd32":"fb199beeeaf3939be2a5f9e6ba22f97cdd2c7576e81eccc686facbdf8bb4f2aa":"4293341721f57e4548ce8c003531d38622446c8825904e1b868dcddc626c5164":"66d8f3bfb78186b57136ec2c1602e1ef" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"1c1502ca97c109399a72a77c8d6cc22b":"1d33b1b257a3ae1210fa2099307916a73dd92270769697ea2d7901f56865e3cae1be94b5024d0da3880bce06f0b31231c5a889f8ba3d92a20844b61009db672d":"23eede46eff4a04b08dcc2133e4537b332351f8469630f11b0c8853fb762a4bc":"6fd9f9da108e68aea9d1cecd81c49bcd0e7bedb348890f2248cb31c4277369f7":"76bcc11bd952123f78dd2ba60dd932d49203e418bb832d60b45c083e1e129834":"a1eee46001616f2bf87729895da0d0d1" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"c79c0a1db75e83af258cdf9ead81264d":"5e8cc0fdadc170ed0f5e12f79a6b9e585f9d7c2926c163686a6a724495d88fabcec940d752545cae63f1792dcb966a7325f61997ba8883559ad6f6f8fc09898a":"a2cf6c1c9e4489f504e17f385f08aa82775aa2b0a84abd0b7ee3c6b393d7fd50":"c7529b874e07d4b876196786d510cc038c9e1ab93c461df2474eba484ae6876f":"63c6e7f3548529386c9f47c5aece52ce8454da5db9a807a1b960f7730a61582b":"43b7931e0b3b3769ef8972d0026896a3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"b44d1dd914e88840bc65a94ee199b3ac":"c3dae1863d323cc78f43ccb3f632fde29130e6b23b843ff5a8d79fddc3c1f92b55cd3dcaf7848d40d189c0de7790bebb889e01be05980dcdf30d2b3333426c50":"41e2fce9b48642a1b9bd1695314adcdd38e1a8afe4891e633c5088c6753438a2":"1eb3f8bbacb0c6b901718bfd7eba29f6f87e1fe056ad442d6d38c1351a684e1f":"85570db773f3f5202967376f91a0a9c09c89cd4eddd58cdc6210335fd5e7acef":"bd53036538d9ed904a49966b5428a2a8" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"5ef97f7af7df5cc6fa94f8428ec7be5c":"be67434ac4d77f0f50ec5bacc8112d1480bd9f20d6b4ea768d9b51bb69c1dffcd8c30e4412127644aaa6fc453e59fb633f6a5a8c2f69e40d1863e35d4d4c0227":"a64195b1e56cf97fd81e99fa1833d191faf62f534c874def4b8bed0ae7195ac7":"353cd3a8d9cd92bce82cd8d1cc198baa9276db478b0cfe50249e30c3042ee9db":"393ab4726f088fdfeb4df752e1b2aec678e41fa60781bc5e914296227d6b3dfc":"24bdc2cad5dccd2309425f11a24c8c39" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"567130da4e7ecc4db0f035d7ecb11878":"cc070df6aa3623f74afd85b59d1bef2b1fcd9c8093362512ff109ebfe992ed75bd58b5ae1561d702b69065eb3cc0bd328ab698d4c6ca274e96d673309b5df5df":"42033054cefa1f20b3443f8ab7d9635ae8f047b833c8529245ba8b4aa07edba3":"72972fb947bff60df291888ddbfd91e698e0c1c26a346b95fc7c5dac596d0073":"af29b6a13602ba9c6b11f8dbdeb6cb52e211f9cd2fc96e63b61e3c1ec631d2ea":"b0849f8317e043271a3fc5f2eaaaaba2" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"2c20ae36f1e74542ed8b0a177b8050aa":"c4bf7a39caf26dc3f61311f54ab3095493c626a988f5abee2826c67a4f4b4d6a02329c99a6bcb5e387fa160741c871acc2929c1cc07f2f0a7ce1619eb7da1ec4":"97c148dd10c3dd72b1eaaafbe37a9310ed15b23872e9f2b62d1feb91ea81ffe3":"23df0c30c68bf2eeb55d273a596f1f54ed916271595b906e4f7793b7a52f2573":"22f120fa09215105116919aaf8eebcb69eccd5da42feb737018a05268bf08e46":"b7c73b9ceea2e6ca0be6a3773cdd6886" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"2076f9e116a2648e1e664b815b1b3674":"979b5aeafe555aeba152ed66e32e30e110df20ee1f227932a72acfb8218aec767941efaefa091c0128dad9b93b06b28fc76e01f275e8ce1c02f0eb567c914f89":"d12fb10b9fa6d2fd0f39cf76294cd44dcbfa80dca7c2f8537c75453d985ef551":"4228a99faf35547a58c1a4d842301dca374f1f13c6fd067b7c1b815863b73158":"a3a7d5f1e2dcf95a90715ec5fd32e7f88c38b0a452b6ccd1f107458db4f74fd6":"8a63a5002a3636b241f0bec14fd9c2ac" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a71015cf06ddd0a6cd72fa014cf0aee6":"c810cb9db0f169dbc30fda85ccb6d4c40db68d429eeb3653070db7641fbbaba60ef0ff970eaf40887b7e154e2ecd5331de7004689ec604e69927da630a8dd7a7":"5f99f45d8770041703e5a14521c501904fd05ff3340835ac0c41b86442e4939c":"eb7efa6e46ab926ea04c87eb9ce454f5b10717bd9d85305f27d71bea1bc991b3":"cbc80c6171d098fc81023486d327efe2415a0f32e5fa6f6793ce1d0e98783258":"a353f6b350404f3f7b4fb724f84a948a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"395931837614c322d8488ec6a2c4c919":"831fc8d63592b6ce358c08aeac39d67c3e48b4c2617735b6fe5e9fa44d7aee9d60f2fcf549db239d5bed9c608c94e8f8c23b32901442ac53442127377bdcf205":"eb261c737c0a17c8cb1ae055c143f701b74c96c852e4a76ca3ea045e7efdf5ee":"153276007b3843a897efbf022bd1bcabcf655c7eb8acef9baac710b339ecfd99":"a8a5cb17a2945e5b41ff370cc88ac498389b89b6cd82bb3bbde81c212f7c17d4":"537fc2b73183d2c0c106886937a6609c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"9a1983859dd6c4cb602970d705952b2b":"68c5cf31f7959ffaa83af9dd55a75ec001befbf835e42a789ac42d39d96128eb6d9b3f07ced15e57e39760390c065fb4425c19ef7184635c18e5ed28256937e1":"e06497a181a5362980579c91d263f630ad4794519a64261ede8b36cf0ac5e713":"714e4fc52aea763e23a1f5b18949ab8fd949f1768560559bccb49d78d51dfab5":"6b6b7f65fd472ad428df2bbb86b85067d0a6f89d9233eea92f5189a9163d0419":"e32af8a81c59dc44540ed8845b447fdb" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"230576e9518fb9a6a8391a84919b0d97":"6193f0e7b33ce19fde922aec9c93f1271ebcdd296d9c8c77029b59afa2064e3159088e07e91c14a4a3dc23b6005dd8ef1425d7d2ae8282a5b30b7498b6754234":"ffaca30a256d18836a0d49bbaad599a28fc7821d71aa91b97158a492d84a6280":"a3da13852d0717afed7c58c52530d2ae047b645a5e7aa8cfabc11478444151ac":"e15fdaeea31c95555fc509d2a266abf78d86ca11aa2f87ce1041142eb9f82bae":"7906f8da1e140345c191dbc2de5ead1b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"e08a3a33adb4399a9be72fead224155f":"cfbe8b1464b00bb9e0d18b04d2040ed9bd822741188812b98a440fbc66ff018ddf6c0ea20c62d01b8237bc7c3da9e3f9fb874fca79a360b4f0f967d8d02083ba":"56f975849197e2eae5a2e6fb445a93c1fadf57280ac27e27c7cbea2cb00c10cc":"0a6d9e2d6e181addab0ea1ee89c65ce557e10fb8e8d43a24cdd27033d3fff507":"823e9400a9f563cc1fa5daf10f4ff1ab8affa18d8371f9cd0e067fcddce8caed":"5ded298f98cffb2e7f5ea97bd50c7e3e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"11c13b917d9f94fd7a008566d8598e89":"f53343a5a455132df3d1b03db39e44d933855b375d7422ad0d07dfdfb352af28946eb29980793456ec8634bf113e75783246bbd05aa8a7cb5886d372fa012f58":"ff1d8d33083023ffbe28f153bddfa9d9f3c221da16f8f20967d2508fa7752b55":"66a98c7d778d798617e1d31d4bdfabf8d381d38b82125838ddf43fb7f5b27dc6":"407c72d7c890c00b249be00a53ae722e5d8033c84b1e1a6a69d4b278ba5db9eb":"67ab88156f20d03b3a1bc363daefc0c6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"7b95343a4ac0f8c8b2645c33757a3146":"3d7e2987860cbcba14a12594e1a394ee754c9a7a65cecc990bc79b5e86e672e12f8c144d843e1abca46b4759a11b3d29f4e219077a8696efadee618f254cb80a":"16297534a79c4ae7493178226b29e42a6f1e0066aeaee8b5af65bcefa2ee3ebb":"b429ee986f16fb35fe2c47c03c0918870b4560f4ec4678f9df471cbd7ca6a887":"2b14d612eb00c7fba0d8e23bf91df91daef6f8e279e0050d5497ddf0f3466c76":"8f72c17405163090fe0bd795b65811c6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"327290da2e9a19c840de8d33e425efaa5aa7a7afa4e5a812065965478d640f78520cf3c670b098943fec1914d4c8c411":"80bdf18288cb8adb6e3dacb09c553af2e7317c194d37f433eec27e324a0bad752899bda91fd41e5a08acdfd76007aecabc19c95a8bcede310f7320ce97aaad0e":"":"":"":"c26222662ed3a649a1745dee5df4eef0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"be14f473472db07a43b7f9a517735d7f7ede2aa70dbdb729bc4f578a0dce9d7fe9fd97939cd1ef731262417b5213bd7f":"ac71ff53140c1383eb379e5311e37637af933db494e5e689d065661e9095b8302e4174c392f324fac43695d9381e3cf4626a5347938ed9e21502cbd789cca363":"":"":"":"4bab95f9f05fc36a337b6f2582c2ce98" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"88c31e24f4f859b668946ce73f8600621a70731440762b3c267ceab52a9d77a23d6f70ddba0e46a786697a906ccb18a3":"bf9bf25a949d447274a8c72f1ae51399521f8aca39b1b37bb7b4d5cf3c67d55ef8dbacfb71aa9c5949416e2868b968883e517215bc20292894f8406ab39c1ea1":"":"":"":"841aaa0b171d1526ef365b9201adbff3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"8545a0de5ea028c8e5976d5b58fa50079b20ba716f0856cc1af7b98537c895f0266b956542d2b8ca661aef5da1f7f8c5":"686f4f9ee74c3402845fbad9353d7dfeff727584d892eb64bd84b764110cbe4ac8581e7e23acb95caf12979983e8947c570264aec292f1c7b756f7184007dcba":"":"":"":"f6d6ae6449b2984df8bcb69584fb16f3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"d6cd4b4fb9105374605deac7bb49ad792eb225daa560f2a86f66269bf9afc2ea01b6ee6f0eb4926d2f09329df6e90d79":"5d1b8fa0ca2ee127d1bd41423c17b9a8c736715cc2906818e9216dfd81b7637b66c89b772b55ae707c6effa2d9ce7425df26f966646ab613d5599143cf51e5e8":"":"":"":"c36ab451116d733eb4377de3511db5ce" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"e73ebae0d0834fdff1829ac3d9722fe9f1bc65b5f652fae5f7615af116440e3d5709b5cddd6065d568c246820de46b09":"2026cf7c1b1fe9645ab8759958ac04fb1d8938b9913c3b7f22da81e398b2c00b1921e1d4edb5d21c4531515cb0f9644fe8068685b9fca813176e6780796e8ded":"":"":"":"98d1dce30593de8a8d5b4d956f6c684b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a53c1813c06b609eff9ddc77204b085ca985f22170b8ecfcbbf45ea11c45c24fcf25bc33150f9f97ce48244d5beb685c":"1d0dd1a87d59c69f28e118e1083d65f1ee0df31f6308a92dcc47503ec4d20a018d9821c6a7d64385724f0e941231426e028efe6d75e53ff8edf095ef1baf2656":"":"":"":"035cec3a24ba7c44e5c19436c2689a75" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"16d5b8290693a5c40c5a526dd6d653ac54cabb5608d77bb2cb7d6270b96c2fe2de076716ae8cf0a5c781edbde861dc70":"aa82a5ea33439d0c16a1cc13cbae53b169f4d369bcbdae81a9a38129c65ae0ea4f720576c012f8d7eb1c0202003c39d28453a22e502b4949cf5ba23a727721bf":"":"":"":"de4ed9d163d11e9b52470d078df4c869" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"68bfabdbb821cb978527ff18ce37c96c79ad751756551f36b6991981285a68854ec7f72f548c3395ad3ee40410064d4b":"3da9e9518eb1f1b6268e4597f158844ff672ddb414f7ec23fa66d6c86b90a732a7b3016a3387ec3dbed34eb479413d017932ebf9f2a2fea0b35d2bf4e06718f9":"":"":"":"ec4e3e2b6b8763deb17b8611d1fe7953" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"171a74ab694a7d7c2baa3ccf103ad94f11094e07a955ae9ac3bad370f1448753e99b63cc23d1878ab66f94136ec2ecac":"72ebeda7342770d03bc0e531754f946ca5cca684c41f9d089fe9147fad93b6154919c5cb2e6d162fbfde7b9ff0aa590a17993ca6c80bd59eee4134fc2ce944d8":"":"":"":"582ab4f105c3e1fed9593f58fc335fc3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"caed30015b34064762591eba9a59f440566a6621832f650572362229e8a38cd0f5d6d322afd8444132056690d6fa5540":"8e27f0dbeae4613bcf0011105f824ed2ecb150a83a0994f8f6607833755216e016fb175e51d42370afe27b11c18477886b530c95bc31bd1c0f8fe00f61fc15a0":"":"":"":"d42787e97147d457f1590c742443ad92" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"c58d62f8145622cd86cfbda66bc26d2ce4c5610cd9cd1c326b99b60355a6fe751783c07f2cc21ba68f1f20ca70f0ad31":"38a8b685e6bbab67824f4cc72995043ea2854f067f2afaec762c9e78ff9d585a25bc63c8d0d075d06d43f3f694733982d26cbe0648b2d0cf8053918b912c303a":"":"":"":"84001709f15a2fd167c161b5d376d86d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"dc9719050d5257152d8a7d60d3ef1fc5b8cb1700bafc7de863c019f244779c464b6214f21a2f6d0aa3ca282007615ce5":"f188a1ba21b1791ebf8a08d8ba555e49423d9178a561bcc1672539c3a7ba1d856eae9922c4d96c181ed045d6f1d15e855690cdae451edac60f1ca2021f1fec57":"":"":"":"7540fed313c96261cac255bf83b5ae99" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"ff057781af4a4a1eefeb26ab38f82a2efb6f065de290ebf225bd693dfb1f97455b49143bdb430324c9d945c48824f6cc":"0ddd0f4a43a7b54d9abb0928a2242c378db7a95a0b206baa642afe5cd55108f412f1d727fd591bca2c76355aa62aa8638cfa1916739bc66e02b9459ccd0881ba":"":"":"":"8b6e74a94fcac0d2f212d3594213fbb6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"ef027327e47fc5875c01cb17d798fdc2b27a5c78000727842f8a516f4e8dd34afc167ae145b1e763bebdca51e2f461a7":"128566fe6c5b5595742190519445c25db85ee0ce29371f4cab213400d479d2bfe27655155be0fa237173abb214f0226a2f1770802dd69485adb25e6d837485e1":"":"":"":"76cd1553b2b73d4ef6043a09fb90d679" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"8e1a59210f876d017109cb90c7d5dd669b375d971266b7320ba8db9bd79b373bcc895974460e08eadd07a00ce7bdade9":"23677c04a2d6ab446b7b3c582a8071654d27859441b10799f08b788378b926ca4306e7cb5c0f9f104c607fbf0c379be49426e53bf5637225b551f0cc694d6593":"19e914ffbc6d872be010d66b17874010ec8b036a3d60d7f7dda5accc6962a542":"bd7a0c09e780e0ad783fd708355b8df77b4454c3d606fb8de053bffa5ecf9021":"d284dc2caf6d214f8909efc9a75297bccfc04353c2788a96f8b752749c7fec0c":"129d256e7db6269e5a0a160d2278f305" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #1 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"00674e633670c9971be7af789d37d5a4ef567b3ca4766722cd8f67e09d21cbbfa08d43ea1aa259999c6a307ae6347d62":"ec47b029643f85ea19388b6e9de6ab22705b060ae10cee71262027d0bdff5efd7393af619bc6658612fabc78439a0bd5a01255563a96013fa130dd06fd0f5442":"5b92bce3f87645126daa4704fd7df98b880aa07743a57399b985ad1a00b1f2fc":"8199de1338c688234c77262ef35423f4695b277726c76d8b5f426399c14d83b5":"eb95f5a4d8400cec2d4e0f548b6e92636b5e284fb6b61766a1f35bb9cdc5df0a":"9fbe95817578eb272aa9da2f509c2a06" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #2 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"2553423c3cb0fae8ca54af56f496e9935d5af4738898f77f789a9bee867dfbc6010c4e5bc68da2b922cdd84eea68e1da":"a9bebd13711c0c22c94b3252654854515a9dc015fe69e688fbac9676b3d77ab67e19b020cd2427ac789ca17f656e499be3ba3ab2075ff95247c6355157eebc79":"e74e45fa28697a06dab08545fde0cc26e7eca31c40aa68ee41c4de402fdcc961":"5aa8abf7062079929d6a131cd3844a5fb6514c07061e25cad67677d867297685":"84819109b2e09b46ba3f5464c34b28ce25a186f0e0fd83fe5fa0ab026c01292a":"3846f3406e49040c48b5cfc9cbc75d1a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #3 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"856f1371454bb9aa06be897dcda9b295817c6eeb865a9acb3a89d145bfe29ce5e1b3b12b714571afdfaca7951cd47e33":"a691b8bf6a407c93a36d18aeced4c75f76d8397d4ecbcd4e8f820cb393186897f05c1ef668b027fc78ba6da9bd554cc31a467d47b5e534b5340c7799383ec05c":"2c81d1e94b33164a177d0183d182fe7d23ef4f88444246464e58bdd0de38d82c":"1b5dae81c96771bea091521c0973c5af76a03e3624160e2511e57ff43a1d32a9":"bf5878e2bd139f8f058f3d834acd771514da6d4c5b9ef84466e5a4e0e4b2eaaf":"6a5ea73aad476ce201e173d4d5a7ffcc" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #4 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"0436075cf8cf62ce623c2301ebd45203c98282611cfa5a12dd7c04525ffa7eb343a607af2f57feb7ce3af97e0abc2285":"1ab9ada5eeebc3fc8e53f358b643476fcfd4dd9f092f21d2bc1c4bb1ffd01a0c5b207aaa09ff76a9cab0aa6ce62b6a65b2650ab448b8bb2e8696a7aa4b6f4e8d":"62f07d1f49e40f7f472985947ac4d8ef2d58216d918f7942b9c70f43daff8972":"37ae758141fbc890ee7e1d0854426b2984fb1c094677e6a61546e9315bab0898":"353d1dd0c8d8656bc418a6a3ace138ecd62819d4e21b8bd87694ea683ec0cc37":"bfee6bb4afc228da981bfe7f0d17578b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #5 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"d004a0893bf326d50ee52e04cb3e64409f204f4e9af780d5dd092d04162d088385b1f243000914c62cba3dadf9827c81":"c36004075f5fd078137ea08de6cb15f71aeb9eca21c891cfdf7a8c0d21790c94ffa93be5fa06beb5e82d9fbf173ef9b29c18511fee2455dbbe61d6b01baf024a":"7d313ada131650c7a506d2c194444ed202d568544caa75bbc60e57a0b74c9a10":"791d60238677ff53150cf7074061eac68335c0a7cec7de43ea63a5df0f312cd8":"6754366be264deb9e94f39e92ac2894bd93c1d7e1198d39e6eddccb0ea486f4d":"1c29795f03e3c771603293473e347ab4" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #6 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"9a8c79b48ada409183f7260aa1415c9ee4e0b662e0fb81b5c56f85d76ed75efac5751dd4de7e7f8b53a36ee0dce2bc9e":"c4d68b76dc0e785823be2da9d339dc900132f12721e8a63ebe92e36d740c5a5e5564c367bff4a52bc70b1c60c86f0bcb7c1d99c414956a259963207184f01246":"04c7060f36569a5d9578c718627fc2695e8d783c0c8aefca2744da6664e67c8c":"1d4b7d587421dea4f7f3e77fcf997607ecfeb6e665a9a184138eb5736b16f516":"8cb8daf9cda230d8d39b829b968aaa5f5d3e3106d8b693227ab1b6201b78a7b8":"faa146098526546927a43fa4a5073e46" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #7 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"a0736a5a8b0a394625d8985b05e3a9f277c7ba03b253c0e783359a8c4c086121cb46ea469c7756d5f099f5ee8ed16243":"ea7a046fa1760866bcb37fecf9ade7bcea4444662ea782d6f2820b22a96bab97b4c5adcb0a50ced885121b6b85a5074444b1555d9655f4f6ded31fe15281b30e":"47f3655dd05c42454fad68e330aabca49f27c76ba05ef07b6d77fba41153c0ab":"a5d07da3e399cc51d136096599fcbd9779e839b1fd86f21d7d1e23acd91f9fa7":"150b028b64a988fc1ffdfc9e66b4c8dfe4fcd8538ee976c89923638ebad33802":"6ffdc685169b174ad0dd84cdeed050a7" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #8 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"d445a3d9332c8577715c1e93f119521bd31a464db08cdbd73d50080d62d5a48fba4cef2dd097ec749973037e33e8d6fa":"da5f9b2db13d0555846c00da96115036bb75ace66d56fc582d6cd0171e3e23335c5c2b8691e58af8899ed0204316479f849ca6f47309cae571ccb42d3d35c166":"79346394f795f05c5a5199423649b8b5345355ef11eb4239db1c767c68afa70a":"c22810de9987b228c19680eb044da22a08032148a6015f358849d6d608a214b9":"7747d68ca8bcb43931f1edce4f8c9727dd56c1d1d2600ad1fb767eb4fbc7b2d6":"f5c40babbec97cb60ba65200e82d7a68" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #9 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"2728be06796e2a77c60a401752cd36e4a051724aa3276a146b4b351017eee79c8257398c612fc1129c0e74ecef455cd3":"d663d2cfcddf40ff61377c3811266d927a5dfc7b73cf549e673e5a15f4056ad1f9733c8ed875ff77928284dc1cdb33accc47971d3626615a45b9a16d9baf426e":"62349efbac4a4747d0e92727c67a6bc7f8404cf746002e7d3eeffb9a9be0bbdc":"381c0cffbdfa61a6af3f11ccd0e543208b584c3f520130e33617564ec7a48cf7":"6974043362f834fd793de07ceebd051599163d50489441005afc9db09a9ab44f":"df7894746c599e02d985b195ca3b4863" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #10 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"2b65b56de410ee82e55bd2bf80e6cee356a37c3a3aa7042df45fa750a74e097b071fc18d6eed96523dd4fbb677b8c729":"bf03a6b3e8e23ff53369b971217dc3d3f4c1211329c94847347b3aa77dc7a3e0670381573527844a1ade786f18631944558defffb9a00900ca55f97ec726126b":"59255e5cd2221316c945bd614471df76d5b2f394b8829de82e5c30bc178565e2":"5739bc14f0f2ef9d3393928aee67b0908adaf587650928916d8ae78b0077a3b3":"6b236cf0ee0dba0c92b26c60235d3868715a80c0efbc0c898b6f0b1ace8146e9":"8374b571d7f2d94ce2bdadeb9d815397" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #11 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"8756ee2c5e381c7c1dc530748b76a6274ef6583090e555d85210e2356feb2974a8f15119a04e9b481cd3bc557a197b8e":"19705743eaaaa0e8890a0faa2e0df37c820d556c7a45f04d76276f9f9ce2e7c133258ae6d1ba9cdf7745d01745763d18dcd1af2c9e9b0bed2806e60f0f9b636c":"2b4a92b682e9a557466af97b735e2ffdbac3bfc31fd5be2cd212cfbd4b8d690a":"e86504f10317bbeab346f3b9e4b310cbe9fbd81a42054f358eacd08cccab6eff":"19ffad856a6675268cc464ca6fdb8afd0912143e552668528d1484c9a54592cf":"f347fd58aff2999530e258be77591701" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #12 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"f58be57e5035d5c455b17a41ccf7542ffd77f5c009e0a737118ed6c4188f78fcbdbe946bf82e1fa50fd81691de82dcf3":"f9939592ab2b31d92ac72673da013a588ea17bbf02cfd6e79d79f8296601633d04ceb005110f266e6100040ef33194858def8b535314c73caa0e48fc4d2f6e2d":"bb1cb21a316d4b88093cbfc7917d614dca97090cdc8bb340d864547cb3e1fef6":"7e42d5439d81680c8edf5c571d548699730cfada33b650a4d510172a42b298bb":"e9e3cf180f72ba2c1a45d0a94b822943612143e0b642398796b0428ae1af6cf5":"d0c83a4bf3517648b441d411ddcb808c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #13 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"898064243e44ff67151736ce8bb6f1c759cab4aaca9b87543a1ac984ef955cd5db76c1aa56aff83f1f6799f18fe531cc":"b8d6be3036eeb5657fb10766354d4be897bd27973b3530270ccc02a08169a2e437b30a3635eb6ccb310f319257f58d8aa030c8aab616418e0914a46131306a0c":"37572428df5826e6ae5ce95db4ef63f41e908f685204a7b64edb9f473c41e45c":"28beda0e0e346b447d32208c6b4c42dcd567acfe1e483fb4a95ea82cb8ce55a5":"7a0fffa541d723e16340eeb960b1b9c9aae912477e0ebfac03f8f1a3a8bdc531":"611c9f6fc5193dbe3db96cbcd276168a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #14 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_nopr:"50de72903b9d99764123ffaa0c721e14ad1ab5c46a34c040f25324ba1d937b8ef10467161fcf2978c2a680ac5570c6d2":"5c9954fd0143e62c3bf2d5734052e3c9370f7b9d75c70f58fe33b12e3997ee2c8db84f8467affd7cfd9a9e7ec60da6f31bf9bf32aedf644e4934bd1fc916bc8d":"d5dc4c9fc7171fcbfdaead558a565ffd55d245a58b22ad1666ee05131e33f49e":"ea3114e92e6a19f53b207a0a54cd363a6d053fed0a827f92556f0a8580f7a342":"53686f069b455af4692888d11fac15cf7b4bd38e198de4e62b7098f875198a75":"9fb0df053e0345e5640aa97fedef50a6" -CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0)a #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0) block 1 #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"496f25b0f1301b4f501be30380a137eb":"36401940fa8b1fba91a1661f211d78a0b9389a74e5bccfece8d766af1a6d3b14":"":"":"5862eb38bd558dd978a696e6df164782ddd887e7e9a6c9f3f1fbafb78941b535a64912dfd224c6dc7454e5250b3d97165e16260c2faf1cc7735cb75fb4f07e1d" -CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256)a #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256) block 1 #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"41c71a24d17d974190982bb7515ce7f5":"8148d65d86513ce7d38923ec2f26b9e7c677dcc8997e325b7372619e753ed944":"55b446046c2d14bdd0cdba4b71873fd4762650695a11507949462da8d964ab6a":"91468f1a097d99ee339462ca916cb4a10f63d53850a4f17f598eac490299b02e":"54603d1a506132bbfa05b153a04f22a1d516cc46323cef15111af221f030f38d6841d4670518b4914a4631af682e7421dffaac986a38e94d92bfa758e2eb101f" -CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0)b #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0) block 2 #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"bac0fdc0c417aa269bbdea77e928f9f8":"8b0bcb3f932170416739ea42e7dcdc6fa960645bc018820134f714b3c6912b56":"":"":"d9c4fd81f6621a8cf06d612e9a84b80fa13d098dceaf2c083dc81cd80caedd105c7f2789963a167d72f76e81178001fd93de4623c260fe9eebced89f7b4b047a" -CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256)b #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256) block 2 #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"69ff3310141dbf3ece409ade58745113":"d67439abf1e162e5b25941605a8aeba7d686dec133257f6c220e1c595e954a07":"03e795be8379c481cb32534011ca6bf524dc754978ee5ebee475129ad39eca98":"5685c7330f33004515f8c0ab27f2a1cbe0c8a4a6806d6c8486e0217b43e859f2":"a6d22a4370251c51978fedc7e7753c78179ed1943d2ff1b5a374860106041a304b124d47cfa304c909f7d417843846d52dcc7ebcf5c93afef885c893b40c81ed" -CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0)c #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0) block 3 #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"aaa46610681167ff8d4d2c51e77911d4":"58a5f79da44b9f23a98a39352972ad16031fe13637bd18d6cb6c9f5269d8e240":"":"":"c1714f89459ce746b151509e5066d4811a06ad06c1e9b13b50c0fc7cdd77ceedc233908ebe1ea8140ec2dc262a43201be667008e081e5476b19b27214111d325" -CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256)c #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256) block 3 #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"6ca848651d420fb02f9b66f06b377e59":"001ec3b192ddc765553e15742dffeb21cc7d97a4bcf866e3664d8a5ecb4c2463":"99f139ab5ee4f7eed6148e82d79ad5f2b9fa638d574e5db79b650c0e682ca466":"6e7bf0ae28a797ccbb47101f26bfe5a0b1e450c57aedf731272411fa7b6c4ed4":"865b6dd4363c5940d6228cc90ba8f1a21efbaa99b0c7b37361f7fed7e969a97b68d550dd6ad4bbfaf6626779bfb43c66845c2923df9f55307c8bc9f0a3872fa7" -CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0)d #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0) block 4 #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"1c6a80d82012c39c9f14a808643f08e7":"4ee68b3352b874e1cc29375028851dee9d5dfd88a40664c79e2b724fb11b2808":"":"":"7c58d2a5522a88341fb55facefdb6e24840cae283948d53148a384e13b5407d7712c33434bd3d19448b43270c54860bf3495579057c70bff3084dddff08a091d" -CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256)d #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256) block 4 #0 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"70bdedbc6825c4fe0a9f7e45290ddd51":"481e505bf7a36f9d96690d49154d98d6a247c14a703dbfed7cf1b7a71bee737f":"5b07610c2c946eda2975a26ddadf7d73e3d287e923d9b1a2d2070776a446d8e6":"2792a988ebb2e768eee0d5c263bcd76a675d6f339e5f1ab2ca595e6b3b4d024a":"303448a355fc0a69a130b6ab194997b220970bf680914913da904e92109dee3d9f23871130c407045cf463ce783a5dfafd603a8384790573af385d479acd7206" -CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0)a #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0) block 1 #0 +depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"aad471ef3ef1d203":"890eb067acf7382eff80b0c73bc872c6":"":"":"a5514ed7095f64f3d0d3a5760394ab42062f373a25072a6ea6bcfd8489e94af6cf18659fea22ed1ca0a9e33f718b115ee536b12809c31b72b08ddd8be1910fa3" -CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128)a #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128) block 1 #0 +depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"026c768fd577b92a":"b408cefb5bc7157d3f26cb95a8b1d7ac":"5737ef81dee365b6dadb3feebf5d1084":"3368a516b3431a3daaa60dc8743c8297":"4e909ebb24147a0004063a5e47ee044fead610d62324bd0f963f756fb91361e8b87e3a76a398143fe88130fe1b547b661a6480c711b739f18a9df3ae51d41bc9" -CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0)b #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0) block 2 #0 +depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"259195269ec11af6":"2d2ab564202918c4ef5b102dda385a18":"":"":"2c5cd79ed87622a91b8654c8903d852242cd49cb5df2d4b4150584301c59f01fd95a702ac157c84cc15f42c8211335672d8ce1291ef9b1def78149a04fa2697c" -CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128)b #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128) block 2 #0 +depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"b25716931b6e3cc1":"adf5711f93d8c8997349429ccaedae0a":"abf8cd66dd39758b01d7dbb99ab17dc3":"4be0f6b2755377c6e881fbb261b56beb":"d420604dee6467492db5957c86207a708fd242ed67942aed299425335c83b41437418582f41bc7fc0ef0d6927f34d83acd67c70133644fd711dd5a65731f9f02" -CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0)c #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0) block 3 #0 +depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"38aa5590f6bfaa4b":"2e1724db482232a3e61f92c1c266faf8":"":"":"4438b48a45fb0141e31f0a9624dfe6fcc2f9edc075c0a52bc5fc46d85a966c853feee6af913234b3f9a679f667898dc15a24aaed89f035bfa5da516e435bbad1" -CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128)c #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128) block 3 #0 +depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"111d8612a0f04e2a":"9bfaefb698b1b5fcc62db2c16498c33a":"aedbe02847b1b08b6a673bdf25b0224c":"9901ead62ce56573b0f71cd020fe3469":"dff8bf2aec531f8532607e738bd79f91d6085cb19568b7b0240ce6a6b371a282bafcdba02137df990535d9ebf0ba77117751626b2678aca7be4decfd6b9d4b38" -CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0)d #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0) block 4 #0 +depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"e78c5571c5f926f9":"6bdf5332bdce4655d45c2cfea897b000":"":"":"e0715688765a3285e7b7db555f277924e7171f7541bf26122b13dbaaa39f9e2b0345c659583ff8c9cfd888f1abd2f3b36a7c9d47c687b01c819a9f9888542e0f" -CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128)d #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128) block 4 #0 +depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_no_reseed:"7ee2614ead3c128e":"8b80936e69c67edb771c28f9b9452124":"fc35cba97a1e211bc420e8af53f8e13c":"fba438aaa75a3cd4cd0cce399bfec74a":"6721cc1ada5ebc1713f74c759000765652eeb5f3f9c24fb9341b36a369cec1d27ea80d6b73b56047af07138c5a43c99a87753115c471b8587ea65fa2065e3ce0" CTR_DRBG CAVS 14.3 (AES-256 use df,False,256,128,0,0) #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate:RESEED_FIRST:"0bf814b411f65ec4866be1abb59d3c32":32:"2d4c9f46b981c6a0b2b5d8c69391e569ff13851437ebc0fc00d616340252fed593500fae4fa32b86033b7a7bac9d37e710dcc67ca266bc8607d665937766d207":"":"":"":"322dd28670e75c0ea638f3cb68d6a9d6e50ddfd052b772a7b1d78263a7b8978b6740c2b65a9550c3a76325866fa97e16d74006bc96f26249b9f0a90d076f08e5" CTR_DRBG CAVS 14.3 (AES-128 use df,False,128,64,0,0) #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate:RESEED_FIRST:"5209e5b4ed82a234":16:"0f65da13dca407999d4773c2b4a11d851dea0a12c52bf64339dd291c80d8ca89":"":"":"":"2859cc468a76b08661ffd23b28547ffd0997ad526a0f51261b99ed3a37bd407bf418dbe6c6c3e26ed0ddefcb7474d899bd99f3655427519fc5b4057bcaf306d4" CTR_DRBG CAVS 14.3 (AES-256 use df,True,256,128,0,0) #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_256 +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"a2d015f22d854e29de278d910c573de5":"16a1f035388cd8d956026e3b0117cb524dd3eb563f9a7720bb7dcb0fc6fbe743cf140bcd4d7130e7e3ea14046c56442b57c43b34ad219553e7105c18f6e561afe27c9f0be60d82d6cc474efb7fc737b16a6895d9a3a45b971d19b743c1a4ac8f":"":"":"b4e8395bcb7503410a94633f70e9904a5b30e62c35bc6dd2a03496c4a49932e184fbffdbcf1de1c72c50d36dc2ae8f04f40f96aae159c3fb816ca16df99b6c3e" CTR_DRBG CAVS 14.3 (AES-128 use df,True,128,64,0,0) #0 -depends_on:MBEDTLS_CTR_DRBG_KEY_SIZE_128 +depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_validate_pr:"d4f1f4ae08bcb3e1":"5d4041942bcf68864a4997d8171f1f9fef55a769b7eaf03fe082029bb32a2b9d8239e865c0a42e14b964b9c09de85a20":"":"":"4155320287eedcf7d484c2c2a1e2eb64b9c9ce77c87202a1ae1616c7a5cfd1c687c7a0bfcc85bda48fdd4629fd330c22d0a76076f88fc7cd04037ee06b7af602" CTR_DRBG entropy usage @@ -843,5 +1083,6 @@ CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: CTR_DRBG self test +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_selftest: From b7ebbcaa2cdee4b63ac2649e696f99b65327e109 Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Wed, 29 Aug 2018 10:20:12 +0300 Subject: [PATCH 183/368] compile time warning of 128bit ctr_drbg keys and standardized warnings a compile time print was added warning in case of 128bit ctr_drbg keys. This was don't to avoid an actual warning in these cases (making build with warnings as errors possible). Additional warnings on the Changelog/headers were set to use the same phrasing phrasing was approved by Gilles and Janos. --- CMakeLists.txt | 18 +++++++++++++++++- ChangeLog | 4 ++-- Makefile | 12 ++++++++++++ include/mbedtls/ctr_drbg.h | 4 ++-- 4 files changed, 33 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 157eebab8..34710015d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -36,10 +36,26 @@ set(NULL_ENTROPY_WARNING "${WARNING_BORDER}" "${NULL_ENTROPY_WARN_L3}" "${WARNING_BORDER}") -find_package(PythonInterp) +set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n") +set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n") +set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n") + +set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}" + "${CTR_DRBG_128_BIT_KEY_WARN_L1}" + "${CTR_DRBG_128_BIT_KEY_WARN_L2}" + "${CTR_DRBG_128_BIT_KEY_WARN_L3}" + "${WARNING_BORDER}") + find_package(Perl) if(PERL_FOUND) + # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning + execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + RESULT_VARIABLE result) + if(${result} EQUAL 0) + message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING}) + endif() + # If NULL Entropy is configured, display an appropriate warning execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY RESULT_VARIABLE result) diff --git a/ChangeLog b/ChangeLog index d43ba740f..7bc671041 100644 --- a/ChangeLog +++ b/ChangeLog @@ -71,8 +71,8 @@ Features independently contributed again by Paul Sokolovsky. * Add support for key wrapping modes based on AES as defined by NIST SP 800-38F algorithms KW and KWP and by RFC 3394 and RFC 5649. - * Add support different keys sizes to CTR_CRBG. Note: using shorter keys - than 256 bit may decrease security. + * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter + than 256 bits limits the security of generated material to 128 bits. Bugfix * Fix the key_app_writer example which was writing a leading zero byte which diff --git a/Makefile b/Makefile index 78c1acb89..f4c0a0021 100644 --- a/Makefile +++ b/Makefile @@ -61,9 +61,21 @@ NULL_ENTROPY_WARN_L3=**** AND IS *NOT* SUITABLE FOR PRODUCTION USE ****\n NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER) +WARNING_BORDER_LONG =**********************************************************************************\n +CTR_DRBG_128_BIT_KEY_WARN_L1=**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined! ****\n +CTR_DRBG_128_BIT_KEY_WARN_L2=**** Using 128-bit keys for CTR_DRBG limits the security of generated ****\n +CTR_DRBG_128_BIT_KEY_WARN_L3=**** keys and operations that use random values generated to 128-bit security ****\n + +CTR_DRBG_128_BIT_KEY_WARNING=\n$(WARNING_BORDER_LONG)$(CTR_DRBG_128_BIT_KEY_WARN_L1)$(CTR_DRBG_128_BIT_KEY_WARN_L2)$(CTR_DRBG_128_BIT_KEY_WARN_L3)$(WARNING_BORDER_LONG) + # Post build steps post_build: ifndef WINDOWS + + # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning + -scripts/config.pl get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \ + echo '$(CTR_DRBG_128_BIT_KEY_WARNING)' + # If NULL Entropy is configured, display an appropriate warning -scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \ echo '$(NULL_ENTROPY_WARNING)' diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 5e0d1f03c..f08a9798c 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -11,8 +11,8 @@ * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128 * as the underlying block cipher. * - * * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers instead. + * \warning Using 128-bit keys for CTR_DRBG limits the security of generated + * keys and operations that use random values generated to 128-bit security. */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved From 6275be34831cb6b07c1bf326cd795750dbe8886f Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Wed, 29 Aug 2018 10:25:30 +0300 Subject: [PATCH 184/368] Re-factor test functions and add support for data_t parameters the testing functions were re-factored so that the common code was extracted to a single static function (removing the need for unclear goto statements). As part of the re-factor the test functions now use data_t for parameters (support for this was introduced in previous rebase), --- tests/suites/test_suite_ctr_drbg.function | 196 +++++++++++----------- 1 file changed, 99 insertions(+), 97 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 714af5598..f0465d382 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -23,6 +23,74 @@ static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len test_offset_idx += len; return( 0 ); } + +static int ctr_drbg_validate_internal( int reseed_mode, data_t * nonce, + int entropy_len_arg, data_t * entropy, + data_t * reseed, + data_t * add1, data_t * add2, + data_t * result ) +{ + mbedtls_ctr_drbg_context ctx; + unsigned char buf[64]; + + size_t entropy_chunk_len = (size_t) entropy_len_arg; + + test_offset_idx = 0; + mbedtls_ctr_drbg_init( &ctx ); + + test_max_idx = entropy->len; + + /* CTR_DRBG_Instantiate(entropy[:entropy_len], nonce, perso, ) + * where nonce||perso = nonce[nonce_len] */ + TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( + &ctx, + mbedtls_test_entropy_func, entropy->x, + nonce->x, nonce->len, + entropy_chunk_len ) == 0 ); + if( reseed_mode == RESEED_ALWAYS ) + mbedtls_ctr_drbg_set_prediction_resistance( + &ctx, + MBEDTLS_CTR_DRBG_PR_ON ); + + if( reseed_mode == RESEED_FIRST ) + { + /* CTR_DRBG_Reseed(entropy[idx:idx+entropy_len], + * reseed[:reseed_len]) */ + TEST_ASSERT( mbedtls_ctr_drbg_reseed( + &ctx, + reseed->x, reseed->len ) == 0 ); + } + + /* CTR_DRBG_Generate(result->len * 8 bits, add1[:add1_len]) -> buf */ + /* Then reseed if prediction resistance is enabled. */ + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( + &ctx, + buf, result->len, + add1->x, add1->len ) == 0 ); + + + if( reseed_mode == RESEED_SECOND ) + { + /* CTR_DRBG_Reseed(entropy[idx:idx+entropy_len], + * reseed[:reseed_len]) */ + TEST_ASSERT( mbedtls_ctr_drbg_reseed( + &ctx, + reseed->x, reseed->len ) == 0 ); + } + + /* CTR_DRBG_Generate(result->len * 8 bits, add2->x[:add2->len]) -> buf */ + /* Then reseed if prediction resistance is enabled. */ + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( + &ctx, + buf, result->len, + add2->x, add2->len ) == 0 ); + TEST_ASSERT( memcmp( buf, result->x, result->len ) == 0 ); + +exit: + mbedtls_ctr_drbg_free( &ctx ); + return 0; +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -31,7 +99,7 @@ static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len */ /* BEGIN_CASE */ -void ctr_drbg_special_behaviours( ) +void ctr_drbg_special_behaviours( ) { mbedtls_ctr_drbg_context ctx; unsigned char output[512]; @@ -64,120 +132,54 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void ctr_drbg_validate( int reseed_mode, char *nonce_string, - int entropy_len_arg, char *entropy_string, - char *reseed_string, - char *add1_string, char *add2_string, - char *result_string ) +void ctr_drbg_validate( int reseed_mode, data_t * nonce, + int entropy_len_arg, data_t * entropy, + data_t * reseed, + data_t * add1, data_t * add2, + data_t * result_string ) { - unsigned char entropy[144]; - unsigned char nonce[64]; - unsigned char reseed[32]; - unsigned char add1[48]; - unsigned char add2[48]; - mbedtls_ctr_drbg_context ctx; - unsigned char buf[64]; - unsigned char result[64]; - size_t entropy_chunk_len = (size_t) entropy_len_arg; - size_t nonce_len, reseed_len, add1_len, add2_len, result_len; - - test_offset_idx = 0; - mbedtls_ctr_drbg_init( &ctx ); - - test_max_idx = unhexify( entropy, entropy_string ); - nonce_len = unhexify( nonce, nonce_string ); - reseed_len = unhexify( reseed, reseed_string ); - add1_len = unhexify( add1, add1_string ); - add2_len = unhexify( add2, add2_string ); - result_len = unhexify( result, result_string ); - - /* CTR_DRBG_Instantiate(entropy[:entropy_len], nonce, perso, ) - * where nonce||perso = nonce[nonce_len] */ - TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( - &ctx, - mbedtls_test_entropy_func, entropy, - nonce, nonce_len, - entropy_chunk_len ) == 0 ); - if( reseed_mode == RESEED_ALWAYS ) - mbedtls_ctr_drbg_set_prediction_resistance( - &ctx, - MBEDTLS_CTR_DRBG_PR_ON ); - - if( reseed_mode == RESEED_FIRST ) - { - /* CTR_DRBG_Reseed(entropy[idx:idx+entropy_len], - * reseed[:reseed_len]) */ - TEST_ASSERT( mbedtls_ctr_drbg_reseed( - &ctx, - reseed, reseed_len ) == 0 ); - } - - /* CTR_DRBG_Generate(result_len * 8 bits, add1[:add1_len]) -> buf */ - /* Then reseed if prediction resistance is enabled. */ - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( - &ctx, - buf, result_len, - add1, add1_len ) == 0 ); - - - if( reseed_mode == RESEED_SECOND ) - { - /* CTR_DRBG_Reseed(entropy[idx:idx+entropy_len], - * reseed[:reseed_len]) */ - TEST_ASSERT( mbedtls_ctr_drbg_reseed( - &ctx, - reseed, reseed_len ) == 0 ); - } - - /* CTR_DRBG_Generate(result_len * 8 bits, add2[:add2_len]) -> buf */ - /* Then reseed if prediction resistance is enabled. */ - TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( - &ctx, - buf, result_len, - add2, add2_len ) == 0 ); - TEST_ASSERT( memcmp( buf, result, result_len ) == 0 ); - -exit: - mbedtls_ctr_drbg_free( &ctx ); + TEST_ASSERT( ctr_drbg_validate_internal( reseed_mode, nonce, + entropy_len_arg, entropy, + reseed, add1, + add2, result_string) == 0 ); } /* END_CASE */ /* BEGIN_CASE */ -void ctr_drbg_validate_no_reseed( char *add_init_string, char *entropy_string, - char *add1_string, char *add2_string, - char *result_string ) +void ctr_drbg_validate_no_reseed( data_t * add_init, data_t * entropy, + data_t * add1, data_t * add2, + data_t * result_string ) { - test_suite_ctr_drbg_validate( RESEED_NEVER, add_init_string, - strlen( entropy_string ) / 2, entropy_string, - "", add1_string, add2_string, - result_string ); - goto exit; + data_t empty = {0}; + TEST_ASSERT( ctr_drbg_validate_internal( RESEED_NEVER, add_init, + entropy->len, entropy, + &empty, add1, add2, + result_string ) == 0); } /* END_CASE */ /* BEGIN_CASE */ -void ctr_drbg_validate_pr( char *add_init_string, char *entropy_string, - char *add1_string, char *add2_string, - char *result_string ) +void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy, + data_t * add1, data_t * add2, + data_t * result_string ) { - test_suite_ctr_drbg_validate( RESEED_ALWAYS, add_init_string, - strlen( entropy_string ) / 6, entropy_string, - "", add1_string, add2_string, - result_string ); - goto exit; + data_t empty = {0}; + TEST_ASSERT( ctr_drbg_validate_internal( RESEED_ALWAYS, add_init, + entropy->len / 3, entropy, + &empty, add1, add2, + result_string ) == 0); } /* END_CASE */ /* BEGIN_CASE */ void ctr_drbg_validate_nopr( data_t * add_init, data_t * entropy, data_t * add1, data_t * add_reseed, - char *add2_string, char *result_string ) + data_t * add2, data_t * result_string ) { - test_suite_ctr_drbg_validate( RESEED_SECOND, add_init_string, - strlen( entropy_string ) / 4, entropy_string, - add_reseed_string, add1_string, add2_string, - result_string ); - goto exit; + TEST_ASSERT( ctr_drbg_validate_internal( RESEED_SECOND, add_init, + entropy->len / 2, entropy, + add_reseed, add1, add2, + result_string ) == 0); } /* END_CASE */ From 0ff4e0b8242e05d32be20145c4b4baa94864bb19 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 29 Aug 2018 18:53:20 +0300 Subject: [PATCH 185/368] Add platform error codes Add error codes for the platform module, to be used by the setup \ terminate API. --- include/mbedtls/error.h | 1 + include/mbedtls/platform.h | 3 +++ library/error.c | 11 +++++++++++ scripts/generate_errors.pl | 2 +- 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 6b82d4fbb..95415dc72 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -80,6 +80,7 @@ * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B * CHACHAPOLY 2 0x0054-0x0056 + * PLATFORM 2 0x0080-0x0082 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a40a64f9c..a1cd689f3 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -43,6 +43,9 @@ #include "platform_time.h" #endif +#define MBEDTLS_ERR_PLATFORM_INVALID_DATA -0x0080 /**< Bad input parameters to the platform function. */ +#define MBEDTLS_ERR_PLATFORM_HW_FAILED -0x0082 /**< Hardware platform function failed. */ + #ifdef __cplusplus extern "C" { #endif diff --git a/library/error.c b/library/error.c index 774244b45..f34a6effa 100644 --- a/library/error.c +++ b/library/error.c @@ -165,6 +165,10 @@ #include "mbedtls/pkcs5.h" #endif +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#endif + #if defined(MBEDTLS_POLY1305_C) #include "mbedtls/poly1305.h" #endif @@ -821,6 +825,13 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" ); #endif /* MBEDTLS_PADLOCK_C */ +#if defined(MBEDTLS_PLATFORM_C) + if( use_ret == -(MBEDTLS_ERR_PLATFORM_INVALID_DATA) ) + mbedtls_snprintf( buf, buflen, "PLATFORM - Bad input parameters to the platform function" ); + if( use_ret == -(MBEDTLS_ERR_PLATFORM_HW_FAILED) ) + mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware platform function failed" ); +#endif /* MBEDTLS_PLATFORM_C */ + #if defined(MBEDTLS_POLY1305_C) if( use_ret == -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA) ) mbedtls_snprintf( buf, buflen, "POLY1305 - Invalid input parameter(s)" ); diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index ac171ed4a..0c1f7e16e 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -32,7 +32,7 @@ my $error_format_file = $data_dir.'/error.fmt'; my @low_level_modules = qw( AES ARC4 ARIA ASN1 BASE64 BIGNUM BLOWFISH CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES ENTROPY GCM HKDF HMAC_DRBG MD2 MD4 MD5 - NET OID PADLOCK PBKDF2 POLY1305 RIPEMD160 + NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160 SHA1 SHA256 SHA512 THREADING XTEA ); my @high_level_modules = qw( CIPHER DHM ECP MD PEM PK PKCS12 PKCS5 From b0ad58152671312854a7a80e3c52a80162382b32 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 29 Aug 2018 19:06:14 +0300 Subject: [PATCH 186/368] Remove the invalid input for platform module Remove the invalid input for the platform module, as it's not currently used in the Mbed OS platform setup \ termination code. --- include/mbedtls/error.h | 2 +- include/mbedtls/platform.h | 3 +-- library/error.c | 2 -- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 95415dc72..2b83c2d9b 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -80,7 +80,7 @@ * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B * CHACHAPOLY 2 0x0054-0x0056 - * PLATFORM 2 0x0080-0x0082 + * PLATFORM 1 0x0080-0x0080 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a1cd689f3..cb21d2ac0 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -43,8 +43,7 @@ #include "platform_time.h" #endif -#define MBEDTLS_ERR_PLATFORM_INVALID_DATA -0x0080 /**< Bad input parameters to the platform function. */ -#define MBEDTLS_ERR_PLATFORM_HW_FAILED -0x0082 /**< Hardware platform function failed. */ +#define MBEDTLS_ERR_PLATFORM_HW_FAILED -0x0080 /**< Hardware platform function failed. */ #ifdef __cplusplus extern "C" { diff --git a/library/error.c b/library/error.c index f34a6effa..d3b155b62 100644 --- a/library/error.c +++ b/library/error.c @@ -826,8 +826,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #endif /* MBEDTLS_PADLOCK_C */ #if defined(MBEDTLS_PLATFORM_C) - if( use_ret == -(MBEDTLS_ERR_PLATFORM_INVALID_DATA) ) - mbedtls_snprintf( buf, buflen, "PLATFORM - Bad input parameters to the platform function" ); if( use_ret == -(MBEDTLS_ERR_PLATFORM_HW_FAILED) ) mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware platform function failed" ); #endif /* MBEDTLS_PLATFORM_C */ From 85fcb58997194ea0e332c203153dee6a4651d0b4 Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Wed, 29 Aug 2018 23:38:57 +0300 Subject: [PATCH 187/368] Refactor test code for CTR DRBG to clarify test functions previously a single function was used for most test cases (ctr_drbg_validate) making it harder to understand what the exact scenario is as a result it was split into easier to understand functions. --- tests/suites/test_suite_ctr_drbg.data | 380 +++++++++++----------- tests/suites/test_suite_ctr_drbg.function | 80 ++--- 2 files changed, 233 insertions(+), 227 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 972836c82..d2307bf10 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1,34 +1,34 @@ CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=no, add=no depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"":"":"8da6cc59e703ced07d58d96e5b6d7836c32599735b734f88c1a73b53c7a6d82e" +ctr_drbg_validate_no_reseed:"202122232425262728292a2b2c2d2e2f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"":"8da6cc59e703ced07d58d96e5b6d7836c32599735b734f88c1a73b53c7a6d82e" CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=no, add=yes depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"81daaf9800c34ff0a104e51d87e36f5b17eb14b9abc5064cadda976ec4f77d34" +ctr_drbg_validate_no_reseed:"202122232425262728292a2b2c2d2e2f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"81daaf9800c34ff0a104e51d87e36f5b17eb14b9abc5064cadda976ec4f77d34" CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=yes, add=no depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"":"":"bb2a0f5f0ca6d30634ba6068eb94aae8701437db7223a1b5afe8771547da3cee" +ctr_drbg_validate_no_reseed:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"":"bb2a0f5f0ca6d30634ba6068eb94aae8701437db7223a1b5afe8771547da3cee" CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=yes, add=yes depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate:RESEED_NEVER:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"98a28e3b1ba363c9daf0f6887a1cf52b833d3354d77a7c10837dd63dd2e645f8" +ctr_drbg_validate_no_reseed:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"98a28e3b1ba363c9daf0f6887a1cf52b833d3354d77a7c10837dd63dd2e645f8" CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=no, add=no depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"":"":"259dc78ccfaec4210c30af815e4f75a5662b7da4b41013bdc00302dfb6076492" +ctr_drbg_validate_pr:"202122232425262728292a2b2c2d2e2f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"":"259dc78ccfaec4210c30af815e4f75a5662b7da4b41013bdc00302dfb6076492" CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=no, add=yes depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"386debbbf091bbf0502957b0329938fb836b82e594a2f5fdd5eb28d4e35528f4" +ctr_drbg_validate_pr:"202122232425262728292a2b2c2d2e2f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"386debbbf091bbf0502957b0329938fb836b82e594a2f5fdd5eb28d4e35528f4" CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=yes, add=no depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"":"":"601f95384f0d85946301d1eace8f645a825ce38f1e2565b0c0c439448e9ca8ac" +ctr_drbg_validate_pr:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"":"601f95384f0d85946301d1eace8f645a825ce38f1e2565b0c0c439448e9ca8ac" CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=yes, add=yes depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate:RESEED_ALWAYS:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"738e99c95af59519aad37ff3d5180986adebab6e95836725097e50a8d1d0bd28" +ctr_drbg_validate_pr:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"738e99c95af59519aad37ff3d5180986adebab6e95836725097e50a8d1d0bd28" CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY @@ -272,723 +272,723 @@ ctr_drbg_validate_pr:"1e4644df1d01f9a0f31d1d0c67bc9fb9a1ee2223fbfb25520d3881cde2 CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"1b54b8ff0642bff521f15c1c0b665f3f":"5a194d5e2b31581454def675fb7958fec7db873e5689fc9d03217c68d8033820f9e65e04d856f3a9c44a4cbdc1d00846f5983d771c1b137e4e0f9d8ef409f92e":"":"":"":"a054303d8a7ea9889d903e077c6f218f" +ctr_drbg_validate_reseed_between:"1b54b8ff0642bff521f15c1c0b665f3f":"5a194d5e2b31581454def675fb7958fec7db873e5689fc9d03217c68d8033820f9e65e04d856f3a9c44a4cbdc1d00846f5983d771c1b137e4e0f9d8ef409f92e":"":"":"":"a054303d8a7ea9889d903e077c6f218f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"90bc3b555b9d6b6aeb1774a583f98cad":"93b7055d7888ae234bfb431e379069d00ae810fbd48f2e06c204beae3b0bfaf091d1d0e853525ead0e7f79abb0f0bf68064576339c3585cfd6d9b55d4f39278d":"":"":"":"aaf27fc2bf64b0320dd3564bb9b03377" +ctr_drbg_validate_reseed_between:"90bc3b555b9d6b6aeb1774a583f98cad":"93b7055d7888ae234bfb431e379069d00ae810fbd48f2e06c204beae3b0bfaf091d1d0e853525ead0e7f79abb0f0bf68064576339c3585cfd6d9b55d4f39278d":"":"":"":"aaf27fc2bf64b0320dd3564bb9b03377" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"4a2a7dcbde58b8b3c3f4697beb67bba2":"58364ceefad37581c518b7d42ac4f9aae22befd84cbc986c08d1fb20d3bd2400a899bafd470278fad8f0a50f8490af29f938471b4075654fda577dad20fa01ca":"":"":"":"20c5117a8aca72ee5ab91468daf44f29" +ctr_drbg_validate_reseed_between:"4a2a7dcbde58b8b3c3f4697beb67bba2":"58364ceefad37581c518b7d42ac4f9aae22befd84cbc986c08d1fb20d3bd2400a899bafd470278fad8f0a50f8490af29f938471b4075654fda577dad20fa01ca":"":"":"":"20c5117a8aca72ee5ab91468daf44f29" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"911faab1347ae2b3093a607c8bc77bfe":"2f044b8651e1c9d99317084cc6c4fa1f502dd62466a57d4b88bc0d703cabc562708201ac19cdb5cf918fae29c009fb1a2cf42fd714cc9a53ca5acb715482456a":"":"":"":"aae0c0ac97f53d222b83578a2b3dd05d" +ctr_drbg_validate_reseed_between:"911faab1347ae2b3093a607c8bc77bfe":"2f044b8651e1c9d99317084cc6c4fa1f502dd62466a57d4b88bc0d703cabc562708201ac19cdb5cf918fae29c009fb1a2cf42fd714cc9a53ca5acb715482456a":"":"":"":"aae0c0ac97f53d222b83578a2b3dd05d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"f959f1bc100ae30088017fae51289d8e":"77d0f0efbc7ca794a51dff96e85b8e7dfd4875fbfb6e5593ae17908bfbddc313e051cb7d659c838180d834fdd987ae3c7f605aaa1b3a936575384b002a35dd98":"":"":"":"5d80bc3fffa42b89ccb390e8447e33e5" +ctr_drbg_validate_reseed_between:"f959f1bc100ae30088017fae51289d8e":"77d0f0efbc7ca794a51dff96e85b8e7dfd4875fbfb6e5593ae17908bfbddc313e051cb7d659c838180d834fdd987ae3c7f605aaa1b3a936575384b002a35dd98":"":"":"":"5d80bc3fffa42b89ccb390e8447e33e5" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"45a8bb33062783eede09b05a35bd44dd":"6bb14dc34f669759f8fa5453c4899eb5ac4e33a69e35e89b19a46dbd0888429d1367f7f3191e911b3b355b6e3b2426e242ef4140ddcc9676371101209662f253":"":"":"":"0dfa9955a13a9c57a3546a04108b8e9e" +ctr_drbg_validate_reseed_between:"45a8bb33062783eede09b05a35bd44dd":"6bb14dc34f669759f8fa5453c4899eb5ac4e33a69e35e89b19a46dbd0888429d1367f7f3191e911b3b355b6e3b2426e242ef4140ddcc9676371101209662f253":"":"":"":"0dfa9955a13a9c57a3546a04108b8e9e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"0ada129f9948073d628c11274cec3f69":"b3d01bcb1ec747fdb7feb5a7de92807afa4338aba1c81ce1eb50955e125af46b19aed891366ec0f70b079037a5aeb33f07f4c894fdcda3ff41e2867ace1aa05c":"":"":"":"f34710c9ebf9d5aaa5f797fd85a1c413" +ctr_drbg_validate_reseed_between:"0ada129f9948073d628c11274cec3f69":"b3d01bcb1ec747fdb7feb5a7de92807afa4338aba1c81ce1eb50955e125af46b19aed891366ec0f70b079037a5aeb33f07f4c894fdcda3ff41e2867ace1aa05c":"":"":"":"f34710c9ebf9d5aaa5f797fd85a1c413" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"052a5ad4cd38de90e5d3c2fc430fa51e":"98482e58e44b8e4a6b09fa02c05fcc491da03a479a7fad13a83b6080d30b3b255e01a43568a9d6dd5cecf99b0ce9fd594d69eff8fa88159b2da24c33ba81a14d":"":"":"":"3f55144eec263aed50f9c9a641538e55" +ctr_drbg_validate_reseed_between:"052a5ad4cd38de90e5d3c2fc430fa51e":"98482e58e44b8e4a6b09fa02c05fcc491da03a479a7fad13a83b6080d30b3b255e01a43568a9d6dd5cecf99b0ce9fd594d69eff8fa88159b2da24c33ba81a14d":"":"":"":"3f55144eec263aed50f9c9a641538e55" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"004cd2f28f083d1cee68975d5cbbbe4f":"6238d448015e86aa16af62cdc287f1c17b78a79809fa00b8c655e06715cd2b935bf4df966e3ec1f14b28cc1d080f882a7215e258430c91a4a0a2aa98d7cd8053":"":"":"":"b137119dbbd9d752a8dfceec05b884b6" +ctr_drbg_validate_reseed_between:"004cd2f28f083d1cee68975d5cbbbe4f":"6238d448015e86aa16af62cdc287f1c17b78a79809fa00b8c655e06715cd2b935bf4df966e3ec1f14b28cc1d080f882a7215e258430c91a4a0a2aa98d7cd8053":"":"":"":"b137119dbbd9d752a8dfceec05b884b6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"f985b3ea2d8b15db26a71895a2ff57cd":"50d3c4ecb1d6e95aebb87e9e8a5c869c11fb945dfad2e45ee90fb61931fcedd47d6005aa5df24bb9efc11bbb96bb21065d44e2532a1e17493f974a4bf8f8b580":"":"":"":"eb419628fbc441ae6a03e26aeecb34a6" +ctr_drbg_validate_reseed_between:"f985b3ea2d8b15db26a71895a2ff57cd":"50d3c4ecb1d6e95aebb87e9e8a5c869c11fb945dfad2e45ee90fb61931fcedd47d6005aa5df24bb9efc11bbb96bb21065d44e2532a1e17493f974a4bf8f8b580":"":"":"":"eb419628fbc441ae6a03e26aeecb34a6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"100f196991b6e96f8b96a3456f6e2baf":"d27cbeac39a6c899938197f0e61dc90be3a3a20fa5c5e1f7a76adde00598e59555c1e9fd102d4b52e1ae9fb004be8944bad85c58e341d1bee014057da98eb3bc":"":"":"":"e3e09d0ed827e4f24a20553fd1087c9d" +ctr_drbg_validate_reseed_between:"100f196991b6e96f8b96a3456f6e2baf":"d27cbeac39a6c899938197f0e61dc90be3a3a20fa5c5e1f7a76adde00598e59555c1e9fd102d4b52e1ae9fb004be8944bad85c58e341d1bee014057da98eb3bc":"":"":"":"e3e09d0ed827e4f24a20553fd1087c9d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"88f55d9ba8fef7828483298321133fec":"16f9f5354d624c5ab1f82c750e05f51f2a2eeca7e5b774fd96148ddba3b38d34ba7f1472567c52087252480d305ad1c69e4aac8472a154ae03511d0e8aac905a":"":"":"":"07cd821012ef03f16d8510c23b86baf3" +ctr_drbg_validate_reseed_between:"88f55d9ba8fef7828483298321133fec":"16f9f5354d624c5ab1f82c750e05f51f2a2eeca7e5b774fd96148ddba3b38d34ba7f1472567c52087252480d305ad1c69e4aac8472a154ae03511d0e8aac905a":"":"":"":"07cd821012ef03f16d8510c23b86baf3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"126479abd70b25acd891e1c4c92044f9":"70afbc83bf9ff09535d6f0ddc51278ad7909f11e6f198b59132c9e269deb41ba901c62346283e293b8714fd3241ae870f974ff33c35f9aff05144be039d24e50":"":"":"":"0f90df350741d88552a5b03b6488e9fb" +ctr_drbg_validate_reseed_between:"126479abd70b25acd891e1c4c92044f9":"70afbc83bf9ff09535d6f0ddc51278ad7909f11e6f198b59132c9e269deb41ba901c62346283e293b8714fd3241ae870f974ff33c35f9aff05144be039d24e50":"":"":"":"0f90df350741d88552a5b03b6488e9fb" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a45f2fca553089fe04e7832059dc7976":"5e5a9e1e3cb80738c238464ede1b6b6a321261a3b006a98a79265ad1f635573bba48dccf17b12f6868478252f556b77c3ec57a3bf6bb6599429453db2d050352":"":"":"":"6eb85ae2406c43814b687f74f4e942bc" +ctr_drbg_validate_reseed_between:"a45f2fca553089fe04e7832059dc7976":"5e5a9e1e3cb80738c238464ede1b6b6a321261a3b006a98a79265ad1f635573bba48dccf17b12f6868478252f556b77c3ec57a3bf6bb6599429453db2d050352":"":"":"":"6eb85ae2406c43814b687f74f4e942bc" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"52dbb43241002415966eaec2615aba27":"31cfe60e5ed12ff37d7f2270963def598726320c02b910b5c6c795e2209b4b4a95866c64cb097af1d6404d1e6182edf9600e1855345375b201801d6f4c4e4b32":"":"":"":"2a270f5ef815665ddd07527c48719ab1" +ctr_drbg_validate_reseed_between:"52dbb43241002415966eaec2615aba27":"31cfe60e5ed12ff37d7f2270963def598726320c02b910b5c6c795e2209b4b4a95866c64cb097af1d6404d1e6182edf9600e1855345375b201801d6f4c4e4b32":"":"":"":"2a270f5ef815665ddd07527c48719ab1" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"176200bb44808b5400b24e1b5f56cf73":"f84d395b1734eac4600dbc36f6b1e1599bc7f2608dc8ecb3a55369d7b1b122a09f5ac9c16d9a2be37d2ff70a9bba732fc3785b23ff4ade3c8404da3f09f95a8f":"aef28c9169e9af74c73432d4aa6f5dff9ea4a53433de2ecb9bf380a8868c86e1":"0626ae19763c5313b627a8d65cf1cfba46dfd6773242738b9b81fde8d566ade1":"63c160ed6a6c1fffd0586f52fa488a9055533930b36d4fa5ea3467cda9ffe198":"e8f91633725d786081625fb99336a993" +ctr_drbg_validate_reseed_between:"176200bb44808b5400b24e1b5f56cf73":"f84d395b1734eac4600dbc36f6b1e1599bc7f2608dc8ecb3a55369d7b1b122a09f5ac9c16d9a2be37d2ff70a9bba732fc3785b23ff4ade3c8404da3f09f95a8f":"aef28c9169e9af74c73432d4aa6f5dff9ea4a53433de2ecb9bf380a8868c86e1":"0626ae19763c5313b627a8d65cf1cfba46dfd6773242738b9b81fde8d566ade1":"63c160ed6a6c1fffd0586f52fa488a9055533930b36d4fa5ea3467cda9ffe198":"e8f91633725d786081625fb99336a993" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"19c3d16197ac93bf58c4110c9e864804":"50755cc0178c68ae70befd7744f6f1e3f6a59b3bbe484a744436079c7fae8d83c4965516fb952c63e1d0561d92cccc56037465815c9e549c9adce4a064877128":"5cb82d2c297404f3db1909480c597dd081d94ca282ba9370786a50f3cbab6a9b":"96d130faf1a971920c2bf57bcd6c02d5a4af7d3c840706081e4a50e55f38bf96":"1b0d04f179690a30d501e8f6f82201dbab6d972ece2a0edfb5ca66a8c9bcf47d":"4628b26492e5cb3b21956d4160f0b911" +ctr_drbg_validate_reseed_between:"19c3d16197ac93bf58c4110c9e864804":"50755cc0178c68ae70befd7744f6f1e3f6a59b3bbe484a744436079c7fae8d83c4965516fb952c63e1d0561d92cccc56037465815c9e549c9adce4a064877128":"5cb82d2c297404f3db1909480c597dd081d94ca282ba9370786a50f3cbab6a9b":"96d130faf1a971920c2bf57bcd6c02d5a4af7d3c840706081e4a50e55f38bf96":"1b0d04f179690a30d501e8f6f82201dbab6d972ece2a0edfb5ca66a8c9bcf47d":"4628b26492e5cb3b21956d4160f0b911" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"4b1edd0f53bf4e012def80efd740140b":"e50c31ebbb735c4a53fc0535647ae1fff7a5ac4fa4068ba90f1fa03ca4ddedecd5b1898d5e38185054b0de7e348034b57067a82a478b0057e0c46de4a7280cd9":"e7154ec1f7ac369d0bd41238f603b5315314d1dc82f71191de9e74364226eb09":"9444238bd27c45128a25d55e0734d3adafecccb2c24abdaa50ac2ca479c3830b":"ab2488c8b7e819d8ce5ec1ffb77efc770453970d6b852b496426d5db05c03947":"a488a87c04eb1c7586b8141ed45e7761" +ctr_drbg_validate_reseed_between:"4b1edd0f53bf4e012def80efd740140b":"e50c31ebbb735c4a53fc0535647ae1fff7a5ac4fa4068ba90f1fa03ca4ddedecd5b1898d5e38185054b0de7e348034b57067a82a478b0057e0c46de4a7280cd9":"e7154ec1f7ac369d0bd41238f603b5315314d1dc82f71191de9e74364226eb09":"9444238bd27c45128a25d55e0734d3adafecccb2c24abdaa50ac2ca479c3830b":"ab2488c8b7e819d8ce5ec1ffb77efc770453970d6b852b496426d5db05c03947":"a488a87c04eb1c7586b8141ed45e7761" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"1f89c914649ae8a234c0e9230f3460f9":"5e029c173dc28ab19851a8db008efbcf862f4187fca84e4e6f5ba686e3005dba5b95c5a0bcf78fb35ada347af58ec0aca09ed4799cd8a734739f3c425273e441":"b51f5fd5888552af0e9b667c2750c79106ce37c00c850afbe3776746d8c3bce1":"9b132a2cbffb8407aa06954ae6ebee265f986666757b5453601207e0cbb4871b":"f1c435e2ebf083a222218ee4602263872a2d3e097b536a8cc32a5a2220b8065f":"a065cc203881254ca81bd9595515e705" +ctr_drbg_validate_reseed_between:"1f89c914649ae8a234c0e9230f3460f9":"5e029c173dc28ab19851a8db008efbcf862f4187fca84e4e6f5ba686e3005dba5b95c5a0bcf78fb35ada347af58ec0aca09ed4799cd8a734739f3c425273e441":"b51f5fd5888552af0e9b667c2750c79106ce37c00c850afbe3776746d8c3bce1":"9b132a2cbffb8407aa06954ae6ebee265f986666757b5453601207e0cbb4871b":"f1c435e2ebf083a222218ee4602263872a2d3e097b536a8cc32a5a2220b8065f":"a065cc203881254ca81bd9595515e705" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"0ef2be2d00a16051404fc2a0faa74fdc":"b66c882ae02c5215ed3bcd9e9a40934b09bf48a15fe7558c9d9ceb0ebec63625ea18f7c3ab341d9f7edd8e1d8816edecb34dbd71ae02771327b5ebc74613dadd":"1ebe9893957a5c4a707793906d31bb201e88d88a22abd6baa6461fc61def7ffb":"f81e26744834413cb95af8d438d0050c7c968f929a33e35ee5c6715a0a520950":"687a848b2b6c715a0e613b3f3bb16cf2f056543eb9dd6b8aee8de8aa6fd8a1e6":"a6c4a7e99d08cc847ac0b8c8bcf22ec0" +ctr_drbg_validate_reseed_between:"0ef2be2d00a16051404fc2a0faa74fdc":"b66c882ae02c5215ed3bcd9e9a40934b09bf48a15fe7558c9d9ceb0ebec63625ea18f7c3ab341d9f7edd8e1d8816edecb34dbd71ae02771327b5ebc74613dadd":"1ebe9893957a5c4a707793906d31bb201e88d88a22abd6baa6461fc61def7ffb":"f81e26744834413cb95af8d438d0050c7c968f929a33e35ee5c6715a0a520950":"687a848b2b6c715a0e613b3f3bb16cf2f056543eb9dd6b8aee8de8aa6fd8a1e6":"a6c4a7e99d08cc847ac0b8c8bcf22ec0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"eb2439d156c4f51fb1943c26f27de8af":"ad153fd266d9f73b21f4e5e88d3d13ba8325abdec427d5d8f671cfccdbd3510e9774d59a14d9b5472b217b7bcf355436a51965d2dff7c4ac586ab812f20d326e":"e24bd6b69a40fa0a02cefbbaa282f8f63a80e154be338d1b913418d4ff7a810d":"fd40baf11d7cdd77641a2b46916cb0c12980e02612ef59fb6fe7dabbbe7a85c0":"a40019e3b85d7d5775e793dd4c09b2bdc8253694b1dcb73e63a18b066a7f7d0c":"7cd8d2710147a0b7f053bb271edf07b5" +ctr_drbg_validate_reseed_between:"eb2439d156c4f51fb1943c26f27de8af":"ad153fd266d9f73b21f4e5e88d3d13ba8325abdec427d5d8f671cfccdbd3510e9774d59a14d9b5472b217b7bcf355436a51965d2dff7c4ac586ab812f20d326e":"e24bd6b69a40fa0a02cefbbaa282f8f63a80e154be338d1b913418d4ff7a810d":"fd40baf11d7cdd77641a2b46916cb0c12980e02612ef59fb6fe7dabbbe7a85c0":"a40019e3b85d7d5775e793dd4c09b2bdc8253694b1dcb73e63a18b066a7f7d0c":"7cd8d2710147a0b7f053bb271edf07b5" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"b23796d88ee5ae75ff2ba4fbbd5e2de8":"b249d2d9b269b58c5355710aaae98be12d8fb2e79046b4e6deeec28adad7e789999847e20de11f7c3277216374f117e3e006bdf99bb8631aa4c4c542cd482840":"79f0214b6b0c5ffb21b1d521498b71d22c67be4607c16300ab8dde3b52498097":"582be1e080264b3e68ec184347a5b6db1e8be1811578206e14ad84029fe39f71":"f5e9c3356810793f461f889d8c5003b1c0b20a284cb348301ce7b2dd7a1c7dd7":"1aa8cf54994be6b329e9eb897007abf0" +ctr_drbg_validate_reseed_between:"b23796d88ee5ae75ff2ba4fbbd5e2de8":"b249d2d9b269b58c5355710aaae98be12d8fb2e79046b4e6deeec28adad7e789999847e20de11f7c3277216374f117e3e006bdf99bb8631aa4c4c542cd482840":"79f0214b6b0c5ffb21b1d521498b71d22c67be4607c16300ab8dde3b52498097":"582be1e080264b3e68ec184347a5b6db1e8be1811578206e14ad84029fe39f71":"f5e9c3356810793f461f889d8c5003b1c0b20a284cb348301ce7b2dd7a1c7dd7":"1aa8cf54994be6b329e9eb897007abf0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"081db0b1620a56afd87c2fd2bebb1db3":"3f1e90d88870a0bd03364036b655495e3e7d51bf67fb64ba0cbf003430af5585f5936b84ab3b8a55c02b8b6c54bea09cf2d77691858c5818991383add5f0c644":"5b98bc83ae8bed5c49cb71689dc39fee38d5d08bdfa2a01cee9d61e9f3d1e115":"aad3e58fdd98aa60fc2cae0df3fc734fff01a07f29f69c5ffeb96d299200d0d8":"bad9039ebb7c3a44061353542a2b1c1a89b3e9b493e9f59e438bfc80de3d1836":"8d01e3dc48b28f016fc34655c54be81f" +ctr_drbg_validate_reseed_between:"081db0b1620a56afd87c2fd2bebb1db3":"3f1e90d88870a0bd03364036b655495e3e7d51bf67fb64ba0cbf003430af5585f5936b84ab3b8a55c02b8b6c54bea09cf2d77691858c5818991383add5f0c644":"5b98bc83ae8bed5c49cb71689dc39fee38d5d08bdfa2a01cee9d61e9f3d1e115":"aad3e58fdd98aa60fc2cae0df3fc734fff01a07f29f69c5ffeb96d299200d0d8":"bad9039ebb7c3a44061353542a2b1c1a89b3e9b493e9f59e438bfc80de3d1836":"8d01e3dc48b28f016fc34655c54be81f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a8427443d9c34abcdcca061a2bbcff52":"b0e9b2192adc8912653d90a634d5d40c53ca4383290a8764bdf92667f859d833c3e72ad0ff41e07fe257b1ead11649be655c58a5df233114e7eda2558b7214d7":"c6cad9fb17ada437d195d1f8b6a7fa463e20050e94024170d2ffc34b80a50108":"be461a9c1a72ebaf28ee732219e3ca54cbee36921daaa946917a7c63279a6b0e":"b6d110d6b746d7ccf7a48a4337ba341d52508d0336d017ae20377977163c1a20":"16ccd63dbf7b24b6b427126b863f7c86" +ctr_drbg_validate_reseed_between:"a8427443d9c34abcdcca061a2bbcff52":"b0e9b2192adc8912653d90a634d5d40c53ca4383290a8764bdf92667f859d833c3e72ad0ff41e07fe257b1ead11649be655c58a5df233114e7eda2558b7214d7":"c6cad9fb17ada437d195d1f8b6a7fa463e20050e94024170d2ffc34b80a50108":"be461a9c1a72ebaf28ee732219e3ca54cbee36921daaa946917a7c63279a6b0e":"b6d110d6b746d7ccf7a48a4337ba341d52508d0336d017ae20377977163c1a20":"16ccd63dbf7b24b6b427126b863f7c86" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"86bd02976e6c50656372b8c212cf0a7a":"89900b0febf6b4e19ab8fc5babb4122a8aad86d658d0c2f98988c99fbd8530ff4ad365bd5fddaa15f96537bd72deb5384405b610e6ebae83e848307051fd6c82":"41bf3794ee54647a48a2588fdfdea686f1af6792e957d42f181f2631b207ac0c":"c4478afbea4eecb225448f069b02a74c2a222698c68e37eb144aff9e457f9610":"41a99e0d3f5b767f9bedcb2f878a5d99d42856bed29042d568b04e347624bf7f":"863337529aac9ab1e9f7f8187ea7aa7d" +ctr_drbg_validate_reseed_between:"86bd02976e6c50656372b8c212cf0a7a":"89900b0febf6b4e19ab8fc5babb4122a8aad86d658d0c2f98988c99fbd8530ff4ad365bd5fddaa15f96537bd72deb5384405b610e6ebae83e848307051fd6c82":"41bf3794ee54647a48a2588fdfdea686f1af6792e957d42f181f2631b207ac0c":"c4478afbea4eecb225448f069b02a74c2a222698c68e37eb144aff9e457f9610":"41a99e0d3f5b767f9bedcb2f878a5d99d42856bed29042d568b04e347624bf7f":"863337529aac9ab1e9f7f8187ea7aa7d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"e809ef8d4c3d82575833d51ac69481b2":"3e831b7715ce202c95ec85337e2c0061d972169955bd96fbe1f758508c0336b3226260ea5e66f943b538eb115ffe4d5e534cbe58262a610528641629bc12fc75":"4d40c6a961168445c1691fea02ebd693cb4b3f74b03d45a350c65f0aaccb118b":"b07dc50e6ca7544ed6fdebd8f00ed5fa9b1f2213b477de8568eb92dddaabfe3f":"cbac982aa9f1830d0dc7373d9907670f561642adb1888f66b4150d3487bf0b8d":"2814be767d79778ebb82a096976f30db" +ctr_drbg_validate_reseed_between:"e809ef8d4c3d82575833d51ac69481b2":"3e831b7715ce202c95ec85337e2c0061d972169955bd96fbe1f758508c0336b3226260ea5e66f943b538eb115ffe4d5e534cbe58262a610528641629bc12fc75":"4d40c6a961168445c1691fea02ebd693cb4b3f74b03d45a350c65f0aaccb118b":"b07dc50e6ca7544ed6fdebd8f00ed5fa9b1f2213b477de8568eb92dddaabfe3f":"cbac982aa9f1830d0dc7373d9907670f561642adb1888f66b4150d3487bf0b8d":"2814be767d79778ebb82a096976f30db" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"ad71caa50420d213b25f5558e0dc1170":"6a3fd23e7dc934e6de6eb4cc846c0dc3cf35ea4be3f561c34666aed1bbd6331004afba5a5b83fff1e7b8a957fbee7cd9f8142326c796ca129ec9fbacf295b882":"3042dd041b89aaa61f185fdda706c77667515c037f2a88c6d47f23ddadc828ae":"9b1e3f72aaab66b202f17c5cc075cfba7242817b2b38c19fe8924ca325b826ea":"8660b503329aaea56acdb73ca83763299bac0f30264702cb9d52cbaf3d71d69d":"c204a3174784d82b664e9a1c0a13ffa6" +ctr_drbg_validate_reseed_between:"ad71caa50420d213b25f5558e0dc1170":"6a3fd23e7dc934e6de6eb4cc846c0dc3cf35ea4be3f561c34666aed1bbd6331004afba5a5b83fff1e7b8a957fbee7cd9f8142326c796ca129ec9fbacf295b882":"3042dd041b89aaa61f185fdda706c77667515c037f2a88c6d47f23ddadc828ae":"9b1e3f72aaab66b202f17c5cc075cfba7242817b2b38c19fe8924ca325b826ea":"8660b503329aaea56acdb73ca83763299bac0f30264702cb9d52cbaf3d71d69d":"c204a3174784d82b664e9a1c0a13ffa6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"5fd6606b08e7e625af788814bef7f263":"baf8750e07194fc7172c736e0fdea0a632810d45602dff17ce37adf106d652f87e31b6bd24d21481c86444d8109586118672a6f93731b7438a3f0f39648b83a3":"3c37193d40e79ce8d569d8aa7ef80aabaa294f1b6d5a8341805f5ac67a6abf42":"c7033b3b68be178d120379e7366980d076c73280e629dd6e82f5af1af258931b":"452218a426a58463940785a67cb34799a1787f39d376c9e56e4a3f2215785dad":"561e16a8b297e458c4ec39ba43f0b67e" +ctr_drbg_validate_reseed_between:"5fd6606b08e7e625af788814bef7f263":"baf8750e07194fc7172c736e0fdea0a632810d45602dff17ce37adf106d652f87e31b6bd24d21481c86444d8109586118672a6f93731b7438a3f0f39648b83a3":"3c37193d40e79ce8d569d8aa7ef80aabaa294f1b6d5a8341805f5ac67a6abf42":"c7033b3b68be178d120379e7366980d076c73280e629dd6e82f5af1af258931b":"452218a426a58463940785a67cb34799a1787f39d376c9e56e4a3f2215785dad":"561e16a8b297e458c4ec39ba43f0b67e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"08def734914ecf74b9eccb5dfaa045b8":"6697f889fcf6dae16881dc1e540e5c07f9461d409acee31842b04f93c00efbba670dfbf6040c1c2e29ad89064eae283fd6d431832f356e492bc5b2049f229892":"a6ac87af21efd3508990aac51d36243d46237b3755a0e68680adb59e19e8ae23":"0052152872b21615775431eb51889a264fed6ca44fa0436b72a419b91f92604c":"ebadf71565d9a8cc2621403c36e6411e7bed67193a843b90ccf2f7aa9f229ca2":"c83fa5df210b63f4bf4a0aca63650aab" +ctr_drbg_validate_reseed_between:"08def734914ecf74b9eccb5dfaa045b8":"6697f889fcf6dae16881dc1e540e5c07f9461d409acee31842b04f93c00efbba670dfbf6040c1c2e29ad89064eae283fd6d431832f356e492bc5b2049f229892":"a6ac87af21efd3508990aac51d36243d46237b3755a0e68680adb59e19e8ae23":"0052152872b21615775431eb51889a264fed6ca44fa0436b72a419b91f92604c":"ebadf71565d9a8cc2621403c36e6411e7bed67193a843b90ccf2f7aa9f229ca2":"c83fa5df210b63f4bf4a0aca63650aab" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"6437862e93060def199029ff2182f1e5":"719d1afcb6dc8ca26cba6a7c10f59cf82345b2a0c631a7879812d6f2d2663b49f9e92daecb81ff7c0790205d66694526477d6de54a269f542cb5e77fe4bc8db3":"5c961db0ac2ea8caf62c9acc44465dcfb4d721fcb2cd3e1c76cdcb61bfaa7e75":"24eabd392d37493e306705d0b287be11a4d72dd4b9577ac4098ef0dae69b0000":"9e4f05c1b85613e97958bc3863e521331b2bd78fdf2585f84607bf2238e82415":"21aaae76dc97c9bf7cf858054839653e" +ctr_drbg_validate_reseed_between:"6437862e93060def199029ff2182f1e5":"719d1afcb6dc8ca26cba6a7c10f59cf82345b2a0c631a7879812d6f2d2663b49f9e92daecb81ff7c0790205d66694526477d6de54a269f542cb5e77fe4bc8db3":"5c961db0ac2ea8caf62c9acc44465dcfb4d721fcb2cd3e1c76cdcb61bfaa7e75":"24eabd392d37493e306705d0b287be11a4d72dd4b9577ac4098ef0dae69b0000":"9e4f05c1b85613e97958bc3863e521331b2bd78fdf2585f84607bf2238e82415":"21aaae76dc97c9bf7cf858054839653e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"cd7a1981c1b7079c1c38f5aeee86db22207cb9faed8c576b1724ca7817aa6abfb26c42a019eb4c2f4064f0587ea2b952":"7f88c3805ae0857c5cbb085a5d6259d26fb3a88dfe7084172ec959066f26296a800953ce19a24785b6acef451c4ce4c2dfb565cbe057f21b054a28633afbdd97":"":"":"":"76c1cdb0b95af271b52ac3b0c9289146" +ctr_drbg_validate_reseed_between:"cd7a1981c1b7079c1c38f5aeee86db22207cb9faed8c576b1724ca7817aa6abfb26c42a019eb4c2f4064f0587ea2b952":"7f88c3805ae0857c5cbb085a5d6259d26fb3a88dfe7084172ec959066f26296a800953ce19a24785b6acef451c4ce4c2dfb565cbe057f21b054a28633afbdd97":"":"":"":"76c1cdb0b95af271b52ac3b0c9289146" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"0ccdac2fd65a86bf8f8e9ddcabffb9d29a935139f627c165a815b23137eeee94cbb21be86ac5117379177d37728db6fd":"6f61703f92d3192cd982b2e52a8683e0d62918d51b12e084deae06c4a8e08ecfb3d2d30a980a70b083710bc45d9d407966b52829cf3813cc970b859aa4c871fe":"":"":"":"e6c73e159d73c2ba8950cd77acb39c10" +ctr_drbg_validate_reseed_between:"0ccdac2fd65a86bf8f8e9ddcabffb9d29a935139f627c165a815b23137eeee94cbb21be86ac5117379177d37728db6fd":"6f61703f92d3192cd982b2e52a8683e0d62918d51b12e084deae06c4a8e08ecfb3d2d30a980a70b083710bc45d9d407966b52829cf3813cc970b859aa4c871fe":"":"":"":"e6c73e159d73c2ba8950cd77acb39c10" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"fbbcc4abfd671296de3e0dcf409a139e35deae126c1941bf1afcc8d3da3a2d65f54a6d317bb6d683a3a77f6266b007ff":"c662ed723e7041877542fdcf629533d4a74393eb4dae4f3ec06d2d1c0d37ed7f519609a8485cb8deb578ae4cbb45c98ef7f2f2e677363e89fb3744286db6bfc1":"":"":"":"9d934d34417c6d0858f4a3faacbe759e" +ctr_drbg_validate_reseed_between:"fbbcc4abfd671296de3e0dcf409a139e35deae126c1941bf1afcc8d3da3a2d65f54a6d317bb6d683a3a77f6266b007ff":"c662ed723e7041877542fdcf629533d4a74393eb4dae4f3ec06d2d1c0d37ed7f519609a8485cb8deb578ae4cbb45c98ef7f2f2e677363e89fb3744286db6bfc1":"":"":"":"9d934d34417c6d0858f4a3faacbe759e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"1b824790b6b22b246bcc1bcfbbb61a76045476672f917b72e79cca358e650eb29ed49fb0a5739e097f5f5336d46fc619":"c57a5686486ebacc2422236b19110c754795a869a8157901cf71303de1adc6af16a952190a395d6c20e155e690f41922f6f721dc8e93da81afb844f68714cba7":"":"":"":"13e7bf23d88f3bb5a5106a8227c8c456" +ctr_drbg_validate_reseed_between:"1b824790b6b22b246bcc1bcfbbb61a76045476672f917b72e79cca358e650eb29ed49fb0a5739e097f5f5336d46fc619":"c57a5686486ebacc2422236b19110c754795a869a8157901cf71303de1adc6af16a952190a395d6c20e155e690f41922f6f721dc8e93da81afb844f68714cba7":"":"":"":"13e7bf23d88f3bb5a5106a8227c8c456" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"2ea7861e374232cb8ceecbbd9a18fc1f63c31f833fe394f1e19c8ef61092a56f28342fa5b591f7b951583d50c12ef081":"6a0873634094be7028b885c345cd5016295eec5e524f069de6510ae8ac843dba2cc05c10baa8aad75eac8e8d1a8570f4d2a3cf718914a199deb3edf8c993a822":"":"":"":"c008f46a242ae0babad17268c9e0839a" +ctr_drbg_validate_reseed_between:"2ea7861e374232cb8ceecbbd9a18fc1f63c31f833fe394f1e19c8ef61092a56f28342fa5b591f7b951583d50c12ef081":"6a0873634094be7028b885c345cd5016295eec5e524f069de6510ae8ac843dba2cc05c10baa8aad75eac8e8d1a8570f4d2a3cf718914a199deb3edf8c993a822":"":"":"":"c008f46a242ae0babad17268c9e0839a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"39caa986b82b5303d98e07b211ddc5ce89a67506095cad1aeed63b8bfe0d9c3d3c906f0c05cfb6b26bab4af7d03c9e1a":"f2059f7fb797e8e22de14dac783c56942a33d092c1ab68a762528ae8d74b7ad0690694ede462edbd6527550677b6d080d80cdabe51c963d5d6830a4ae04c993f":"":"":"":"202d3b2870be8f29b518f2e3e52f1564" +ctr_drbg_validate_reseed_between:"39caa986b82b5303d98e07b211ddc5ce89a67506095cad1aeed63b8bfe0d9c3d3c906f0c05cfb6b26bab4af7d03c9e1a":"f2059f7fb797e8e22de14dac783c56942a33d092c1ab68a762528ae8d74b7ad0690694ede462edbd6527550677b6d080d80cdabe51c963d5d6830a4ae04c993f":"":"":"":"202d3b2870be8f29b518f2e3e52f1564" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a4e25102c1b04bafd66bfe1ce4a4b340797f776f54a2b3afe351eede44e75c28e3525155f837e7974269d398048c83c3":"0a03b7d026fab3773e9724dacb436197954b770eca3060535f2f8152aa136942915304dede1de0f5e89bd91d8e92531b5e39373013628fea4ee7622b9255d179":"":"":"":"be21cab637218ddffa3510c86271db7f" +ctr_drbg_validate_reseed_between:"a4e25102c1b04bafd66bfe1ce4a4b340797f776f54a2b3afe351eede44e75c28e3525155f837e7974269d398048c83c3":"0a03b7d026fab3773e9724dacb436197954b770eca3060535f2f8152aa136942915304dede1de0f5e89bd91d8e92531b5e39373013628fea4ee7622b9255d179":"":"":"":"be21cab637218ddffa3510c86271db7f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"6de33a116425ebfe01f0a0124ad3fad382ca28473f5fc53885639788f9b1a470ab523b649bad87e76dee768f6abacb55":"d88312da6acbe792d087012c0bf3c83f363fa6b7a9dd45c3501009fb47b4cfcfeb7b31386155fe3b967f46e2898a00ecf51ec38b6e420852bef0a16081d778cc":"":"":"":"2c285bfd758f0156e782bb4467f6832c" +ctr_drbg_validate_reseed_between:"6de33a116425ebfe01f0a0124ad3fad382ca28473f5fc53885639788f9b1a470ab523b649bad87e76dee768f6abacb55":"d88312da6acbe792d087012c0bf3c83f363fa6b7a9dd45c3501009fb47b4cfcfeb7b31386155fe3b967f46e2898a00ecf51ec38b6e420852bef0a16081d778cc":"":"":"":"2c285bfd758f0156e782bb4467f6832c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"b8ab42fd3f6306426602cae0c48eb02ffa7053940389900c17846e1d9726251762095383f2ec3406b3381d94a6d53dd8":"6a7873ccb7afb140e923acbec8256fa78232f40c0c8ba3dcbcf7074d26d6d18a7e78fffda328f097706b6d358048ee6a4728c92a6f62b3f2730a753b7bf5ec1f":"":"":"":"13504a2b09474f90d2e9ef40d1f2d0d5" +ctr_drbg_validate_reseed_between:"b8ab42fd3f6306426602cae0c48eb02ffa7053940389900c17846e1d9726251762095383f2ec3406b3381d94a6d53dd8":"6a7873ccb7afb140e923acbec8256fa78232f40c0c8ba3dcbcf7074d26d6d18a7e78fffda328f097706b6d358048ee6a4728c92a6f62b3f2730a753b7bf5ec1f":"":"":"":"13504a2b09474f90d2e9ef40d1f2d0d5" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"042b524444b9903c1ecb80af21eef0e884115561a15a1ab2f9f3a322edcbf14174f54d315196a632940c2c6f56612c09":"31ba5f801aeaac790f2480fbd2373a76ba1685ebebc5ae7cd4844733ec3cfb112634b3899104dcc16050e1206f8b3fb787d43d54de2c804fd3d8eb98e512bb00":"":"":"":"0a0484c14e7868178e68d6d5c5f57c5c" +ctr_drbg_validate_reseed_between:"042b524444b9903c1ecb80af21eef0e884115561a15a1ab2f9f3a322edcbf14174f54d315196a632940c2c6f56612c09":"31ba5f801aeaac790f2480fbd2373a76ba1685ebebc5ae7cd4844733ec3cfb112634b3899104dcc16050e1206f8b3fb787d43d54de2c804fd3d8eb98e512bb00":"":"":"":"0a0484c14e7868178e68d6d5c5f57c5c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"632758f92efaca39615862177c267906ab0424230d481ee0a5aa1a5f66697d3918d4aab3f310b72a7f2d71c0a96b9247":"46dc837620872a5ffa642399213b4eebfb28ca069c5eaaf2a636f5bd647de365c11402b10ecd7780c56d464f56b653e17af8550b90a54adb38173a0b2f9e2ea7":"":"":"":"90432ce3f7b580961abecde259aa5af6" +ctr_drbg_validate_reseed_between:"632758f92efaca39615862177c267906ab0424230d481ee0a5aa1a5f66697d3918d4aab3f310b72a7f2d71c0a96b9247":"46dc837620872a5ffa642399213b4eebfb28ca069c5eaaf2a636f5bd647de365c11402b10ecd7780c56d464f56b653e17af8550b90a54adb38173a0b2f9e2ea7":"":"":"":"90432ce3f7b580961abecde259aa5af6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"7b389118af3d0f8336b41cf58c2d810f0e5f9940703fd56a46c10a315fb09aafd7670c9e96ffa61e0cb750cb2aa6a7fe":"76e92e9f00fc7d0c525c48739a8b3601c51f8f5996117a7e07497afee36829636e714dbcb84c8f8d57e0850a361a5bdfc21084a1c30fb7797ce6280e057309b7":"":"":"":"7243964051082c0617e200fcbbe7ff45" +ctr_drbg_validate_reseed_between:"7b389118af3d0f8336b41cf58c2d810f0e5f9940703fd56a46c10a315fb09aafd7670c9e96ffa61e0cb750cb2aa6a7fe":"76e92e9f00fc7d0c525c48739a8b3601c51f8f5996117a7e07497afee36829636e714dbcb84c8f8d57e0850a361a5bdfc21084a1c30fb7797ce6280e057309b7":"":"":"":"7243964051082c0617e200fcbbe7ff45" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"e50d38434e9dfe3601e7ea1765d9fe777d467d9918974b5599ec19f42d7054b70ff6db63a3403d2fd09333eda17a5e76":"c9aa4739011c60f8e99db0580b3cad4269874d1dda1c81ffa872f01669e8f75215aaad1ccc301c12f90cd240bf99ad42bb06965afb0aa2bd3fcb681c710aa375":"":"":"":"28499495c94c6ceec1bd494e364ad97c" +ctr_drbg_validate_reseed_between:"e50d38434e9dfe3601e7ea1765d9fe777d467d9918974b5599ec19f42d7054b70ff6db63a3403d2fd09333eda17a5e76":"c9aa4739011c60f8e99db0580b3cad4269874d1dda1c81ffa872f01669e8f75215aaad1ccc301c12f90cd240bf99ad42bb06965afb0aa2bd3fcb681c710aa375":"":"":"":"28499495c94c6ceec1bd494e364ad97c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"3253cb074d610db602b0a0d2836df1f20c3ee162d80b90b31660bb86ef3f0789fa857af4f45a5897bdd73c2295f879b6":"b06960a92d32a9e9658d9800de87a3800f3595e173fdc46bef22966264953672e2d7c638cc7b1cada747026726baf6cea4c64ba956be8bb1d1801158bee5e5d4":"":"":"":"b6608d6e5fcb4591a718f9149b79f8f1" +ctr_drbg_validate_reseed_between:"3253cb074d610db602b0a0d2836df1f20c3ee162d80b90b31660bb86ef3f0789fa857af4f45a5897bdd73c2295f879b6":"b06960a92d32a9e9658d9800de87a3800f3595e173fdc46bef22966264953672e2d7c638cc7b1cada747026726baf6cea4c64ba956be8bb1d1801158bee5e5d4":"":"":"":"b6608d6e5fcb4591a718f9149b79f8f1" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"83e4733566f90c8d69e6bcbe9fb52521ff3e26f806d9b7b86e9344cca0305dbf106de855240f1d35492cc6d651b8b6ae":"0e0105b12af35ac87cb23cf9ca8fb6a44307c3dcdc5bc890eb5253f4034c1533392a1760c98ba30d7751af93dd865d4bd66fbbeb215d7ff239b700527247775d":"":"":"":"68d64d1522c09a859b9b85b528d0d912" +ctr_drbg_validate_reseed_between:"83e4733566f90c8d69e6bcbe9fb52521ff3e26f806d9b7b86e9344cca0305dbf106de855240f1d35492cc6d651b8b6ae":"0e0105b12af35ac87cb23cf9ca8fb6a44307c3dcdc5bc890eb5253f4034c1533392a1760c98ba30d7751af93dd865d4bd66fbbeb215d7ff239b700527247775d":"":"":"":"68d64d1522c09a859b9b85b528d0d912" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a94da55afdc50ce51c9a3b8a4c4484408b52a24a93c34ea71e1ca705eb829ba65de4d4e07fa3d86b37845ff1c7d5f6d2":"a53e371017439193591e475087aaddd5c1c386cdca0ddb68e002d80fdc401a47dd40e5987b2716731568d276bf0c6715757903d3dede914642ddd467c879c81e":"20f422edf85ca16a01cfbe5f8d6c947fae12a857db2aa9bfc7b36581808d0d46":"7fd81fbd2ab51c115d834e99f65ca54020ed388ed59ee07593fe125e5d73fb75":"cd2cff14693e4c9efdfe260de986004930bab1c65057772a62392c3b74ebc90d":"4f78beb94d978ce9d097feadfafd355e" +ctr_drbg_validate_reseed_between:"a94da55afdc50ce51c9a3b8a4c4484408b52a24a93c34ea71e1ca705eb829ba65de4d4e07fa3d86b37845ff1c7d5f6d2":"a53e371017439193591e475087aaddd5c1c386cdca0ddb68e002d80fdc401a47dd40e5987b2716731568d276bf0c6715757903d3dede914642ddd467c879c81e":"20f422edf85ca16a01cfbe5f8d6c947fae12a857db2aa9bfc7b36581808d0d46":"7fd81fbd2ab51c115d834e99f65ca54020ed388ed59ee07593fe125e5d73fb75":"cd2cff14693e4c9efdfe260de986004930bab1c65057772a62392c3b74ebc90d":"4f78beb94d978ce9d097feadfafd355e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"e8649d4f86b3de85fe39ff04d7afe6e4dd00770931330b27e975a7b1e7b5206ee2f247d50401a372c3a27197fec5da46":"78d7d65c457218a63e2eb1eba287f121c5466728ac4f963aeaabf593b9d72b6376daea6436e55415ad097dee10c40a1ff61fca1c30b8ab51ed11ff090d19ef9a":"cc57adc98b2540664403ad6fd50c9042f0bf0e0b54ed33584ee189e072d0fb8f":"ab2f99e2d983aa8dd05336a090584f4f84d485a4763e00ced42ddda72483cd84":"0ecd7680e2e9f0250a43e28f2f8936d7ef16f45d79c0fa3f69e4fafce4aeb362":"08e38625611bb0fb844f43439550bd7a" +ctr_drbg_validate_reseed_between:"e8649d4f86b3de85fe39ff04d7afe6e4dd00770931330b27e975a7b1e7b5206ee2f247d50401a372c3a27197fec5da46":"78d7d65c457218a63e2eb1eba287f121c5466728ac4f963aeaabf593b9d72b6376daea6436e55415ad097dee10c40a1ff61fca1c30b8ab51ed11ff090d19ef9a":"cc57adc98b2540664403ad6fd50c9042f0bf0e0b54ed33584ee189e072d0fb8f":"ab2f99e2d983aa8dd05336a090584f4f84d485a4763e00ced42ddda72483cd84":"0ecd7680e2e9f0250a43e28f2f8936d7ef16f45d79c0fa3f69e4fafce4aeb362":"08e38625611bb0fb844f43439550bd7a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"6c79e1556889b3c074fc083a120d73784b888c5acb877899f17ce52e424b84178d144441aa9f328c730a951b02b048df":"c78ff6b9fc91cbce246c9fcc2366d5f7dd6d99fb1325d8997f36819232d5fcd12ccafdcbefd01409d90acd0e0ffb7427c820b2d729fe7e845e6a6168fc1af0b5":"60cba10826de22c5e85d06357de63d6b2ff0719694dafca6ab33283f3a4aacdd":"8943c22fb68b30811790a99b9cbb056e1a2c329185a199c76ba5aeceb2fcd769":"70671a50e8387bf232989d904c19215c7535ad2d0c5dec30a744c8d2706be6ec":"f6b94b671cae8dfa8387719bfd75ee84" +ctr_drbg_validate_reseed_between:"6c79e1556889b3c074fc083a120d73784b888c5acb877899f17ce52e424b84178d144441aa9f328c730a951b02b048df":"c78ff6b9fc91cbce246c9fcc2366d5f7dd6d99fb1325d8997f36819232d5fcd12ccafdcbefd01409d90acd0e0ffb7427c820b2d729fe7e845e6a6168fc1af0b5":"60cba10826de22c5e85d06357de63d6b2ff0719694dafca6ab33283f3a4aacdd":"8943c22fb68b30811790a99b9cbb056e1a2c329185a199c76ba5aeceb2fcd769":"70671a50e8387bf232989d904c19215c7535ad2d0c5dec30a744c8d2706be6ec":"f6b94b671cae8dfa8387719bfd75ee84" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"f5ab77b2a8e370548b88febfd79772144cd5fc8d78062582addd4ff1e5c10094b390e66b3c4efb087510de1b9d25703f":"21a21c9314b37d4ade4a50a5d85995e0be07e358ed9bca19daa867a8d47847105dca7a424f32f715adb8fea5d3a41cfe388872a42ab18aa5cbcd7bde4adc3f8b":"023d582569a7ff1405e44cf09ceebb9d3254eef72286e4b87e6577a8ab091a06":"39597519872d49fbd186704241ba1dc10b1f84f9296fb61d597dbd655a18f997":"3091c9fe96109b41da63aa5fa00d716b5fa20e96d4f3e0f9c97666a706fa56f1":"1fb57058b3ba8751df5a99f018798983" +ctr_drbg_validate_reseed_between:"f5ab77b2a8e370548b88febfd79772144cd5fc8d78062582addd4ff1e5c10094b390e66b3c4efb087510de1b9d25703f":"21a21c9314b37d4ade4a50a5d85995e0be07e358ed9bca19daa867a8d47847105dca7a424f32f715adb8fea5d3a41cfe388872a42ab18aa5cbcd7bde4adc3f8b":"023d582569a7ff1405e44cf09ceebb9d3254eef72286e4b87e6577a8ab091a06":"39597519872d49fbd186704241ba1dc10b1f84f9296fb61d597dbd655a18f997":"3091c9fe96109b41da63aa5fa00d716b5fa20e96d4f3e0f9c97666a706fa56f1":"1fb57058b3ba8751df5a99f018798983" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"f0b79e292d0e393e78b6d6117e06d2e725823fe35bde1146502967a78d99d6bca564f0e2f324272f968be5baab4aeb29":"192054dddac02157a35eb7f75ae8ebdb43d6b969e33942fb16ff06cd6d8a602506c41e4e743b8230e8239b71b31b2d5e3614e3a65d79e91d5b9fc9d2a66f8553":"b12241e90d80f129004287c5b9911a70f7159794e6f9c1023b3b68da9237e8b7":"59e9c3c0f90e91f22c35a3be0c65f16157c569c7e3c78a545d9840f648c60069":"089a59af69f47ddb4191bd27720bb4c29216f738c48c0e14d2b8afd68de63c17":"15287156e544617529e7eede4aa9c70e" +ctr_drbg_validate_reseed_between:"f0b79e292d0e393e78b6d6117e06d2e725823fe35bde1146502967a78d99d6bca564f0e2f324272f968be5baab4aeb29":"192054dddac02157a35eb7f75ae8ebdb43d6b969e33942fb16ff06cd6d8a602506c41e4e743b8230e8239b71b31b2d5e3614e3a65d79e91d5b9fc9d2a66f8553":"b12241e90d80f129004287c5b9911a70f7159794e6f9c1023b3b68da9237e8b7":"59e9c3c0f90e91f22c35a3be0c65f16157c569c7e3c78a545d9840f648c60069":"089a59af69f47ddb4191bd27720bb4c29216f738c48c0e14d2b8afd68de63c17":"15287156e544617529e7eede4aa9c70e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"e3f33843aecb35d01001ff92ab9a0f1a5431ba9de3e4f3247cda8c62acc86f7066448f639d8ba8b5249337f8c353bbbd":"ef081af1f62400a3d193969d689a40234998afb646d99a7c4b9cbbf47e650cda93a90e754a16fffa25fc2a2edab09720b4520c47309ec4f6d9f76f0162af6cae":"e7cc55b72862544a8661b5034e15587b1e5a45eb5dc744f5fa1db9b267f1c3ff":"882d30c888eb8e344b1d17057074606fe232ceb42eb71055264ede7bb638f2a2":"9ce65e95c1e735fe950e52c324e7551403d0ef70ad865bd31fef1e22b129fdd6":"205e3a53367c4a5183be74bb875fa717" +ctr_drbg_validate_reseed_between:"e3f33843aecb35d01001ff92ab9a0f1a5431ba9de3e4f3247cda8c62acc86f7066448f639d8ba8b5249337f8c353bbbd":"ef081af1f62400a3d193969d689a40234998afb646d99a7c4b9cbbf47e650cda93a90e754a16fffa25fc2a2edab09720b4520c47309ec4f6d9f76f0162af6cae":"e7cc55b72862544a8661b5034e15587b1e5a45eb5dc744f5fa1db9b267f1c3ff":"882d30c888eb8e344b1d17057074606fe232ceb42eb71055264ede7bb638f2a2":"9ce65e95c1e735fe950e52c324e7551403d0ef70ad865bd31fef1e22b129fdd6":"205e3a53367c4a5183be74bb875fa717" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"f30a18d597d8591a22dee908de95c5af74884b025f39b4f6707d28447d9d0a3114a57bc2d9eed8e621ec75e8ce389a16":"fae3d554d12a14e29de1b622922f27559559ca1518c9f800375a37a212e8b9a653cc3700223e9404d5bf781d15fccf638050a1394592caba001cfc65d61ef90b":"54240edd89016ed27e3bb3977a206836f5ef1fba0f000af95337d79caca9cf71":"250611e51852d933ff1a177b509c05e3228cb9f46dfb7b26848a68aad2ce4779":"f8b602d89fa1a0bfb31d0bd49246b458200a1adb28b64a68f7c197f335d69706":"7b63bfb325bafe7d9ef342cd14ea40a4" +ctr_drbg_validate_reseed_between:"f30a18d597d8591a22dee908de95c5af74884b025f39b4f6707d28447d9d0a3114a57bc2d9eed8e621ec75e8ce389a16":"fae3d554d12a14e29de1b622922f27559559ca1518c9f800375a37a212e8b9a653cc3700223e9404d5bf781d15fccf638050a1394592caba001cfc65d61ef90b":"54240edd89016ed27e3bb3977a206836f5ef1fba0f000af95337d79caca9cf71":"250611e51852d933ff1a177b509c05e3228cb9f46dfb7b26848a68aad2ce4779":"f8b602d89fa1a0bfb31d0bd49246b458200a1adb28b64a68f7c197f335d69706":"7b63bfb325bafe7d9ef342cd14ea40a4" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"c8dbc3d39beb612811c52e2b46ef76d2b7bd5d3a90ceddf9fb864fe6f44e36687d88158d61014e192f9a3cd474338e13":"8e60115b4af9c8e5606223792539e9ba87e9ef46cd16fcc09046db1ef8d3c036241cae5d61141711818e9e861dbd833632069ebf5af1bd6d4e513f059ab1efd3":"9b56eba0838457f736fc5efa2cfbe698908340f07d4680e279d21dd530fdc8c8":"62c47ece469a7a409e4b2b76d1c793aaf11654e177cc8bf63faff3e6c5a5395c":"4251597013d0c949c53bbd945477b78aa91baa95f1ff757c3a039ccc4e1f4789":"af2f37160940f0cc27d144a043ddf79b" +ctr_drbg_validate_reseed_between:"c8dbc3d39beb612811c52e2b46ef76d2b7bd5d3a90ceddf9fb864fe6f44e36687d88158d61014e192f9a3cd474338e13":"8e60115b4af9c8e5606223792539e9ba87e9ef46cd16fcc09046db1ef8d3c036241cae5d61141711818e9e861dbd833632069ebf5af1bd6d4e513f059ab1efd3":"9b56eba0838457f736fc5efa2cfbe698908340f07d4680e279d21dd530fdc8c8":"62c47ece469a7a409e4b2b76d1c793aaf11654e177cc8bf63faff3e6c5a5395c":"4251597013d0c949c53bbd945477b78aa91baa95f1ff757c3a039ccc4e1f4789":"af2f37160940f0cc27d144a043ddf79b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a37f9ed6c4e8f74ff16046b0678ef7bd24fcdca247b771ea1ce1fd48e3f5d2067e38aaf64ec59f1f49d96fa85e60ef03":"95da91f4185b254322ef0fc852473a9b9e4c274b242ded8a4eae6f1e2badde0664cf57f2128aa3dc83e436f7e80928a01d93bf25011eedf0190d0bf3619cd555":"b4a22f5598f79d34f0b9600763c081b0200ba489da7028ad0283828545c6d594":"fa3edc0962b20a9d9e1d0afcad907c8097c21d7a65c0e47c63d65cea94bf43bd":"49ba791a227e9e391e04225ad67f43f64754daac0b0bb4c6db77320943231ec3":"32f313ded225289793c14a71d1d32c9f" +ctr_drbg_validate_reseed_between:"a37f9ed6c4e8f74ff16046b0678ef7bd24fcdca247b771ea1ce1fd48e3f5d2067e38aaf64ec59f1f49d96fa85e60ef03":"95da91f4185b254322ef0fc852473a9b9e4c274b242ded8a4eae6f1e2badde0664cf57f2128aa3dc83e436f7e80928a01d93bf25011eedf0190d0bf3619cd555":"b4a22f5598f79d34f0b9600763c081b0200ba489da7028ad0283828545c6d594":"fa3edc0962b20a9d9e1d0afcad907c8097c21d7a65c0e47c63d65cea94bf43bd":"49ba791a227e9e391e04225ad67f43f64754daac0b0bb4c6db77320943231ec3":"32f313ded225289793c14a71d1d32c9f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"87f85b9c19eba1d953b6613cf555c21bc74428d9a8fee15e6cd717e240506f3e80860423973a66c61820d4ce1c6bb77d":"f22dd3517350176e35e1b7ecc8c00bea4747f0ac17bda1b1ddf8cdf7be53ff8c326268366e89cf3b023a9646177a0dcca902f0c98bf3840c9cbdf5c0494bee3c":"611caa00f93d4456fd2abb90de4dbcd934afbf1a56c2c4633b704c998f649960":"cba68367dc2fc92250e23e2b1a547fb3231b2beaab5e5a2ee39c5c74c9bab5f5":"f4895c9653b44a96152b893b7c94db80057fb67824d61c5c4186b9d8f16d3d98":"a05de6531a1aa1b2ba3faea8ad6ac209" +ctr_drbg_validate_reseed_between:"87f85b9c19eba1d953b6613cf555c21bc74428d9a8fee15e6cd717e240506f3e80860423973a66c61820d4ce1c6bb77d":"f22dd3517350176e35e1b7ecc8c00bea4747f0ac17bda1b1ddf8cdf7be53ff8c326268366e89cf3b023a9646177a0dcca902f0c98bf3840c9cbdf5c0494bee3c":"611caa00f93d4456fd2abb90de4dbcd934afbf1a56c2c4633b704c998f649960":"cba68367dc2fc92250e23e2b1a547fb3231b2beaab5e5a2ee39c5c74c9bab5f5":"f4895c9653b44a96152b893b7c94db80057fb67824d61c5c4186b9d8f16d3d98":"a05de6531a1aa1b2ba3faea8ad6ac209" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"9670deb707caabc888a3b0df7270942934732e02be728a4bedb5fc9ca4d675b2f3b47c7132c364ce6292cef7c19b60c7":"bba34e6f4ee27e5d4e885e59f8bbb0dc7353a8912e66637d7515a66e5398d9a8cbd328fed32f71bdd34c73cdf97e0d211be6dabfb0144e1011fd136cf01ea4e4":"9f55da36babd6ea42082f5f5d4330f023440bb864f8ad5498a29cf89757eaeab":"8013a309058c91c80f4d966f98bce1d4291003ad547e915777a3fce8ae2eaf77":"c83106272d44e832e94c7096c9c11f6342e12ec06d5db336424af73d12451406":"bc8d4d00609662c1163dca930901821d" +ctr_drbg_validate_reseed_between:"9670deb707caabc888a3b0df7270942934732e02be728a4bedb5fc9ca4d675b2f3b47c7132c364ce6292cef7c19b60c7":"bba34e6f4ee27e5d4e885e59f8bbb0dc7353a8912e66637d7515a66e5398d9a8cbd328fed32f71bdd34c73cdf97e0d211be6dabfb0144e1011fd136cf01ea4e4":"9f55da36babd6ea42082f5f5d4330f023440bb864f8ad5498a29cf89757eaeab":"8013a309058c91c80f4d966f98bce1d4291003ad547e915777a3fce8ae2eaf77":"c83106272d44e832e94c7096c9c11f6342e12ec06d5db336424af73d12451406":"bc8d4d00609662c1163dca930901821d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"6d984c8ab923a7e118447fd53ad287b8f01d1e6112cff12bfb338ecd3ed16bafdd634677c600bdd68f852a946f45c3d9":"ed0e524ed2990ef348dbb15b3f964b12ad3109978d6952ae193b21e94510a47406926620798e71a0ffcbdd2e54ec45509d784a8bfc9d59cb733f9f11fc474b5e":"0a3a32260d04dd7a82fb0873ecae7db5e5a4b6a51b09f4bf8a989e1afacbda3b":"3cbcabb83aab5a3e54836bbf12d3a7862a18e2dffeeb8bdd5770936d61fd839a":"f63b30a3efc0273eba03bf3cf90b1e4ac20b00e53a317dbf77b0fe70960e7c60":"ab9af144e8fad6a978a636ad84e0469e" +ctr_drbg_validate_reseed_between:"6d984c8ab923a7e118447fd53ad287b8f01d1e6112cff12bfb338ecd3ed16bafdd634677c600bdd68f852a946f45c3d9":"ed0e524ed2990ef348dbb15b3f964b12ad3109978d6952ae193b21e94510a47406926620798e71a0ffcbdd2e54ec45509d784a8bfc9d59cb733f9f11fc474b5e":"0a3a32260d04dd7a82fb0873ecae7db5e5a4b6a51b09f4bf8a989e1afacbda3b":"3cbcabb83aab5a3e54836bbf12d3a7862a18e2dffeeb8bdd5770936d61fd839a":"f63b30a3efc0273eba03bf3cf90b1e4ac20b00e53a317dbf77b0fe70960e7c60":"ab9af144e8fad6a978a636ad84e0469e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"2c59520d6f8ce946dcc5222f4fc80ba83f38df9dce2861412eebb1614245331626e7fb93eedbad33a12e94c276deff0a":"2882d4a30b22659b87ad2d71db1d7cf093ffca80079a4ef21660de9223940969afec70b0384a54b1de9bcca6b43fb182e58d8dfcad82b0df99a8929201476ae9":"d3c17a2d9c5da051b2d1825120814eaee07dfca65ab4df01195c8b1fcea0ed41":"dcc39555b87f31973ae085f83eaf497441d22ab6d87b69e47296b0ab51733687":"9a8a1b4ccf8230e3d3a1be79e60ae06c393fe6b1ca245281825317468ca114c7":"fba523a09c587ecad4e7e7fd81e5ca39" +ctr_drbg_validate_reseed_between:"2c59520d6f8ce946dcc5222f4fc80ba83f38df9dce2861412eebb1614245331626e7fb93eedbad33a12e94c276deff0a":"2882d4a30b22659b87ad2d71db1d7cf093ffca80079a4ef21660de9223940969afec70b0384a54b1de9bcca6b43fb182e58d8dfcad82b0df99a8929201476ae9":"d3c17a2d9c5da051b2d1825120814eaee07dfca65ab4df01195c8b1fcea0ed41":"dcc39555b87f31973ae085f83eaf497441d22ab6d87b69e47296b0ab51733687":"9a8a1b4ccf8230e3d3a1be79e60ae06c393fe6b1ca245281825317468ca114c7":"fba523a09c587ecad4e7e7fd81e5ca39" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"1c1207f50b645aaed5c16fe36f6aae83af4924e6b98a7e2a2533a584c1bac123f8b6f0e05109e0132950ae97b389001a":"8ae9a5903da32a38b7c6fed92dd0c6a035ca5104a3528d71a3eacc2f1681379724991a0053e8dac65e35f3deee0435e99f86364577c8ebdba321872973dc9790":"568bfee681d7f9be23a175a3cbf441b513829a9cbdf0706c145fdcd7803ce099":"e32cb5fec72c068894aaeabfc1b8d5e0de0b5acdf287a82e130a46e846770dc2":"d4418c333687a1c15cac7d4021f7d8823a114bb98f92c8a6dccc59ff8ad51c1f":"194e3018377cef71610794006b95def5" +ctr_drbg_validate_reseed_between:"1c1207f50b645aaed5c16fe36f6aae83af4924e6b98a7e2a2533a584c1bac123f8b6f0e05109e0132950ae97b389001a":"8ae9a5903da32a38b7c6fed92dd0c6a035ca5104a3528d71a3eacc2f1681379724991a0053e8dac65e35f3deee0435e99f86364577c8ebdba321872973dc9790":"568bfee681d7f9be23a175a3cbf441b513829a9cbdf0706c145fdcd7803ce099":"e32cb5fec72c068894aaeabfc1b8d5e0de0b5acdf287a82e130a46e846770dc2":"d4418c333687a1c15cac7d4021f7d8823a114bb98f92c8a6dccc59ff8ad51c1f":"194e3018377cef71610794006b95def5" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"28254014c5d6ebf9bd9e5f3946fc98e55fe351deee8fc70333e4f20f1f7719a522b3ea9a4424afe68208d1cc6c128c47":"98a0db985544c33990aee0f69655dba7198e6720ce56ff9d4662e26f0c6b4ee7ab599932c05295f6c5a4011085c5b2c861a5a8ae4f572ce614ff2dafc0fddb34":"64215cbe384f1f4cf548078ffd51f91eee9a8bae5aacdd19ca16bcaaf354f8ad":"2e21df638dabe24aebf62d97e25f701f781d12d0064f2f5a4a44d320c90b7260":"7f936274f74a466cbf69dbfe46db79f3c349377df683cb461f2da3b842ad438e":"25c469cc8407b82f42e34f11db3d8462" +ctr_drbg_validate_reseed_between:"28254014c5d6ebf9bd9e5f3946fc98e55fe351deee8fc70333e4f20f1f7719a522b3ea9a4424afe68208d1cc6c128c47":"98a0db985544c33990aee0f69655dba7198e6720ce56ff9d4662e26f0c6b4ee7ab599932c05295f6c5a4011085c5b2c861a5a8ae4f572ce614ff2dafc0fddb34":"64215cbe384f1f4cf548078ffd51f91eee9a8bae5aacdd19ca16bcaaf354f8ad":"2e21df638dabe24aebf62d97e25f701f781d12d0064f2f5a4a44d320c90b7260":"7f936274f74a466cbf69dbfe46db79f3c349377df683cb461f2da3b842ad438e":"25c469cc8407b82f42e34f11db3d8462" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"e26c8a13dae5c2da81023f27ab10b878":"fea104f90c5881df7ad1c863307bad22c98770ecd0d717513a2807682582e3e18e81d7935c8a7bacddd5176e7ca4911b9f8f5b1d9c349152fa215393eb006384":"":"":"":"fd87337c305a0a8ef8eef797601732c2" +ctr_drbg_validate_reseed_between:"e26c8a13dae5c2da81023f27ab10b878":"fea104f90c5881df7ad1c863307bad22c98770ecd0d717513a2807682582e3e18e81d7935c8a7bacddd5176e7ca4911b9f8f5b1d9c349152fa215393eb006384":"":"":"":"fd87337c305a0a8ef8eef797601732c2" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"8d7dda20a9807804bfc37bd7472d3b0c":"1d723cbc2ff2c115160e7240340adbf31c717696d0fdfecf3ec21150fca00cde477d37e2abbe32f399a505b74d82e502fbff94cecac87e87127d1397d3d76532":"":"":"":"7221761b913b1f50125abca6c3b2f229" +ctr_drbg_validate_reseed_between:"8d7dda20a9807804bfc37bd7472d3b0c":"1d723cbc2ff2c115160e7240340adbf31c717696d0fdfecf3ec21150fca00cde477d37e2abbe32f399a505b74d82e502fbff94cecac87e87127d1397d3d76532":"":"":"":"7221761b913b1f50125abca6c3b2f229" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"c02e3b6fd4fea7ec517a232f48aaa8cb":"0820fc21cecba6b2fe053a269a34e6a7637dedaf55ef46d266f672ca7cfd9cc21cd807e2b7f6a1c640b4f059952ae6da7282c5c32959fed39f734a5e88a408d2":"":"":"":"667d4dbefe938d6a662440a17965a334" +ctr_drbg_validate_reseed_between:"c02e3b6fd4fea7ec517a232f48aaa8cb":"0820fc21cecba6b2fe053a269a34e6a7637dedaf55ef46d266f672ca7cfd9cc21cd807e2b7f6a1c640b4f059952ae6da7282c5c32959fed39f734a5e88a408d2":"":"":"":"667d4dbefe938d6a662440a17965a334" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"9aee0326f9b16f88a4114e8d49b8e282":"ef0aae3f9c425253205215e5bf0ad70f141ad8cc72a332247cfe989601ca4fc52ba48b82db4d00fe1f279979b5aed1ae2ec2b02d2c921ee2d9cb89e3a900b97d":"":"":"":"651ad783fe3def80a8456552e405b98d" +ctr_drbg_validate_reseed_between:"9aee0326f9b16f88a4114e8d49b8e282":"ef0aae3f9c425253205215e5bf0ad70f141ad8cc72a332247cfe989601ca4fc52ba48b82db4d00fe1f279979b5aed1ae2ec2b02d2c921ee2d9cb89e3a900b97d":"":"":"":"651ad783fe3def80a8456552e405b98d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"1e7a4961d1cd2fd30f571b92a763c2c5":"a9262ed5b54880cc8ecd4119cce9afe3de8875d403f7ca6b8ed8c88559470b29e644fddd83e127c5f938bc8a425db169c33c5c2d0b0c5133c8f87bbc0b0a7d79":"":"":"":"1124c509ca52693977cf461b0f0a0da9" +ctr_drbg_validate_reseed_between:"1e7a4961d1cd2fd30f571b92a763c2c5":"a9262ed5b54880cc8ecd4119cce9afe3de8875d403f7ca6b8ed8c88559470b29e644fddd83e127c5f938bc8a425db169c33c5c2d0b0c5133c8f87bbc0b0a7d79":"":"":"":"1124c509ca52693977cf461b0f0a0da9" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"ae0b0d2e84f48c632f031356cdea60ac":"554cf6fad1c376ad6148cd40b53105c16e2f5dd5fa564865b26faa8c318150bfb2294e711735df5eb86ff4b4e778531793bad42403d93a80d05c5421229a53da":"":"":"":"1212e5d3070b1cdf52c0217866481c58" +ctr_drbg_validate_reseed_between:"ae0b0d2e84f48c632f031356cdea60ac":"554cf6fad1c376ad6148cd40b53105c16e2f5dd5fa564865b26faa8c318150bfb2294e711735df5eb86ff4b4e778531793bad42403d93a80d05c5421229a53da":"":"":"":"1212e5d3070b1cdf52c0217866481c58" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"16b8c7495d43cd2ff5f65ad2ab48ecef":"7cffe2bef0d42374f7263a386b67fba991e59cefd73590cbcde3a4dc635a5a328f1a8e5edd3ada75854f251ee9f2de6cd247f64c6ca4f6c983805aa0fe9d3106":"":"":"":"d3869a9c5004b8a6ae8d8f0f461b602b" +ctr_drbg_validate_reseed_between:"16b8c7495d43cd2ff5f65ad2ab48ecef":"7cffe2bef0d42374f7263a386b67fba991e59cefd73590cbcde3a4dc635a5a328f1a8e5edd3ada75854f251ee9f2de6cd247f64c6ca4f6c983805aa0fe9d3106":"":"":"":"d3869a9c5004b8a6ae8d8f0f461b602b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a2d5eff6f73f98e5b04c01967dffa69b":"59759bb91b3c4feb18c0f086269ec52e097b67698f4dfe91ebe8bef851caa35cadb3fd22d1309f13510e1252856c71394a8e210fdbf3c7aae7998865f98e8744":"":"":"":"a1f99bd9522342e963af2ec8eed25c08" +ctr_drbg_validate_reseed_between:"a2d5eff6f73f98e5b04c01967dffa69b":"59759bb91b3c4feb18c0f086269ec52e097b67698f4dfe91ebe8bef851caa35cadb3fd22d1309f13510e1252856c71394a8e210fdbf3c7aae7998865f98e8744":"":"":"":"a1f99bd9522342e963af2ec8eed25c08" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"ea1f47fe5e281136706419ea9b652967":"0ec7c617f85bec74044111020c977be32ab8050b326ebc03715bbbffa5a34622f2264d4b5141b7883281c21ea91981155a64fb7b902e674e9a41a8a86c32052b":"":"":"":"daf75b8288fc66802b23af5fd04a9434" +ctr_drbg_validate_reseed_between:"ea1f47fe5e281136706419ea9b652967":"0ec7c617f85bec74044111020c977be32ab8050b326ebc03715bbbffa5a34622f2264d4b5141b7883281c21ea91981155a64fb7b902e674e9a41a8a86c32052b":"":"":"":"daf75b8288fc66802b23af5fd04a9434" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"6f072c681a82c00dcd0d9dd5b7ffa2af":"cd7ce90f0141e80f6bd6ff3d981d8a0a877d0ddae7c98f9091763b5946fc38b64c1ef698485007d53251ad278daf5d4ae94a725d617fc9a45a919a9e785a9849":"":"":"":"39c0144f28c5a490eff6221b62384602" +ctr_drbg_validate_reseed_between:"6f072c681a82c00dcd0d9dd5b7ffa2af":"cd7ce90f0141e80f6bd6ff3d981d8a0a877d0ddae7c98f9091763b5946fc38b64c1ef698485007d53251ad278daf5d4ae94a725d617fc9a45a919a9e785a9849":"":"":"":"39c0144f28c5a490eff6221b62384602" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"9d730655366e2aa89ee09332bd0a5053":"854766e842eb165a31551f96008354bca1628a9520d29c3cc4f6a41068bf76d8054b75b7d69f5865266c310b5e9f0290af37c5d94535cb5dc9c854ea1cb36eb7":"":"":"":"baa2a3ed6fdc049d0f158693db8c70ef" +ctr_drbg_validate_reseed_between:"9d730655366e2aa89ee09332bd0a5053":"854766e842eb165a31551f96008354bca1628a9520d29c3cc4f6a41068bf76d8054b75b7d69f5865266c310b5e9f0290af37c5d94535cb5dc9c854ea1cb36eb7":"":"":"":"baa2a3ed6fdc049d0f158693db8c70ef" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"3363881611bfd5d16814360e83d8544f":"6abfab14cbf222d553d0e930a38941f6f271b48943ea6f69e796e30135bc9eb30204b77ab416ac066da0a649c8558e5a0eac62f54f2f6e66c207cab461c71510":"":"":"":"5be410ce54288e881acd3e566964df78" +ctr_drbg_validate_reseed_between:"3363881611bfd5d16814360e83d8544f":"6abfab14cbf222d553d0e930a38941f6f271b48943ea6f69e796e30135bc9eb30204b77ab416ac066da0a649c8558e5a0eac62f54f2f6e66c207cab461c71510":"":"":"":"5be410ce54288e881acd3e566964df78" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"14e589065423528ff84a1f89507ab519":"0d2e446cad387a962ff2217c7cf4826dcabb997ab7f74f64aa18fbcb69151993f263925ae71f9dfdff122bb61802480f2803930efce01a3f37c97101893c140f":"":"":"":"fc2d3df6c9aae68fb01d8382fcd82104" +ctr_drbg_validate_reseed_between:"14e589065423528ff84a1f89507ab519":"0d2e446cad387a962ff2217c7cf4826dcabb997ab7f74f64aa18fbcb69151993f263925ae71f9dfdff122bb61802480f2803930efce01a3f37c97101893c140f":"":"":"":"fc2d3df6c9aae68fb01d8382fcd82104" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"974c5ae90347d839475f0f994f2bf01d":"aa04d9fc56349fdd31d868e9efc2938f9104c0291e55ac0aa0c24ec4609731b8e0ac04b42180bde1af6ad1b26faff8a6de60a8a4a828cd6f8758c54b6037a0ee":"":"":"":"3caec482015003643d5a319a2af48fb4" +ctr_drbg_validate_reseed_between:"974c5ae90347d839475f0f994f2bf01d":"aa04d9fc56349fdd31d868e9efc2938f9104c0291e55ac0aa0c24ec4609731b8e0ac04b42180bde1af6ad1b26faff8a6de60a8a4a828cd6f8758c54b6037a0ee":"":"":"":"3caec482015003643d5a319a2af48fb4" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"b3a110587a16c1eafe51128a66816ecf":"203bba645fb5ccee3383cf402e04c713b7a6b6cca8b154e827520daac4ea3a0247bbdc3b2cd853e170587d22c70fb96c320ea71cb80c04826316c7317c797b8a":"":"":"":"9af4f67a30a4346e0cfcf51c45fd2589" +ctr_drbg_validate_reseed_between:"b3a110587a16c1eafe51128a66816ecf":"203bba645fb5ccee3383cf402e04c713b7a6b6cca8b154e827520daac4ea3a0247bbdc3b2cd853e170587d22c70fb96c320ea71cb80c04826316c7317c797b8a":"":"":"":"9af4f67a30a4346e0cfcf51c45fd2589" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"55546068cd524c51496c5fc9622b64c6":"951e712d057028158831ca8c74d4ae303c6e4641c344a1c80292260bdd9d8e2f5b97606370e95903e3124659de3e3f6e021cd9ccc86aa4a619c0e94b2a9aa3cc":"2d6de8661c7a30a0ca6a20c13c4c04421ba200fbef4f6eb499c17aee1561faf1":"41797b2eeaccb8a002538d3480cb0b76060ee5ba9d7e4a2bb2b201154f61c975":"b744980bb0377e176b07f48e7994fffd7b0d8a539e1f02a5535d2f4051f054f3":"65b9f7382ed578af03efa2008dbdd56f" +ctr_drbg_validate_reseed_between:"55546068cd524c51496c5fc9622b64c6":"951e712d057028158831ca8c74d4ae303c6e4641c344a1c80292260bdd9d8e2f5b97606370e95903e3124659de3e3f6e021cd9ccc86aa4a619c0e94b2a9aa3cc":"2d6de8661c7a30a0ca6a20c13c4c04421ba200fbef4f6eb499c17aee1561faf1":"41797b2eeaccb8a002538d3480cb0b76060ee5ba9d7e4a2bb2b201154f61c975":"b744980bb0377e176b07f48e7994fffd7b0d8a539e1f02a5535d2f4051f054f3":"65b9f7382ed578af03efa2008dbdd56f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a0c92565640a3315cac8da6d0458fb07":"6e9b31755c1f45df7d685f86044ab3bc25433a3ff08ab5de7154e06b0867f4e3531ed2e2a15ab63c611fc2894240fdac1d3292d1b36da87caa2080d1c41bcf24":"c6c74690bdee26288d2f87a06435d664431206b23b24f426e847fb892d40d5d5":"4e7dc1adbc8bc16ba7b584c18a0d7e4383c470bff2f320af54ad5ade5f43265b":"c6fb8ee194a339726f5051b91925c6a214079a661ec78358e98fc4f41e8c4724":"c3f849ee7d87291301e11b467fa2162f" +ctr_drbg_validate_reseed_between:"a0c92565640a3315cac8da6d0458fb07":"6e9b31755c1f45df7d685f86044ab3bc25433a3ff08ab5de7154e06b0867f4e3531ed2e2a15ab63c611fc2894240fdac1d3292d1b36da87caa2080d1c41bcf24":"c6c74690bdee26288d2f87a06435d664431206b23b24f426e847fb892d40d5d5":"4e7dc1adbc8bc16ba7b584c18a0d7e4383c470bff2f320af54ad5ade5f43265b":"c6fb8ee194a339726f5051b91925c6a214079a661ec78358e98fc4f41e8c4724":"c3f849ee7d87291301e11b467fa2162f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"63e143bd6a87065a00eea930593f9b29":"62c2c790cb56518ed2d8d65952bbd4ab85a56463495c940b94f403a93338bdc96129feea9335b1a3e0ada7cf4c207f4732013bc6a52db41407bf5d6fe9183b3c":"7b4e9ff0c8f8c90f8b324c7189226d3adccd79df2d0c22b52fb31dbb5dfefba6":"49e1aecf2b96a366325dc1892c016a5535dd2480360a382e9cc78bf75b2bba37":"f4ce1d27e759f3ba4a56aaab713642b4c56810c9995fbfc04ce285429f95a8f4":"513111abaae3069e599b56f7e5fb91d1" +ctr_drbg_validate_reseed_between:"63e143bd6a87065a00eea930593f9b29":"62c2c790cb56518ed2d8d65952bbd4ab85a56463495c940b94f403a93338bdc96129feea9335b1a3e0ada7cf4c207f4732013bc6a52db41407bf5d6fe9183b3c":"7b4e9ff0c8f8c90f8b324c7189226d3adccd79df2d0c22b52fb31dbb5dfefba6":"49e1aecf2b96a366325dc1892c016a5535dd2480360a382e9cc78bf75b2bba37":"f4ce1d27e759f3ba4a56aaab713642b4c56810c9995fbfc04ce285429f95a8f4":"513111abaae3069e599b56f7e5fb91d1" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"98dc16e95f97b5b9d8287875774d9d19":"2fab4a629e4b21f27488a0c9ed36fc8e75bee0c386346c6ec59a6f045975e29818440a6638eb3b9e952e19df82d6dc7b8b9c18530aef763d0709b3b55433ddc6":"2e9d2f52a55df05fb8b9549947f8690c9ce410268d1d3aa7d69e63cbb28e4eb8":"57ecdad71d709dcdb1eba6cf36e0ecf04aaccd7527ca44c6f96768968027274f":"7b2da3d1ae252a71bccbb318e0eec95493a236f0dec97f2600de9f0743030529":"841882e4d9346bea32b1216eebc06aac" +ctr_drbg_validate_reseed_between:"98dc16e95f97b5b9d8287875774d9d19":"2fab4a629e4b21f27488a0c9ed36fc8e75bee0c386346c6ec59a6f045975e29818440a6638eb3b9e952e19df82d6dc7b8b9c18530aef763d0709b3b55433ddc6":"2e9d2f52a55df05fb8b9549947f8690c9ce410268d1d3aa7d69e63cbb28e4eb8":"57ecdad71d709dcdb1eba6cf36e0ecf04aaccd7527ca44c6f96768968027274f":"7b2da3d1ae252a71bccbb318e0eec95493a236f0dec97f2600de9f0743030529":"841882e4d9346bea32b1216eebc06aac" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"5dbac5c313527d4d0e5ca9b6f5596ed7":"c00b28c78da4f9ce159741437fe7f90e4e23ecd01cd292f197202decbbc823d9ce46b8191c11e8f8d007d38e2ecd93b8bd9bbad5812aaf547ddf4c7a6738b777":"460c54f4c3fe49d9b25b069ff6664517ed3b234890175a59cde5c3bc230c0a9e":"bf5187f1f55ae6711c2bc1884324490bf2d29d29e95cad7a1c295045eed5a310":"28fd8277dcb807741d4d5cb255a8d9a32ef56a880ccf2b3dcca54645bd6f1013":"b488f5c13bb017b0d9de2092d577c76e" +ctr_drbg_validate_reseed_between:"5dbac5c313527d4d0e5ca9b6f5596ed7":"c00b28c78da4f9ce159741437fe7f90e4e23ecd01cd292f197202decbbc823d9ce46b8191c11e8f8d007d38e2ecd93b8bd9bbad5812aaf547ddf4c7a6738b777":"460c54f4c3fe49d9b25b069ff6664517ed3b234890175a59cde5c3bc230c0a9e":"bf5187f1f55ae6711c2bc1884324490bf2d29d29e95cad7a1c295045eed5a310":"28fd8277dcb807741d4d5cb255a8d9a32ef56a880ccf2b3dcca54645bd6f1013":"b488f5c13bb017b0d9de2092d577c76e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"254d5f5044415c694a89249b0b6e1a2c":"4c1cc9ebe7a03cde31860637d8222faeefa9cbf789fab62e99a98d83084fef29eafcf7177d62d55435a1acb77e7a61ad86c47d1950b8683e167fe3ece3f8c9e8":"71af584657160f0f0b81740ef93017a37c174bee5a02c8967f087fdbfd33bfde":"96e8522f6ed8e8a9772ffb19e9416a1c6293ad6d1ecd317972e2f6258d7d68dd":"3aaa5e4d6af79055742150e630c5e3a46288e216d6607793c021d6705349f96a":"66629af4a0e90550b9bd3811243d6b86" +ctr_drbg_validate_reseed_between:"254d5f5044415c694a89249b0b6e1a2c":"4c1cc9ebe7a03cde31860637d8222faeefa9cbf789fab62e99a98d83084fef29eafcf7177d62d55435a1acb77e7a61ad86c47d1950b8683e167fe3ece3f8c9e8":"71af584657160f0f0b81740ef93017a37c174bee5a02c8967f087fdbfd33bfde":"96e8522f6ed8e8a9772ffb19e9416a1c6293ad6d1ecd317972e2f6258d7d68dd":"3aaa5e4d6af79055742150e630c5e3a46288e216d6607793c021d6705349f96a":"66629af4a0e90550b9bd3811243d6b86" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"b46fceed0fcc29665815cc9459971913":"ff62d52aed55d8e966044f7f7c5013b4915197c73668e01b4487c3243bbf5f9248a4fdd6ef0f63b87fc8d1c5d514ff243319b2fbdfa474d5f83b935399655e15":"994d6b5393fbf0351f0bcfb48e1e763b377b732c73bf8e28dec720a2cadcb8a5":"118bb8c7a43b9c30afaf9ce4db3e6a60a3f9d01c30b9ab3572662955808b41e4":"bb47e443090afc32ee34873bd106bf867650adf5b5d90a2e7d0e58ed0ae83e8a":"1865fee6024db510690725f16b938487" +ctr_drbg_validate_reseed_between:"b46fceed0fcc29665815cc9459971913":"ff62d52aed55d8e966044f7f7c5013b4915197c73668e01b4487c3243bbf5f9248a4fdd6ef0f63b87fc8d1c5d514ff243319b2fbdfa474d5f83b935399655e15":"994d6b5393fbf0351f0bcfb48e1e763b377b732c73bf8e28dec720a2cadcb8a5":"118bb8c7a43b9c30afaf9ce4db3e6a60a3f9d01c30b9ab3572662955808b41e4":"bb47e443090afc32ee34873bd106bf867650adf5b5d90a2e7d0e58ed0ae83e8a":"1865fee6024db510690725f16b938487" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"e1a5dd32fc7cefb281d5d6ce3200f4ca":"bf1ba4166007b53fcaee41f9c54771c8a0b309a52ea7894a005783c1e3e43e2eb9871d7909a1c3567953aabdf75e38c8f5578c51a692d883755102a0c82c7c12":"32e9922bd780303828091a140274d04f879cd821f352bd18bcaa49ffef840010":"01830ddd2f0e323c90830beddedf1480e6c23b0d99c2201871f18cc308ab3139":"f36d792dbde7609b8bf4724d7d71362840b309c5f2961e2537c8b5979a569ae8":"7080e8379a43c2e28e07d0c7ed9705a8" +ctr_drbg_validate_reseed_between:"e1a5dd32fc7cefb281d5d6ce3200f4ca":"bf1ba4166007b53fcaee41f9c54771c8a0b309a52ea7894a005783c1e3e43e2eb9871d7909a1c3567953aabdf75e38c8f5578c51a692d883755102a0c82c7c12":"32e9922bd780303828091a140274d04f879cd821f352bd18bcaa49ffef840010":"01830ddd2f0e323c90830beddedf1480e6c23b0d99c2201871f18cc308ab3139":"f36d792dbde7609b8bf4724d7d71362840b309c5f2961e2537c8b5979a569ae8":"7080e8379a43c2e28e07d0c7ed9705a8" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"d1b7be857a422b425ae62c61e90a192a":"6ac34c4ce22b644632283ab13e294df2093e939d32411340b046c26fcc449d0fd6d14132c7205df303dbb663190e6e86ad12e14e145b6603308241f38d94eb5d":"aacfe8553d5ffef6abc3fd8f94d796cae2079ff04f7ab1b41982003f02427c7a":"01d2d1bc29d6a6b52bb29bd6652be772096ca23c838c40730d5b4a4f8f735daa":"27af728ee07d3f5902f4e56453b6a9feb308ef14795eb5630b2651debdd36d5b":"b03fbcd03fa1cc69db0a4e3492a52bad" +ctr_drbg_validate_reseed_between:"d1b7be857a422b425ae62c61e90a192a":"6ac34c4ce22b644632283ab13e294df2093e939d32411340b046c26fcc449d0fd6d14132c7205df303dbb663190e6e86ad12e14e145b6603308241f38d94eb5d":"aacfe8553d5ffef6abc3fd8f94d796cae2079ff04f7ab1b41982003f02427c7a":"01d2d1bc29d6a6b52bb29bd6652be772096ca23c838c40730d5b4a4f8f735daa":"27af728ee07d3f5902f4e56453b6a9feb308ef14795eb5630b2651debdd36d5b":"b03fbcd03fa1cc69db0a4e3492a52bad" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a2c49aa6f3f92e36266bf267af5877ed":"5684c3eb99314127078484959314d52b3bc50cb3615c0eef6b48850d98aee04c528b0693be13ed1bb4040e8e96cb13c316143f0815cd68d1bb7931a3d9b88a3d":"566522085426b76bdef152adefd73ef0f76eee4614bc5a4391629ec49e0acffb":"30ef9585148dd2270c41540a4235328de8952f28cf5472df463e88e837419e99":"adc46e0afcf69302f62c84c5c4bfcbb7132f8db118d1a84dc2b910753fe86a2d":"4edc4383977ee91aaa2f5b9ac4257570" +ctr_drbg_validate_reseed_between:"a2c49aa6f3f92e36266bf267af5877ed":"5684c3eb99314127078484959314d52b3bc50cb3615c0eef6b48850d98aee04c528b0693be13ed1bb4040e8e96cb13c316143f0815cd68d1bb7931a3d9b88a3d":"566522085426b76bdef152adefd73ef0f76eee4614bc5a4391629ec49e0acffb":"30ef9585148dd2270c41540a4235328de8952f28cf5472df463e88e837419e99":"adc46e0afcf69302f62c84c5c4bfcbb7132f8db118d1a84dc2b910753fe86a2d":"4edc4383977ee91aaa2f5b9ac4257570" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"43852c53041a3a4f710435dbd3e4382b":"ab7bca5595084bccdba80ade7ac3df2a0ce198fa49d29414c0249ec3d1c50d271ca74ba5c3521576a89a1964e6deded2d5ba7ff28a364a8f9235981bec1bedfa":"c5612a9540b64fc134074cb36f4c9ea62fff993938709b5d354a917e5265adee":"eee2258aba665aa6d3f5b8c2207f135276f597adb2a0fbfb16a20460e8cc3c68":"a6d6d126bed13dbcf2b327aa884b7260a9c388cb03751dbe9feb28a3fe351d62":"e04c3de51a1ffe8cda89e881c396584b" +ctr_drbg_validate_reseed_between:"43852c53041a3a4f710435dbd3e4382b":"ab7bca5595084bccdba80ade7ac3df2a0ce198fa49d29414c0249ec3d1c50d271ca74ba5c3521576a89a1964e6deded2d5ba7ff28a364a8f9235981bec1bedfa":"c5612a9540b64fc134074cb36f4c9ea62fff993938709b5d354a917e5265adee":"eee2258aba665aa6d3f5b8c2207f135276f597adb2a0fbfb16a20460e8cc3c68":"a6d6d126bed13dbcf2b327aa884b7260a9c388cb03751dbe9feb28a3fe351d62":"e04c3de51a1ffe8cda89e881c396584b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"52628551ce90c338ed94b655d4f05811":"b3a4a3c4d3d53ffa41b85ce3b8f292b1cc8e5af7488286d4c581005f8c02c5545c09bb08d8470b8cffdf62731b1d4b75c036af7dc4f2f1fc7e9a496f3d235f2d":"f5f9d5b51075b12aa300afdc7b8ea3944fc8cf4d1e95625cc4e42fdfdcbeb169":"60bccbc7345f23733fe8f8eb9760975057238705d9cee33b3269f9bfedd72202":"c0fa3afd6e9decfbffa7ea6678d2481c5f55ec0a35172ff93214b997400e97c3":"5a113906e1ef76b7b75fefbf20d78ef8" +ctr_drbg_validate_reseed_between:"52628551ce90c338ed94b655d4f05811":"b3a4a3c4d3d53ffa41b85ce3b8f292b1cc8e5af7488286d4c581005f8c02c5545c09bb08d8470b8cffdf62731b1d4b75c036af7dc4f2f1fc7e9a496f3d235f2d":"f5f9d5b51075b12aa300afdc7b8ea3944fc8cf4d1e95625cc4e42fdfdcbeb169":"60bccbc7345f23733fe8f8eb9760975057238705d9cee33b3269f9bfedd72202":"c0fa3afd6e9decfbffa7ea6678d2481c5f55ec0a35172ff93214b997400e97c3":"5a113906e1ef76b7b75fefbf20d78ef8" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"0e4873c4cbcde280abc6711a66dbb81a":"1ab7c7d8fe8f505e1dd7ddb8e7cda962572f7004b2a14c7a7c5bcf24bd16616e2c42c50ae5db9981ccd7d0c79062ac572d3893486bd0ae1f99cbc1d28a9e4c1e":"e4b89e28663e853f8b380c8a4491b54121fe6927340a74342362c37d8d615b66":"619775878879eff9ee2189790ff6f187baed4ed1b156029b80e7a070a1072a09":"ba3d673e5e41bd1abbc7191cc4b9a945201b8fef0016e4774047ee2abf499e74":"4758fd021c34a5cf6bea760ad09438a0" +ctr_drbg_validate_reseed_between:"0e4873c4cbcde280abc6711a66dbb81a":"1ab7c7d8fe8f505e1dd7ddb8e7cda962572f7004b2a14c7a7c5bcf24bd16616e2c42c50ae5db9981ccd7d0c79062ac572d3893486bd0ae1f99cbc1d28a9e4c1e":"e4b89e28663e853f8b380c8a4491b54121fe6927340a74342362c37d8d615b66":"619775878879eff9ee2189790ff6f187baed4ed1b156029b80e7a070a1072a09":"ba3d673e5e41bd1abbc7191cc4b9a945201b8fef0016e4774047ee2abf499e74":"4758fd021c34a5cf6bea760ad09438a0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"0684e8ef93c3363ba535c4e573af1c24":"748a5f5fde271c563a8f8d15520d6818f7ed0efb9b434adf2ff9471b391dd225b37868179ffa9a6e58df3b1b765b8945685a2f966d29648dd86a42078339650b":"e90c82153d2280f1ddb55bd65e7752bf6717fbe08c49414f6c129bf608578db7":"c17e97c93cfabe0b925ca5d22615a06430a201b7595ad0d9967cc89a4777947d":"3d554c430c8928dcdb1f6d5e5a4306b309856a9b78c5f431c55d7ebd519443bb":"d3da71af70e196483c951d95eb3f0135" +ctr_drbg_validate_reseed_between:"0684e8ef93c3363ba535c4e573af1c24":"748a5f5fde271c563a8f8d15520d6818f7ed0efb9b434adf2ff9471b391dd225b37868179ffa9a6e58df3b1b765b8945685a2f966d29648dd86a42078339650b":"e90c82153d2280f1ddb55bd65e7752bf6717fbe08c49414f6c129bf608578db7":"c17e97c93cfabe0b925ca5d22615a06430a201b7595ad0d9967cc89a4777947d":"3d554c430c8928dcdb1f6d5e5a4306b309856a9b78c5f431c55d7ebd519443bb":"d3da71af70e196483c951d95eb3f0135" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"89b885ddb12abc4f7422334f27c00439":"e2366eec626bfd9cb932bcaa0569de6a7a37cf1dfde1f25d00d1a0c89fe25fea592cbd2af7c8202521fa48e15f7cc7e97e431b222b516a3ad2bb7b55b7fcf7f4":"c77ee92bd17939efe9bee48af66589aee1d9fe4cd6c8ae26b74b3799e35342a6":"23e80d36ca72ecc38551e7e0a4f9502bed0e160f382d802f48fb2714ec6e3315":"6b83f7458dc813ce0b963b231c424e8bced599d002c0ef91a9c20dcc3f172ea5":"81d13a6b79f05137e233e3c3a1091360" +ctr_drbg_validate_reseed_between:"89b885ddb12abc4f7422334f27c00439":"e2366eec626bfd9cb932bcaa0569de6a7a37cf1dfde1f25d00d1a0c89fe25fea592cbd2af7c8202521fa48e15f7cc7e97e431b222b516a3ad2bb7b55b7fcf7f4":"c77ee92bd17939efe9bee48af66589aee1d9fe4cd6c8ae26b74b3799e35342a6":"23e80d36ca72ecc38551e7e0a4f9502bed0e160f382d802f48fb2714ec6e3315":"6b83f7458dc813ce0b963b231c424e8bced599d002c0ef91a9c20dcc3f172ea5":"81d13a6b79f05137e233e3c3a1091360" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"ff568be02a46343113f06949a16cc7d9da315aef82f5681f0459650e5e180e65d1d77b00e5ce3e3f9eb6c18efff4db36":"77de4e5db3b308c38c814228583dfd1eb415771f4ae30f9cc2d35b48075286a4e8c2c6f441d1aac496d0d4be395d078519e31cb77d06d6f7fd4c033bc40fd659":"":"":"":"448ac707ba934c909335425de62944d6" +ctr_drbg_validate_reseed_between:"ff568be02a46343113f06949a16cc7d9da315aef82f5681f0459650e5e180e65d1d77b00e5ce3e3f9eb6c18efff4db36":"77de4e5db3b308c38c814228583dfd1eb415771f4ae30f9cc2d35b48075286a4e8c2c6f441d1aac496d0d4be395d078519e31cb77d06d6f7fd4c033bc40fd659":"":"":"":"448ac707ba934c909335425de62944d6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"6f092b85eb9f96427642f69467911172cba6df86e0db08d04e824cde6fb91d9b9af2cea53f42d53c45ee3e69a2327172":"667d3ed9f41a154ea33b55182b8bee4d7d46eff8e890c7036cf7c2665d44c28f9e3a8cff166dabfaf262933d337e729e0b6a60a51d00ba18f877bdc9d0cc659e":"":"":"":"16a200f683ab862947e061cddaac5597" +ctr_drbg_validate_reseed_between:"6f092b85eb9f96427642f69467911172cba6df86e0db08d04e824cde6fb91d9b9af2cea53f42d53c45ee3e69a2327172":"667d3ed9f41a154ea33b55182b8bee4d7d46eff8e890c7036cf7c2665d44c28f9e3a8cff166dabfaf262933d337e729e0b6a60a51d00ba18f877bdc9d0cc659e":"":"":"":"16a200f683ab862947e061cddaac5597" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"26e635a6a2b6402b968c1eea13c6a980a0ee9b8497abc14fccdc5bf8439008861f74de2c200505185bf5907d3adc9de2":"80e56f9893beb9f22b2b03caa8f1861d5b31b37f636f2ccbc7e4040ad3073aa20f2f3c6bfefc041df8e57e7100794c42732b6d4b63d8bb51329ca99671d53c7c":"":"":"":"807586c977febcf2ad28fcd45e1a1deb" +ctr_drbg_validate_reseed_between:"26e635a6a2b6402b968c1eea13c6a980a0ee9b8497abc14fccdc5bf8439008861f74de2c200505185bf5907d3adc9de2":"80e56f9893beb9f22b2b03caa8f1861d5b31b37f636f2ccbc7e4040ad3073aa20f2f3c6bfefc041df8e57e7100794c42732b6d4b63d8bb51329ca99671d53c7c":"":"":"":"807586c977febcf2ad28fcd45e1a1deb" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"b239c485d319ce964d69bd3dbc5b7ab9cc72ac9134a25e641bcd3c8b6f89e7e08ef2d0a45cf67667a4e2e634b32d73ff":"c963e17ef46b7b2c68756019704ec7435ec093c423600b3f2f99dd8989f8539a11b1b0598e93e84d50b65e816e794421ab546b202e4b224a8494538dda85da82":"":"":"":"2a3218b4d59f99bd3825631a6eefb09c" +ctr_drbg_validate_reseed_between:"b239c485d319ce964d69bd3dbc5b7ab9cc72ac9134a25e641bcd3c8b6f89e7e08ef2d0a45cf67667a4e2e634b32d73ff":"c963e17ef46b7b2c68756019704ec7435ec093c423600b3f2f99dd8989f8539a11b1b0598e93e84d50b65e816e794421ab546b202e4b224a8494538dda85da82":"":"":"":"2a3218b4d59f99bd3825631a6eefb09c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"0239545a23735b803ae7cb7766194917d6cce164f7ec4f65c6ccd5ec1db5297722d4b7466589da4d39f4585856bc1d7e":"71a440b70a2b5ce41b85de27d987fa2a0628d7990dd7cd1460fddc5410ce6e9bb0ae4f90231f45bc71188fd94e4170389a8bbe4a7e781c95c9a97ad78ba7d07b":"":"":"":"9dafaa8b727c4829dda10a831e67419d" +ctr_drbg_validate_reseed_between:"0239545a23735b803ae7cb7766194917d6cce164f7ec4f65c6ccd5ec1db5297722d4b7466589da4d39f4585856bc1d7e":"71a440b70a2b5ce41b85de27d987fa2a0628d7990dd7cd1460fddc5410ce6e9bb0ae4f90231f45bc71188fd94e4170389a8bbe4a7e781c95c9a97ad78ba7d07b":"":"":"":"9dafaa8b727c4829dda10a831e67419d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"237e8916eadd65e3422fe59ab257b7e6957fe24f760b499fbd052241879e8294b01d2169ec2b98f52660d9f5170dee22":"d8908cfc1ea8518c1442e46731f30fdad85399894db262b8f4fdc0dbcbf11b60b60b25d3108f4b169fcbef621a14c635525fa3af8ccef6b91f808479509967f4":"":"":"":"593c39c56bb9e476550299ee8d85d2fc" +ctr_drbg_validate_reseed_between:"237e8916eadd65e3422fe59ab257b7e6957fe24f760b499fbd052241879e8294b01d2169ec2b98f52660d9f5170dee22":"d8908cfc1ea8518c1442e46731f30fdad85399894db262b8f4fdc0dbcbf11b60b60b25d3108f4b169fcbef621a14c635525fa3af8ccef6b91f808479509967f4":"":"":"":"593c39c56bb9e476550299ee8d85d2fc" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"28b6639b415c79012c749dc2a0d18433ec36eda55815f0841241453fa11b9d572b7c29208e01dbb0be91e1075f305d7f":"6767c3eb6ba1b19412c32bfe44e4d0317beba10f3abea328cda7b7c14109b72046c8691c1c7b28487037d381f77a3bbc8464a51b87de68bdc50ec9c658f915ab":"":"":"":"e390806219fa727e74a90011b4835ed6" +ctr_drbg_validate_reseed_between:"28b6639b415c79012c749dc2a0d18433ec36eda55815f0841241453fa11b9d572b7c29208e01dbb0be91e1075f305d7f":"6767c3eb6ba1b19412c32bfe44e4d0317beba10f3abea328cda7b7c14109b72046c8691c1c7b28487037d381f77a3bbc8464a51b87de68bdc50ec9c658f915ab":"":"":"":"e390806219fa727e74a90011b4835ed6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"ce735a8549fc3f9dfc7b96bf0d48936a711439ac7271d715a278718aca9e2fe3c801030bc74b048ac1e40852345e87cc":"510b0dc06e84ceb901c7195c2f00ad7a04bdd75e0ab52b3d2cd47ddfcd89248dd58e3f1aa8c1ffe306f493905f65369eaed2a5b337dff8ac81c4c1e8903a6ad5":"":"":"":"ba871ba5843083b553a57cf8defa39d7" +ctr_drbg_validate_reseed_between:"ce735a8549fc3f9dfc7b96bf0d48936a711439ac7271d715a278718aca9e2fe3c801030bc74b048ac1e40852345e87cc":"510b0dc06e84ceb901c7195c2f00ad7a04bdd75e0ab52b3d2cd47ddfcd89248dd58e3f1aa8c1ffe306f493905f65369eaed2a5b337dff8ac81c4c1e8903a6ad5":"":"":"":"ba871ba5843083b553a57cf8defa39d7" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"841ea92fa42c06769c5c52fe152d07837b8ff0048392caa5dd045054353d363b25439eb5885e96771dded4005f2baf42":"97511ae52590a0b64b75c37e10b89671880d2d6e8f90780ac27263dbc0e32d0824be5e80a88cf8fc3d4c607eb873c0322d09b9ca3498c4015c53ca6fee890093":"":"":"":"a8fb31362bd997adf4d9116e23dbaf10" +ctr_drbg_validate_reseed_between:"841ea92fa42c06769c5c52fe152d07837b8ff0048392caa5dd045054353d363b25439eb5885e96771dded4005f2baf42":"97511ae52590a0b64b75c37e10b89671880d2d6e8f90780ac27263dbc0e32d0824be5e80a88cf8fc3d4c607eb873c0322d09b9ca3498c4015c53ca6fee890093":"":"":"":"a8fb31362bd997adf4d9116e23dbaf10" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"55cd76fa5f004b97bb8e14170f79f52715d18c60f142b06d16e8e06c274798190a79c8b325163989d86323c03dbe0d68":"bafc0ba64669c9a36514bde6169034101f29e2a0a4b9a55c0aae7dff0c5aca2371b523e26dc44bf75493bdaa023d1555294178288b70f1ae72150d9f7265b4e6":"":"":"":"fa16dbdaf01b3c202426adabf61fa64a" +ctr_drbg_validate_reseed_between:"55cd76fa5f004b97bb8e14170f79f52715d18c60f142b06d16e8e06c274798190a79c8b325163989d86323c03dbe0d68":"bafc0ba64669c9a36514bde6169034101f29e2a0a4b9a55c0aae7dff0c5aca2371b523e26dc44bf75493bdaa023d1555294178288b70f1ae72150d9f7265b4e6":"":"":"":"fa16dbdaf01b3c202426adabf61fa64a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"ff3f3098fa3d2b23b38ed982e7afb61d46b4848c878b9280f8e5ed6bd81176e76f0a2a85071a411829cf84421c22f23e":"92194e2c700fa724489683d0b6ddcf72c89b9c3f3ff584e802ae426be4908b1ade093bcf9baf7738b988dc0fde1739498a97c9610da853a7c83981c6a7b68096":"":"":"":"f85490426dc243ba09f9719bff73545a" +ctr_drbg_validate_reseed_between:"ff3f3098fa3d2b23b38ed982e7afb61d46b4848c878b9280f8e5ed6bd81176e76f0a2a85071a411829cf84421c22f23e":"92194e2c700fa724489683d0b6ddcf72c89b9c3f3ff584e802ae426be4908b1ade093bcf9baf7738b988dc0fde1739498a97c9610da853a7c83981c6a7b68096":"":"":"":"f85490426dc243ba09f9719bff73545a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"7242c1020a63770cccf6f8100970990232a9d11d61c9b0d38fe5e7a568a86252a66481212e5d53c868561298dd5bdeec":"7c3806a32ccf3252ac27a92a07209cd7000b160faa70b9024420b903587d1d77f002d3abe28b563d32ccc502b88f83bc5996f3dbbf0f57835839eadd94563b9d":"":"":"":"2232181f08c1569efaad1a82bcb5f3ba" +ctr_drbg_validate_reseed_between:"7242c1020a63770cccf6f8100970990232a9d11d61c9b0d38fe5e7a568a86252a66481212e5d53c868561298dd5bdeec":"7c3806a32ccf3252ac27a92a07209cd7000b160faa70b9024420b903587d1d77f002d3abe28b563d32ccc502b88f83bc5996f3dbbf0f57835839eadd94563b9d":"":"":"":"2232181f08c1569efaad1a82bcb5f3ba" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a2e445290fed8187df6d2a57e68385bb62d700cb8f140410766b53e69e6a0f2939bbfa7ce091525c9051f064e383a2e1":"fdae5f1ea253108fcb255d215a3ce1dc1d101acf89de4423b75a74619e95f3feaa35b5e0bec430b0ad9567df818989c36c77742129af335c90ceb6dd79c7d2c4":"":"":"":"3841e2d795b17cb9a2081d6016a1a71d" +ctr_drbg_validate_reseed_between:"a2e445290fed8187df6d2a57e68385bb62d700cb8f140410766b53e69e6a0f2939bbfa7ce091525c9051f064e383a2e1":"fdae5f1ea253108fcb255d215a3ce1dc1d101acf89de4423b75a74619e95f3feaa35b5e0bec430b0ad9567df818989c36c77742129af335c90ceb6dd79c7d2c4":"":"":"":"3841e2d795b17cb9a2081d6016a1a71d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"bc885454e385d911336dda9b7a609a6a7079a4a5a860fcd704161c34658bd98685bb03418b7f24f2ed9475eb8ceb232e":"77bef884a91126564b3214029ac6842d86e4c1fa283e33d6828d428377416f66947e39a4a6708e10bfdae8337a6f302420a6649fc109d0f094c18c1e9361375a":"":"":"":"ea20780ed280d8109f811a6a398c3e76" +ctr_drbg_validate_reseed_between:"bc885454e385d911336dda9b7a609a6a7079a4a5a860fcd704161c34658bd98685bb03418b7f24f2ed9475eb8ceb232e":"77bef884a91126564b3214029ac6842d86e4c1fa283e33d6828d428377416f66947e39a4a6708e10bfdae8337a6f302420a6649fc109d0f094c18c1e9361375a":"":"":"":"ea20780ed280d8109f811a6a398c3e76" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"c1825cf00cdc2da93adb3e7a33c1f3a76c49166887883744ea2683ddca23f31900f25c434364c992a6d913f753a9c42a":"56940a6fc4823c9e42e8ffed63fc3cf46d0a2b305c236a511b0b5ec7005ecd8989bf2006ebe52ed55845f7cc25d3d0086cece95f0bff6fa7e17ddf474704abfe":"":"":"":"b037c7f0f85f4d7eaeeb17f4c8643a74" +ctr_drbg_validate_reseed_between:"c1825cf00cdc2da93adb3e7a33c1f3a76c49166887883744ea2683ddca23f31900f25c434364c992a6d913f753a9c42a":"56940a6fc4823c9e42e8ffed63fc3cf46d0a2b305c236a511b0b5ec7005ecd8989bf2006ebe52ed55845f7cc25d3d0086cece95f0bff6fa7e17ddf474704abfe":"":"":"":"b037c7f0f85f4d7eaeeb17f4c8643a74" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"19b83c0deea6463a3912d21ffc8d8041a5b30640352abc9652770cfca99dc53c9c09942ddd67b91f4da50a8615462ce4":"5d85c56d0d20ee39958a90f301d2f8bb136fa34d09b41a0c9375114a0df9c1dcdb2a62c4be398d9eaf2440949b806f0e5a977da608eeb652a41711d1e9b72655":"9c1db928b95c84cb674060a6d2f6b7a6a5d43e9ee967e9f821bf309ca5f8821f":"a3111cb57365c617df0b0bb3a1aada49ca789bc75903eeb21e42a7d3d0dd0825":"ce7f557c70676987d13aca60bc4585147efeed97be139871a1b29caa1e180af9":"4a49430277d64446e2fa75763eb79ec6" +ctr_drbg_validate_reseed_between:"19b83c0deea6463a3912d21ffc8d8041a5b30640352abc9652770cfca99dc53c9c09942ddd67b91f4da50a8615462ce4":"5d85c56d0d20ee39958a90f301d2f8bb136fa34d09b41a0c9375114a0df9c1dcdb2a62c4be398d9eaf2440949b806f0e5a977da608eeb652a41711d1e9b72655":"9c1db928b95c84cb674060a6d2f6b7a6a5d43e9ee967e9f821bf309ca5f8821f":"a3111cb57365c617df0b0bb3a1aada49ca789bc75903eeb21e42a7d3d0dd0825":"ce7f557c70676987d13aca60bc4585147efeed97be139871a1b29caa1e180af9":"4a49430277d64446e2fa75763eb79ec6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"239f21be6cda23e8660c8a5e04c79f6dad6f363ac6dcffd9228699ae43fbce5ac3c51645500cb3eae68f0b604dc4472c":"2975a099f7e6530e5576534c25171f39131d6bffb99259f7f2bbf7d77de9fb1e829052b54a9631a733113021692eba1097438347c6de82307a0c2bb308edf065":"d451a54584e6d1d634217379e7e60e67303e19dd4ba63b097899c7349a5a7433":"a33dc24c6a656eb26275415581d568b7c2424a9c5fb9e2944ca35ecbf641f713":"8dfccc62379af46844df136122b72a878d9d61b40ccaa029b09e6b9f0b4d0192":"005e91760d89ecb64b5fc3b0e222fca3" +ctr_drbg_validate_reseed_between:"239f21be6cda23e8660c8a5e04c79f6dad6f363ac6dcffd9228699ae43fbce5ac3c51645500cb3eae68f0b604dc4472c":"2975a099f7e6530e5576534c25171f39131d6bffb99259f7f2bbf7d77de9fb1e829052b54a9631a733113021692eba1097438347c6de82307a0c2bb308edf065":"d451a54584e6d1d634217379e7e60e67303e19dd4ba63b097899c7349a5a7433":"a33dc24c6a656eb26275415581d568b7c2424a9c5fb9e2944ca35ecbf641f713":"8dfccc62379af46844df136122b72a878d9d61b40ccaa029b09e6b9f0b4d0192":"005e91760d89ecb64b5fc3b0e222fca3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"e326abbe1db3ead3738d2ca4d9f1d62080cd23ff3396f43a0af992bed2420cec6661dfaac83c3c4d83347ac840f7dc14":"37c94d11ed0e93b8199d43d6eb242165dddd12fe39c0bea4cdef6bcfeb5d17bb866f080a9daef128f685fb3bc59c945927fb0aa3e17068515c3c92fbdf04a228":"1ff41405dbb3b12b8ddc973069edc2d2801af0e0dc9bde2cdd35c5b2d4091509":"138b6d2eabef4b32174afb0156ad1df570cf6e5f6ebde5d19cc30daffd9ca4f2":"f27cf7422808c54c58fcdde1cece92f5342c7a10ac43ab3b2e53362b2272e3ad":"506d6fae6fff9f222e65ac86df61a832" +ctr_drbg_validate_reseed_between:"e326abbe1db3ead3738d2ca4d9f1d62080cd23ff3396f43a0af992bed2420cec6661dfaac83c3c4d83347ac840f7dc14":"37c94d11ed0e93b8199d43d6eb242165dddd12fe39c0bea4cdef6bcfeb5d17bb866f080a9daef128f685fb3bc59c945927fb0aa3e17068515c3c92fbdf04a228":"1ff41405dbb3b12b8ddc973069edc2d2801af0e0dc9bde2cdd35c5b2d4091509":"138b6d2eabef4b32174afb0156ad1df570cf6e5f6ebde5d19cc30daffd9ca4f2":"f27cf7422808c54c58fcdde1cece92f5342c7a10ac43ab3b2e53362b2272e3ad":"506d6fae6fff9f222e65ac86df61a832" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"cb0229d2bb72d910b0169e8f93318905aef8dd93ed91a2f8388545db32db3f2489e7988b50de64c49a9f7feb5abe8630":"514ec8c02439290853434e75e3d0bd159eacd5ac13b8f202cfd5c36cdc0fe99b53a1b7a1619e94eb661ac825a48ea5ef8bb9120dd6efc351e39eb7cc5223f637":"a6ed69c9216c551793107f1bdaa04944f6d76fe4474f64bb08b0ebc10a18f337":"e0bc1cc56fdfeef686e0c7ec359e2e8bd48d76c8643c40d12325328170bbf702":"87c5b23aa3c100ff9e368fc47534ff8fa2f9e2bfd3599519ee6f60164485cf6d":"bd419968f636e374268ccdd62403f79c" +ctr_drbg_validate_reseed_between:"cb0229d2bb72d910b0169e8f93318905aef8dd93ed91a2f8388545db32db3f2489e7988b50de64c49a9f7feb5abe8630":"514ec8c02439290853434e75e3d0bd159eacd5ac13b8f202cfd5c36cdc0fe99b53a1b7a1619e94eb661ac825a48ea5ef8bb9120dd6efc351e39eb7cc5223f637":"a6ed69c9216c551793107f1bdaa04944f6d76fe4474f64bb08b0ebc10a18f337":"e0bc1cc56fdfeef686e0c7ec359e2e8bd48d76c8643c40d12325328170bbf702":"87c5b23aa3c100ff9e368fc47534ff8fa2f9e2bfd3599519ee6f60164485cf6d":"bd419968f636e374268ccdd62403f79c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"bdd156ef3c4e09b77fe8781c446eac55b562e4ee1b7d15515a966882d4c7fadb0fc7b37554ba03908838db40499ded5b":"9facd9f4587819acb358e4936d9f44b67ddf82616e79a44ffd6a2510f652f6b9cebc1424b5c642362b19f63c615f49686df66a8f80ddffb56ce0c0d8540150fb":"35ea316fe302786f626e3831530622b62eb33a3608d4af3384ecfcbd198f3f05":"8d4fae22290b6ef8618ded1c3412e85fab7b8d17fb9cbd09dbc87f97279cc72d":"2f54928372e4ce447201427a3ae05769ae1c54b2e83bdc86d380a90b07f2890c":"8045e8da88b1bc126785c8a771db5354" +ctr_drbg_validate_reseed_between:"bdd156ef3c4e09b77fe8781c446eac55b562e4ee1b7d15515a966882d4c7fadb0fc7b37554ba03908838db40499ded5b":"9facd9f4587819acb358e4936d9f44b67ddf82616e79a44ffd6a2510f652f6b9cebc1424b5c642362b19f63c615f49686df66a8f80ddffb56ce0c0d8540150fb":"35ea316fe302786f626e3831530622b62eb33a3608d4af3384ecfcbd198f3f05":"8d4fae22290b6ef8618ded1c3412e85fab7b8d17fb9cbd09dbc87f97279cc72d":"2f54928372e4ce447201427a3ae05769ae1c54b2e83bdc86d380a90b07f2890c":"8045e8da88b1bc126785c8a771db5354" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"154876298a1b63334624b367da984eb31d7260abe79ced41de35ba68a716233a5df0937b90f89dde7fd55a9693c9031f":"36895f574e9e9d08e6c885d305eb4764c1e5689d1f99c2462b3ebdf659e8ce43818dfc886ec797843bfee361b554cd5f969b0c7b0381b53f4afc1bcadbf7eb1c":"c3a46105c50a167a5b0391053f3814a06c90cea2c1fa9329d97fdbc62887ff6d":"54c7d66c65dbddb4665981bff0f503de37d724362aeb67abce6a870fd6a7398a":"58204ca953cbd46dd6c8870b358cba77c436870db49bcd3e2f92697bb580b460":"cd903c0f11ea701214f91715cfec11a3" +ctr_drbg_validate_reseed_between:"154876298a1b63334624b367da984eb31d7260abe79ced41de35ba68a716233a5df0937b90f89dde7fd55a9693c9031f":"36895f574e9e9d08e6c885d305eb4764c1e5689d1f99c2462b3ebdf659e8ce43818dfc886ec797843bfee361b554cd5f969b0c7b0381b53f4afc1bcadbf7eb1c":"c3a46105c50a167a5b0391053f3814a06c90cea2c1fa9329d97fdbc62887ff6d":"54c7d66c65dbddb4665981bff0f503de37d724362aeb67abce6a870fd6a7398a":"58204ca953cbd46dd6c8870b358cba77c436870db49bcd3e2f92697bb580b460":"cd903c0f11ea701214f91715cfec11a3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"94e273fde1e699f84aeef343eb0277c50d169bb5496575301021a2be50df6a555d1422ea88e0e4d905158e93fd8d0089":"1cd97b6e6e7f19401e409aea7b3ec33a8faefd71402b8f34a73c1cb1af215e0e87debe68bce590d41c1f90c6ad9db3d30b3901862e076d765ffdf58776e5fb7e":"6ee75e9f9aee6ac93e20f742f20427e5eb9b4ad2ed06fbba8c7b7870a96941ac":"0ba60399893ede284372bc4e0a37702a23b16aa8e5fe70ea95429af87ff291aa":"94bd2b51c32d29cd14e2123221e45ec0cf1f38766fb6bb0716856d0138f6fa39":"831793686abd406f7b385cd59e497b18" +ctr_drbg_validate_reseed_between:"94e273fde1e699f84aeef343eb0277c50d169bb5496575301021a2be50df6a555d1422ea88e0e4d905158e93fd8d0089":"1cd97b6e6e7f19401e409aea7b3ec33a8faefd71402b8f34a73c1cb1af215e0e87debe68bce590d41c1f90c6ad9db3d30b3901862e076d765ffdf58776e5fb7e":"6ee75e9f9aee6ac93e20f742f20427e5eb9b4ad2ed06fbba8c7b7870a96941ac":"0ba60399893ede284372bc4e0a37702a23b16aa8e5fe70ea95429af87ff291aa":"94bd2b51c32d29cd14e2123221e45ec0cf1f38766fb6bb0716856d0138f6fa39":"831793686abd406f7b385cd59e497b18" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"5a699113ebf98bff9cb780ce29747a61ba2d7581a5716065d018c89348d7c2ed3f5bba32442cd192c1e37b77b98f5791":"de6d2a3b6ad9af07058d3b1d1976cf61d49566b965eb4e9b74a4cad8e286e7a40b254b860e2e209a8cb4cff3a8e615b84f5ae7505957a758e266a4c3e915d251":"ed18c16a61ba5ecc0755f94c286390a6d46e6e26439dadd36c83ebdee42b4b4c":"7c4550d058b85580be2053fd9d933c87041c5c3f62a5b6b303259dafc90d9041":"ebebfcb9b4b3595e516939ca0688422bbdfc4b9f67b0d6619757cb315b7d7908":"1a5a496aa2268483444b3740c9cc4104" +ctr_drbg_validate_reseed_between:"5a699113ebf98bff9cb780ce29747a61ba2d7581a5716065d018c89348d7c2ed3f5bba32442cd192c1e37b77b98f5791":"de6d2a3b6ad9af07058d3b1d1976cf61d49566b965eb4e9b74a4cad8e286e7a40b254b860e2e209a8cb4cff3a8e615b84f5ae7505957a758e266a4c3e915d251":"ed18c16a61ba5ecc0755f94c286390a6d46e6e26439dadd36c83ebdee42b4b4c":"7c4550d058b85580be2053fd9d933c87041c5c3f62a5b6b303259dafc90d9041":"ebebfcb9b4b3595e516939ca0688422bbdfc4b9f67b0d6619757cb315b7d7908":"1a5a496aa2268483444b3740c9cc4104" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"42450f2689b87a3dd940f3b9e3b32d4654c725a24ddd2c22f006694321dacf1980b50f7ac0401626453ec836039bfdc9":"4765399ccbbf3d33433bb992ee29e4381f28d800b05431f1c5b3e949c5db72c582bfe8ba08db1575b866816cabbe5e1d31d8a870ceed49fb75676c97020d1f22":"6ee5a7613c25ecec263a2fd2288948b2df9a05d50040c4031b0653878fdb067f":"68a1038481be7412d6a7c8474d4b2a2535c9b55ea301ee800d5a846127d345cb":"7a1915cf78e6da2dc7840cba40390d668d07571608b77857d2224c4531c17bb8":"80a6c622e64495f9a391f5a8a9c76818" +ctr_drbg_validate_reseed_between:"42450f2689b87a3dd940f3b9e3b32d4654c725a24ddd2c22f006694321dacf1980b50f7ac0401626453ec836039bfdc9":"4765399ccbbf3d33433bb992ee29e4381f28d800b05431f1c5b3e949c5db72c582bfe8ba08db1575b866816cabbe5e1d31d8a870ceed49fb75676c97020d1f22":"6ee5a7613c25ecec263a2fd2288948b2df9a05d50040c4031b0653878fdb067f":"68a1038481be7412d6a7c8474d4b2a2535c9b55ea301ee800d5a846127d345cb":"7a1915cf78e6da2dc7840cba40390d668d07571608b77857d2224c4531c17bb8":"80a6c622e64495f9a391f5a8a9c76818" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"873869e194201b822b140bdd7797dd1ed408f2190b759c068b7019e6707f60751e101d3465c4ec57dbf9d1ea7597fa44":"d2f92706ca3fb9ced8183c74704440d7eedee1542c2e812f65afc83f4b62dadf1c51fa68f8d5f457a893211c8afc82c93e6a1e15822eff0d4ada6efd25d271a0":"8d0393d2a1ae8930ea88773adfa47b49060f0bf2d3def2acc57786bfbd1e2d6f":"5bcf5ff4fbd9eaabf8bf82ec7c59b043fd64b0025ad1ab2b384e399b9e13147a":"6e2d05e286c90502a3abf2ee72ab7ffb520ce5facfb27e095787a09a412abec3":"e1ceda71b8feb4b0d14d35bbb57a79a2" +ctr_drbg_validate_reseed_between:"873869e194201b822b140bdd7797dd1ed408f2190b759c068b7019e6707f60751e101d3465c4ec57dbf9d1ea7597fa44":"d2f92706ca3fb9ced8183c74704440d7eedee1542c2e812f65afc83f4b62dadf1c51fa68f8d5f457a893211c8afc82c93e6a1e15822eff0d4ada6efd25d271a0":"8d0393d2a1ae8930ea88773adfa47b49060f0bf2d3def2acc57786bfbd1e2d6f":"5bcf5ff4fbd9eaabf8bf82ec7c59b043fd64b0025ad1ab2b384e399b9e13147a":"6e2d05e286c90502a3abf2ee72ab7ffb520ce5facfb27e095787a09a412abec3":"e1ceda71b8feb4b0d14d35bbb57a79a2" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"1fecb5fe87c2a208b4f193e9c3ff810954c554150d544baea1685fb4774320315d5cb651be493ef120ef6966e3e7518c":"34bc292809674352ffb60786dca59ec799188aa401b366a48cdeddf37c12ee4c666f8fb3a0d53df4cd7191166d50ff01d992f94cd92da7a385ffe5795b197ced":"38249fed34a907768eac49267c2c613a65154eec5b73b541d7d7b314b5080061":"115be9cb914b50480fffe078d8170870b56129a0a74271dee063f8b2049e1be3":"69fa6faf7223f5bb1b55f35a544f78181579b1745990053357916fe507e51db6":"60cc92d3ba3ff0715f5627182334ed1b" +ctr_drbg_validate_reseed_between:"1fecb5fe87c2a208b4f193e9c3ff810954c554150d544baea1685fb4774320315d5cb651be493ef120ef6966e3e7518c":"34bc292809674352ffb60786dca59ec799188aa401b366a48cdeddf37c12ee4c666f8fb3a0d53df4cd7191166d50ff01d992f94cd92da7a385ffe5795b197ced":"38249fed34a907768eac49267c2c613a65154eec5b73b541d7d7b314b5080061":"115be9cb914b50480fffe078d8170870b56129a0a74271dee063f8b2049e1be3":"69fa6faf7223f5bb1b55f35a544f78181579b1745990053357916fe507e51db6":"60cc92d3ba3ff0715f5627182334ed1b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"4d283eb5ecd85a1613c975e24832770643613c9a5aee0d8649bc0d68c89cf1ea6ec3a1a22eefd9e212d602c338d64c6e":"4aa6917a5c9f370590d70536fdd89c916fec5e5bcbade8c6a6cfcf5b232c98a6b3e6b79a2dfb0778fbc3f1da7b06044d7b0fa2c04ffc3b71324aca1ee19f936b":"05a7092a684ba7a7fbd33533f9be58a4140a3855d4c5f44a31d665a0720c1739":"557ef1bedc890d1543de6cfeb25642782683d77a46bc8aa0836b07157599c7c3":"e87e45073ff8e36c38b128cd2275a160e431787b5e81f6c2fd7a37909eb72ea5":"31ecfb1bcf3253ba5f71b185a66c7cff" +ctr_drbg_validate_reseed_between:"4d283eb5ecd85a1613c975e24832770643613c9a5aee0d8649bc0d68c89cf1ea6ec3a1a22eefd9e212d602c338d64c6e":"4aa6917a5c9f370590d70536fdd89c916fec5e5bcbade8c6a6cfcf5b232c98a6b3e6b79a2dfb0778fbc3f1da7b06044d7b0fa2c04ffc3b71324aca1ee19f936b":"05a7092a684ba7a7fbd33533f9be58a4140a3855d4c5f44a31d665a0720c1739":"557ef1bedc890d1543de6cfeb25642782683d77a46bc8aa0836b07157599c7c3":"e87e45073ff8e36c38b128cd2275a160e431787b5e81f6c2fd7a37909eb72ea5":"31ecfb1bcf3253ba5f71b185a66c7cff" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a6f488104a6c03e354d5d1805c62dcd3016322d218747fa83f9199e20f6ab1cfbc2b889536bda1187f59b7294d557ff2":"22f8ad57a2dfa8010e2865ad6263823652917b84dfea61f639efdb0fdbb35c6341ca7721095d69686212dffe78410c0d0db94f04756d52e7d76165d5a1d516d9":"fb9951d563f7aa88db545874b1a3049c5f79774d486e7a28aed1ed75f59224a5":"b1ea7c6b53e79e4e947e63086dee32dcc17bc4f27fba6142f8215ec081cdd5c9":"0d12cc0a39bfbf87194e4070f6b54caaabbe48fa192b96cfed2a794d95fa299d":"62a1c5678e6e8fc738d375e2ca48751f" +ctr_drbg_validate_reseed_between:"a6f488104a6c03e354d5d1805c62dcd3016322d218747fa83f9199e20f6ab1cfbc2b889536bda1187f59b7294d557ff2":"22f8ad57a2dfa8010e2865ad6263823652917b84dfea61f639efdb0fdbb35c6341ca7721095d69686212dffe78410c0d0db94f04756d52e7d76165d5a1d516d9":"fb9951d563f7aa88db545874b1a3049c5f79774d486e7a28aed1ed75f59224a5":"b1ea7c6b53e79e4e947e63086dee32dcc17bc4f27fba6142f8215ec081cdd5c9":"0d12cc0a39bfbf87194e4070f6b54caaabbe48fa192b96cfed2a794d95fa299d":"62a1c5678e6e8fc738d375e2ca48751f" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"9d67e017e0abdd7c079bc0354f33dab696ad64146802f06d6cefd9cdefbf55b197f5899e5efaa269cc0432c87648ce18":"d8be0ec1119ff959c32c9cf29914e3f7bf2b01bdbf806c2d9ba119ae2a2cfb565871762b02ee7bf68f1d280532fd7ae7368517f6f751739b228d23df2f207f35":"74a5e24477e8759bedfbaa196f398777108392efb8c64c65c0c9ecd6cd3b5f04":"70cbc6cfe1d6ab4bc30d66fa162d5d4b3029e4b1b9d759f3eae17fb508e91a46":"d3c538e042f0eb796b4af9b4e65cd850425c72e2c896fcea741c17172faf27d9":"559a5e04b75cec250aac2433176a725e" +ctr_drbg_validate_reseed_between:"9d67e017e0abdd7c079bc0354f33dab696ad64146802f06d6cefd9cdefbf55b197f5899e5efaa269cc0432c87648ce18":"d8be0ec1119ff959c32c9cf29914e3f7bf2b01bdbf806c2d9ba119ae2a2cfb565871762b02ee7bf68f1d280532fd7ae7368517f6f751739b228d23df2f207f35":"74a5e24477e8759bedfbaa196f398777108392efb8c64c65c0c9ecd6cd3b5f04":"70cbc6cfe1d6ab4bc30d66fa162d5d4b3029e4b1b9d759f3eae17fb508e91a46":"d3c538e042f0eb796b4af9b4e65cd850425c72e2c896fcea741c17172faf27d9":"559a5e04b75cec250aac2433176a725e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"10914608a6d373a26c53ab83014283b678d73dfea65b4a3540af17f2fafa3b3cf698925b423edb9f946b906f43110795":"9ded87d289412dfda8935e5b08ec66b68abd1bae1fc5363e4341f58db954f1f9bc4b681c0d930ba080f85f8fd04c173cb2b77723ce67692efa7ade48b82b6926":"225159b4c679094f277516b2335b1e8b7d0a7ea33fd56822906d481fe412586d":"4967cd401cd466aba0be5f55615ca0d9fb8adbde5cb4e6ae3a0159fcd6c36bf0":"fec14f325b8b458ddf3e7f2e10938f4c2d04c8d9885bb5b9277bdc229c70b354":"1cd5c0bdeb87c79235bead416c565d32" +ctr_drbg_validate_reseed_between:"10914608a6d373a26c53ab83014283b678d73dfea65b4a3540af17f2fafa3b3cf698925b423edb9f946b906f43110795":"9ded87d289412dfda8935e5b08ec66b68abd1bae1fc5363e4341f58db954f1f9bc4b681c0d930ba080f85f8fd04c173cb2b77723ce67692efa7ade48b82b6926":"225159b4c679094f277516b2335b1e8b7d0a7ea33fd56822906d481fe412586d":"4967cd401cd466aba0be5f55615ca0d9fb8adbde5cb4e6ae3a0159fcd6c36bf0":"fec14f325b8b458ddf3e7f2e10938f4c2d04c8d9885bb5b9277bdc229c70b354":"1cd5c0bdeb87c79235bead416c565d32" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"b023f6a6f73d4749b36eb54867994432":"2462ad760ddbca4e013688bf61381f190c7b2de57cbeeec81d6ab7b6f067b75adc3545887f8d2aa5d9b9dfcbfa425d610faa9c247eb5d71145f302918e908ae5":"":"":"":"c0620c68515a4618e572db6e4c14473d" +ctr_drbg_validate_reseed_between:"b023f6a6f73d4749b36eb54867994432":"2462ad760ddbca4e013688bf61381f190c7b2de57cbeeec81d6ab7b6f067b75adc3545887f8d2aa5d9b9dfcbfa425d610faa9c247eb5d71145f302918e908ae5":"":"":"":"c0620c68515a4618e572db6e4c14473d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"7e0fcd953c1c8bb8d03d7a0e918fb59d":"56b2e11d5c2d87d2c9c90c285e0041beb4594a6efdd577580095612e50cf47c0b76208337e1e18453082d725629667d86226ab22944bbfb40c38b7986e489adb":"":"":"":"7194eee0d333fa5282dc44db964ecf5b" +ctr_drbg_validate_reseed_between:"7e0fcd953c1c8bb8d03d7a0e918fb59d":"56b2e11d5c2d87d2c9c90c285e0041beb4594a6efdd577580095612e50cf47c0b76208337e1e18453082d725629667d86226ab22944bbfb40c38b7986e489adb":"":"":"":"7194eee0d333fa5282dc44db964ecf5b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"0130217d4a3945402ed99d7b8504fe4b":"28e592fd9db72b40ae4888078aedde260f6de4f0472a7601258e694d7bb6af6810ff4eabdffb332932765fa1d66650fb78cc2be484c0ba803eb9a2502020e865":"":"":"":"4652f0545385fdbe02d05aec21668608" +ctr_drbg_validate_reseed_between:"0130217d4a3945402ed99d7b8504fe4b":"28e592fd9db72b40ae4888078aedde260f6de4f0472a7601258e694d7bb6af6810ff4eabdffb332932765fa1d66650fb78cc2be484c0ba803eb9a2502020e865":"":"":"":"4652f0545385fdbe02d05aec21668608" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"07854447e33521d2d997d90c0887f42d":"c561ab6acfbfb98879982ac7add92b80471e0154b77ccc9fd98e7c2013c411e8075948e97ab4db7505797a99d456e54e6585042efeff7e3970e399ea0d27537c":"":"":"":"1a14a810c11b4f0af23c6467c47bbde0" +ctr_drbg_validate_reseed_between:"07854447e33521d2d997d90c0887f42d":"c561ab6acfbfb98879982ac7add92b80471e0154b77ccc9fd98e7c2013c411e8075948e97ab4db7505797a99d456e54e6585042efeff7e3970e399ea0d27537c":"":"":"":"1a14a810c11b4f0af23c6467c47bbde0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"68a8ec01581d6066391f3e5977465026":"747c7e9aace6d4f840c7b5261e0af796c516477421d52850a7072a0ab2c768fcc80c9ba8d18b228e77a7f6131c788a76515fe31aef4ed67376568231a4700fac":"":"":"":"a5723c43743442fae3637bb553891aeb" +ctr_drbg_validate_reseed_between:"68a8ec01581d6066391f3e5977465026":"747c7e9aace6d4f840c7b5261e0af796c516477421d52850a7072a0ab2c768fcc80c9ba8d18b228e77a7f6131c788a76515fe31aef4ed67376568231a4700fac":"":"":"":"a5723c43743442fae3637bb553891aeb" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"1459038c60b70bae7af0da6cfab707a2":"9f7d839310846bd452827a185539c0eb0f106acc7bc4de80d3521a970b23483d57826b1484d329a2d1c2ecfeaf8eeffbaa6e1a305e3f1e47b96ad48a711ad1aa":"":"":"":"5fcd6bf108fe68b85f61f85c0556f5c0" +ctr_drbg_validate_reseed_between:"1459038c60b70bae7af0da6cfab707a2":"9f7d839310846bd452827a185539c0eb0f106acc7bc4de80d3521a970b23483d57826b1484d329a2d1c2ecfeaf8eeffbaa6e1a305e3f1e47b96ad48a711ad1aa":"":"":"":"5fcd6bf108fe68b85f61f85c0556f5c0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a3357db173df98da4dd02ee24ce5c303":"f1ce08587ac0338b4d0b8e075b42b6501e77758b30087de028a8622fb7abd7f65e3b4f802d1a472dedb9c1a6dc9263c65918d8b7fafd0ae7e9c39e2e8684af3f":"":"":"":"8a5fa11d8e78fbf1ca4e4ca3e1ae82b8" +ctr_drbg_validate_reseed_between:"a3357db173df98da4dd02ee24ce5c303":"f1ce08587ac0338b4d0b8e075b42b6501e77758b30087de028a8622fb7abd7f65e3b4f802d1a472dedb9c1a6dc9263c65918d8b7fafd0ae7e9c39e2e8684af3f":"":"":"":"8a5fa11d8e78fbf1ca4e4ca3e1ae82b8" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"212f4c80c7e9287c8d25e3b965f91a3c":"bf1d715b3f56c433827c9cb429bee5ca61c80a8d9b2fd4498e1c86ce703637f8f7f34056ab0039e0baa63320df0ec61de60354f2ece06356d9be3c6d1cdcc4cf":"":"":"":"04ac2f969e828f375b03ee16317e8572" +ctr_drbg_validate_reseed_between:"212f4c80c7e9287c8d25e3b965f91a3c":"bf1d715b3f56c433827c9cb429bee5ca61c80a8d9b2fd4498e1c86ce703637f8f7f34056ab0039e0baa63320df0ec61de60354f2ece06356d9be3c6d1cdcc4cf":"":"":"":"04ac2f969e828f375b03ee16317e8572" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"46e85752e0af82fc63932950120e4b5d":"ae4316424fa765179404188eb8839ce84ad8db92cb12f39089a93a2dbdc371e2fdbef1ad080eb354eecdda3a10ea66ef647aa095afa1786c01bd1c9f70d8da4f":"":"":"":"de576284d8ad36b31bd4f8f3da633e36" +ctr_drbg_validate_reseed_between:"46e85752e0af82fc63932950120e4b5d":"ae4316424fa765179404188eb8839ce84ad8db92cb12f39089a93a2dbdc371e2fdbef1ad080eb354eecdda3a10ea66ef647aa095afa1786c01bd1c9f70d8da4f":"":"":"":"de576284d8ad36b31bd4f8f3da633e36" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"ec2459b1dd7f50df63e14e40aa4a4e66":"b964a24bf98264327c0b9e2e1c99ed1b35f534be801c996f318bc2074ed2500ba8488c4feb442b507c3220523c0041c9543133379365e65e092850a5e3f96cc9":"":"":"":"4d466e2f388aae40d1b31ce1f8ddc5e8" +ctr_drbg_validate_reseed_between:"ec2459b1dd7f50df63e14e40aa4a4e66":"b964a24bf98264327c0b9e2e1c99ed1b35f534be801c996f318bc2074ed2500ba8488c4feb442b507c3220523c0041c9543133379365e65e092850a5e3f96cc9":"":"":"":"4d466e2f388aae40d1b31ce1f8ddc5e8" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"acf480d54f4c66d611519b72f2c0dca6":"d5b3277cf8badf6be86af27dd36f23ffc580847c5fcb56c4d8a42339336f185c38ffb86f4d8aa7646c1aaed6c2b0c7ae7e4d435f481d62bb01e632f6bbb2abf9":"":"":"":"746aaa5423ef77ea6b1eda47410262dd" +ctr_drbg_validate_reseed_between:"acf480d54f4c66d611519b72f2c0dca6":"d5b3277cf8badf6be86af27dd36f23ffc580847c5fcb56c4d8a42339336f185c38ffb86f4d8aa7646c1aaed6c2b0c7ae7e4d435f481d62bb01e632f6bbb2abf9":"":"":"":"746aaa5423ef77ea6b1eda47410262dd" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"edb80fddc595b234e3c5c03b2be3d721":"94aad8c772201435543efd9013c9f5f022038db6864e9ed4141ea75beb236844da6e6a17109262bc80f528427b37d9da6df03c7dd25be233774384a7f53197ea":"":"":"":"511927f10f800445b705ea3cfe6ec823" +ctr_drbg_validate_reseed_between:"edb80fddc595b234e3c5c03b2be3d721":"94aad8c772201435543efd9013c9f5f022038db6864e9ed4141ea75beb236844da6e6a17109262bc80f528427b37d9da6df03c7dd25be233774384a7f53197ea":"":"":"":"511927f10f800445b705ea3cfe6ec823" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"c7790c9888b0e731ca6ccd60c32bb98a":"967050c11050a6d99a5da428d1f0fc8068b29ba4c66965addbfd31b745cb07d2439d268ab32a5fa2b1934bf277ff586506a941768468905ed980537d8baa1d07":"":"":"":"978493f0cece6f94d21863a519e06dbe" +ctr_drbg_validate_reseed_between:"c7790c9888b0e731ca6ccd60c32bb98a":"967050c11050a6d99a5da428d1f0fc8068b29ba4c66965addbfd31b745cb07d2439d268ab32a5fa2b1934bf277ff586506a941768468905ed980537d8baa1d07":"":"":"":"978493f0cece6f94d21863a519e06dbe" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"58c75625771df61c48a82590eeed3378":"be3120e8515a98701b4b2fb0667de2bad3f32bcbf10fb9b820956f9aa7ffa1bbbafb70002a9c7fdd1cf7e76a735261798dc60a1163919d58e39ef0c38b54b27b":"":"":"":"90f5c486e7efe932258610e744506487" +ctr_drbg_validate_reseed_between:"58c75625771df61c48a82590eeed3378":"be3120e8515a98701b4b2fb0667de2bad3f32bcbf10fb9b820956f9aa7ffa1bbbafb70002a9c7fdd1cf7e76a735261798dc60a1163919d58e39ef0c38b54b27b":"":"":"":"90f5c486e7efe932258610e744506487" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"d3f64c11aa21bb2d12278847547fb11b":"855c0e3a7567730b11e197c136e5c22b1dc7271d4dbe04bcdfd2fc0ef806b3c05b4264ee6c60d526506622ebf6130738dba4bf35c13ce33db19487312ee691fe":"":"":"":"33ed7089ebae738c6a7e6e2390d573e4" +ctr_drbg_validate_reseed_between:"d3f64c11aa21bb2d12278847547fb11b":"855c0e3a7567730b11e197c136e5c22b1dc7271d4dbe04bcdfd2fc0ef806b3c05b4264ee6c60d526506622ebf6130738dba4bf35c13ce33db19487312ee691fe":"":"":"":"33ed7089ebae738c6a7e6e2390d573e4" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"132ad1c40afb066620f004f08409c59e":"2e5beadd89b663b3903d3a63c3ab5605bfb1a0045a42430e0220243c51a69f7ff7678c2f8edb7bb4a29b646f3edfaca2463f9defd342da87d22b1b8fdb012fd5":"150deb841d1a4d90e66e85b036d9f5a7efca726b907ae3e8f05e1d1338cdfd32":"fb199beeeaf3939be2a5f9e6ba22f97cdd2c7576e81eccc686facbdf8bb4f2aa":"4293341721f57e4548ce8c003531d38622446c8825904e1b868dcddc626c5164":"66d8f3bfb78186b57136ec2c1602e1ef" +ctr_drbg_validate_reseed_between:"132ad1c40afb066620f004f08409c59e":"2e5beadd89b663b3903d3a63c3ab5605bfb1a0045a42430e0220243c51a69f7ff7678c2f8edb7bb4a29b646f3edfaca2463f9defd342da87d22b1b8fdb012fd5":"150deb841d1a4d90e66e85b036d9f5a7efca726b907ae3e8f05e1d1338cdfd32":"fb199beeeaf3939be2a5f9e6ba22f97cdd2c7576e81eccc686facbdf8bb4f2aa":"4293341721f57e4548ce8c003531d38622446c8825904e1b868dcddc626c5164":"66d8f3bfb78186b57136ec2c1602e1ef" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"1c1502ca97c109399a72a77c8d6cc22b":"1d33b1b257a3ae1210fa2099307916a73dd92270769697ea2d7901f56865e3cae1be94b5024d0da3880bce06f0b31231c5a889f8ba3d92a20844b61009db672d":"23eede46eff4a04b08dcc2133e4537b332351f8469630f11b0c8853fb762a4bc":"6fd9f9da108e68aea9d1cecd81c49bcd0e7bedb348890f2248cb31c4277369f7":"76bcc11bd952123f78dd2ba60dd932d49203e418bb832d60b45c083e1e129834":"a1eee46001616f2bf87729895da0d0d1" +ctr_drbg_validate_reseed_between:"1c1502ca97c109399a72a77c8d6cc22b":"1d33b1b257a3ae1210fa2099307916a73dd92270769697ea2d7901f56865e3cae1be94b5024d0da3880bce06f0b31231c5a889f8ba3d92a20844b61009db672d":"23eede46eff4a04b08dcc2133e4537b332351f8469630f11b0c8853fb762a4bc":"6fd9f9da108e68aea9d1cecd81c49bcd0e7bedb348890f2248cb31c4277369f7":"76bcc11bd952123f78dd2ba60dd932d49203e418bb832d60b45c083e1e129834":"a1eee46001616f2bf87729895da0d0d1" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"c79c0a1db75e83af258cdf9ead81264d":"5e8cc0fdadc170ed0f5e12f79a6b9e585f9d7c2926c163686a6a724495d88fabcec940d752545cae63f1792dcb966a7325f61997ba8883559ad6f6f8fc09898a":"a2cf6c1c9e4489f504e17f385f08aa82775aa2b0a84abd0b7ee3c6b393d7fd50":"c7529b874e07d4b876196786d510cc038c9e1ab93c461df2474eba484ae6876f":"63c6e7f3548529386c9f47c5aece52ce8454da5db9a807a1b960f7730a61582b":"43b7931e0b3b3769ef8972d0026896a3" +ctr_drbg_validate_reseed_between:"c79c0a1db75e83af258cdf9ead81264d":"5e8cc0fdadc170ed0f5e12f79a6b9e585f9d7c2926c163686a6a724495d88fabcec940d752545cae63f1792dcb966a7325f61997ba8883559ad6f6f8fc09898a":"a2cf6c1c9e4489f504e17f385f08aa82775aa2b0a84abd0b7ee3c6b393d7fd50":"c7529b874e07d4b876196786d510cc038c9e1ab93c461df2474eba484ae6876f":"63c6e7f3548529386c9f47c5aece52ce8454da5db9a807a1b960f7730a61582b":"43b7931e0b3b3769ef8972d0026896a3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"b44d1dd914e88840bc65a94ee199b3ac":"c3dae1863d323cc78f43ccb3f632fde29130e6b23b843ff5a8d79fddc3c1f92b55cd3dcaf7848d40d189c0de7790bebb889e01be05980dcdf30d2b3333426c50":"41e2fce9b48642a1b9bd1695314adcdd38e1a8afe4891e633c5088c6753438a2":"1eb3f8bbacb0c6b901718bfd7eba29f6f87e1fe056ad442d6d38c1351a684e1f":"85570db773f3f5202967376f91a0a9c09c89cd4eddd58cdc6210335fd5e7acef":"bd53036538d9ed904a49966b5428a2a8" +ctr_drbg_validate_reseed_between:"b44d1dd914e88840bc65a94ee199b3ac":"c3dae1863d323cc78f43ccb3f632fde29130e6b23b843ff5a8d79fddc3c1f92b55cd3dcaf7848d40d189c0de7790bebb889e01be05980dcdf30d2b3333426c50":"41e2fce9b48642a1b9bd1695314adcdd38e1a8afe4891e633c5088c6753438a2":"1eb3f8bbacb0c6b901718bfd7eba29f6f87e1fe056ad442d6d38c1351a684e1f":"85570db773f3f5202967376f91a0a9c09c89cd4eddd58cdc6210335fd5e7acef":"bd53036538d9ed904a49966b5428a2a8" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"5ef97f7af7df5cc6fa94f8428ec7be5c":"be67434ac4d77f0f50ec5bacc8112d1480bd9f20d6b4ea768d9b51bb69c1dffcd8c30e4412127644aaa6fc453e59fb633f6a5a8c2f69e40d1863e35d4d4c0227":"a64195b1e56cf97fd81e99fa1833d191faf62f534c874def4b8bed0ae7195ac7":"353cd3a8d9cd92bce82cd8d1cc198baa9276db478b0cfe50249e30c3042ee9db":"393ab4726f088fdfeb4df752e1b2aec678e41fa60781bc5e914296227d6b3dfc":"24bdc2cad5dccd2309425f11a24c8c39" +ctr_drbg_validate_reseed_between:"5ef97f7af7df5cc6fa94f8428ec7be5c":"be67434ac4d77f0f50ec5bacc8112d1480bd9f20d6b4ea768d9b51bb69c1dffcd8c30e4412127644aaa6fc453e59fb633f6a5a8c2f69e40d1863e35d4d4c0227":"a64195b1e56cf97fd81e99fa1833d191faf62f534c874def4b8bed0ae7195ac7":"353cd3a8d9cd92bce82cd8d1cc198baa9276db478b0cfe50249e30c3042ee9db":"393ab4726f088fdfeb4df752e1b2aec678e41fa60781bc5e914296227d6b3dfc":"24bdc2cad5dccd2309425f11a24c8c39" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"567130da4e7ecc4db0f035d7ecb11878":"cc070df6aa3623f74afd85b59d1bef2b1fcd9c8093362512ff109ebfe992ed75bd58b5ae1561d702b69065eb3cc0bd328ab698d4c6ca274e96d673309b5df5df":"42033054cefa1f20b3443f8ab7d9635ae8f047b833c8529245ba8b4aa07edba3":"72972fb947bff60df291888ddbfd91e698e0c1c26a346b95fc7c5dac596d0073":"af29b6a13602ba9c6b11f8dbdeb6cb52e211f9cd2fc96e63b61e3c1ec631d2ea":"b0849f8317e043271a3fc5f2eaaaaba2" +ctr_drbg_validate_reseed_between:"567130da4e7ecc4db0f035d7ecb11878":"cc070df6aa3623f74afd85b59d1bef2b1fcd9c8093362512ff109ebfe992ed75bd58b5ae1561d702b69065eb3cc0bd328ab698d4c6ca274e96d673309b5df5df":"42033054cefa1f20b3443f8ab7d9635ae8f047b833c8529245ba8b4aa07edba3":"72972fb947bff60df291888ddbfd91e698e0c1c26a346b95fc7c5dac596d0073":"af29b6a13602ba9c6b11f8dbdeb6cb52e211f9cd2fc96e63b61e3c1ec631d2ea":"b0849f8317e043271a3fc5f2eaaaaba2" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"2c20ae36f1e74542ed8b0a177b8050aa":"c4bf7a39caf26dc3f61311f54ab3095493c626a988f5abee2826c67a4f4b4d6a02329c99a6bcb5e387fa160741c871acc2929c1cc07f2f0a7ce1619eb7da1ec4":"97c148dd10c3dd72b1eaaafbe37a9310ed15b23872e9f2b62d1feb91ea81ffe3":"23df0c30c68bf2eeb55d273a596f1f54ed916271595b906e4f7793b7a52f2573":"22f120fa09215105116919aaf8eebcb69eccd5da42feb737018a05268bf08e46":"b7c73b9ceea2e6ca0be6a3773cdd6886" +ctr_drbg_validate_reseed_between:"2c20ae36f1e74542ed8b0a177b8050aa":"c4bf7a39caf26dc3f61311f54ab3095493c626a988f5abee2826c67a4f4b4d6a02329c99a6bcb5e387fa160741c871acc2929c1cc07f2f0a7ce1619eb7da1ec4":"97c148dd10c3dd72b1eaaafbe37a9310ed15b23872e9f2b62d1feb91ea81ffe3":"23df0c30c68bf2eeb55d273a596f1f54ed916271595b906e4f7793b7a52f2573":"22f120fa09215105116919aaf8eebcb69eccd5da42feb737018a05268bf08e46":"b7c73b9ceea2e6ca0be6a3773cdd6886" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"2076f9e116a2648e1e664b815b1b3674":"979b5aeafe555aeba152ed66e32e30e110df20ee1f227932a72acfb8218aec767941efaefa091c0128dad9b93b06b28fc76e01f275e8ce1c02f0eb567c914f89":"d12fb10b9fa6d2fd0f39cf76294cd44dcbfa80dca7c2f8537c75453d985ef551":"4228a99faf35547a58c1a4d842301dca374f1f13c6fd067b7c1b815863b73158":"a3a7d5f1e2dcf95a90715ec5fd32e7f88c38b0a452b6ccd1f107458db4f74fd6":"8a63a5002a3636b241f0bec14fd9c2ac" +ctr_drbg_validate_reseed_between:"2076f9e116a2648e1e664b815b1b3674":"979b5aeafe555aeba152ed66e32e30e110df20ee1f227932a72acfb8218aec767941efaefa091c0128dad9b93b06b28fc76e01f275e8ce1c02f0eb567c914f89":"d12fb10b9fa6d2fd0f39cf76294cd44dcbfa80dca7c2f8537c75453d985ef551":"4228a99faf35547a58c1a4d842301dca374f1f13c6fd067b7c1b815863b73158":"a3a7d5f1e2dcf95a90715ec5fd32e7f88c38b0a452b6ccd1f107458db4f74fd6":"8a63a5002a3636b241f0bec14fd9c2ac" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a71015cf06ddd0a6cd72fa014cf0aee6":"c810cb9db0f169dbc30fda85ccb6d4c40db68d429eeb3653070db7641fbbaba60ef0ff970eaf40887b7e154e2ecd5331de7004689ec604e69927da630a8dd7a7":"5f99f45d8770041703e5a14521c501904fd05ff3340835ac0c41b86442e4939c":"eb7efa6e46ab926ea04c87eb9ce454f5b10717bd9d85305f27d71bea1bc991b3":"cbc80c6171d098fc81023486d327efe2415a0f32e5fa6f6793ce1d0e98783258":"a353f6b350404f3f7b4fb724f84a948a" +ctr_drbg_validate_reseed_between:"a71015cf06ddd0a6cd72fa014cf0aee6":"c810cb9db0f169dbc30fda85ccb6d4c40db68d429eeb3653070db7641fbbaba60ef0ff970eaf40887b7e154e2ecd5331de7004689ec604e69927da630a8dd7a7":"5f99f45d8770041703e5a14521c501904fd05ff3340835ac0c41b86442e4939c":"eb7efa6e46ab926ea04c87eb9ce454f5b10717bd9d85305f27d71bea1bc991b3":"cbc80c6171d098fc81023486d327efe2415a0f32e5fa6f6793ce1d0e98783258":"a353f6b350404f3f7b4fb724f84a948a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"395931837614c322d8488ec6a2c4c919":"831fc8d63592b6ce358c08aeac39d67c3e48b4c2617735b6fe5e9fa44d7aee9d60f2fcf549db239d5bed9c608c94e8f8c23b32901442ac53442127377bdcf205":"eb261c737c0a17c8cb1ae055c143f701b74c96c852e4a76ca3ea045e7efdf5ee":"153276007b3843a897efbf022bd1bcabcf655c7eb8acef9baac710b339ecfd99":"a8a5cb17a2945e5b41ff370cc88ac498389b89b6cd82bb3bbde81c212f7c17d4":"537fc2b73183d2c0c106886937a6609c" +ctr_drbg_validate_reseed_between:"395931837614c322d8488ec6a2c4c919":"831fc8d63592b6ce358c08aeac39d67c3e48b4c2617735b6fe5e9fa44d7aee9d60f2fcf549db239d5bed9c608c94e8f8c23b32901442ac53442127377bdcf205":"eb261c737c0a17c8cb1ae055c143f701b74c96c852e4a76ca3ea045e7efdf5ee":"153276007b3843a897efbf022bd1bcabcf655c7eb8acef9baac710b339ecfd99":"a8a5cb17a2945e5b41ff370cc88ac498389b89b6cd82bb3bbde81c212f7c17d4":"537fc2b73183d2c0c106886937a6609c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"9a1983859dd6c4cb602970d705952b2b":"68c5cf31f7959ffaa83af9dd55a75ec001befbf835e42a789ac42d39d96128eb6d9b3f07ced15e57e39760390c065fb4425c19ef7184635c18e5ed28256937e1":"e06497a181a5362980579c91d263f630ad4794519a64261ede8b36cf0ac5e713":"714e4fc52aea763e23a1f5b18949ab8fd949f1768560559bccb49d78d51dfab5":"6b6b7f65fd472ad428df2bbb86b85067d0a6f89d9233eea92f5189a9163d0419":"e32af8a81c59dc44540ed8845b447fdb" +ctr_drbg_validate_reseed_between:"9a1983859dd6c4cb602970d705952b2b":"68c5cf31f7959ffaa83af9dd55a75ec001befbf835e42a789ac42d39d96128eb6d9b3f07ced15e57e39760390c065fb4425c19ef7184635c18e5ed28256937e1":"e06497a181a5362980579c91d263f630ad4794519a64261ede8b36cf0ac5e713":"714e4fc52aea763e23a1f5b18949ab8fd949f1768560559bccb49d78d51dfab5":"6b6b7f65fd472ad428df2bbb86b85067d0a6f89d9233eea92f5189a9163d0419":"e32af8a81c59dc44540ed8845b447fdb" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"230576e9518fb9a6a8391a84919b0d97":"6193f0e7b33ce19fde922aec9c93f1271ebcdd296d9c8c77029b59afa2064e3159088e07e91c14a4a3dc23b6005dd8ef1425d7d2ae8282a5b30b7498b6754234":"ffaca30a256d18836a0d49bbaad599a28fc7821d71aa91b97158a492d84a6280":"a3da13852d0717afed7c58c52530d2ae047b645a5e7aa8cfabc11478444151ac":"e15fdaeea31c95555fc509d2a266abf78d86ca11aa2f87ce1041142eb9f82bae":"7906f8da1e140345c191dbc2de5ead1b" +ctr_drbg_validate_reseed_between:"230576e9518fb9a6a8391a84919b0d97":"6193f0e7b33ce19fde922aec9c93f1271ebcdd296d9c8c77029b59afa2064e3159088e07e91c14a4a3dc23b6005dd8ef1425d7d2ae8282a5b30b7498b6754234":"ffaca30a256d18836a0d49bbaad599a28fc7821d71aa91b97158a492d84a6280":"a3da13852d0717afed7c58c52530d2ae047b645a5e7aa8cfabc11478444151ac":"e15fdaeea31c95555fc509d2a266abf78d86ca11aa2f87ce1041142eb9f82bae":"7906f8da1e140345c191dbc2de5ead1b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"e08a3a33adb4399a9be72fead224155f":"cfbe8b1464b00bb9e0d18b04d2040ed9bd822741188812b98a440fbc66ff018ddf6c0ea20c62d01b8237bc7c3da9e3f9fb874fca79a360b4f0f967d8d02083ba":"56f975849197e2eae5a2e6fb445a93c1fadf57280ac27e27c7cbea2cb00c10cc":"0a6d9e2d6e181addab0ea1ee89c65ce557e10fb8e8d43a24cdd27033d3fff507":"823e9400a9f563cc1fa5daf10f4ff1ab8affa18d8371f9cd0e067fcddce8caed":"5ded298f98cffb2e7f5ea97bd50c7e3e" +ctr_drbg_validate_reseed_between:"e08a3a33adb4399a9be72fead224155f":"cfbe8b1464b00bb9e0d18b04d2040ed9bd822741188812b98a440fbc66ff018ddf6c0ea20c62d01b8237bc7c3da9e3f9fb874fca79a360b4f0f967d8d02083ba":"56f975849197e2eae5a2e6fb445a93c1fadf57280ac27e27c7cbea2cb00c10cc":"0a6d9e2d6e181addab0ea1ee89c65ce557e10fb8e8d43a24cdd27033d3fff507":"823e9400a9f563cc1fa5daf10f4ff1ab8affa18d8371f9cd0e067fcddce8caed":"5ded298f98cffb2e7f5ea97bd50c7e3e" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"11c13b917d9f94fd7a008566d8598e89":"f53343a5a455132df3d1b03db39e44d933855b375d7422ad0d07dfdfb352af28946eb29980793456ec8634bf113e75783246bbd05aa8a7cb5886d372fa012f58":"ff1d8d33083023ffbe28f153bddfa9d9f3c221da16f8f20967d2508fa7752b55":"66a98c7d778d798617e1d31d4bdfabf8d381d38b82125838ddf43fb7f5b27dc6":"407c72d7c890c00b249be00a53ae722e5d8033c84b1e1a6a69d4b278ba5db9eb":"67ab88156f20d03b3a1bc363daefc0c6" +ctr_drbg_validate_reseed_between:"11c13b917d9f94fd7a008566d8598e89":"f53343a5a455132df3d1b03db39e44d933855b375d7422ad0d07dfdfb352af28946eb29980793456ec8634bf113e75783246bbd05aa8a7cb5886d372fa012f58":"ff1d8d33083023ffbe28f153bddfa9d9f3c221da16f8f20967d2508fa7752b55":"66a98c7d778d798617e1d31d4bdfabf8d381d38b82125838ddf43fb7f5b27dc6":"407c72d7c890c00b249be00a53ae722e5d8033c84b1e1a6a69d4b278ba5db9eb":"67ab88156f20d03b3a1bc363daefc0c6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"7b95343a4ac0f8c8b2645c33757a3146":"3d7e2987860cbcba14a12594e1a394ee754c9a7a65cecc990bc79b5e86e672e12f8c144d843e1abca46b4759a11b3d29f4e219077a8696efadee618f254cb80a":"16297534a79c4ae7493178226b29e42a6f1e0066aeaee8b5af65bcefa2ee3ebb":"b429ee986f16fb35fe2c47c03c0918870b4560f4ec4678f9df471cbd7ca6a887":"2b14d612eb00c7fba0d8e23bf91df91daef6f8e279e0050d5497ddf0f3466c76":"8f72c17405163090fe0bd795b65811c6" +ctr_drbg_validate_reseed_between:"7b95343a4ac0f8c8b2645c33757a3146":"3d7e2987860cbcba14a12594e1a394ee754c9a7a65cecc990bc79b5e86e672e12f8c144d843e1abca46b4759a11b3d29f4e219077a8696efadee618f254cb80a":"16297534a79c4ae7493178226b29e42a6f1e0066aeaee8b5af65bcefa2ee3ebb":"b429ee986f16fb35fe2c47c03c0918870b4560f4ec4678f9df471cbd7ca6a887":"2b14d612eb00c7fba0d8e23bf91df91daef6f8e279e0050d5497ddf0f3466c76":"8f72c17405163090fe0bd795b65811c6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"327290da2e9a19c840de8d33e425efaa5aa7a7afa4e5a812065965478d640f78520cf3c670b098943fec1914d4c8c411":"80bdf18288cb8adb6e3dacb09c553af2e7317c194d37f433eec27e324a0bad752899bda91fd41e5a08acdfd76007aecabc19c95a8bcede310f7320ce97aaad0e":"":"":"":"c26222662ed3a649a1745dee5df4eef0" +ctr_drbg_validate_reseed_between:"327290da2e9a19c840de8d33e425efaa5aa7a7afa4e5a812065965478d640f78520cf3c670b098943fec1914d4c8c411":"80bdf18288cb8adb6e3dacb09c553af2e7317c194d37f433eec27e324a0bad752899bda91fd41e5a08acdfd76007aecabc19c95a8bcede310f7320ce97aaad0e":"":"":"":"c26222662ed3a649a1745dee5df4eef0" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"be14f473472db07a43b7f9a517735d7f7ede2aa70dbdb729bc4f578a0dce9d7fe9fd97939cd1ef731262417b5213bd7f":"ac71ff53140c1383eb379e5311e37637af933db494e5e689d065661e9095b8302e4174c392f324fac43695d9381e3cf4626a5347938ed9e21502cbd789cca363":"":"":"":"4bab95f9f05fc36a337b6f2582c2ce98" +ctr_drbg_validate_reseed_between:"be14f473472db07a43b7f9a517735d7f7ede2aa70dbdb729bc4f578a0dce9d7fe9fd97939cd1ef731262417b5213bd7f":"ac71ff53140c1383eb379e5311e37637af933db494e5e689d065661e9095b8302e4174c392f324fac43695d9381e3cf4626a5347938ed9e21502cbd789cca363":"":"":"":"4bab95f9f05fc36a337b6f2582c2ce98" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"88c31e24f4f859b668946ce73f8600621a70731440762b3c267ceab52a9d77a23d6f70ddba0e46a786697a906ccb18a3":"bf9bf25a949d447274a8c72f1ae51399521f8aca39b1b37bb7b4d5cf3c67d55ef8dbacfb71aa9c5949416e2868b968883e517215bc20292894f8406ab39c1ea1":"":"":"":"841aaa0b171d1526ef365b9201adbff3" +ctr_drbg_validate_reseed_between:"88c31e24f4f859b668946ce73f8600621a70731440762b3c267ceab52a9d77a23d6f70ddba0e46a786697a906ccb18a3":"bf9bf25a949d447274a8c72f1ae51399521f8aca39b1b37bb7b4d5cf3c67d55ef8dbacfb71aa9c5949416e2868b968883e517215bc20292894f8406ab39c1ea1":"":"":"":"841aaa0b171d1526ef365b9201adbff3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"8545a0de5ea028c8e5976d5b58fa50079b20ba716f0856cc1af7b98537c895f0266b956542d2b8ca661aef5da1f7f8c5":"686f4f9ee74c3402845fbad9353d7dfeff727584d892eb64bd84b764110cbe4ac8581e7e23acb95caf12979983e8947c570264aec292f1c7b756f7184007dcba":"":"":"":"f6d6ae6449b2984df8bcb69584fb16f3" +ctr_drbg_validate_reseed_between:"8545a0de5ea028c8e5976d5b58fa50079b20ba716f0856cc1af7b98537c895f0266b956542d2b8ca661aef5da1f7f8c5":"686f4f9ee74c3402845fbad9353d7dfeff727584d892eb64bd84b764110cbe4ac8581e7e23acb95caf12979983e8947c570264aec292f1c7b756f7184007dcba":"":"":"":"f6d6ae6449b2984df8bcb69584fb16f3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"d6cd4b4fb9105374605deac7bb49ad792eb225daa560f2a86f66269bf9afc2ea01b6ee6f0eb4926d2f09329df6e90d79":"5d1b8fa0ca2ee127d1bd41423c17b9a8c736715cc2906818e9216dfd81b7637b66c89b772b55ae707c6effa2d9ce7425df26f966646ab613d5599143cf51e5e8":"":"":"":"c36ab451116d733eb4377de3511db5ce" +ctr_drbg_validate_reseed_between:"d6cd4b4fb9105374605deac7bb49ad792eb225daa560f2a86f66269bf9afc2ea01b6ee6f0eb4926d2f09329df6e90d79":"5d1b8fa0ca2ee127d1bd41423c17b9a8c736715cc2906818e9216dfd81b7637b66c89b772b55ae707c6effa2d9ce7425df26f966646ab613d5599143cf51e5e8":"":"":"":"c36ab451116d733eb4377de3511db5ce" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"e73ebae0d0834fdff1829ac3d9722fe9f1bc65b5f652fae5f7615af116440e3d5709b5cddd6065d568c246820de46b09":"2026cf7c1b1fe9645ab8759958ac04fb1d8938b9913c3b7f22da81e398b2c00b1921e1d4edb5d21c4531515cb0f9644fe8068685b9fca813176e6780796e8ded":"":"":"":"98d1dce30593de8a8d5b4d956f6c684b" +ctr_drbg_validate_reseed_between:"e73ebae0d0834fdff1829ac3d9722fe9f1bc65b5f652fae5f7615af116440e3d5709b5cddd6065d568c246820de46b09":"2026cf7c1b1fe9645ab8759958ac04fb1d8938b9913c3b7f22da81e398b2c00b1921e1d4edb5d21c4531515cb0f9644fe8068685b9fca813176e6780796e8ded":"":"":"":"98d1dce30593de8a8d5b4d956f6c684b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a53c1813c06b609eff9ddc77204b085ca985f22170b8ecfcbbf45ea11c45c24fcf25bc33150f9f97ce48244d5beb685c":"1d0dd1a87d59c69f28e118e1083d65f1ee0df31f6308a92dcc47503ec4d20a018d9821c6a7d64385724f0e941231426e028efe6d75e53ff8edf095ef1baf2656":"":"":"":"035cec3a24ba7c44e5c19436c2689a75" +ctr_drbg_validate_reseed_between:"a53c1813c06b609eff9ddc77204b085ca985f22170b8ecfcbbf45ea11c45c24fcf25bc33150f9f97ce48244d5beb685c":"1d0dd1a87d59c69f28e118e1083d65f1ee0df31f6308a92dcc47503ec4d20a018d9821c6a7d64385724f0e941231426e028efe6d75e53ff8edf095ef1baf2656":"":"":"":"035cec3a24ba7c44e5c19436c2689a75" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"16d5b8290693a5c40c5a526dd6d653ac54cabb5608d77bb2cb7d6270b96c2fe2de076716ae8cf0a5c781edbde861dc70":"aa82a5ea33439d0c16a1cc13cbae53b169f4d369bcbdae81a9a38129c65ae0ea4f720576c012f8d7eb1c0202003c39d28453a22e502b4949cf5ba23a727721bf":"":"":"":"de4ed9d163d11e9b52470d078df4c869" +ctr_drbg_validate_reseed_between:"16d5b8290693a5c40c5a526dd6d653ac54cabb5608d77bb2cb7d6270b96c2fe2de076716ae8cf0a5c781edbde861dc70":"aa82a5ea33439d0c16a1cc13cbae53b169f4d369bcbdae81a9a38129c65ae0ea4f720576c012f8d7eb1c0202003c39d28453a22e502b4949cf5ba23a727721bf":"":"":"":"de4ed9d163d11e9b52470d078df4c869" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"68bfabdbb821cb978527ff18ce37c96c79ad751756551f36b6991981285a68854ec7f72f548c3395ad3ee40410064d4b":"3da9e9518eb1f1b6268e4597f158844ff672ddb414f7ec23fa66d6c86b90a732a7b3016a3387ec3dbed34eb479413d017932ebf9f2a2fea0b35d2bf4e06718f9":"":"":"":"ec4e3e2b6b8763deb17b8611d1fe7953" +ctr_drbg_validate_reseed_between:"68bfabdbb821cb978527ff18ce37c96c79ad751756551f36b6991981285a68854ec7f72f548c3395ad3ee40410064d4b":"3da9e9518eb1f1b6268e4597f158844ff672ddb414f7ec23fa66d6c86b90a732a7b3016a3387ec3dbed34eb479413d017932ebf9f2a2fea0b35d2bf4e06718f9":"":"":"":"ec4e3e2b6b8763deb17b8611d1fe7953" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"171a74ab694a7d7c2baa3ccf103ad94f11094e07a955ae9ac3bad370f1448753e99b63cc23d1878ab66f94136ec2ecac":"72ebeda7342770d03bc0e531754f946ca5cca684c41f9d089fe9147fad93b6154919c5cb2e6d162fbfde7b9ff0aa590a17993ca6c80bd59eee4134fc2ce944d8":"":"":"":"582ab4f105c3e1fed9593f58fc335fc3" +ctr_drbg_validate_reseed_between:"171a74ab694a7d7c2baa3ccf103ad94f11094e07a955ae9ac3bad370f1448753e99b63cc23d1878ab66f94136ec2ecac":"72ebeda7342770d03bc0e531754f946ca5cca684c41f9d089fe9147fad93b6154919c5cb2e6d162fbfde7b9ff0aa590a17993ca6c80bd59eee4134fc2ce944d8":"":"":"":"582ab4f105c3e1fed9593f58fc335fc3" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"caed30015b34064762591eba9a59f440566a6621832f650572362229e8a38cd0f5d6d322afd8444132056690d6fa5540":"8e27f0dbeae4613bcf0011105f824ed2ecb150a83a0994f8f6607833755216e016fb175e51d42370afe27b11c18477886b530c95bc31bd1c0f8fe00f61fc15a0":"":"":"":"d42787e97147d457f1590c742443ad92" +ctr_drbg_validate_reseed_between:"caed30015b34064762591eba9a59f440566a6621832f650572362229e8a38cd0f5d6d322afd8444132056690d6fa5540":"8e27f0dbeae4613bcf0011105f824ed2ecb150a83a0994f8f6607833755216e016fb175e51d42370afe27b11c18477886b530c95bc31bd1c0f8fe00f61fc15a0":"":"":"":"d42787e97147d457f1590c742443ad92" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"c58d62f8145622cd86cfbda66bc26d2ce4c5610cd9cd1c326b99b60355a6fe751783c07f2cc21ba68f1f20ca70f0ad31":"38a8b685e6bbab67824f4cc72995043ea2854f067f2afaec762c9e78ff9d585a25bc63c8d0d075d06d43f3f694733982d26cbe0648b2d0cf8053918b912c303a":"":"":"":"84001709f15a2fd167c161b5d376d86d" +ctr_drbg_validate_reseed_between:"c58d62f8145622cd86cfbda66bc26d2ce4c5610cd9cd1c326b99b60355a6fe751783c07f2cc21ba68f1f20ca70f0ad31":"38a8b685e6bbab67824f4cc72995043ea2854f067f2afaec762c9e78ff9d585a25bc63c8d0d075d06d43f3f694733982d26cbe0648b2d0cf8053918b912c303a":"":"":"":"84001709f15a2fd167c161b5d376d86d" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"dc9719050d5257152d8a7d60d3ef1fc5b8cb1700bafc7de863c019f244779c464b6214f21a2f6d0aa3ca282007615ce5":"f188a1ba21b1791ebf8a08d8ba555e49423d9178a561bcc1672539c3a7ba1d856eae9922c4d96c181ed045d6f1d15e855690cdae451edac60f1ca2021f1fec57":"":"":"":"7540fed313c96261cac255bf83b5ae99" +ctr_drbg_validate_reseed_between:"dc9719050d5257152d8a7d60d3ef1fc5b8cb1700bafc7de863c019f244779c464b6214f21a2f6d0aa3ca282007615ce5":"f188a1ba21b1791ebf8a08d8ba555e49423d9178a561bcc1672539c3a7ba1d856eae9922c4d96c181ed045d6f1d15e855690cdae451edac60f1ca2021f1fec57":"":"":"":"7540fed313c96261cac255bf83b5ae99" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"ff057781af4a4a1eefeb26ab38f82a2efb6f065de290ebf225bd693dfb1f97455b49143bdb430324c9d945c48824f6cc":"0ddd0f4a43a7b54d9abb0928a2242c378db7a95a0b206baa642afe5cd55108f412f1d727fd591bca2c76355aa62aa8638cfa1916739bc66e02b9459ccd0881ba":"":"":"":"8b6e74a94fcac0d2f212d3594213fbb6" +ctr_drbg_validate_reseed_between:"ff057781af4a4a1eefeb26ab38f82a2efb6f065de290ebf225bd693dfb1f97455b49143bdb430324c9d945c48824f6cc":"0ddd0f4a43a7b54d9abb0928a2242c378db7a95a0b206baa642afe5cd55108f412f1d727fd591bca2c76355aa62aa8638cfa1916739bc66e02b9459ccd0881ba":"":"":"":"8b6e74a94fcac0d2f212d3594213fbb6" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"ef027327e47fc5875c01cb17d798fdc2b27a5c78000727842f8a516f4e8dd34afc167ae145b1e763bebdca51e2f461a7":"128566fe6c5b5595742190519445c25db85ee0ce29371f4cab213400d479d2bfe27655155be0fa237173abb214f0226a2f1770802dd69485adb25e6d837485e1":"":"":"":"76cd1553b2b73d4ef6043a09fb90d679" +ctr_drbg_validate_reseed_between:"ef027327e47fc5875c01cb17d798fdc2b27a5c78000727842f8a516f4e8dd34afc167ae145b1e763bebdca51e2f461a7":"128566fe6c5b5595742190519445c25db85ee0ce29371f4cab213400d479d2bfe27655155be0fa237173abb214f0226a2f1770802dd69485adb25e6d837485e1":"":"":"":"76cd1553b2b73d4ef6043a09fb90d679" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"8e1a59210f876d017109cb90c7d5dd669b375d971266b7320ba8db9bd79b373bcc895974460e08eadd07a00ce7bdade9":"23677c04a2d6ab446b7b3c582a8071654d27859441b10799f08b788378b926ca4306e7cb5c0f9f104c607fbf0c379be49426e53bf5637225b551f0cc694d6593":"19e914ffbc6d872be010d66b17874010ec8b036a3d60d7f7dda5accc6962a542":"bd7a0c09e780e0ad783fd708355b8df77b4454c3d606fb8de053bffa5ecf9021":"d284dc2caf6d214f8909efc9a75297bccfc04353c2788a96f8b752749c7fec0c":"129d256e7db6269e5a0a160d2278f305" +ctr_drbg_validate_reseed_between:"8e1a59210f876d017109cb90c7d5dd669b375d971266b7320ba8db9bd79b373bcc895974460e08eadd07a00ce7bdade9":"23677c04a2d6ab446b7b3c582a8071654d27859441b10799f08b788378b926ca4306e7cb5c0f9f104c607fbf0c379be49426e53bf5637225b551f0cc694d6593":"19e914ffbc6d872be010d66b17874010ec8b036a3d60d7f7dda5accc6962a542":"bd7a0c09e780e0ad783fd708355b8df77b4454c3d606fb8de053bffa5ecf9021":"d284dc2caf6d214f8909efc9a75297bccfc04353c2788a96f8b752749c7fec0c":"129d256e7db6269e5a0a160d2278f305" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #1 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"00674e633670c9971be7af789d37d5a4ef567b3ca4766722cd8f67e09d21cbbfa08d43ea1aa259999c6a307ae6347d62":"ec47b029643f85ea19388b6e9de6ab22705b060ae10cee71262027d0bdff5efd7393af619bc6658612fabc78439a0bd5a01255563a96013fa130dd06fd0f5442":"5b92bce3f87645126daa4704fd7df98b880aa07743a57399b985ad1a00b1f2fc":"8199de1338c688234c77262ef35423f4695b277726c76d8b5f426399c14d83b5":"eb95f5a4d8400cec2d4e0f548b6e92636b5e284fb6b61766a1f35bb9cdc5df0a":"9fbe95817578eb272aa9da2f509c2a06" +ctr_drbg_validate_reseed_between:"00674e633670c9971be7af789d37d5a4ef567b3ca4766722cd8f67e09d21cbbfa08d43ea1aa259999c6a307ae6347d62":"ec47b029643f85ea19388b6e9de6ab22705b060ae10cee71262027d0bdff5efd7393af619bc6658612fabc78439a0bd5a01255563a96013fa130dd06fd0f5442":"5b92bce3f87645126daa4704fd7df98b880aa07743a57399b985ad1a00b1f2fc":"8199de1338c688234c77262ef35423f4695b277726c76d8b5f426399c14d83b5":"eb95f5a4d8400cec2d4e0f548b6e92636b5e284fb6b61766a1f35bb9cdc5df0a":"9fbe95817578eb272aa9da2f509c2a06" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #2 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"2553423c3cb0fae8ca54af56f496e9935d5af4738898f77f789a9bee867dfbc6010c4e5bc68da2b922cdd84eea68e1da":"a9bebd13711c0c22c94b3252654854515a9dc015fe69e688fbac9676b3d77ab67e19b020cd2427ac789ca17f656e499be3ba3ab2075ff95247c6355157eebc79":"e74e45fa28697a06dab08545fde0cc26e7eca31c40aa68ee41c4de402fdcc961":"5aa8abf7062079929d6a131cd3844a5fb6514c07061e25cad67677d867297685":"84819109b2e09b46ba3f5464c34b28ce25a186f0e0fd83fe5fa0ab026c01292a":"3846f3406e49040c48b5cfc9cbc75d1a" +ctr_drbg_validate_reseed_between:"2553423c3cb0fae8ca54af56f496e9935d5af4738898f77f789a9bee867dfbc6010c4e5bc68da2b922cdd84eea68e1da":"a9bebd13711c0c22c94b3252654854515a9dc015fe69e688fbac9676b3d77ab67e19b020cd2427ac789ca17f656e499be3ba3ab2075ff95247c6355157eebc79":"e74e45fa28697a06dab08545fde0cc26e7eca31c40aa68ee41c4de402fdcc961":"5aa8abf7062079929d6a131cd3844a5fb6514c07061e25cad67677d867297685":"84819109b2e09b46ba3f5464c34b28ce25a186f0e0fd83fe5fa0ab026c01292a":"3846f3406e49040c48b5cfc9cbc75d1a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #3 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"856f1371454bb9aa06be897dcda9b295817c6eeb865a9acb3a89d145bfe29ce5e1b3b12b714571afdfaca7951cd47e33":"a691b8bf6a407c93a36d18aeced4c75f76d8397d4ecbcd4e8f820cb393186897f05c1ef668b027fc78ba6da9bd554cc31a467d47b5e534b5340c7799383ec05c":"2c81d1e94b33164a177d0183d182fe7d23ef4f88444246464e58bdd0de38d82c":"1b5dae81c96771bea091521c0973c5af76a03e3624160e2511e57ff43a1d32a9":"bf5878e2bd139f8f058f3d834acd771514da6d4c5b9ef84466e5a4e0e4b2eaaf":"6a5ea73aad476ce201e173d4d5a7ffcc" +ctr_drbg_validate_reseed_between:"856f1371454bb9aa06be897dcda9b295817c6eeb865a9acb3a89d145bfe29ce5e1b3b12b714571afdfaca7951cd47e33":"a691b8bf6a407c93a36d18aeced4c75f76d8397d4ecbcd4e8f820cb393186897f05c1ef668b027fc78ba6da9bd554cc31a467d47b5e534b5340c7799383ec05c":"2c81d1e94b33164a177d0183d182fe7d23ef4f88444246464e58bdd0de38d82c":"1b5dae81c96771bea091521c0973c5af76a03e3624160e2511e57ff43a1d32a9":"bf5878e2bd139f8f058f3d834acd771514da6d4c5b9ef84466e5a4e0e4b2eaaf":"6a5ea73aad476ce201e173d4d5a7ffcc" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #4 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"0436075cf8cf62ce623c2301ebd45203c98282611cfa5a12dd7c04525ffa7eb343a607af2f57feb7ce3af97e0abc2285":"1ab9ada5eeebc3fc8e53f358b643476fcfd4dd9f092f21d2bc1c4bb1ffd01a0c5b207aaa09ff76a9cab0aa6ce62b6a65b2650ab448b8bb2e8696a7aa4b6f4e8d":"62f07d1f49e40f7f472985947ac4d8ef2d58216d918f7942b9c70f43daff8972":"37ae758141fbc890ee7e1d0854426b2984fb1c094677e6a61546e9315bab0898":"353d1dd0c8d8656bc418a6a3ace138ecd62819d4e21b8bd87694ea683ec0cc37":"bfee6bb4afc228da981bfe7f0d17578b" +ctr_drbg_validate_reseed_between:"0436075cf8cf62ce623c2301ebd45203c98282611cfa5a12dd7c04525ffa7eb343a607af2f57feb7ce3af97e0abc2285":"1ab9ada5eeebc3fc8e53f358b643476fcfd4dd9f092f21d2bc1c4bb1ffd01a0c5b207aaa09ff76a9cab0aa6ce62b6a65b2650ab448b8bb2e8696a7aa4b6f4e8d":"62f07d1f49e40f7f472985947ac4d8ef2d58216d918f7942b9c70f43daff8972":"37ae758141fbc890ee7e1d0854426b2984fb1c094677e6a61546e9315bab0898":"353d1dd0c8d8656bc418a6a3ace138ecd62819d4e21b8bd87694ea683ec0cc37":"bfee6bb4afc228da981bfe7f0d17578b" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #5 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"d004a0893bf326d50ee52e04cb3e64409f204f4e9af780d5dd092d04162d088385b1f243000914c62cba3dadf9827c81":"c36004075f5fd078137ea08de6cb15f71aeb9eca21c891cfdf7a8c0d21790c94ffa93be5fa06beb5e82d9fbf173ef9b29c18511fee2455dbbe61d6b01baf024a":"7d313ada131650c7a506d2c194444ed202d568544caa75bbc60e57a0b74c9a10":"791d60238677ff53150cf7074061eac68335c0a7cec7de43ea63a5df0f312cd8":"6754366be264deb9e94f39e92ac2894bd93c1d7e1198d39e6eddccb0ea486f4d":"1c29795f03e3c771603293473e347ab4" +ctr_drbg_validate_reseed_between:"d004a0893bf326d50ee52e04cb3e64409f204f4e9af780d5dd092d04162d088385b1f243000914c62cba3dadf9827c81":"c36004075f5fd078137ea08de6cb15f71aeb9eca21c891cfdf7a8c0d21790c94ffa93be5fa06beb5e82d9fbf173ef9b29c18511fee2455dbbe61d6b01baf024a":"7d313ada131650c7a506d2c194444ed202d568544caa75bbc60e57a0b74c9a10":"791d60238677ff53150cf7074061eac68335c0a7cec7de43ea63a5df0f312cd8":"6754366be264deb9e94f39e92ac2894bd93c1d7e1198d39e6eddccb0ea486f4d":"1c29795f03e3c771603293473e347ab4" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #6 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"9a8c79b48ada409183f7260aa1415c9ee4e0b662e0fb81b5c56f85d76ed75efac5751dd4de7e7f8b53a36ee0dce2bc9e":"c4d68b76dc0e785823be2da9d339dc900132f12721e8a63ebe92e36d740c5a5e5564c367bff4a52bc70b1c60c86f0bcb7c1d99c414956a259963207184f01246":"04c7060f36569a5d9578c718627fc2695e8d783c0c8aefca2744da6664e67c8c":"1d4b7d587421dea4f7f3e77fcf997607ecfeb6e665a9a184138eb5736b16f516":"8cb8daf9cda230d8d39b829b968aaa5f5d3e3106d8b693227ab1b6201b78a7b8":"faa146098526546927a43fa4a5073e46" +ctr_drbg_validate_reseed_between:"9a8c79b48ada409183f7260aa1415c9ee4e0b662e0fb81b5c56f85d76ed75efac5751dd4de7e7f8b53a36ee0dce2bc9e":"c4d68b76dc0e785823be2da9d339dc900132f12721e8a63ebe92e36d740c5a5e5564c367bff4a52bc70b1c60c86f0bcb7c1d99c414956a259963207184f01246":"04c7060f36569a5d9578c718627fc2695e8d783c0c8aefca2744da6664e67c8c":"1d4b7d587421dea4f7f3e77fcf997607ecfeb6e665a9a184138eb5736b16f516":"8cb8daf9cda230d8d39b829b968aaa5f5d3e3106d8b693227ab1b6201b78a7b8":"faa146098526546927a43fa4a5073e46" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #7 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"a0736a5a8b0a394625d8985b05e3a9f277c7ba03b253c0e783359a8c4c086121cb46ea469c7756d5f099f5ee8ed16243":"ea7a046fa1760866bcb37fecf9ade7bcea4444662ea782d6f2820b22a96bab97b4c5adcb0a50ced885121b6b85a5074444b1555d9655f4f6ded31fe15281b30e":"47f3655dd05c42454fad68e330aabca49f27c76ba05ef07b6d77fba41153c0ab":"a5d07da3e399cc51d136096599fcbd9779e839b1fd86f21d7d1e23acd91f9fa7":"150b028b64a988fc1ffdfc9e66b4c8dfe4fcd8538ee976c89923638ebad33802":"6ffdc685169b174ad0dd84cdeed050a7" +ctr_drbg_validate_reseed_between:"a0736a5a8b0a394625d8985b05e3a9f277c7ba03b253c0e783359a8c4c086121cb46ea469c7756d5f099f5ee8ed16243":"ea7a046fa1760866bcb37fecf9ade7bcea4444662ea782d6f2820b22a96bab97b4c5adcb0a50ced885121b6b85a5074444b1555d9655f4f6ded31fe15281b30e":"47f3655dd05c42454fad68e330aabca49f27c76ba05ef07b6d77fba41153c0ab":"a5d07da3e399cc51d136096599fcbd9779e839b1fd86f21d7d1e23acd91f9fa7":"150b028b64a988fc1ffdfc9e66b4c8dfe4fcd8538ee976c89923638ebad33802":"6ffdc685169b174ad0dd84cdeed050a7" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #8 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"d445a3d9332c8577715c1e93f119521bd31a464db08cdbd73d50080d62d5a48fba4cef2dd097ec749973037e33e8d6fa":"da5f9b2db13d0555846c00da96115036bb75ace66d56fc582d6cd0171e3e23335c5c2b8691e58af8899ed0204316479f849ca6f47309cae571ccb42d3d35c166":"79346394f795f05c5a5199423649b8b5345355ef11eb4239db1c767c68afa70a":"c22810de9987b228c19680eb044da22a08032148a6015f358849d6d608a214b9":"7747d68ca8bcb43931f1edce4f8c9727dd56c1d1d2600ad1fb767eb4fbc7b2d6":"f5c40babbec97cb60ba65200e82d7a68" +ctr_drbg_validate_reseed_between:"d445a3d9332c8577715c1e93f119521bd31a464db08cdbd73d50080d62d5a48fba4cef2dd097ec749973037e33e8d6fa":"da5f9b2db13d0555846c00da96115036bb75ace66d56fc582d6cd0171e3e23335c5c2b8691e58af8899ed0204316479f849ca6f47309cae571ccb42d3d35c166":"79346394f795f05c5a5199423649b8b5345355ef11eb4239db1c767c68afa70a":"c22810de9987b228c19680eb044da22a08032148a6015f358849d6d608a214b9":"7747d68ca8bcb43931f1edce4f8c9727dd56c1d1d2600ad1fb767eb4fbc7b2d6":"f5c40babbec97cb60ba65200e82d7a68" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #9 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"2728be06796e2a77c60a401752cd36e4a051724aa3276a146b4b351017eee79c8257398c612fc1129c0e74ecef455cd3":"d663d2cfcddf40ff61377c3811266d927a5dfc7b73cf549e673e5a15f4056ad1f9733c8ed875ff77928284dc1cdb33accc47971d3626615a45b9a16d9baf426e":"62349efbac4a4747d0e92727c67a6bc7f8404cf746002e7d3eeffb9a9be0bbdc":"381c0cffbdfa61a6af3f11ccd0e543208b584c3f520130e33617564ec7a48cf7":"6974043362f834fd793de07ceebd051599163d50489441005afc9db09a9ab44f":"df7894746c599e02d985b195ca3b4863" +ctr_drbg_validate_reseed_between:"2728be06796e2a77c60a401752cd36e4a051724aa3276a146b4b351017eee79c8257398c612fc1129c0e74ecef455cd3":"d663d2cfcddf40ff61377c3811266d927a5dfc7b73cf549e673e5a15f4056ad1f9733c8ed875ff77928284dc1cdb33accc47971d3626615a45b9a16d9baf426e":"62349efbac4a4747d0e92727c67a6bc7f8404cf746002e7d3eeffb9a9be0bbdc":"381c0cffbdfa61a6af3f11ccd0e543208b584c3f520130e33617564ec7a48cf7":"6974043362f834fd793de07ceebd051599163d50489441005afc9db09a9ab44f":"df7894746c599e02d985b195ca3b4863" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #10 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"2b65b56de410ee82e55bd2bf80e6cee356a37c3a3aa7042df45fa750a74e097b071fc18d6eed96523dd4fbb677b8c729":"bf03a6b3e8e23ff53369b971217dc3d3f4c1211329c94847347b3aa77dc7a3e0670381573527844a1ade786f18631944558defffb9a00900ca55f97ec726126b":"59255e5cd2221316c945bd614471df76d5b2f394b8829de82e5c30bc178565e2":"5739bc14f0f2ef9d3393928aee67b0908adaf587650928916d8ae78b0077a3b3":"6b236cf0ee0dba0c92b26c60235d3868715a80c0efbc0c898b6f0b1ace8146e9":"8374b571d7f2d94ce2bdadeb9d815397" +ctr_drbg_validate_reseed_between:"2b65b56de410ee82e55bd2bf80e6cee356a37c3a3aa7042df45fa750a74e097b071fc18d6eed96523dd4fbb677b8c729":"bf03a6b3e8e23ff53369b971217dc3d3f4c1211329c94847347b3aa77dc7a3e0670381573527844a1ade786f18631944558defffb9a00900ca55f97ec726126b":"59255e5cd2221316c945bd614471df76d5b2f394b8829de82e5c30bc178565e2":"5739bc14f0f2ef9d3393928aee67b0908adaf587650928916d8ae78b0077a3b3":"6b236cf0ee0dba0c92b26c60235d3868715a80c0efbc0c898b6f0b1ace8146e9":"8374b571d7f2d94ce2bdadeb9d815397" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #11 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"8756ee2c5e381c7c1dc530748b76a6274ef6583090e555d85210e2356feb2974a8f15119a04e9b481cd3bc557a197b8e":"19705743eaaaa0e8890a0faa2e0df37c820d556c7a45f04d76276f9f9ce2e7c133258ae6d1ba9cdf7745d01745763d18dcd1af2c9e9b0bed2806e60f0f9b636c":"2b4a92b682e9a557466af97b735e2ffdbac3bfc31fd5be2cd212cfbd4b8d690a":"e86504f10317bbeab346f3b9e4b310cbe9fbd81a42054f358eacd08cccab6eff":"19ffad856a6675268cc464ca6fdb8afd0912143e552668528d1484c9a54592cf":"f347fd58aff2999530e258be77591701" +ctr_drbg_validate_reseed_between:"8756ee2c5e381c7c1dc530748b76a6274ef6583090e555d85210e2356feb2974a8f15119a04e9b481cd3bc557a197b8e":"19705743eaaaa0e8890a0faa2e0df37c820d556c7a45f04d76276f9f9ce2e7c133258ae6d1ba9cdf7745d01745763d18dcd1af2c9e9b0bed2806e60f0f9b636c":"2b4a92b682e9a557466af97b735e2ffdbac3bfc31fd5be2cd212cfbd4b8d690a":"e86504f10317bbeab346f3b9e4b310cbe9fbd81a42054f358eacd08cccab6eff":"19ffad856a6675268cc464ca6fdb8afd0912143e552668528d1484c9a54592cf":"f347fd58aff2999530e258be77591701" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #12 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"f58be57e5035d5c455b17a41ccf7542ffd77f5c009e0a737118ed6c4188f78fcbdbe946bf82e1fa50fd81691de82dcf3":"f9939592ab2b31d92ac72673da013a588ea17bbf02cfd6e79d79f8296601633d04ceb005110f266e6100040ef33194858def8b535314c73caa0e48fc4d2f6e2d":"bb1cb21a316d4b88093cbfc7917d614dca97090cdc8bb340d864547cb3e1fef6":"7e42d5439d81680c8edf5c571d548699730cfada33b650a4d510172a42b298bb":"e9e3cf180f72ba2c1a45d0a94b822943612143e0b642398796b0428ae1af6cf5":"d0c83a4bf3517648b441d411ddcb808c" +ctr_drbg_validate_reseed_between:"f58be57e5035d5c455b17a41ccf7542ffd77f5c009e0a737118ed6c4188f78fcbdbe946bf82e1fa50fd81691de82dcf3":"f9939592ab2b31d92ac72673da013a588ea17bbf02cfd6e79d79f8296601633d04ceb005110f266e6100040ef33194858def8b535314c73caa0e48fc4d2f6e2d":"bb1cb21a316d4b88093cbfc7917d614dca97090cdc8bb340d864547cb3e1fef6":"7e42d5439d81680c8edf5c571d548699730cfada33b650a4d510172a42b298bb":"e9e3cf180f72ba2c1a45d0a94b822943612143e0b642398796b0428ae1af6cf5":"d0c83a4bf3517648b441d411ddcb808c" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #13 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"898064243e44ff67151736ce8bb6f1c759cab4aaca9b87543a1ac984ef955cd5db76c1aa56aff83f1f6799f18fe531cc":"b8d6be3036eeb5657fb10766354d4be897bd27973b3530270ccc02a08169a2e437b30a3635eb6ccb310f319257f58d8aa030c8aab616418e0914a46131306a0c":"37572428df5826e6ae5ce95db4ef63f41e908f685204a7b64edb9f473c41e45c":"28beda0e0e346b447d32208c6b4c42dcd567acfe1e483fb4a95ea82cb8ce55a5":"7a0fffa541d723e16340eeb960b1b9c9aae912477e0ebfac03f8f1a3a8bdc531":"611c9f6fc5193dbe3db96cbcd276168a" +ctr_drbg_validate_reseed_between:"898064243e44ff67151736ce8bb6f1c759cab4aaca9b87543a1ac984ef955cd5db76c1aa56aff83f1f6799f18fe531cc":"b8d6be3036eeb5657fb10766354d4be897bd27973b3530270ccc02a08169a2e437b30a3635eb6ccb310f319257f58d8aa030c8aab616418e0914a46131306a0c":"37572428df5826e6ae5ce95db4ef63f41e908f685204a7b64edb9f473c41e45c":"28beda0e0e346b447d32208c6b4c42dcd567acfe1e483fb4a95ea82cb8ce55a5":"7a0fffa541d723e16340eeb960b1b9c9aae912477e0ebfac03f8f1a3a8bdc531":"611c9f6fc5193dbe3db96cbcd276168a" CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #14 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate_nopr:"50de72903b9d99764123ffaa0c721e14ad1ab5c46a34c040f25324ba1d937b8ef10467161fcf2978c2a680ac5570c6d2":"5c9954fd0143e62c3bf2d5734052e3c9370f7b9d75c70f58fe33b12e3997ee2c8db84f8467affd7cfd9a9e7ec60da6f31bf9bf32aedf644e4934bd1fc916bc8d":"d5dc4c9fc7171fcbfdaead558a565ffd55d245a58b22ad1666ee05131e33f49e":"ea3114e92e6a19f53b207a0a54cd363a6d053fed0a827f92556f0a8580f7a342":"53686f069b455af4692888d11fac15cf7b4bd38e198de4e62b7098f875198a75":"9fb0df053e0345e5640aa97fedef50a6" +ctr_drbg_validate_reseed_between:"50de72903b9d99764123ffaa0c721e14ad1ab5c46a34c040f25324ba1d937b8ef10467161fcf2978c2a680ac5570c6d2":"5c9954fd0143e62c3bf2d5734052e3c9370f7b9d75c70f58fe33b12e3997ee2c8db84f8467affd7cfd9a9e7ec60da6f31bf9bf32aedf644e4934bd1fc916bc8d":"d5dc4c9fc7171fcbfdaead558a565ffd55d245a58b22ad1666ee05131e33f49e":"ea3114e92e6a19f53b207a0a54cd363a6d053fed0a827f92556f0a8580f7a342":"53686f069b455af4692888d11fac15cf7b4bd38e198de4e62b7098f875198a75":"9fb0df053e0345e5640aa97fedef50a6" CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0) block 1 #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY @@ -1056,11 +1056,11 @@ ctr_drbg_validate_no_reseed:"7ee2614ead3c128e":"8b80936e69c67edb771c28f9b9452124 CTR_DRBG CAVS 14.3 (AES-256 use df,False,256,128,0,0) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate:RESEED_FIRST:"0bf814b411f65ec4866be1abb59d3c32":32:"2d4c9f46b981c6a0b2b5d8c69391e569ff13851437ebc0fc00d616340252fed593500fae4fa32b86033b7a7bac9d37e710dcc67ca266bc8607d665937766d207":"":"":"":"322dd28670e75c0ea638f3cb68d6a9d6e50ddfd052b772a7b1d78263a7b8978b6740c2b65a9550c3a76325866fa97e16d74006bc96f26249b9f0a90d076f08e5" +ctr_drbg_validate_reseed_first:"0bf814b411f65ec4866be1abb59d3c32":"2d4c9f46b981c6a0b2b5d8c69391e569ff13851437ebc0fc00d616340252fed593500fae4fa32b86033b7a7bac9d37e710dcc67ca266bc8607d665937766d207":"":"":"":"322dd28670e75c0ea638f3cb68d6a9d6e50ddfd052b772a7b1d78263a7b8978b6740c2b65a9550c3a76325866fa97e16d74006bc96f26249b9f0a90d076f08e5" CTR_DRBG CAVS 14.3 (AES-128 use df,False,128,64,0,0) #0 depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -ctr_drbg_validate:RESEED_FIRST:"5209e5b4ed82a234":16:"0f65da13dca407999d4773c2b4a11d851dea0a12c52bf64339dd291c80d8ca89":"":"":"":"2859cc468a76b08661ffd23b28547ffd0997ad526a0f51261b99ed3a37bd407bf418dbe6c6c3e26ed0ddefcb7474d899bd99f3655427519fc5b4057bcaf306d4" +ctr_drbg_validate_reseed_first:"5209e5b4ed82a234":"0f65da13dca407999d4773c2b4a11d851dea0a12c52bf64339dd291c80d8ca89":"":"":"":"2859cc468a76b08661ffd23b28547ffd0997ad526a0f51261b99ed3a37bd407bf418dbe6c6c3e26ed0ddefcb7474d899bd99f3655427519fc5b4057bcaf306d4" CTR_DRBG CAVS 14.3 (AES-256 use df,True,256,128,0,0) #0 depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index f0465d382..f6b091574 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -12,8 +12,8 @@ enum reseed_mode RESEED_ALWAYS /* prediction resistance, no explicit reseed */ }; -static size_t test_offset_idx; -static size_t test_max_idx; +static size_t test_offset_idx = 0; +static size_t test_max_idx = 0; static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len ) { const unsigned char *p = (unsigned char *) data; @@ -24,7 +24,7 @@ static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len return( 0 ); } -static int ctr_drbg_validate_internal( int reseed_mode, data_t * nonce, +static void ctr_drbg_validate_internal( int reseed_mode, data_t * nonce, int entropy_len_arg, data_t * entropy, data_t * reseed, data_t * add1, data_t * add2, @@ -35,13 +35,15 @@ static int ctr_drbg_validate_internal( int reseed_mode, data_t * nonce, size_t entropy_chunk_len = (size_t) entropy_len_arg; + TEST_ASSERT( entropy_chunk_len <= sizeof( buf ) ); + test_offset_idx = 0; mbedtls_ctr_drbg_init( &ctx ); test_max_idx = entropy->len; - /* CTR_DRBG_Instantiate(entropy[:entropy_len], nonce, perso, ) - * where nonce||perso = nonce[nonce_len] */ + /* CTR_DRBG_Instantiate(entropy[:entropy->len], nonce, perso, ) + * where nonce||perso = nonce[nonce->len] */ TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy->x, @@ -54,14 +56,14 @@ static int ctr_drbg_validate_internal( int reseed_mode, data_t * nonce, if( reseed_mode == RESEED_FIRST ) { - /* CTR_DRBG_Reseed(entropy[idx:idx+entropy_len], - * reseed[:reseed_len]) */ + /* CTR_DRBG_Reseed(entropy[idx:idx+entropy->len], + * reseed[:reseed->len]) */ TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, reseed->x, reseed->len ) == 0 ); } - /* CTR_DRBG_Generate(result->len * 8 bits, add1[:add1_len]) -> buf */ + /* CTR_DRBG_Generate(result->len * 8 bits, add1[:add1->len]) -> buf */ /* Then reseed if prediction resistance is enabled. */ TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, @@ -71,8 +73,8 @@ static int ctr_drbg_validate_internal( int reseed_mode, data_t * nonce, if( reseed_mode == RESEED_SECOND ) { - /* CTR_DRBG_Reseed(entropy[idx:idx+entropy_len], - * reseed[:reseed_len]) */ + /* CTR_DRBG_Reseed(entropy[idx:idx+entropy->len], + * reseed[:reseed->len]) */ TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, reseed->x, reseed->len ) == 0 ); @@ -88,7 +90,6 @@ static int ctr_drbg_validate_internal( int reseed_mode, data_t * nonce, exit: mbedtls_ctr_drbg_free( &ctx ); - return 0; } /* END_HEADER */ @@ -131,19 +132,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ -void ctr_drbg_validate( int reseed_mode, data_t * nonce, - int entropy_len_arg, data_t * entropy, - data_t * reseed, - data_t * add1, data_t * add2, - data_t * result_string ) -{ - TEST_ASSERT( ctr_drbg_validate_internal( reseed_mode, nonce, - entropy_len_arg, entropy, - reseed, add1, - add2, result_string) == 0 ); -} -/* END_CASE */ /* BEGIN_CASE */ void ctr_drbg_validate_no_reseed( data_t * add_init, data_t * entropy, @@ -151,10 +139,11 @@ void ctr_drbg_validate_no_reseed( data_t * add_init, data_t * entropy, data_t * result_string ) { data_t empty = {0}; - TEST_ASSERT( ctr_drbg_validate_internal( RESEED_NEVER, add_init, - entropy->len, entropy, - &empty, add1, add2, - result_string ) == 0); + ctr_drbg_validate_internal( RESEED_NEVER, add_init, + entropy->len, entropy, + &empty, add1, add2, + result_string ); + goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -164,25 +153,42 @@ void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy, data_t * result_string ) { data_t empty = {0}; - TEST_ASSERT( ctr_drbg_validate_internal( RESEED_ALWAYS, add_init, - entropy->len / 3, entropy, - &empty, add1, add2, - result_string ) == 0); + ctr_drbg_validate_internal( RESEED_ALWAYS, add_init, + entropy->len / 3, entropy, + &empty, add1, add2, + result_string ); + goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ /* BEGIN_CASE */ -void ctr_drbg_validate_nopr( data_t * add_init, data_t * entropy, +void ctr_drbg_validate_reseed_between( data_t * add_init, data_t * entropy, data_t * add1, data_t * add_reseed, data_t * add2, data_t * result_string ) { - TEST_ASSERT( ctr_drbg_validate_internal( RESEED_SECOND, add_init, - entropy->len / 2, entropy, - add_reseed, add1, add2, - result_string ) == 0); + ctr_drbg_validate_internal( RESEED_SECOND, add_init, + entropy->len / 2, entropy, + add_reseed, add1, add2, + result_string ); + goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ +/* BEGIN_CASE */ +void ctr_drbg_validate_reseed_first( data_t * add_init, data_t * entropy, + data_t * add1, data_t * add_reseed, + data_t * add2, data_t * result_string ) +{ + ctr_drbg_validate_internal( RESEED_FIRST, add_init, + entropy->len / 2, entropy, + add_reseed, add1, add2, + result_string ); + goto exit; // goto is needed to avoid warning ( no test assertions in func) +} +/* END_CASE */ + + + /* BEGIN_CASE */ void ctr_drbg_entropy_usage( ) { From e46c329377cdcbf7022dfd403541f31db6815bf2 Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Wed, 29 Aug 2018 23:39:58 +0300 Subject: [PATCH 188/368] restore missing operation to CMakeLists.txt --- CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 34710015d..99bf31f1f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -46,6 +46,7 @@ set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}" "${CTR_DRBG_128_BIT_KEY_WARN_L3}" "${WARNING_BORDER}") +find_package(PythonInterp) find_package(Perl) if(PERL_FOUND) From acedc91f8f6dca3a547583ff14c9d503e9741ac7 Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Wed, 29 Aug 2018 23:57:45 +0300 Subject: [PATCH 189/368] Fix build issue on clang --- tests/suites/test_suite_ctr_drbg.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index f6b091574..f10e98aa5 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -138,7 +138,7 @@ void ctr_drbg_validate_no_reseed( data_t * add_init, data_t * entropy, data_t * add1, data_t * add2, data_t * result_string ) { - data_t empty = {0}; + data_t empty = { 0, 0 }; ctr_drbg_validate_internal( RESEED_NEVER, add_init, entropy->len, entropy, &empty, add1, add2, @@ -152,7 +152,7 @@ void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy, data_t * add1, data_t * add2, data_t * result_string ) { - data_t empty = {0}; + data_t empty = { 0, 0 }; ctr_drbg_validate_internal( RESEED_ALWAYS, add_init, entropy->len / 3, entropy, &empty, add1, add2, From e1b82ad25f57138eeb291993eec50ab163b97a63 Mon Sep 17 00:00:00 2001 From: irwir Date: Thu, 30 Aug 2018 11:57:09 +0300 Subject: [PATCH 190/368] Added spaces after type casts `(void) TimerContext;` seems more consistent with the current style than ((void) TimerContext); No objections to changing this if necessary. --- library/timing.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/timing.c b/library/timing.c index db186ee29..af27088a0 100644 --- a/library/timing.c +++ b/library/timing.c @@ -269,7 +269,7 @@ static DWORD alarmMs; static void TimerProc( void *TimerContext ) { - (void)TimerContext; + (void) TimerContext; Sleep( alarmMs ); mbedtls_timing_alarmed = 1; // Implicit call of _endthread() is better (see MS online docs) @@ -287,7 +287,7 @@ void mbedtls_set_alarm( int seconds ) mbedtls_timing_alarmed = 0; alarmMs = seconds * 1000; - (void)_beginthread( TimerProc, 0, NULL ); + (void) _beginthread( TimerProc, 0, NULL ); } #else /* _WIN32 && !EFIX64 && !EFI32 */ From da642d98c02cd89d6e6f80f9387a389e30d1f64a Mon Sep 17 00:00:00 2001 From: irwir Date: Fri, 31 Aug 2018 15:14:54 +0300 Subject: [PATCH 191/368] Implicit _endthread call: comment changed --- library/timing.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/timing.c b/library/timing.c index af27088a0..25cb70d78 100644 --- a/library/timing.c +++ b/library/timing.c @@ -272,7 +272,8 @@ static void TimerProc( void *TimerContext ) (void) TimerContext; Sleep( alarmMs ); mbedtls_timing_alarmed = 1; - // Implicit call of _endthread() is better (see MS online docs) + /* _endthread will be called implicitly on return + * That ensures execution of thread funcition's epilogue */ } void mbedtls_set_alarm( int seconds ) From c1eda67fac62288015afdc207a6e5a1b13e2891f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Sep 2018 10:41:49 +0200 Subject: [PATCH 192/368] Disable fragmentation tests with openssl bugs While making the initial commit, I thought $OPENSSL_LEGACY was not affect by this bug, but it turns out I was wrong. All versions of OpenSSL installed on the CI are. Therefore, the corresponding tests are disabled for the same reason as the gnutls-cli tests above it. This commit is only about the tests that were added in the recent fragmentation work. One of those two tests had a particularly annoying mode of failure: it failed consistently with seed=1 (use in the release version of all.sh), once #1951 was applied. This has nothing particular to do with #1951, except that by changing retransmission behaviour 1951 made the proxy run into a path that triggered the OpenSSL bug with this seed, while it previously did that only with other seeds. Other 3d interop test are also susceptible to triggering this OpenSSL bug or others (or bugs in GnuTLS), but they are left untouched by this commit as: - they were pre-existing to the recent DTLS branches; - they don't seem to have the particularly annoying seed=1 mode of failure. However it's probably desirable to do something about them at some point in the future. --- tests/ssl-opt.sh | 48 +++++++++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 227d04280..abb602307 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5746,13 +5746,11 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \ 0 \ -s "fragmenting handshake message" -## Interop test with OpenSSL might triger a bug in recent versions (that -## probably won't be fixed before 1.1.1X), so we use an old version that -## doesn't have this bug, but unfortunately it doesn't have support for DTLS -## 1.2 either, so the DTLS 1.2 tests are commented for now. +## Interop test with OpenSSL might trigger a bug in recent versions (including +## all versions installed on the CI machines), reported here: ## Bug report: https://github.com/openssl/openssl/issues/6902 -## They should be re-enabled (and the DTLS 1.0 switched back to a non-legacy -## version of OpenSSL once a fixed version of OpenSSL is available) +## They should be re-enabled once a fixed version of OpenSSL is available +## (this should happen in some 1.1.1_ release according to the ticket). skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C @@ -5770,7 +5768,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -c "fragmenting handshake message" \ -C "error" -requires_openssl_legacy +skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -5778,7 +5776,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 client_needs_more_time 4 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ - "$O_LEGACY_SRV -dtls1 -verify 10" \ + "$O_SRV -dtls1 -verify 10" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ @@ -5787,25 +5785,25 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \ -c "fragmenting handshake message" \ -C "error" -## see comment on the previous-previous test -## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -## requires_config_enabled MBEDTLS_RSA_C -## requires_config_enabled MBEDTLS_ECDSA_C -## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -## client_needs_more_time 4 -## run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ -## -p "$P_PXY drop=8 delay=8 duplicate=8" \ -## "$P_SRV dtls=1 debug_level=2 \ -## crt_file=data_files/server7_int-ca.crt \ -## key_file=data_files/server7.key \ -## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ -## "$O_CLI -dtls1_2" \ -## 0 \ -## -s "fragmenting handshake message" +skip_next_test +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +client_needs_more_time 4 +run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ + -p "$P_PXY drop=8 delay=8 duplicate=8" \ + "$P_SRV dtls=1 debug_level=2 \ + crt_file=data_files/server7_int-ca.crt \ + key_file=data_files/server7.key \ + hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ + "$O_CLI -dtls1_2" \ + 0 \ + -s "fragmenting handshake message" # -nbio is added to prevent s_client from blocking in case of duplicated # messages at the end of the handshake -requires_openssl_legacy +skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -5817,7 +5815,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ hs_timeout=250-60000 mtu=512 force_version=dtls1" \ - "$O_LEGACY_CLI -nbio -dtls1" \ + "$O_CLI -nbio -dtls1" \ 0 \ -s "fragmenting handshake message" From 82986c10151db8da37b63165d62b9c55a15f9c6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Sep 2018 10:50:21 +0200 Subject: [PATCH 193/368] Disable 3d test with no good openssl version While these tests and the issue with it are pre-existing: - we previously didn't understand that the issue was an openssl bug - failures seem to have become more frequent since the recent changes So let's disable these fragile tests in order to get a clean CI. We still have the tests against gnutls-serv for interop testing. --- tests/ssl-opt.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index abb602307..1b0921ee7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6250,6 +6250,12 @@ run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" +## Interop tests with OpenSSL might trigger a bug in recent versions (including +## all versions installed on the CI machines), reported here: +## Bug report: https://github.com/openssl/openssl/issues/6902 +## They should be re-enabled once a fixed version of OpenSSL is available +## (this should happen in some 1.1.1_ release according to the ticket). +skip_next_test client_needs_more_time 6 not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server" \ @@ -6259,6 +6265,7 @@ run_test "DTLS proxy: 3d, openssl server" \ 0 \ -c "HTTP/1.0 200 OK" +skip_next_test # see above client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server, fragmentation" \ @@ -6268,6 +6275,7 @@ run_test "DTLS proxy: 3d, openssl server, fragmentation" \ 0 \ -c "HTTP/1.0 200 OK" +skip_next_test # see above client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ From 521e8a9d2d2b6856f1e1bd38e876518d3dc82f4d Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Mon, 3 Sep 2018 14:10:52 +0300 Subject: [PATCH 194/368] Fix to comment to correct module description the CTR-DRBG module will now support AES-128 as well as AES-256 --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 58b2f2593..dbcfb57f0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2027,7 +2027,7 @@ * * Requires: MBEDTLS_AES_C * - * This module provides the CTR_DRBG AES-256 random number generator. + * This module provides the CTR_DRBG AES random number generator. */ #define MBEDTLS_CTR_DRBG_C From 43e4ff0377a0bdb63f878db15fc76bdb521f042b Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Mon, 3 Sep 2018 14:15:46 +0300 Subject: [PATCH 195/368] Make definitions easier to understand 1. removed if !defined to make things clearer 2. changed comments respectively --- include/mbedtls/ctr_drbg.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index f08a9798c..c91ca58b3 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -49,11 +49,12 @@ #define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ -#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) /* Use default 256-bit key for CTR_DRBG. */ -#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */ +#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) +#define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher (compile-time choice: 128 bits). */ #else -#define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher. */ +#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher (compile-time choice: 256 bits). */ #endif + #define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */ #define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */ From c2f948b6c6f1bea1bb0d4a1335ef6a9ea4780f6c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:21:44 +0100 Subject: [PATCH 196/368] Fix grammar in docs for MBEDTLS_HAVE_TIME_DATE --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ff123560c..ba7e5d3c0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -146,7 +146,7 @@ * Comment if your system does not have a correct clock. * * \note mbedtls_platform_gmtime() is an abstraction in platform_util.h that - * when called behaves similar to the gmtime() function from the C standard, + * when called behaves similarly to the gmtime() function from the C standard, * but is thread safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for * POSIX and gmtime_s() for Windows). If this is not possible, then gmtime() From e9b10b21f11a84a8fbf74ce663935c7caea563fa Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:25:30 +0100 Subject: [PATCH 197/368] Define _POSIX_C_SOURCE in threading.c before POSIX detection --- library/threading.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/threading.c b/library/threading.c index 3d7f61b2e..c22a1dadc 100644 --- a/library/threading.c +++ b/library/threading.c @@ -19,6 +19,12 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +/* + * Ensure gmtime_r is available even with -std=c99; must be included before + * config.h, which pulls in glibc's features.h. Harmless on other platforms. + */ +#define _POSIX_C_SOURCE 200112L + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else From 209960611f6212004f89215091246a1882e22fe9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:27:56 +0100 Subject: [PATCH 198/368] Use gmtime_s() for IAR --- library/platform_util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/platform_util.c b/library/platform_util.c index 68d2522b5..e440e5a55 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -88,6 +88,8 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, { #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); +#elif defined(__IAR_SYSTEMS_ICC__) + return( gmtime_s( tt, tm_buf ) ); #elif !defined(PLATFORM_UTIL_USE_GMTIME) return( gmtime_r( tt, tm_buf ) ); #else From 8c9a620fb6a8cd5504d757abd19aabf8453531bd Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:30:28 +0100 Subject: [PATCH 199/368] Fix missing word in ChangeLog entry for gmtime() --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5aa54e57c..dce8f5ff8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,8 +13,8 @@ API Changes Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890 - * Fix build failures on where only gmtime() is available but neither - gmtime_r() nor gmtime_s() are present. Fixes #1907. + * Fix build failures on platforms where only gmtime() is available but + neither gmtime_r() nor gmtime_s() are present. Fixes #1907. = mbed TLS 2.12.0 branch released 2018-07-25 From ca04a01bb8599eeca77d6f426a65aba7e9b8b0a3 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:43:57 +0100 Subject: [PATCH 200/368] Document shorthand gmtime macros --- include/mbedtls/threading.h | 11 ++++++++--- library/platform_util.c | 13 ++++++++++--- library/threading.c | 13 ++++++++++--- 3 files changed, 28 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 070715259..e613be9c2 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -100,13 +100,18 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif #if defined(MBEDTLS_HAVE_TIME_DATE) -#if !defined(_WIN32) && (defined(__unix__) || \ - (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ + defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS +/* + * The preprocessor conditions above are the same as in platform_utils.c and + * threading.c. Remember to update the code there when changing the conditions + * here + */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE */ #endif /* MBEDTLS_THREADING_C */ diff --git a/library/platform_util.c b/library/platform_util.c index e440e5a55..2dd530d1d 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -75,13 +75,20 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) #include -#if !defined(_WIN32) && (defined(__unix__) || \ - (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ + defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS +/* + * This is a convenience shorthand macro to avoid checking the long + * preprocessor conditions above. Ideally, we could expose this macro in + * platform_utils.h and simply use it in platform_utils.c, threading.c and + * threading.h. However, this macro is not part of the Mbed TLS public API, so + * we keep it private by only definining it in this file + */ #define PLATFORM_UTIL_USE_GMTIME #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, struct tm *tm_buf ) diff --git a/library/threading.c b/library/threading.c index c22a1dadc..f7bca0fec 100644 --- a/library/threading.c +++ b/library/threading.c @@ -35,13 +35,20 @@ #include "mbedtls/threading.h" -#if !defined(_WIN32) && (defined(__unix__) || \ - (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ + defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS +/* + * This is a convenience shorthand macro to avoid checking the long + * preprocessor conditions above. Ideally, we could expose this macro in + * platform_utils.h and simply use it in platform_utils.c, threading.c and + * threading.h. However, this macro is not part of the Mbed TLS public API, so + * we keep it private by only definining it in this file + */ #define THREADING_USE_GMTIME #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) From 193fe893a696b624ce2348b608e458adb14c87af Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:47:33 +0100 Subject: [PATCH 201/368] Add missing _POSIX_C_SOURCE define in threading.h --- include/mbedtls/threading.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index e613be9c2..71538c07a 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_THREADING_H #define MBEDTLS_THREADING_H +/* + * Ensure gmtime_r is available even with -std=c99; must be included before + * config.h, which pulls in glibc's features.h. Harmless on other platforms. + */ +#define _POSIX_C_SOURCE 200112L + #if !defined(MBEDTLS_CONFIG_FILE) #include "config.h" #else From 3c9733a0a3a18b1381dfeaa7e6bc07457672f9cc Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:52:07 +0100 Subject: [PATCH 202/368] Fix typo in comment for gmtime macro defines --- library/platform_util.c | 2 +- library/threading.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index 2dd530d1d..89f132ae9 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -84,7 +84,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) * preprocessor conditions above. Ideally, we could expose this macro in * platform_utils.h and simply use it in platform_utils.c, threading.c and * threading.h. However, this macro is not part of the Mbed TLS public API, so - * we keep it private by only definining it in this file + * we keep it private by only defining it in this file */ #define PLATFORM_UTIL_USE_GMTIME #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ diff --git a/library/threading.c b/library/threading.c index f7bca0fec..0496b976a 100644 --- a/library/threading.c +++ b/library/threading.c @@ -44,7 +44,7 @@ * preprocessor conditions above. Ideally, we could expose this macro in * platform_utils.h and simply use it in platform_utils.c, threading.c and * threading.h. However, this macro is not part of the Mbed TLS public API, so - * we keep it private by only definining it in this file + * we keep it private by only defining it in this file */ #define THREADING_USE_GMTIME #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ From c29c34c1b4bc4f3036cf45a4fda3a044fd9e4efa Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:54:40 +0100 Subject: [PATCH 203/368] Improve wording of gmtime feature in ChangeLog --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index dce8f5ff8..093a42bc1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,8 +7,8 @@ API Changes whose implementation should behave as a thread safe version of gmtime(). This allows users to configure such an implementation at compile time when the target system cannot be deduced automatically. At this stage Mbed TLS - is only able to configure implementations for Windows and POSIX C - libraries. + is only able to automtically select implementations for Windows and POSIX + C libraries. Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if From e58088edb9c9bbea6c70ed40c88205c4de4a6774 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:55:49 +0100 Subject: [PATCH 204/368] Clarify docs for MBEDTLS_HAVE_TIME_DATE --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ba7e5d3c0..f4c8ecff9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -137,8 +137,8 @@ /** * \def MBEDTLS_HAVE_TIME_DATE * - * System has time.h, time(), an implementation for mbedtls_platform_gmtime(), - * and the clock is correct. + * System has time.h, time(), an implementation for mbedtls_platform_gmtime() + * (see below), and the clock is correct. * The time needs to be correct (not necesarily very accurate, but at least * the date should be correct). This is used to verify the validity period of * X.509 certificates. From 433f911e59162c6356955ff1e8ef8d28ab2a5ea1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 12:01:57 +0100 Subject: [PATCH 205/368] Check for IAR in gmtime macros --- include/mbedtls/threading.h | 8 +++++--- library/platform_util.c | 8 +++++--- library/threading.c | 8 +++++--- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 71538c07a..dc724eee2 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -106,8 +106,9 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif #if defined(MBEDTLS_HAVE_TIME_DATE) -#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ - defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ + defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ + defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS /* @@ -117,7 +118,8 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE */ #endif /* MBEDTLS_THREADING_C */ diff --git a/library/platform_util.c b/library/platform_util.c index 89f132ae9..9bcf15e6a 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -75,8 +75,9 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) #include -#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ - defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ + defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ + defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS /* @@ -88,7 +89,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) */ #define PLATFORM_UTIL_USE_GMTIME #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, struct tm *tm_buf ) diff --git a/library/threading.c b/library/threading.c index 0496b976a..7231f2f9b 100644 --- a/library/threading.c +++ b/library/threading.c @@ -35,8 +35,9 @@ #include "mbedtls/threading.h" -#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ - defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ + defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ + defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS /* @@ -48,7 +49,8 @@ */ #define THREADING_USE_GMTIME #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) From 45e30201a4c2c31bbc92d556817cdf4b092a4619 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 12:05:59 +0100 Subject: [PATCH 206/368] Document that IAR gmtime_s() is auto selected --- ChangeLog | 4 ++-- include/mbedtls/config.h | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 093a42bc1..1ba5f0e00 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,8 +7,8 @@ API Changes whose implementation should behave as a thread safe version of gmtime(). This allows users to configure such an implementation at compile time when the target system cannot be deduced automatically. At this stage Mbed TLS - is only able to automtically select implementations for Windows and POSIX - C libraries. + is only able to automatically select implementations for Windows, POSIX + C libraries and IAR. Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f4c8ecff9..cbf8f58aa 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -149,9 +149,9 @@ * when called behaves similarly to the gmtime() function from the C standard, * but is thread safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for - * POSIX and gmtime_s() for Windows). If this is not possible, then gmtime() - * will be used. Refer to the documentation for mbedtls_platform_gmtime() for - * more information. + * POSIX and gmtime_s() for Windows and IAR). If this is not possible, then + * gmtime() will be used. Refer to the documentation for + * mbedtls_platform_gmtime() for more information. * * \note It is possible to configure an implementation for * mbedtls_platform_gmtime() at compile-time by using the macro From 94b540ac63c0c8d9d87edff9772dc7754bd4d220 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 12:27:32 +0100 Subject: [PATCH 207/368] Avoid redefining _POSIX_C_SOURCE --- include/mbedtls/threading.h | 2 ++ library/platform_util.c | 2 ++ library/threading.c | 2 ++ 3 files changed, 6 insertions(+) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index dc724eee2..1b13deb3e 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -28,7 +28,9 @@ * Ensure gmtime_r is available even with -std=c99; must be included before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ +#if !defined(_POSIX_C_SOURCE) #define _POSIX_C_SOURCE 200112L +#endif #if !defined(MBEDTLS_CONFIG_FILE) #include "config.h" diff --git a/library/platform_util.c b/library/platform_util.c index 9bcf15e6a..6a5feb321 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -24,7 +24,9 @@ * Ensure gmtime_r is available even with -std=c99; must be included before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ +#if !defined(_POSIX_C_SOURCE) #define _POSIX_C_SOURCE 200112L +#endif #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" diff --git a/library/threading.c b/library/threading.c index 7231f2f9b..c1834bace 100644 --- a/library/threading.c +++ b/library/threading.c @@ -23,7 +23,9 @@ * Ensure gmtime_r is available even with -std=c99; must be included before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ +#if !defined(_POSIX_C_SOURCE) #define _POSIX_C_SOURCE 200112L +#endif #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" From cfeb70c6b98d489dd3a7de5b1523abe44ccd5793 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 13:50:22 +0100 Subject: [PATCH 208/368] gmtime: Remove special treatment for IAR Previous commits attempted to use `gmtime_s()` for IAR systems; however, this attempt depends on the use of C11 extensions which lead to incompatibility with other pieces of the library, such as the use of `memset()` which is being deprecated in favor of `memset_s()` in C11. --- ChangeLog | 4 ++-- include/mbedtls/threading.h | 4 ++-- library/platform_util.c | 6 ++---- library/threading.c | 4 ++-- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1ba5f0e00..0a60f70fe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,8 +7,8 @@ API Changes whose implementation should behave as a thread safe version of gmtime(). This allows users to configure such an implementation at compile time when the target system cannot be deduced automatically. At this stage Mbed TLS - is only able to automatically select implementations for Windows, POSIX - C libraries and IAR. + is only able to automatically select implementations for Windows and POSIX + C libraries. Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 1b13deb3e..a65eefa92 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -108,7 +108,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif #if defined(MBEDTLS_HAVE_TIME_DATE) -#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ +#if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include @@ -120,7 +120,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || +#endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE */ #endif /* MBEDTLS_THREADING_C */ diff --git a/library/platform_util.c b/library/platform_util.c index 6a5feb321..c248cf529 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -77,7 +77,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) #include -#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ +#if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include @@ -91,7 +91,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) */ #define PLATFORM_UTIL_USE_GMTIME #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || +#endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, @@ -99,8 +99,6 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, { #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); -#elif defined(__IAR_SYSTEMS_ICC__) - return( gmtime_s( tt, tm_buf ) ); #elif !defined(PLATFORM_UTIL_USE_GMTIME) return( gmtime_r( tt, tm_buf ) ); #else diff --git a/library/threading.c b/library/threading.c index c1834bace..9d5c4f104 100644 --- a/library/threading.c +++ b/library/threading.c @@ -37,7 +37,7 @@ #include "mbedtls/threading.h" -#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ +#if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include @@ -51,7 +51,7 @@ */ #define THREADING_USE_GMTIME #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || +#endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ #if defined(MBEDTLS_THREADING_PTHREAD) From 272675f4c665a0aa401b0ede5945424f83b64949 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 14:03:02 +0100 Subject: [PATCH 209/368] Correct documentation of mbedtls_platform_gmtime() --- include/mbedtls/platform_util.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 5f26fb82c..befd3344c 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -87,9 +87,9 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * unconditionally use the alternative implementation for * mbedtls_platform_gmtime() supplied by the user at compile time * - * \param tt Pointer to an object containing time (in seconds) since the - * Epoc to be converted - * \param tm Pointer to an object where the results will be stored + * \param tt Pointer to an object containing time (in seconds) since the + * Epoc to be converted + * \param tm_buf Pointer to an object where the results will be stored * * \return Pointer to an object of type struct tm on success, otherwise * NULL From 5f95c798a321ca7cb8a754100bdae9ccd397685c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 14:36:36 +0100 Subject: [PATCH 210/368] Remove another mentioning of IAR from config.h --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index cbf8f58aa..226190de0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -149,7 +149,7 @@ * when called behaves similarly to the gmtime() function from the C standard, * but is thread safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for - * POSIX and gmtime_s() for Windows and IAR). If this is not possible, then + * POSIX and gmtime_s() for Windows). If this is not possible, then * gmtime() will be used. Refer to the documentation for * mbedtls_platform_gmtime() for more information. * From be2e4bddd5ed6df04f4dc50e76daaf362f27553d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 14:44:31 +0100 Subject: [PATCH 211/368] Guard decl and use of gmtime mutex by HAVE_TIME_DATE and !GMTIME_ALT --- include/mbedtls/threading.h | 4 ++-- library/threading.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index a65eefa92..9235a1e98 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -107,7 +107,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); #if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif -#if defined(MBEDTLS_HAVE_TIME_DATE) +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) @@ -122,7 +122,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ -#endif /* MBEDTLS_HAVE_TIME_DATE */ +#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */ #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/threading.c b/library/threading.c index 9d5c4f104..1885efdfc 100644 --- a/library/threading.c +++ b/library/threading.c @@ -37,6 +37,7 @@ #include "mbedtls/threading.h" +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) @@ -53,6 +54,7 @@ #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ +#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */ #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) From 6a739789f39da43f06f3681c9ef51aa86365fdc1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 15:06:19 +0100 Subject: [PATCH 212/368] Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r() For consistency, also rename MBEDTLS_PLATFORM_GMTIME_ALT to MBEDTLS_PLATFORM_GMTIME_R_ALT. --- include/mbedtls/config.h | 22 ++++++++++----------- include/mbedtls/platform_util.h | 34 ++++++++++++++++----------------- include/mbedtls/threading.h | 4 ++-- library/platform_util.c | 8 ++++---- library/threading.c | 4 ++-- library/x509.c | 2 +- 6 files changed, 37 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 226190de0..0d5d9d017 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -137,7 +137,7 @@ /** * \def MBEDTLS_HAVE_TIME_DATE * - * System has time.h, time(), an implementation for mbedtls_platform_gmtime() + * System has time.h, time(), an implementation for mbedtls_platform_gmtime_r() * (see below), and the clock is correct. * The time needs to be correct (not necesarily very accurate, but at least * the date should be correct). This is used to verify the validity period of @@ -145,17 +145,17 @@ * * Comment if your system does not have a correct clock. * - * \note mbedtls_platform_gmtime() is an abstraction in platform_util.h that + * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that * when called behaves similarly to the gmtime() function from the C standard, * but is thread safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for * POSIX and gmtime_s() for Windows). If this is not possible, then * gmtime() will be used. Refer to the documentation for - * mbedtls_platform_gmtime() for more information. + * mbedtls_platform_gmtime_r() for more information. * * \note It is possible to configure an implementation for - * mbedtls_platform_gmtime() at compile-time by using the macro - * MBEDTLS_PLATFORM_GMTIME_ALT. + * mbedtls_platform_gmtime_r() at compile-time by using the macro + * MBEDTLS_PLATFORM_GMTIME_R_ALT. */ #define MBEDTLS_HAVE_TIME_DATE @@ -3098,22 +3098,22 @@ /** * Uncomment the macro to let Mbed TLS use your alternate implementation of - * mbedtls_platform_gmtime(). This replaces the default implementation in + * mbedtls_platform_gmtime_r(). This replaces the default implementation in * platform_util.c. * * gmtime() is not a thread safe function as defined in the C standard. The * library will try to use safer implementations of this function, such as * gmtime_r() when available. However, if Mbed TLS cannot identify the target - * system, the implementation of mbedtls_platform_gmtime() will default to + * system, the implementation of mbedtls_platform_gmtime_r() will default to * using the standard gmtime(). In this case, calls from the library to * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex * if MBEDTLS_THREADING_C is enable. It is advised that calls from outside the * library are also guarded with this mutex to avoid race conditions. However, - * if the macro MBEDTLS_PLATFORM_GMTIME_ALT is defined, Mbed TLS will - * unconditionally use the implementation for mbedtls_platform_time() supplied - * at compile time. + * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will + * unconditionally use the implementation for mbedtls_platform_gmtime_r() + * supplied at compile time. */ -//#define MBEDTLS_PLATFORM_GMTIME_ALT +//#define MBEDTLS_PLATFORM_GMTIME_R_ALT /* \} name SECTION: Customisation configuration options */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index befd3344c..ca42adf6e 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -68,24 +68,24 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); #if defined(MBEDTLS_HAVE_TIME_DATE) /** - * \brief Thread safe implementation of gmtime() + * \brief Thread safe implementation of gmtime() * - * The function is an abstraction that when called behaves similar - * to the gmtime() function from the C standard, but is thread - * safe. + * The function is an abstraction that when called behaves similar + * to the gmtime() function from the C standard, but is thread + * safe. * - * Mbed TLS will try to identify the underlying platform and - * configure an appropriate underlying implementation (e.g. - * gmtime_r() for POSIX and gmtime_s() for Windows). If this is - * not possible, then gmtime() will be used. In this case, calls - * from the library to gmtime() will be guarded by the mutex - * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is - * enabled. It is recommended that calls from outside the library - * are also guarded by this mutex. + * Mbed TLS will try to identify the underlying platform and + * configure an appropriate underlying implementation (e.g. + * gmtime_r() for POSIX and gmtime_s() for Windows). If this is + * not possible, then gmtime() will be used. In this case, calls + * from the library to gmtime() will be guarded by the mutex + * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is + * enabled. It is recommended that calls from outside the library + * are also guarded by this mutex. * - * If MBEDTLS_PLATFORM_GMTIME_ALT is defined, then Mbed TLS will - * unconditionally use the alternative implementation for - * mbedtls_platform_gmtime() supplied by the user at compile time + * If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will + * unconditionally use the alternative implementation for + * mbedtls_platform_gmtime_r() supplied by the user at compile time. * * \param tt Pointer to an object containing time (in seconds) since the * Epoc to be converted @@ -94,8 +94,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * \return Pointer to an object of type struct tm on success, otherwise * NULL */ -struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, - struct tm *tm_buf ); +struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, + struct tm *tm_buf ); #endif /* MBEDTLS_HAVE_TIME_DATE */ #ifdef __cplusplus diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 9235a1e98..66f78f5b5 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -107,7 +107,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); #if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif -#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) @@ -122,7 +122,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ -#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */ +#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/platform_util.c b/library/platform_util.c index c248cf529..8bd53c666 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -75,7 +75,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) } #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ -#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) #include #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ @@ -94,8 +94,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ -struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, - struct tm *tm_buf ) +struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, + struct tm *tm_buf ) { #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); @@ -124,4 +124,4 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, return( ( lt == NULL ) ? NULL : tm_buf ); #endif /* _WIN32 && !EFIX64 && !EFI32 */ } -#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_ALT */ +#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ diff --git a/library/threading.c b/library/threading.c index 1885efdfc..3abb17c0b 100644 --- a/library/threading.c +++ b/library/threading.c @@ -37,7 +37,7 @@ #include "mbedtls/threading.h" -#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) @@ -54,7 +54,7 @@ #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ -#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */ +#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) diff --git a/library/x509.c b/library/x509.c index c17697b22..52b5b649f 100644 --- a/library/x509.c +++ b/library/x509.c @@ -898,7 +898,7 @@ static int x509_get_current_time( mbedtls_x509_time *now ) int ret = 0; tt = mbedtls_time( NULL ); - lt = mbedtls_platform_gmtime( &tt, &tm_buf ); + lt = mbedtls_platform_gmtime_r( &tt, &tm_buf ); if( lt == NULL ) ret = -1; From 651d586ccf3ca396828bb7961307e2c820c62a44 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 15:17:43 +0100 Subject: [PATCH 213/368] Style: Add missing period in documentation in threading.h --- include/mbedtls/threading.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 66f78f5b5..2ec41a4f9 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -116,7 +116,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; /* * The preprocessor conditions above are the same as in platform_utils.c and * threading.c. Remember to update the code there when changing the conditions - * here + * here. */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ From 48a816ff26e03cc0fa1685fb0ce262a82c7890e2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 15:22:22 +0100 Subject: [PATCH 214/368] Minor documentation improvements --- include/mbedtls/platform_util.h | 2 +- include/mbedtls/threading.h | 2 +- library/platform_util.c | 2 +- library/threading.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index ca42adf6e..82b1fd05f 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -88,7 +88,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * mbedtls_platform_gmtime_r() supplied by the user at compile time. * * \param tt Pointer to an object containing time (in seconds) since the - * Epoc to be converted + * epoch to be converted * \param tm_buf Pointer to an object where the results will be stored * * \return Pointer to an object of type struct tm on success, otherwise diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 2ec41a4f9..6830bb42a 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -25,7 +25,7 @@ #define MBEDTLS_THREADING_H /* - * Ensure gmtime_r is available even with -std=c99; must be included before + * Ensure gmtime_r is available even with -std=c99; must be defined before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ #if !defined(_POSIX_C_SOURCE) diff --git a/library/platform_util.c b/library/platform_util.c index 8bd53c666..f2f83e66b 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -21,7 +21,7 @@ */ /* - * Ensure gmtime_r is available even with -std=c99; must be included before + * Ensure gmtime_r is available even with -std=c99; must be defined before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ #if !defined(_POSIX_C_SOURCE) diff --git a/library/threading.c b/library/threading.c index 3abb17c0b..e7c8d9824 100644 --- a/library/threading.c +++ b/library/threading.c @@ -20,7 +20,7 @@ */ /* - * Ensure gmtime_r is available even with -std=c99; must be included before + * Ensure gmtime_r is available even with -std=c99; must be defined before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ #if !defined(_POSIX_C_SOURCE) From 4e67cca1d9285d099f12c8489bfddc85a717ea27 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:18:38 +0100 Subject: [PATCH 215/368] Improve documentation of MBEDTLS_HAVE_TIME_DATE --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0d5d9d017..da8e7e4ae 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -137,8 +137,8 @@ /** * \def MBEDTLS_HAVE_TIME_DATE * - * System has time.h, time(), an implementation for mbedtls_platform_gmtime_r() - * (see below), and the clock is correct. + * System has time.h, time(), and an implementation for + * mbedtls_platform_gmtime_r() (see below). * The time needs to be correct (not necesarily very accurate, but at least * the date should be correct). This is used to verify the validity period of * X.509 certificates. From acef292eac0fd03fe1b3fa5a2f10e4c843634c7f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:19:07 +0100 Subject: [PATCH 216/368] ChangeLog: Add missing renamings gmtime -> gmtime_r --- ChangeLog | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0a60f70fe..d0bd37736 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,12 +3,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx API Changes - * Extend the platform module with an abstraction mbedtls_platform_gmtime() + * Extend the platform module with an abstraction mbedtls_platform_gmtime_r() whose implementation should behave as a thread safe version of gmtime(). This allows users to configure such an implementation at compile time when - the target system cannot be deduced automatically. At this stage Mbed TLS - is only able to automatically select implementations for Windows and POSIX - C libraries. + the target system cannot be deduced automatically, by setting the option + MBEDTLS_PLATFORM_GMTIME_R_ALT. At this stage Mbed TLS is only able to + automatically select implementations for Windows and POSIX C libraries. Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if From 9a51d019846b2c0389be708f3620f791fe996c1b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:20:09 +0100 Subject: [PATCH 217/368] Improve documentation of MBEDTLS_HAVE_TIME_DATE --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index da8e7e4ae..439a1cd6a 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -146,7 +146,7 @@ * Comment if your system does not have a correct clock. * * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that - * when called behaves similarly to the gmtime() function from the C standard, + * behaves similarly to the gmtime() function from the C standard, * but is thread safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for * POSIX and gmtime_s() for Windows). If this is not possible, then From 921b76d056c2520c50d674646c9bffa99a560559 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:21:36 +0100 Subject: [PATCH 218/368] Replace 'thread safe' by 'thread-safe' in the documentation --- ChangeLog | 2 +- include/mbedtls/config.h | 4 ++-- include/mbedtls/platform_util.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index d0bd37736..d1e256e7f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) API Changes * Extend the platform module with an abstraction mbedtls_platform_gmtime_r() - whose implementation should behave as a thread safe version of gmtime(). + whose implementation should behave as a thread-safe version of gmtime(). This allows users to configure such an implementation at compile time when the target system cannot be deduced automatically, by setting the option MBEDTLS_PLATFORM_GMTIME_R_ALT. At this stage Mbed TLS is only able to diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 439a1cd6a..17d08b2fe 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -147,7 +147,7 @@ * * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that * behaves similarly to the gmtime() function from the C standard, - * but is thread safe. Mbed TLS will try to identify the underlying platform + * but is thread-safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for * POSIX and gmtime_s() for Windows). If this is not possible, then * gmtime() will be used. Refer to the documentation for @@ -3101,7 +3101,7 @@ * mbedtls_platform_gmtime_r(). This replaces the default implementation in * platform_util.c. * - * gmtime() is not a thread safe function as defined in the C standard. The + * gmtime() is not a thread-safe function as defined in the C standard. The * library will try to use safer implementations of this function, such as * gmtime_r() when available. However, if Mbed TLS cannot identify the target * system, the implementation of mbedtls_platform_gmtime_r() will default to diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 82b1fd05f..66a822131 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -68,7 +68,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); #if defined(MBEDTLS_HAVE_TIME_DATE) /** - * \brief Thread safe implementation of gmtime() + * \brief Thread-safe implementation of gmtime() * * The function is an abstraction that when called behaves similar * to the gmtime() function from the C standard, but is thread From c9468885a8086bb4525d31e4ccdb8e02ff51c29a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:22:10 +0100 Subject: [PATCH 219/368] Fix typo in documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 17d08b2fe..4f9f9a7aa 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3107,7 +3107,7 @@ * system, the implementation of mbedtls_platform_gmtime_r() will default to * using the standard gmtime(). In this case, calls from the library to * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex - * if MBEDTLS_THREADING_C is enable. It is advised that calls from outside the + * if MBEDTLS_THREADING_C is enabled. It is advised that calls from outside the * library are also guarded with this mutex to avoid race conditions. However, * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will * unconditionally use the implementation for mbedtls_platform_gmtime_r() From 9fbbf1c1f03e74deb7550b0ca235097587b12981 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:23:02 +0100 Subject: [PATCH 220/368] Improve wording of documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 4f9f9a7aa..214ea9403 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3107,7 +3107,7 @@ * system, the implementation of mbedtls_platform_gmtime_r() will default to * using the standard gmtime(). In this case, calls from the library to * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex - * if MBEDTLS_THREADING_C is enabled. It is advised that calls from outside the + * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the * library are also guarded with this mutex to avoid race conditions. However, * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will * unconditionally use the implementation for mbedtls_platform_gmtime_r() From 5a7fe145906a165e4755efb51f7d75e4614b0667 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:24:34 +0100 Subject: [PATCH 221/368] Don't include platform_time.h if !MBEDTLS_HAVE_TIME platform_time.h includes time.h, which is not assumed to be present on a system where MBEDTLS_HAVE_TIME is not defined. --- include/mbedtls/platform_util.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 66a822131..e62a3af4e 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -31,10 +31,9 @@ #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/platform_time.h" - #include #if defined(MBEDTLS_HAVE_TIME_DATE) +#include "mbedtls/platform_time.h" #include #endif /* MBEDTLS_HAVE_TIME_DATE */ From 7dd82b4f515083fff9fbb1c360f058fbff0dca71 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:25:50 +0100 Subject: [PATCH 222/368] platform_utils.{c/h} -> platform_util.{c/h} --- include/mbedtls/threading.h | 2 +- library/platform_util.c | 2 +- library/threading.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 6830bb42a..2e61b2e52 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -114,7 +114,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #include #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS /* - * The preprocessor conditions above are the same as in platform_utils.c and + * The preprocessor conditions above are the same as in platform_util.c and * threading.c. Remember to update the code there when changing the conditions * here. */ diff --git a/library/platform_util.c b/library/platform_util.c index f2f83e66b..ddb56ed0b 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -85,7 +85,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in - * platform_utils.h and simply use it in platform_utils.c, threading.c and + * platform_util.h and simply use it in platform_util.c, threading.c and * threading.h. However, this macro is not part of the Mbed TLS public API, so * we keep it private by only defining it in this file */ diff --git a/library/threading.c b/library/threading.c index e7c8d9824..f37049b8d 100644 --- a/library/threading.c +++ b/library/threading.c @@ -46,7 +46,7 @@ /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in - * platform_utils.h and simply use it in platform_utils.c, threading.c and + * platform_util.h and simply use it in platform_util.c, threading.c and * threading.h. However, this macro is not part of the Mbed TLS public API, so * we keep it private by only defining it in this file */ From c52ef407bad144109ac52cc25f1519cdd2f39520 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:28:59 +0100 Subject: [PATCH 223/368] Improve documentation of mbedtls_platform_gmtime_r() --- include/mbedtls/config.h | 8 ++------ include/mbedtls/platform_util.h | 9 ++++----- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 214ea9403..9a7905ae0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -146,12 +146,8 @@ * Comment if your system does not have a correct clock. * * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that - * behaves similarly to the gmtime() function from the C standard, - * but is thread-safe. Mbed TLS will try to identify the underlying platform - * and configure an appropriate underlying implementation (e.g. gmtime_r() for - * POSIX and gmtime_s() for Windows). If this is not possible, then - * gmtime() will be used. Refer to the documentation for - * mbedtls_platform_gmtime_r() for more information. + * behaves similarly to the gmtime_r() function from the C standard. Refer to + * the documentation for mbedtls_platform_gmtime_r() for more information. * * \note It is possible to configure an implementation for * mbedtls_platform_gmtime_r() at compile-time by using the macro diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index e62a3af4e..9c8a93077 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -67,14 +67,13 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); #if defined(MBEDTLS_HAVE_TIME_DATE) /** - * \brief Thread-safe implementation of gmtime() + * \brief Platform-specific implementation of gmtime_r() * - * The function is an abstraction that when called behaves similar - * to the gmtime() function from the C standard, but is thread - * safe. + * The function is a thread-safe abstraction that behaves + * similar to the gmtime_r() function from the C standard. * * Mbed TLS will try to identify the underlying platform and - * configure an appropriate underlying implementation (e.g. + * make use of an appropriate underlying implementation (e.g. * gmtime_r() for POSIX and gmtime_s() for Windows). If this is * not possible, then gmtime() will be used. In this case, calls * from the library to gmtime() will be guarded by the mutex From 6f70581c4aa8753969caa3f79db155c74228bfe5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 09:06:33 +0100 Subject: [PATCH 224/368] Correct POSIX version check to determine presence of gmtime_r() Recent versions of POSIX move gmtime_r to the base. --- include/mbedtls/threading.h | 8 ++++++-- library/platform_util.c | 9 +++++++-- library/threading.c | 8 ++++++-- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 2e61b2e52..11f6341d9 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -112,14 +112,18 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include -#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS +#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) /* * The preprocessor conditions above are the same as in platform_util.c and * threading.c. Remember to update the code there when changing the conditions * here. */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ +#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ diff --git a/library/platform_util.c b/library/platform_util.c index ddb56ed0b..7e82293e1 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -81,7 +81,10 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include -#if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS + +#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in @@ -90,7 +93,9 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) * we keep it private by only defining it in this file */ #define PLATFORM_UTIL_USE_GMTIME -#endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ +#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ diff --git a/library/threading.c b/library/threading.c index f37049b8d..60dfd02af 100644 --- a/library/threading.c +++ b/library/threading.c @@ -42,7 +42,9 @@ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include -#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS +#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in @@ -51,7 +53,9 @@ * we keep it private by only defining it in this file */ #define THREADING_USE_GMTIME -#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ +#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ From a50fed99102150cd6e70a2d3c34aad175313959b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 09:08:39 +0100 Subject: [PATCH 225/368] Correct typo in documentation of mbedtls_platform_gmtime_r() --- include/mbedtls/platform_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 9c8a93077..38b85b82a 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -70,7 +70,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * \brief Platform-specific implementation of gmtime_r() * * The function is a thread-safe abstraction that behaves - * similar to the gmtime_r() function from the C standard. + * similarly to the gmtime_r() function from the C standard. * * Mbed TLS will try to identify the underlying platform and * make use of an appropriate underlying implementation (e.g. From 03b2bd4a062dc3ba5e14f3a5fee36690fa6624d7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 09:08:55 +0100 Subject: [PATCH 226/368] Correct documentation of mbedtls_platform_gmtime_r() Previous documentation stated that gmtime_r() was from the standard library, but it's POSIX. --- include/mbedtls/platform_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 38b85b82a..164a1a05f 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -70,7 +70,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * \brief Platform-specific implementation of gmtime_r() * * The function is a thread-safe abstraction that behaves - * similarly to the gmtime_r() function from the C standard. + * similarly to the gmtime_r() function from Unix/POSIX. * * Mbed TLS will try to identify the underlying platform and * make use of an appropriate underlying implementation (e.g. From 323d8019bf7e581c2b376b019e7ae59796fcede2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 11:30:57 +0100 Subject: [PATCH 227/368] Correct preprocessor guards determining use of gmtime() The previous code erroneously used gmtime_r() to implement mbedtls_platform_gmtime() in case of a non-windows, non-unix system. --- include/mbedtls/threading.h | 6 ++++-- library/platform_util.c | 4 ++-- library/threading.c | 7 +++++-- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 11f6341d9..49ecdc30e 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -108,10 +108,14 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) + #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include +#endif /* !_WIN32 && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ + #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) @@ -124,8 +128,6 @@ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || - * (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ #endif /* MBEDTLS_THREADING_C */ diff --git a/library/platform_util.c b/library/platform_util.c index 7e82293e1..ca4d03312 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -81,6 +81,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include +#endif /* !_WIN32 && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ @@ -96,8 +98,6 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || - * (__APPLE__ && __MACH__)) */ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, struct tm *tm_buf ) diff --git a/library/threading.c b/library/threading.c index 60dfd02af..8c1e25c17 100644 --- a/library/threading.c +++ b/library/threading.c @@ -38,10 +38,14 @@ #include "mbedtls/threading.h" #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) + #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include +#endif /* !_WIN32 && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ + #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) @@ -56,8 +60,7 @@ #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || - * (__APPLE__ && __MACH__)) */ + #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ #if defined(MBEDTLS_THREADING_PTHREAD) From f5106d54ebadd74fc9e6ba2483858523b99d8d7a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 12:09:56 +0100 Subject: [PATCH 228/368] Don't declare and define gmtime()-mutex on Windows platforms --- include/mbedtls/threading.h | 3 +++ library/platform_util.c | 3 +++ library/threading.c | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 49ecdc30e..8fdb63343 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -124,7 +124,10 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; * threading.c. Remember to update the code there when changing the conditions * here. */ +#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; +#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ + #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ diff --git a/library/platform_util.c b/library/platform_util.c index ca4d03312..ca5fe4fb8 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -94,7 +94,10 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) * threading.h. However, this macro is not part of the Mbed TLS public API, so * we keep it private by only defining it in this file */ +#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) #define PLATFORM_UTIL_USE_GMTIME +#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ + #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ diff --git a/library/threading.c b/library/threading.c index 8c1e25c17..7c90c7c59 100644 --- a/library/threading.c +++ b/library/threading.c @@ -56,7 +56,11 @@ * threading.h. However, this macro is not part of the Mbed TLS public API, so * we keep it private by only defining it in this file */ + +#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) #define THREADING_USE_GMTIME +#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ + #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ From d2ef25478e0e20834edb712bd84cf2df8ba4949f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 14:53:25 +0100 Subject: [PATCH 229/368] Don't define _POSIX_C_SOURCE in header file --- include/mbedtls/threading.h | 38 ++++++++----------------------------- 1 file changed, 8 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 8fdb63343..3ca3cd3a1 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -24,14 +24,6 @@ #ifndef MBEDTLS_THREADING_H #define MBEDTLS_THREADING_H -/* - * Ensure gmtime_r is available even with -std=c99; must be defined before - * config.h, which pulls in glibc's features.h. Harmless on other platforms. - */ -#if !defined(_POSIX_C_SOURCE) -#define _POSIX_C_SOURCE 200112L -#endif - #if !defined(MBEDTLS_CONFIG_FILE) #include "config.h" #else @@ -107,31 +99,17 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); #if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif + #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) - -#if !defined(_WIN32) && (defined(unix) || \ - defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ - defined(__MACH__))) -#include -#endif /* !_WIN32 && (unix || __unix || __unix__ || - * (__APPLE__ && __MACH__)) */ - -#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ - ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) -/* - * The preprocessor conditions above are the same as in platform_util.c and - * threading.c. Remember to update the code there when changing the conditions - * here. - */ -#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) +/* This mutex may or may not be used in the default definition of + * mbedtls_platform_gmtime_r(), but in order to determine that, + * we need to check POSIX features, hence modify _POSIX_C_SOURCE. + * With the current approach, this declaration is orphaned, lacking + * an accompanying definition, in case mbedtls_platform_gmtime_r() + * doesn't need it, but that's not a problem. */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ - -#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ - ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ + #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus From 53546ea099f6f53d0be653a64accd250e170337f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Sep 2018 19:10:26 +0100 Subject: [PATCH 230/368] Update library version number to 2.13.1 --- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 72abd2709..b9f9ec1c4 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.13.0 source code documentation + * @mainpage mbed TLS v2.13.1 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 43d6e6e72..2a87ada6a 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.13.0" +PROJECT_NAME = "mbed TLS v2.13.1" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 17b8ba450..326b8bd45 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -40,16 +40,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 13 -#define MBEDTLS_VERSION_PATCH 0 +#define MBEDTLS_VERSION_PATCH 1 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x020D0000 -#define MBEDTLS_VERSION_STRING "2.13.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.13.0" +#define MBEDTLS_VERSION_NUMBER 0x020D0100 +#define MBEDTLS_VERSION_STRING "2.13.1" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.13.1" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 6a280fe70..275eda3bb 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -159,15 +159,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.13.0 SOVERSION 3) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.13.1 SOVERSION 3) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.13.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.13.1 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.13.0 SOVERSION 12) + set_target_properties(mbedtls PROPERTIES VERSION 2.13.1 SOVERSION 12) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 49a614e9d..c3542e559 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.13.0" +check_compiletime_version:"2.13.1" Check runtime library version -check_runtime_version:"2.13.0" +check_runtime_version:"2.13.1" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From ff215726b4bdd49c17d4ef1526e00c00298e73fd Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 11 Sep 2018 14:34:21 +0100 Subject: [PATCH 231/368] rsa: pss: Use size_t when computing signatures Functions like `mbedtls_md_get_size()` and `mgf_mask()` work with `size_t`. Use local variables with `size_t` to match. --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 88c1cf100..58746e55b 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1521,7 +1521,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, size_t olen; unsigned char *p = sig; unsigned char salt[MBEDTLS_MD_MAX_SIZE]; - unsigned int slen, hlen, offset = 0; + size_t slen, hlen, offset = 0; int ret; size_t msb; const mbedtls_md_info_t *md_info; From 1c1c20ed4d8357c73d53443277a901013da7d745 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Sep 2018 10:34:43 +0200 Subject: [PATCH 232/368] Fix some whitespace issues --- library/ssl_cli.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index fbf5166df..7b88e61e3 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2077,8 +2077,8 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret ); #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; #endif return( ret ); } From 12e4a8be2ade943bc60774f6bfe9ae53da92c875 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Sep 2018 10:55:15 +0200 Subject: [PATCH 233/368] Improve documentation wording and formatting --- include/mbedtls/config.h | 5 +++-- include/mbedtls/ecdsa.h | 3 ++- include/mbedtls/ecp.h | 27 +++++++++++++++------------ include/mbedtls/pk.h | 4 ++-- include/mbedtls/x509_crt.h | 2 +- 5 files changed, 23 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8b5ae9f57..3f248d5c4 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -683,8 +683,9 @@ * Enable "non-blocking" ECC operations that can return early and be resumed. * * This enables \c mbedtls_ecp_set_max_ops() and allows various functions - * to return \c MBEDTLS_ERR_ECP_IN_PROGRESS when needed, and then be called - * again later with the same arguments in order to further progress and + * to return #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL + * module, #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) when needed, and then be + * called again later with the same arguments in order to further progress and * eventually complete the operation, see \c mbedtls_ecp_set_max_ops(). * * This is useful in non-threaded environments if you want to avoid blocking diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 710fdb9d6..d5f7985cd 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -98,7 +98,8 @@ typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx; */ typedef struct { - mbedtls_ecp_restart_ctx ecp; /*!< base context (admin+ecp info) */ + mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and + shared administrative info */ mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */ mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */ #if defined(MBEDTLS_ECDSA_DETERMINISTIC) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 4ac2926e7..15aee04c7 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -225,8 +225,8 @@ typedef struct * \param rs_ctx Restart context * \param ops Number of basic ops to do * - * \return 0 is doing 'ops' basic ops is still allowed, - * MBEDTLS_ERR_ECP_IN_PROGRESS otherwise. + * \return \c 0 if doing \p ops basic ops is still allowed, + * \return #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise. */ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, mbedtls_ecp_restart_ctx *rs_ctx, @@ -338,7 +338,7 @@ mbedtls_ecp_keypair; * \brief Set the maximum number of basic operations done in a row. * * If more operations are needed to complete a computation, - * MBEDTLS_ERR_ECP_IN_PROGRESS will be returned by the + * #MBEDTLS_ERR_ECP_IN_PROGRESS will be returned by the * function performing the computation. It is then the * caller's responsibility to either call again with the same * parameters until it returns 0 or an error code; or to free @@ -352,7 +352,7 @@ mbedtls_ecp_keypair; * * This only affects functions that accept a pointer to a * \c mbedtls_ecp_restart_ctx as an argument, and only works - * if that pointer valid (in particular, not NULL). + * if that pointer is valid (in particular, not NULL). * * \param max_ops Maximum number of basic operations done in a row. * Default: 0 (unlimited). @@ -379,15 +379,15 @@ mbedtls_ecp_keypair; * P-384 682 416 320 272 248 * P-521 1364 832 640 544 496 * - * \note This setting is currently ignored by Curve25519 + * \note This setting is currently ignored by Curve25519. */ void mbedtls_ecp_set_max_ops( unsigned max_ops ); /** * \brief Check if restart is enabled (max_ops != 0) * - * \return 0 if max_ops == 0 (restart disabled) - * 1 otherwise (restart enabled) + * \return \c 0 if \c max_ops == 0 (restart disabled) + * \return \c 1 otherwise (restart enabled) */ int mbedtls_ecp_restart_enabled( void ); #endif /* MBEDTLS_ECP_RESTARTABLE */ @@ -735,7 +735,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \brief This function performs multiplication of a point by * an integer: \p R = \p m * \p P in a restartable way. * - * \c mbedtls_ecp_mul() + * \see mbedtls_ecp_mul() * * \note This function does the same as \c mbedtls_ecp_mul(), but * it can return early and restart according to the limit set @@ -749,8 +749,11 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \param p_rng The RNG context. * \param rs_ctx The restart context. * - * \return See \c mbedtls_ecp_mul(), or - * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private + * key, or \p P is not a valid public key. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. + * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, @@ -787,7 +790,7 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /** * \brief This function performs multiplication and addition of two * points by integers: \p R = \p m * \p P + \p n * \p Q in a - * reastartable way. + * restartable way. * * \see \c mbedtls_ecp_muladd() * @@ -863,7 +866,7 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi * * \brief This function generates a private key. * * \param grp The ECP group. - * \param d The Destination MPI (secret part). + * \param d The destination MPI (secret part). * \param f_rng The RNG function. * \param p_rng The RNG parameter. * diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 37a79cca4..3b486cfe9 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -329,7 +329,7 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \param rs_ctx Restart context (NULL to disable restart) * * \return See \c mbedtls_pk_verify(), or - * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, @@ -420,7 +420,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \param rs_ctx Restart context (NULL to disable restart) * * \return See \c mbedtls_pk_sign(), or - * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 494ea99d7..961db9844 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -429,7 +429,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, * \param rs_ctx restart context * * \return See \c mbedtls_crt_verify_with_profile(), or - * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, From 5a481f1940d3ea846aa2578baa574a68192ff8cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Sep 2018 12:33:32 +0200 Subject: [PATCH 234/368] Update error.h count for SSL --- include/mbedtls/error.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 1f1401150..6e26df9fe 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -95,7 +95,7 @@ * HKDF 5 1 (Started from top) * CIPHER 6 8 * SSL 6 23 (Started from top) - * SSL 7 31 + * SSL 7 32 * * Module dependent error code (5 bits 0x.00.-0x.F8.) */ From 54a7c620bbd7222950594b27f70814e10f877af4 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 12 Sep 2018 14:43:44 +0300 Subject: [PATCH 235/368] Minor style changes 1. Rephrase error description. 2. fix alignment of error list. --- include/mbedtls/error.h | 2 +- include/mbedtls/platform.h | 2 +- library/error.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 2b83c2d9b..c9a825035 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -80,7 +80,7 @@ * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B * CHACHAPOLY 2 0x0054-0x0056 - * PLATFORM 1 0x0080-0x0080 + * PLATFORM 1 0x0080-0x0080 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index cb21d2ac0..5f5b982a4 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -43,7 +43,7 @@ #include "platform_time.h" #endif -#define MBEDTLS_ERR_PLATFORM_HW_FAILED -0x0080 /**< Hardware platform function failed. */ +#define MBEDTLS_ERR_PLATFORM_HW_FAILED -0x0080 /**< Hardware failed platform operation. */ #ifdef __cplusplus extern "C" { diff --git a/library/error.c b/library/error.c index d3b155b62..c6292171b 100644 --- a/library/error.c +++ b/library/error.c @@ -827,7 +827,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_PLATFORM_C) if( use_ret == -(MBEDTLS_ERR_PLATFORM_HW_FAILED) ) - mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware platform function failed" ); + mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware failed platform operation" ); #endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_POLY1305_C) From eba6c9bb505fe98121772510087f6a3159d19d6c Mon Sep 17 00:00:00 2001 From: thomas-dee Date: Wed, 19 Sep 2018 09:10:37 +0200 Subject: [PATCH 236/368] changes requested by @hanno-arm - renamed `mbedtls_asn1_write_any_string` to `mbedtls_asn1_write_tagged_string` - renamed `x509_at_oid_from_name` to `x509_attr_descr_from_name` --- include/mbedtls/asn1write.h | 2 +- library/asn1write.c | 8 ++++---- library/x509_create.c | 14 +++++++------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 40c5d9787..3dcf8eaf3 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -165,7 +165,7 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ); * * \return the length written or a negative error code */ -int mbedtls_asn1_write_any_string( unsigned char **p, unsigned char *start, +int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag, const char *text, size_t text_len ); /** * \brief Write a printable string tag (MBEDTLS_ASN1_PRINTABLE_STRING) and diff --git a/library/asn1write.c b/library/asn1write.c index d916fcbc6..957d69f54 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -253,7 +253,7 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) return( (int) len ); } -int mbedtls_asn1_write_any_string( unsigned char **p, unsigned char *start, int tag, +int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag, const char *text, size_t text_len ) { int ret; @@ -271,19 +271,19 @@ int mbedtls_asn1_write_any_string( unsigned char **p, unsigned char *start, int int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start, const char *text, size_t text_len ) { - return( mbedtls_asn1_write_any_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) ); + return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) ); } int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start, const char *text, size_t text_len ) { - return( mbedtls_asn1_write_any_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) ); + return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) ); } int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start, const char *text, size_t text_len ) { - return( mbedtls_asn1_write_any_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) ); + return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) ); } int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, diff --git a/library/x509_create.c b/library/x509_create.c index ab5f85b93..2f36f2493 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -42,7 +42,7 @@ typedef struct { #define ADD_STRLEN( s ) s, sizeof( s ) - 1 -// note: preset tag types as proposed in rfc3280 and widely used +// note: preset tag types as proposed in RFC3280 and widely used static const x509_attr_descriptor_t x509_attrs[] = { { ADD_STRLEN( "CN" ), MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, @@ -76,7 +76,7 @@ static const x509_attr_descriptor_t x509_attrs[] = { NULL, 0, NULL, MBEDTLS_ASN1_NULL } }; -static const x509_attr_descriptor_t *x509_at_oid_from_name( const char *name, size_t name_len ) +static const x509_attr_descriptor_t *x509_attr_descr_from_name( const char *name, size_t name_len ) { const x509_attr_descriptor_t *cur; @@ -97,7 +97,7 @@ int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *na const char *s = name, *c = s; const char *end = s + strlen( s ); const char *oid = NULL; - const x509_attr_descriptor_t* oid_attr = NULL; + const x509_attr_descriptor_t* attr_descr = NULL; int in_tag = 1; char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; char *d = data; @@ -109,13 +109,13 @@ int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *na { if( in_tag && *c == '=' ) { - if( ( oid_attr = x509_at_oid_from_name( s, c - s ) ) == NULL ) + if( ( attr_descr = x509_attr_descr_from_name( s, c - s ) ) == NULL ) { ret = MBEDTLS_ERR_X509_UNKNOWN_OID; goto exit; } - oid = oid_attr->oid; + oid = attr_descr->oid; s = c + 1; in_tag = 0; d = data; @@ -144,7 +144,7 @@ int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *na } // set tagType - cur->val.tag = oid_attr->tag; + cur->val.tag = attr_descr->tag; while( c < end && *(c + 1) == ' ' ) c++; @@ -214,7 +214,7 @@ static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn size_t name_len = cur_name->val.len; // Write correct string tag and value - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_any_string( p, start, cur_name->val.tag, + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tagged_string( p, start, cur_name->val.tag, (const char *) name, name_len ) ); // Write OID From 7c025a9f508d0cfa13d6c6f35c14baceb8fcecb6 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 14 Aug 2018 11:08:41 +0100 Subject: [PATCH 237/368] Generalize dh_flag in mbedtls_mpi_gen_prime Setting the dh_flag to 1 used to indicate that the caller requests safe primes from mbedtls_mpi_gen_prime. We generalize the functionality to make room for more flags in that parameter. --- include/mbedtls/bignum.h | 14 ++++++++++++-- library/bignum.c | 6 +++--- tests/suites/test_suite_mpi.data | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 732ecbef1..cd0cba815 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -740,13 +740,23 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief Flags for mbedtls_mpi_gen_prime() + * + * Each of these flags is a constraint on the result X returned by + * mbedtls_mpi_gen_prime(). + */ +typedef enum { + MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */ +} mbedtls_mpi_gen_prime_flag_t; + /** * \brief Prime number generation * * \param X Destination MPI * \param nbits Required size of X in bits * ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS ) - * \param dh_flag If 1, then (X-1)/2 will be prime too + * \param flags Mask of flags of type #mbedtls_mpi_gen_prime_flag_t * \param f_rng RNG function * \param p_rng RNG parameter * @@ -754,7 +764,7 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3 */ -int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, +int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); diff --git a/library/bignum.c b/library/bignum.c index 423e375fd..51aa0b4cb 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2192,11 +2192,11 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, /* * Prime number generation * - * If dh_flag is 0 and nbits is at least 1024, then the procedure + * If flags is 0 and nbits is at least 1024, then the procedure * follows the RSA probably-prime generation method of FIPS 186-4. * NB. FIPS 186-4 only allows the specific bit lengths of 1024 and 1536. */ -int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, +int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { @@ -2229,7 +2229,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) ); X->p[0] |= 1; - if( dh_flag == 0 ) + if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 ) { ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ); diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 227c4729b..5ff3f9317 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -706,7 +706,7 @@ mbedtls_mpi_gen_prime:128:0:0 Test mbedtls_mpi_gen_prime (Safe) depends_on:MBEDTLS_GENPRIME -mbedtls_mpi_gen_prime:128:1:0 +mbedtls_mpi_gen_prime:128:MBEDTLS_MPI_GEN_PRIME_FLAG_DH:0 Test bit getting (Value bit 25) mbedtls_mpi_get_bit:10:"49979687":25:1 From 2561a50ea41b22f27156a6ee8880235ddcde0c85 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 13:42:26 +0200 Subject: [PATCH 238/368] Fix "make WINDOWS_BUILD=1 clean" on non-Windows hosts The clean rule was not using the correct names for the compiled executable files. --- tests/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index 4d2edd456..b6e49bf8a 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -105,7 +105,7 @@ $(BINARIES): %$(EXEXT): %.c $(DEP) clean: ifndef WINDOWS - rm -rf $(APPS) *.c *.datax TESTS + rm -rf $(BINARIES) *.c *.datax TESTS else del /Q /F *.c *.exe *.datax ifneq ($(wildcard TESTS/.*),) From 487cdf5516bc888741d4126b1dd968c9b01049f5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 15:54:40 +0200 Subject: [PATCH 239/368] In keep-going mode, don't hard-fail on some auxiliary script Add record_status in front of the invocation of several scripts where it was missing. --- tests/scripts/all.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1faa5d561..d1d59e06a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -436,25 +436,25 @@ OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh msg "test: recursion.pl" # < 1s -tests/scripts/recursion.pl library/*.c +record_status tests/scripts/recursion.pl library/*.c msg "test: freshness of generated source files" # < 1s -tests/scripts/check-generated-files.sh +record_status tests/scripts/check-generated-files.sh msg "test: doxygen markup outside doxygen blocks" # < 1s -tests/scripts/check-doxy-blocks.pl +record_status tests/scripts/check-doxy-blocks.pl msg "test: check-files.py" # < 1s cleanup -tests/scripts/check-files.py +record_status tests/scripts/check-files.py msg "test/build: declared and exported names" # < 3s cleanup -tests/scripts/check-names.sh +record_status tests/scripts/check-names.sh msg "test: doxygen warnings" # ~ 3s cleanup -tests/scripts/doxygen.sh +record_status tests/scripts/doxygen.sh @@ -1071,10 +1071,10 @@ for optimization_flag in -O2 -O3 -Ofast -Os; do done msg "Lint: Python scripts" -tests/scripts/check-python-files.sh +record_status tests/scripts/check-python-files.sh msg "uint test: generate_test_code.py" -./tests/scripts/test_generate_test_code.py +record_status ./tests/scripts/test_generate_test_code.py ################################################################ #### Termination From 3ad2efdc82a3d15f373b9d12e6764efec3577b55 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 2 May 2018 14:49:38 +0100 Subject: [PATCH 240/368] Remove Yotta support from the docs, tests and build scripts Yotta is no longer supported by Mbed TLS, so has been removed. Specifically, the following changes have been made: * references to yotta have been removed from the main readme and build instructions * the yotta module directory and build script has been removed * yotta has been removed from test scripts such as all.sh and check-names.sh * yotta has been removed from other files that that referenced it such as the doxyfile and the bn_mul.h header * yotta specific configurations and references have been removed from config.h --- README.md | 35 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/bn_mul.h | 5 +- include/mbedtls/config.h | 17 +- tests/scripts/all.sh | 26 +- tests/scripts/check-names.sh | 2 +- tests/scripts/yotta-build.sh | 61 -- yotta/.gitignore | 1 - yotta/create-module.sh | 47 -- yotta/data/README.md | 103 --- yotta/data/adjust-config.sh | 77 -- yotta/data/entropy_hardware_poll.c | 88 --- yotta/data/example-authcrypt/README.md | 68 -- yotta/data/example-authcrypt/main.cpp | 197 ----- yotta/data/example-benchmark/README.md | 100 --- yotta/data/example-benchmark/main.cpp | 951 ------------------------- yotta/data/example-hashing/README.md | 67 -- yotta/data/example-hashing/main.cpp | 177 ----- yotta/data/example-selftest/README.md | 82 --- yotta/data/example-selftest/main.cpp | 268 ------- yotta/data/module.json | 18 - yotta/data/target_config.h | 35 - 22 files changed, 10 insertions(+), 2417 deletions(-) delete mode 100755 tests/scripts/yotta-build.sh delete mode 100644 yotta/.gitignore delete mode 100755 yotta/create-module.sh delete mode 100644 yotta/data/README.md delete mode 100755 yotta/data/adjust-config.sh delete mode 100644 yotta/data/entropy_hardware_poll.c delete mode 100644 yotta/data/example-authcrypt/README.md delete mode 100644 yotta/data/example-authcrypt/main.cpp delete mode 100644 yotta/data/example-benchmark/README.md delete mode 100644 yotta/data/example-benchmark/main.cpp delete mode 100644 yotta/data/example-hashing/README.md delete mode 100644 yotta/data/example-hashing/main.cpp delete mode 100644 yotta/data/example-selftest/README.md delete mode 100644 yotta/data/example-selftest/main.cpp delete mode 100644 yotta/data/module.json delete mode 100644 yotta/data/target_config.h diff --git a/README.md b/README.md index 6345848d2..329bab2fb 100644 --- a/README.md +++ b/README.md @@ -11,47 +11,16 @@ Compiler options can be set using conventional environment variables such as `CC Compiling --------- -There are currently four active build systems used within Mbed TLS releases: +There are currently three active build systems used within Mbed TLS releases: -- yotta - GNU Make - CMake - Microsoft Visual Studio (Microsoft Visual Studio 2010 or later) The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. -Yotta, as a build system, is slightly different from the other build systems: - -- it provides a minimalistic configuration file by default -- depending on the yotta target, features of Mbed OS may be used in examples and tests - The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls. -### Yotta - -[yotta](http://yottabuild.org) is a package manager and build system developed by Mbed, and is the build system of Mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing). - -Once yotta is installed, you can use it to download the latest version of Mbed TLS from the yotta registry with: - - yotta install mbedtls - -and build it with: - - yotta build - -If, on the other hand, you already have a copy of Mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running: - - yotta/create-module.sh - -This should be executed from the root Mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual: - - cd yotta/module - yotta build - -In any case, you'll probably want to set the yotta target before building unless it has already been set globally. For more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/). - -For more details on the yotta/Mbed OS edition of Mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md). - ### Make We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. @@ -78,7 +47,7 @@ In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if th Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved. -Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so it you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line. +Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line. Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue. diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 2a87ada6a..6be7263f0 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -696,7 +696,7 @@ RECURSIVE = YES # Note that relative paths are relative to the directory from which doxygen is # run. -EXCLUDE = ../configs ../yotta/module +EXCLUDE = ../configs # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index b587317d9..66793899d 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -565,9 +565,8 @@ #endif /* TriCore */ /* - * gcc -O0 by default uses r7 for the frame pointer, so it complains about our - * use of r7 below, unless -fomit-frame-pointer is passed. Unfortunately, - * passing that option is not easy when building with yotta. + * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about + * our use of r7 below, unless -fomit-frame-pointer is passed. * * On the other hand, -fomit-frame-pointer is implied by any -Ox options with * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 81438c5b1..91d0cdb2e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3130,23 +3130,12 @@ /* \} name SECTION: Customisation configuration options */ -/* Target and application specific configurations */ -//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "target_config.h" - -#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE) -#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE -#endif - -/* +/* Target and application specific configurations + * * Allow user to override any previous default. * - * Use two macro names for that, as: - * - with yotta the prefix YOTTA_CFG_ is forced - * - without yotta is looks weird to have a YOTTA prefix. */ -#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) -#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE -#elif defined(MBEDTLS_USER_CONFIG_FILE) +#if defined(MBEDTLS_USER_CONFIG_FILE) #include MBEDTLS_USER_CONFIG_FILE #endif diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1faa5d561..36af17980 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -38,7 +38,6 @@ # * G++ # * arm-gcc and mingw-gcc # * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc -# * Yotta build dependencies, unless invoked with --no-yotta # * OpenSSL and GnuTLS command line tools, recent enough for the # interoperability tests. If they don't support SSLv3 then a legacy # version of these tools must be present as well (search for LEGACY @@ -96,7 +95,6 @@ MEMORY=0 FORCE=0 KEEP_GOING=0 RUN_ARMCC=1 -YOTTA=1 # Default commands, can be overriden by the environment : ${OPENSSL:="openssl"} @@ -130,12 +128,10 @@ General options: --no-force Refuse to overwrite modified files (default). --no-keep-going Stop at the first error (default). --no-memory No additional memory tests (default). - --no-yotta Skip yotta module build. --out-of-source-dir= Directory used for CMake out-of-source build tests. --random-seed Use a random seed value for randomized tests (default). -r|--release-test Run this script in release mode. This fixes the seed value to 1. -s|--seed Integer seed value to use for this test run. - --yotta Build yotta module (on by default). Tool path options: --armc5-bin-dir= ARM Compiler 5 bin directory. @@ -160,7 +156,7 @@ cleanup() command make clean # Remove CMake artefacts - find . -name .git -prune -o -name yotta -prune -o \ + find . -name .git -prune \ -iname CMakeFiles -exec rm -rf {} \+ -o \ \( -iname cmake_install.cmake -o \ -iname CTestTestfile.cmake -o \ @@ -253,7 +249,6 @@ while [ $# -gt 0 ]; do --no-force) FORCE=0;; --no-keep-going) KEEP_GOING=0;; --no-memory) MEMORY=0;; - --no-yotta) YOTTA=0;; --openssl) shift; OPENSSL="$1";; --openssl-legacy) shift; OPENSSL_LEGACY="$1";; --openssl-next) shift; OPENSSL_NEXT="$1";; @@ -261,7 +256,6 @@ while [ $# -gt 0 ]; do --random-seed) unset SEED;; --release-test|-r) SEED=1;; --seed|-s) shift; SEED="$1";; - --yotta) YOTTA=1;; *) echo >&2 "Unknown option: $1" echo >&2 "Run $0 --help for usage." @@ -272,20 +266,10 @@ while [ $# -gt 0 ]; do done if [ $FORCE -eq 1 ]; then - if [ $YOTTA -eq 1 ]; then - rm -rf yotta/module "$OUT_OF_SOURCE_DIR" - fi git checkout-index -f -q $CONFIG_H cleanup else - if [ $YOTTA -ne 0 ] && [ -d yotta/module ]; then - err_msg "Warning - there is an existing yotta module in the directory 'yotta/module'" - echo "You can either delete your work and retry, or force the test to overwrite the" - echo "test by rerunning the script as: $0 --force" - exit 1 - fi - if [ -d "$OUT_OF_SOURCE_DIR" ]; then echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 echo "You can either delete this directory manually, or force the test by rerunning" @@ -462,14 +446,6 @@ tests/scripts/doxygen.sh #### Build and test many configurations and targets ################################################################ -if [ $RUN_ARMCC -ne 0 ] && [ $YOTTA -ne 0 ]; then - # Note - use of yotta is deprecated, and yotta also requires armcc to be on the - # path, and uses whatever version of armcc it finds there. - msg "build: create and build yotta module" # ~ 30s - cleanup - record_status tests/scripts/yotta-build.sh -fi - msg "build: cmake, gcc, ASan" # ~ 1 min 50s cleanup CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 4c66440e2..f18a162cc 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -40,7 +40,7 @@ diff macros identifiers | sed -n -e 's/< //p' > actual-macros for THING in actual-macros enum-consts; do printf "Names of $THING: " test -r $THING - BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$\|^YOTTA_[0-9A-Z_]*[0-9A-Z]$' $THING || true ) + BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$' $THING || true ) if [ "x$BAD" = "x" ]; then echo "PASS" else diff --git a/tests/scripts/yotta-build.sh b/tests/scripts/yotta-build.sh deleted file mode 100755 index 4bae34aa3..000000000 --- a/tests/scripts/yotta-build.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/sh - -# yotta-build.sh -# -# This file is part of mbed TLS (https://tls.mbed.org) -# -# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved -# -# Purpose -# -# To run test builds of the yotta module for all supported targets. - -set -eu - -check_tools() -{ - for TOOL in "$@"; do - if ! `hash "$TOOL" >/dev/null 2>&1`; then - echo "$TOOL not found!" >&2 - exit 1 - fi - done -} - -yotta_build() -{ - TARGET=$1 - - echo; echo "*** $TARGET (release) ***" - yt -t $TARGET build - - echo; echo "*** $TARGET (debug) ***" - yt -t $TARGET build -d -} - -# Make sure the tools we need are available. -check_tools "arm-none-eabi-gcc" "armcc" "yotta" - -yotta/create-module.sh -cd yotta/module -yt update || true # needs network - -if uname -a | grep 'Linux.*x86' >/dev/null; then - yotta_build x86-linux-native -fi -if uname -a | grep 'Darwin.*x86' >/dev/null; then - yotta_build x86-osx-native -fi - -# armcc build tests. -yotta_build frdm-k64f-armcc -#yotta_build nordic-nrf51822-16k-armcc - -# arm-none-eabi-gcc build tests. -yotta_build frdm-k64f-gcc -#yotta_build st-nucleo-f401re-gcc # dirent -#yotta_build stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4 -#yotta_build nordic-nrf51822-16k-gcc # fails in minar-platform -#yotta_build bbc-microbit-classic-gcc # fails in minar-platform -#yotta_build st-stm32f439zi-gcc # fails in mbed-hal-st-stm32f4 -#yotta_build st-stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4 diff --git a/yotta/.gitignore b/yotta/.gitignore deleted file mode 100644 index 0cca093d7..000000000 --- a/yotta/.gitignore +++ /dev/null @@ -1 +0,0 @@ -module diff --git a/yotta/create-module.sh b/yotta/create-module.sh deleted file mode 100755 index 4c79ebe51..000000000 --- a/yotta/create-module.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh - -set -eu - -# relative to the script's directory -TREE=.. -DEST=module - -# make sure we're running in our own directory -if [ -f create-module.sh ]; then :; else - cd $( dirname $0 ) - if [ -f create-module.sh ]; then :; else - echo "Please run the script from is directory." >&2 - exit 1 - fi -fi - -# use a temporary directory to build the module, then rsync to DEST -# this allows touching only new files, for more efficient re-builds -TMP=$DEST-tmp -rm -rf $TMP - -mkdir -p $TMP/mbedtls $TMP/source -cp $TREE/include/mbedtls/*.h $TMP/mbedtls -cp $TREE/library/*.c $TMP/source - -# temporary, should depend on external module later -cp data/entropy_hardware_poll.c $TMP/source -cp data/target_config.h $TMP/mbedtls - -data/adjust-config.sh $TREE/scripts/config.pl $TMP/mbedtls/config.h - -mkdir -p $TMP/test -cp -r data/example-* $TMP/test -# later we should have the generated test suites here too - -cp data/module.json $TMP -cp data/README.md $TMP - -cp ../LICENSE $TMP -if [ -f ../apache-2.0.txt ]; then cp ../apache-2.0.txt $TMP; fi - -mkdir -p $DEST -rsync -cr --delete --exclude build --exclude yotta_\* $TMP/ $DEST/ -rm -rf $TMP - -echo "mbed TLS yotta module created in '$PWD/$DEST'." diff --git a/yotta/data/README.md b/yotta/data/README.md deleted file mode 100644 index b748aac32..000000000 --- a/yotta/data/README.md +++ /dev/null @@ -1,103 +0,0 @@ -# mbed TLS - -mbed TLS makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their embedded products, with a minimal code footprint. It offers an SSL library with an intuitive API and readable source code. - -**Note:** The current release is beta, and implements no secure source of random numbers, weakening its security. - -Currently the only supported yotta targets are: -- `frdm-k64f-gcc` -- `frdm-k64f-armcc` -- `x86-linux-native` -- `x86-osx-native` - -## Sample programs - -This release includes the following examples: - -1. [**Self test:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-selftest) Tests different basic functions in the mbed TLS library. - -2. [**Benchmark:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-benchmark) Measures the time taken to perform basic cryptographic functions used in the library. - -3. [**Hashing:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-hashing) Demonstrates the various APIs for computing hashes of data (also known as message digests) with SHA-256. - -4. [**Authenticated encryption:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-authcrypt) Demonstrates usage of the Cipher API for encrypting and authenticating data with AES-CCM. - -These examples are integrated as yotta tests, so that they are built automatically when you build mbed TLS. Each of them comes with complete usage instructions as a Readme file in the repository. - -## Performing TLS and DTLS connections - -A high-level API for performing TLS and DTLS connections with mbed TLS in mbed OS is provided in a separate yotta module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). We recommend this API for TLS and DTLS connections. It is very similar to the API provided by the [sockets](https://github.com/ARMmbed/sockets) module for unencrypted TCP and UDP connections. - -The `mbed-tls-sockets` module includes a complete [example TLS client](https://github.com/ARMmbed/mbed-tls-sockets/blob/master/test/tls-client/main.cpp) with [usage instructions](https://github.com/ARMmbed/mbed-tls-sockets/blob/master/test/tls-client/README.md). - -## Configuring mbed TLS features - -mbed TLS makes it easy to disable any feature during compilation, if that feature isn't required for a particular project. The default configuration enables all modern and widely-used features, which should meet the needs of new projects, and disables all features that are older or less common, to minimize the code footprint. - -The list of available compilation flags is available in the fully documented [config.h file](https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/config.h). - -If you need to adjust those flags, you can provide your own configuration-adjustment file with suitable `#define` and `#undef` statements. These will be included between the default definitions and the sanity checks. Your configuration file should be in your application's include directory, and can be named freely; you just need to let mbed TLS know the file's name. To do that, use yotta's [configuration system](http://docs.yottabuild.org/reference/config.html). The file's name should be in your `config.json` file, under mbedtls, as the key `user-config-file`. - -For example, in an application called `myapp`, if you want to enable the EC J-PAKE key exchange and disable the CBC cipher mode, you can create a file named `mbedtls-config-changes.h` in the `myapp` directory containing the following lines: - - #define MBEDTLS_ECJPAKE_C - #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - - #undef MBEDTLS_CIPHER_MODE_CBC - -And then create a file named `config.json` at the root of your application with the following contents: - - { - "mbedtls": { - "user-config-file": "\"myapp/mbedtls-config-changes.h\"" - } - } - -Please note: you need to provide the exact name that will be used in the `#include` directive, including the `<>` or quotes around the name. - -## Getting mbed TLS from GitHub - -Like most components of mbed OS, mbed TLS is developed in the open and its source can be found on GitHub: [ARMmbed/mbedtls](https://github.com/ARMmbed/mbedtls). Unlike most other mbed OS components, however, you cannot just clone the repository and run `yotta build` from its root. This is because mbed TLS also exists as an independent component, so its repository includes things that are not relevant for mbed OS, as well as other build systems. - -The way to use mbed TLS from a clone of the GitHub repository is to run the following commands from the root of a checkout: - - yotta/create-module.sh - cd yotta/module - -You can then run any yotta command you would normally run, such as `yotta build` or `yotta link`. - -## Differences between the standalone and mbed OS editions - -While the two editions share the same code base, there are still a number of differences, mainly in configuration and integration. You should keep in mind those differences when reading some articles in our [knowledge base](https://tls.mbed.org/kb), as currently all the articles are about the standalone edition. - -* The mbed OS edition has a smaller set of features enabled by default in `config.h`, in order to reduce footprint. While the default configuration of the standalone edition puts more emphasize on maintaining interoperability with old peers, the mbed OS edition only enables the most modern ciphers and the latest version of (D)TLS. - -* The following components of mbed TLS are disabled in the mbed OS edition: `net_sockets.c` and `timing.c`. This is because mbed OS include their equivalents. - -* The mbed OS edition comes with a fully integrated API for (D)TLS connections in a companion module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). See "Performing TLS and DTLS connections" above. - -## Other resources - -The [mbed TLS website](https://tls.mbed.org) contains many other useful -resources for the developer, such as [developer -documentation](https://tls.mbed.org/dev-corner), [knowledgebase -articles](https://tls.mbed.org/kb), and a [support forum](https://tls.mbed.org/discussions). - -## Contributing - -We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions: - -* Simple bug fixes to existing code do not contain copyright themselves and we can integrate without issue. The same is true of trivial contributions. - -* For larger contributions, such as a new feature, the code can possibly fall under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for this, which we will send to you in case you submit a contribution or pull request that we deem this necessary for. - -To contribute, please: - -* [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. - -* Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. - -* Write a test that shows that the bug was fixed or that the feature works as expected. - -* Send a pull request and bug us until it gets merged and published. We will include your name in the ChangeLog. - diff --git a/yotta/data/adjust-config.sh b/yotta/data/adjust-config.sh deleted file mode 100755 index 3fa84908f..000000000 --- a/yotta/data/adjust-config.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/sh - -set -eu - -if [ $# -ne 2 ]; then - echo "Usage: $0 path/to/config.pl path/to/config.h" >&2 - exit 1 -fi - -SCRIPT=$1 -FILE=$2 - -conf() { - $SCRIPT -f $FILE $@ -} - - -# Set the target specific header -conf set YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE \"mbedtls/target_config.h\" - -# not supported on mbed OS, nor used by mbed Client -conf unset MBEDTLS_NET_C -conf unset MBEDTLS_TIMING_C - -# not supported on all targets with mbed OS, nor used by mbed Client -conf unset MBEDTLS_FS_IO - -conf unset MBEDTLS_CIPHER_MODE_CFB -conf unset MBEDTLS_CIPHER_MODE_CTR -conf unset MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -conf unset MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -conf unset MBEDTLS_CIPHER_PADDING_ZEROS -conf unset MBEDTLS_ECP_DP_SECP192R1_ENABLED -conf unset MBEDTLS_ECP_DP_SECP224R1_ENABLED -conf unset MBEDTLS_ECP_DP_SECP521R1_ENABLED -conf unset MBEDTLS_ECP_DP_SECP192K1_ENABLED -conf unset MBEDTLS_ECP_DP_SECP224K1_ENABLED -conf unset MBEDTLS_ECP_DP_SECP256K1_ENABLED -conf unset MBEDTLS_ECP_DP_BP256R1_ENABLED -conf unset MBEDTLS_ECP_DP_BP384R1_ENABLED -conf unset MBEDTLS_ECP_DP_BP512R1_ENABLED -conf unset MBEDTLS_PK_PARSE_EC_EXTENDED - -conf unset MBEDTLS_AESNI_C -conf unset MBEDTLS_ARC4_C -conf unset MBEDTLS_BLOWFISH_C -conf unset MBEDTLS_CAMELLIA_C -conf unset MBEDTLS_DES_C -conf unset MBEDTLS_DHM_C -conf unset MBEDTLS_GENPRIME -conf unset MBEDTLS_MD5_C -conf unset MBEDTLS_PADLOCK_C -conf unset MBEDTLS_PEM_WRITE_C -conf unset MBEDTLS_PKCS5_C -conf unset MBEDTLS_PKCS12_C -conf unset MBEDTLS_RIPEMD160_C -conf unset MBEDTLS_SHA1_C -conf unset MBEDTLS_XTEA_C - -conf unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - -conf unset MBEDTLS_X509_CSR_PARSE_C -conf unset MBEDTLS_X509_CREATE_C -conf unset MBEDTLS_X509_CRT_WRITE_C -conf unset MBEDTLS_X509_CSR_WRITE_C - -conf unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -conf unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED -conf unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -conf unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -conf unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -conf unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -conf unset MBEDTLS_SSL_FALLBACK_SCSV -conf unset MBEDTLS_SSL_CBC_RECORD_SPLITTING -conf unset MBEDTLS_SSL_PROTO_TLS1 -conf unset MBEDTLS_SSL_PROTO_TLS1_1 -conf unset MBEDTLS_SSL_TRUNCATED_HMAC diff --git a/yotta/data/entropy_hardware_poll.c b/yotta/data/entropy_hardware_poll.c deleted file mode 100644 index 3a61e22ae..000000000 --- a/yotta/data/entropy_hardware_poll.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Hardware entropy collector for the K64F, using Freescale's RNGA - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -/* - * WARNING: this is temporary! - * This should be in a separate yotta module which would be a target - * dependency of mbedtls (see IOTSSL-313) - */ - -#if defined(TARGET_LIKE_K64F) - -/* - * Reference: "K64 Sub-Family Reference Manual, Rev. 2", chapter 34 - */ - -#include "fsl_clock_manager.h" - -/* - * Get one byte of entropy from the RNG, assuming it is up and running. - * As recommended (34.1.1), get only one bit of each output. - */ -static void rng_get_byte( unsigned char *byte ) -{ - size_t bit; - - /* 34.5 Steps 3-4-5: poll SR and read from OR when ready */ - for( bit = 0; bit < 8; bit++ ) - { - while( ( RNG->SR & RNG_SR_OREG_LVL_MASK ) == 0 ); - *byte |= ( RNG->OR & 1 ) << bit; - } -} - -/* - * Get len bytes of entropy from the hardware RNG. - */ -int mbedtls_hardware_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ - size_t i; - int ret; - ((void) data); - - CLOCK_SYS_EnableRngaClock( 0 ); - - /* Set "Interrupt Mask", "High Assurance" and "Go", - * unset "Clear interrupt" and "Sleep" */ - RNG->CR = RNG_CR_INTM_MASK | RNG_CR_HA_MASK | RNG_CR_GO_MASK; - - for( i = 0; i < len; i++ ) - rng_get_byte( output + i ); - - /* Just be extra sure that we didn't do it wrong */ - if( ( RNG->SR & RNG_SR_SECV_MASK ) != 0 ) - { - ret = -1; - goto cleanup; - } - - *olen = len; - ret = 0; - -cleanup: - /* Disable clock to save power - assume we're the only users of RNG */ - CLOCK_SYS_DisableRngaClock( 0 ); - - return( ret ); -} - -#endif diff --git a/yotta/data/example-authcrypt/README.md b/yotta/data/example-authcrypt/README.md deleted file mode 100644 index 4498b9dd4..000000000 --- a/yotta/data/example-authcrypt/README.md +++ /dev/null @@ -1,68 +0,0 @@ -# Authenticated Encryption Example - -This application performs authenticated encryption and authenticated decryption of a buffer. It serves as a tutorial for the basic authenticated encryption functions of mbed TLS. - -## Pre-requisites - -To build and run this example you must have: - -* A computer with the following software installed: - * [CMake](http://www.cmake.org/download/). - * [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows). - * [Python](https://www.python.org/downloads/). - * [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded). - * A serial terminal emulator (Like screen, pySerial and cu). -* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below). -* A micro-USB cable. -* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration). - -## Getting started - -1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board. - -2. Navigate to the mbedtls directory supplied with your release and open a terminal. - -3. Set the yotta target: - - ``` - yotta target frdm-k64f-gcc - ``` - -4. Build mbedtls and the examples. This may take a long time if this is your first compilation: - - ``` - $ yotta build - ``` - -5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-authcrypt.bin` to your mbed board and wait until the LED next to the USB port stops blinking. - -6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - - Use the following settings: - - * 115200 baud (not 9600). - * 8N1. - * No flow control. - -7. Press the Reset button on the board. - -8. The output in the terminal window should look like: - - ``` - {{timeout;10}} - {{host_test_name;default}} - {{description;mbed TLS example authcrypt}} - {{test_id;MBEDTLS_EX_AUTHCRYPT}} - {{start}} - - - plaintext message: 536f6d65207468696e67732061726520626574746572206c65667420756e7265616400 - ciphertext: c57f7afb94f14c7977d785d08682a2596bd62ee9dcf216b8cccd997afee9b402f5de1739e8e6467aa363749ef39392e5c66622b01c7203ec0a3d14 - decrypted: 536f6d65207468696e67732061726520626574746572206c65667420756e7265616400 - - DONE - {{success}} - {{end}} - ``` - -The actual output for the ciphertext line will vary on each run because of the use of a random nonce in the encryption process. diff --git a/yotta/data/example-authcrypt/main.cpp b/yotta/data/example-authcrypt/main.cpp deleted file mode 100644 index 23fad2792..000000000 --- a/yotta/data/example-authcrypt/main.cpp +++ /dev/null @@ -1,197 +0,0 @@ -/* - * Hello world example of using the authenticated encryption with mbed TLS - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#include "mbedtls/cipher.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include - -static void print_hex(const char *title, const unsigned char buf[], size_t len) -{ - printf("%s: ", title); - - for (size_t i = 0; i < len; i++) - printf("%02x", buf[i]); - - printf("\r\n"); -} - -/* - * The pre-shared key. Should be generated randomly and be unique to the - * device/channel/etc. Just used a fixed on here for simplicity. - */ -static const unsigned char secret_key[16] = { - 0xf4, 0x82, 0xc6, 0x70, 0x3c, 0xc7, 0x61, 0x0a, - 0xb9, 0xa0, 0xb8, 0xe9, 0x87, 0xb8, 0xc1, 0x72, -}; - -static int example(void) -{ - /* message that should be protected */ - const char message[] = "Some things are better left unread"; - /* metadata transmitted in the clear but authenticated */ - const char metadata[] = "eg sequence number, routing info"; - /* ciphertext buffer large enough to hold message + nonce + tag */ - unsigned char ciphertext[128] = { 0 }; - int ret; - - printf("\r\n\r\n"); - print_hex("plaintext message", (unsigned char *) message, sizeof message); - - /* - * Setup random number generator - * (Note: later this might be done automatically.) - */ - mbedtls_entropy_context entropy; /* entropy pool for seeding PRNG */ - mbedtls_ctr_drbg_context drbg; /* pseudo-random generator */ - - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&drbg); - - /* Seed the PRNG using the entropy pool, and throw in our secret key as an - * additional source of randomness. */ - ret = mbedtls_ctr_drbg_seed(&drbg, mbedtls_entropy_func, &entropy, - secret_key, sizeof (secret_key)); - if (ret != 0) { - printf("mbedtls_ctr_drbg_init() returned -0x%04X\r\n", -ret); - return 1; - } - - /* - * Setup AES-CCM contex - */ - mbedtls_cipher_context_t ctx; - - mbedtls_cipher_init(&ctx); - - ret = mbedtls_cipher_setup(&ctx, mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CCM)); - if (ret != 0) { - printf("mbedtls_cipher_setup() returned -0x%04X\r\n", -ret); - return 1; - } - - ret = mbedtls_cipher_setkey(&ctx, secret_key, 8 * sizeof secret_key, MBEDTLS_ENCRYPT); - if (ret != 0) { - printf("mbedtls_cipher_setkey() returned -0x%04X\r\n", -ret); - return 1; - } - - /* - * Encrypt-authenticate the message and authenticate additional data - * - * First generate a random 8-byte nonce. - * Put it directly in the output buffer as the recipient will need it. - * - * Warning: you must never re-use the same (key, nonce) pair. One of the - * best ways to ensure this to use a counter for the nonce. However this - * means you should save the counter accross rebots, if the key is a - * long-term one. The alternative we choose here is to generate the nonce - * randomly. However it only works if you have a good source of - * randomness. - */ - const size_t nonce_len = 8; - mbedtls_ctr_drbg_random(&drbg, ciphertext, nonce_len); - - size_t ciphertext_len = 0; - /* Go for a conservative 16-byte (128-bit) tag - * and append it to the ciphertext */ - const size_t tag_len = 16; - ret = mbedtls_cipher_auth_encrypt(&ctx, ciphertext, nonce_len, - (const unsigned char *) metadata, sizeof metadata, - (const unsigned char *) message, sizeof message, - ciphertext + nonce_len, &ciphertext_len, - ciphertext + nonce_len + sizeof message, tag_len ); - if (ret != 0) { - printf("mbedtls_cipher_auth_encrypt() returned -0x%04X\r\n", -ret); - return 1; - } - ciphertext_len += nonce_len + tag_len; - - /* - * The following information should now be transmitted: - * - first ciphertext_len bytes of ciphertext buffer - * - metadata if not already transmitted elsewhere - */ - print_hex("ciphertext", ciphertext, ciphertext_len); - - /* - * Decrypt-authenticate - */ - unsigned char decrypted[128] = { 0 }; - size_t decrypted_len = 0; - - ret = mbedtls_cipher_setkey(&ctx, secret_key, 8 * sizeof secret_key, MBEDTLS_DECRYPT); - if (ret != 0) { - printf("mbedtls_cipher_setkey() returned -0x%04X\r\n", -ret); - return 1; - } - - ret = mbedtls_cipher_auth_decrypt(&ctx, - ciphertext, nonce_len, - (const unsigned char *) metadata, sizeof metadata, - ciphertext + nonce_len, ciphertext_len - nonce_len - tag_len, - decrypted, &decrypted_len, - ciphertext + ciphertext_len - tag_len, tag_len ); - /* Checking the return code is CRITICAL for security here */ - if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) { - printf("Something bad is happening! Data is not authentic!\r\n"); - return 1; - } - if (ret != 0) { - printf("mbedtls_cipher_authdecrypt() returned -0x%04X\r\n", -ret); - return 1; - } - - print_hex("decrypted", decrypted, decrypted_len); - - printf("\r\nDONE\r\n"); - - return 0; -} - -#if defined(TARGET_LIKE_MBED) - -#include "mbed-drivers/test_env.h" -#include "minar/minar.h" - -static void run() { - MBED_HOSTTEST_TIMEOUT(10); - MBED_HOSTTEST_SELECT(default); - MBED_HOSTTEST_DESCRIPTION(mbed TLS example authcrypt); - MBED_HOSTTEST_START("MBEDTLS_EX_AUTHCRYPT"); - MBED_HOSTTEST_RESULT(example() == 0); -} - -void app_start(int, char*[]) { - /* Use 115200 bps for consistency with other examples */ - get_stdio_serial().baud(115200); - minar::Scheduler::postCallback(mbed::util::FunctionPointer0(run).bind()); -} - -#else - -int main() { - return example(); -} - -#endif diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md deleted file mode 100644 index 715abee27..000000000 --- a/yotta/data/example-benchmark/README.md +++ /dev/null @@ -1,100 +0,0 @@ -# mbed TLS Benchmark Example - -This application benchmarks the various cryptographic primitives offered by mbed TLS. - -## Pre-requisites - -To build and run this example you must have: - -* A computer with the following software installed: - * [CMake](http://www.cmake.org/download/). - * [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows). - * [Python](https://www.python.org/downloads/). - * [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded). - * A serial terminal emulator (Like screen, pySerial and cu). -* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below). -* A micro-USB cable. -* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration). - -## Getting started - -1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board. - -2. Navigate to the mbedtls directory supplied with your release and open a terminal. - -3. Set the yotta target: - - ``` - yotta target frdm-k64f-gcc - ``` - -4. Build mbedtls and the examples. This may take a long time if this is your first compilation: - - ``` - $ yotta build - ``` - -5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-benchmark.bin` to your mbed board and wait until the LED next to the USB port stops blinking. - -6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - - Use the following settings: - - * 115200 baud (not 9600). - * 8N1. - * No flow control. - -7. Press the Reset button on the board. - -8. The output in the terminal window should look like: - - ``` - {{timeout;150}} - {{host_test_name;default}} - {{description;mbed TLS benchmark program}} - {{test_id;MBEDTLS_BENCHMARK}} - {{start}} - - - SHA-1 : 3644 KiB/s, 32 cycles/byte - SHA-256 : 1957 KiB/s, 59 cycles/byte - SHA-512 : 587 KiB/s, 200 cycles/byte - AES-CBC-128 : 1359 KiB/s, 86 cycles/byte - AES-CBC-192 : 1183 KiB/s, 99 cycles/byte - AES-CBC-256 : 1048 KiB/s, 111 cycles/byte - AES-GCM-128 : 421 KiB/s, 279 cycles/byte - AES-GCM-192 : 403 KiB/s, 292 cycles/byte - AES-GCM-256 : 385 KiB/s, 305 cycles/byte - AES-CCM-128 : 542 KiB/s, 216 cycles/byte - AES-CCM-192 : 484 KiB/s, 242 cycles/byte - AES-CCM-256 : 437 KiB/s, 268 cycles/byte - CTR_DRBG (NOPR) : 1002 KiB/s, 117 cycles/byte - CTR_DRBG (PR) : 705 KiB/s, 166 cycles/byte - HMAC_DRBG SHA-1 (NOPR) : 228 KiB/s, 517 cycles/byte - HMAC_DRBG SHA-1 (PR) : 210 KiB/s, 561 cycles/byte - HMAC_DRBG SHA-256 (NOPR) : 212 KiB/s, 557 cycles/byte - HMAC_DRBG SHA-256 (PR) : 185 KiB/s, 637 cycles/byte - RSA-2048 : 41 ms/ public - RSA-2048 : 1349 ms/private - RSA-4096 : 134 ms/ public - RSA-4096 : 7149 ms/private - ECDSA-secp384r1 : 640 ms/sign - ECDSA-secp256r1 : 387 ms/sign - ECDSA-secp384r1 : 1233 ms/verify - ECDSA-secp256r1 : 751 ms/verify - ECDHE-secp384r1 : 1191 ms/handshake - ECDHE-secp256r1 : 730 ms/handshake - ECDHE-Curve25519 : 611 ms/handshake - ECDH-secp384r1 : 584 ms/handshake - ECDH-secp256r1 : 365 ms/handshake - ECDH-Curve25519 : 303 ms/handshake - - {{success}} - {{end}} - ``` - -Any performance data generated by this example application are indicative only of the performance of the mbed TLS module on the platform it's executed on. - -Differences in the integration of mbed TLS into the platform, such as whether all available hardware accelerators have been used or not, can lead to significant differences in performance, and so results from the program are not intended to be used to meaningfully compare platforms. - -The figures may also slightly change from execution to execution due to variations in the timing functions. diff --git a/yotta/data/example-benchmark/main.cpp b/yotta/data/example-benchmark/main.cpp deleted file mode 100644 index d13cde550..000000000 --- a/yotta/data/example-benchmark/main.cpp +++ /dev/null @@ -1,951 +0,0 @@ -/* - * Benchmark demonstration program - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#if !defined(TARGET_LIKE_MBED) - -#include - -int main() { - printf("this version of this program only works on mbed OS\n"); - return 0; -} - -#else - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_exit exit -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf -#define mbedtls_free free -#endif - -#include - -#include "mbedtls/md4.h" -#include "mbedtls/md5.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/arc4.h" -#include "mbedtls/des.h" -#include "mbedtls/aes.h" -#include "mbedtls/blowfish.h" -#include "mbedtls/camellia.h" -#include "mbedtls/gcm.h" -#include "mbedtls/ccm.h" -#include "mbedtls/havege.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/rsa.h" -#include "mbedtls/pk.h" -#include "mbedtls/dhm.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/ecdh.h" -#include "mbedtls/error.h" - -#include "mbed-drivers/mbed.h" - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -#define RSA_PRIVATE_KEY_2048 \ -"-----BEGIN RSA PRIVATE KEY-----\r\n" \ -"MIIEogIBAAKCAQEA2dwVr+IMGEtA2/MCP6fA5eb/6B18Bq6e7gw8brNPkm3E6LyR\r\n" \ -"4DnMJVxZmw3bPDKBDoKzfntkMESi/Yw5UopLtVfjGfWeQWPClqffLZBsZ60BRAsg\r\n" \ -"/g+ID5tgzxSuxzftypK59uexOVCAm7hCKZHGO3DbI7bLY27j7VAgEP7d/yuaz5Fx\r\n" \ -"Kl/vu7shqrBoz6ABJVJD3KC8nUiMRUCXRINmxbyUUjA4DnicZv6+xrGKr36r6M8h\r\n" \ -"VYLa5msKc8WzbnBWzpUsrpb4/r7ML+qp92gdSfVJ8/bLiU7h2C7faDA59uaqrFK9\r\n" \ -"xmDdx7FaWhGQs3LWW6w1UNgkPS0FDYUslpsnsQIDAQABAoIBAC7IJNwM5V3+IuJY\r\n" \ -"T35Nzo1PyloUosJokvY5KGz5Ejg2XBdCDu0gXCcVqqQyGIbXrYDpLhQV+RCoXHun\r\n" \ -"tdN0oQdC5SB47s/J1Uo2qCUHo0+sBd6PqTkFKsl3KxWssk9TQjvCwC412IefMs69\r\n" \ -"hW+ZvwCanmQP56LleApIr2oW4KLfW8Ry/QfZlua+dizctdN7+H1mWwgZQTY9T27J\r\n" \ -"6RtGRA5NVkKVPzIHVJfdpKoO7xGg1g06aEbPB/VmGvZaaFWWnaf7uRvFjLZecBLu\r\n" \ -"QSx2DA/GDjirlDYj99PJb7DtB4xRtKzsyw0o+xapC8w6OtIl/3xFt9moCu2jGrsx\r\n" \ -"vpjHdfECgYEA7fSACRseIs9gAIVX8wq6gayTpA47DHYWAD6IQfIj35SJ+AgsvbFF\r\n" \ -"4AmrwDhcJVPmDy1N4nLBfyGAMt/2CfiYkdkW6QFX/ULRMMBL/G7kWV8hYQDICB2g\r\n" \ -"xaMRN1lPCmFq6BkSWjwIYTnYDFBDWVm1GVT8TMtJoM8Erej9qC0PeFUCgYEA6mF3\r\n" \ -"bigO3t8f5sig+XepaftEUbkJMzo72TVRnIR2ycdR2ihelPQ+25g9dwV0ZA5XXhBS\r\n" \ -"DKOABWjMM739Mwmy9v26Dlmu9R01zHQktMvtEAyfz7lk2NF0aMuj8285OJUBf9bz\r\n" \ -"Cq3MjtMCD+4CZ6iaEqCdUKOuxfpx5cWVJV+qve0CgYBhD1YaYMFOGaBjFgDl1f51\r\n" \ -"Xltqk5NqZdBbkSYrIAWZ8RDF5y+4wFJsLAWuhk6vuyUgE66tK3nZzWRpXAkT0B8L\r\n" \ -"fq1lpXKqj1KcvBNCiEkEW1VWJ+dvyAYIF5eyJ++hoFLnETL3M32HivyhKSwPihPg\r\n" \ -"nVW8TT9fJJIYDe1JZ/fjcQKBgHJfv7UsrR0LSvkG3K8AOtbx+8PZhOjPuRbk0v+L\r\n" \ -"EKCkuIe5/XW4vtfQMeZb7hFJgk7vrepm+vkoy8VQKDf4urGW3W1VTHBmobM01hi4\r\n" \ -"DuYvEul+Mf0wMRtWjJolo4m+BO5KiW2jpFfqFm6JmfjVqOIAKOSKC6am8V/MDF0h\r\n" \ -"kyN9AoGAT9oOiEXMolbkDZw/QCaBiRoAGlGlNYUkJ+58U6OjIZLISw6aFv+Y2uE0\r\n" \ -"mEImItjuYZtSYKblWikp6ldPoKlt9bwEFe3c6IZ8kJ3+xyEyAGrvjXjEY7PzP6dp\r\n" \ -"Ajbjp9X9uocEBv9W/KsBLdQ7yizcL/toHwdBO4vQqmqTvAc5IIw=\r\n" \ -"-----END RSA PRIVATE KEY-----\r\n" - -#define RSA_PRIVATE_KEY_4096 \ -"-----BEGIN RSA PRIVATE KEY-----\r\n" \ -"MIIJKgIBAAKCAgEAmkdGjoIshJuOt2NO47qB3Z3yyvmLg2j351isItSNuFQU3qr+\r\n" \ -"jXHIeANf03yw/K0Zvos8RPd+CqLjoxAQL3QDH4bZAl88bIo29i+SANbNSrKQmc0k\r\n" \ -"pH+yzw3alDzO0GZaOPZjsbo6AwBrno5msi0vRuC2aY8vGLPsZWSyLai7tneS1j/o\r\n" \ -"vYW6XIo8Cj61j2Ypy9HhVUW/4Wc+zAT25D/x7jTpkqJLWWT+YzibNbOY48M5eJcB\r\n" \ -"6/sMyUIeI3/u/wXyMrooNyLiCpedkuHRA0m7u5cWPTUISTunSRlVFij/NHJjuU8e\r\n" \ -"wA3B29yfZFsUqDEnyc+OxniIueAixTomVszxAaVn8zFEbYhFMPqziiFp99u3jfeG\r\n" \ -"k1q9mmUi/uCfUC4e2IC5rqq1ZbKSduH7Ug/Vn2bGQahww0sZFRHDXFrnBcotcW+M\r\n" \ -"bnC290VBDnYgzmdYrIOxuPb2aUwJo4ZlbKh5uBB1PigMuyhLKibQ1a+V5ZJGdpP6\r\n" \ -"SE9PGIdgYWSmh2QEMuLE6v+wTO2LQ5JgqsvFfi3GIZvkn0s8jTS72Jq2uMkFkMer\r\n" \ -"UBjPDYaSPy5kpo103KerWs+cMPOJ/3FtZzI++7MoSUTkWVr1ySQFt5i1EIZ/0Thi\r\n" \ -"jut2jNe8a4AoA3TtC8Rkk/3AIIbg8MVNT4EnT+KHROTMu6gET1oJ3YfBRpUCAwEA\r\n" \ -"AQKCAgEAhuNSmT7PVZH8kfLOAuYKrY1vvm+4v0iDl048Eqfs0QESziyLK3gUYnnw\r\n" \ -"yqP2yrU+EQ8Dvvj0xq/sf6GHxTWVlXb9PcmutueRbmXhLcKg83J0Y0StiPXtjIL8\r\n" \ -"XSddW3Bh6fPi7n14Qy+W6KZwu9AtybanRlvePabyRSRpdOpWVQ7u30w5XZsSed6S\r\n" \ -"6BI0BBC68m2qqje1sInoqdCdXKtcB31TytUDNEHM+UuAyM8iGeGS2hCNqZlycHTS\r\n" \ -"jQ9KEsdMH3YLu0lQgRpWtxmg+VL6ROWwmAtKF12EwbDYZ+uoVl69OkQnCpv8pxKa\r\n" \ -"ec/4m6V+uEA1AOpaAMorHG3fH31IKWC/fTZstovgO/eG2XCtlbcCoWCQ7amFq16l\r\n" \ -"Gh1UKeBHxMXpDj4oDmIUGUvgzSNnEeSN/v76losWvWYQDjXR/LMDa/CNYsD8BmJR\r\n" \ -"PZidIjIXdVRlYOhA7ljtySQvp6RBujBfw3tsVMyZw2XzXFwM9O89b1xXC6+M5jf9\r\n" \ -"DXs/U7Fw+J9qq/YpByABcPCwWdttwdQFRbOxwxaSOKarIqS87TW1JuFcNJ59Ut6G\r\n" \ -"kMvAg6gC34U+0ktkG/AmI1hgjC+P7ErHCXBR2xARoGzcO/CMZF59S+Z2HFchpTSP\r\n" \ -"5T2o4mGy3VfHSBidQQrcZRukg8ZP8M1NF3bXjpY6QZpeLHc4oHECggEBAMjdgzzk\r\n" \ -"xp4mIYFxAEiXYt7tzuUXJk+0UpEJj5uboWLirUZqZmNUPyh6WDnzlREBH++Ms0LO\r\n" \ -"+AWSfaGPDoMb0NE2j3c4FRWAhe7Vn6lj7nLVpF2RdwRo88yGerZ4uwGMY8NUQCtn\r\n" \ -"zum3J7eCJ5DojiceRb6uMxTJ8xZmUC4W2f3J/lrR7wlYjyVnnHqH5HcemYUipWSw\r\n" \ -"sM0/cHp3lrz2VWrbAEu8HVpklvDQpdAgl7cjXt/JHYawY+p426IF/PzQSRROnzgy\r\n" \ -"4WI8FVYNV2tgu0TOFURbkkEvuj/duDKeooUIF0G0XHzha5oAX/j0iWiHbrOF6wHj\r\n" \ -"0xeajL9msKBnmD8CggEBAMSgLWmv7G31x4tndJCcXnX4AyVL7KpygAx/ZwCcyTR8\r\n" \ -"rY1rO07f/ta2noEra/xmEW/BW98qJFCHSU2nSLAQ5FpFSWyuQqrnffrMJnfWyvpr\r\n" \ -"ceQ0yQ/MiA6/JIOvGAjabcspzZijxzGp+Qk3eTT0yOXLSVOCH9B9XVHLodcy4PQM\r\n" \ -"KSCxy0vVHhVNl2SdPEwTXRmxk99Q/rw6IHVpQxBq1OhQt05nTKT+rZMD/grSK22e\r\n" \ -"my2F0DodAJwLo063Zv3RXQZhDYodMmjcp9Hqrtvj9P3HD7J3z6ACiV3SCi8cZumL\r\n" \ -"bSmnKCcd0bb45+aOWm31ieECJuIcJ9rOREEa/KDYTCsCggEBAMG5WkSVhLWsou37\r\n" \ -"dUGNuA63nq42SH3gtS0q4nU6gUkkw+dA4ST1cMByVrr1oRQ4WHup4I4TnQOKyF3T\r\n" \ -"4jQy1I+ipnVeAn+tZ/7zyzwMpEHeqNqRXA9FxbTBEoMAJ6QTqXgOvqDeSqIAQm7r\r\n" \ -"OYu5rrgtqyh/S8bGCwvUe4ooAfCSKx2ekYMbBVwW9MT8YS09tuS/iHJ3Mt2RTMLg\r\n" \ -"qeHvVmxrcXqZoFm44Ba7tN/pP0mi9HKyviZT4tmV3IYEbn3JyGGsfkUuVU9wEUfg\r\n" \ -"MCrgrVxrwfketAzooiHMjkVL2ASjzAJTmEvdAPETYXxzJD9LN0ovY3t8JfAC37IN\r\n" \ -"sVXS8/MCggEBALByOS59Y4Ktq1rLBQx8djwQyuneP0wZohUVAx7Gk7xZIfklQDyg\r\n" \ -"v/R4PrcVezstcPpDnykdjScCsGJR+uWc0v667I/ttP/e6utz5hVmmBGu965dPAzE\r\n" \ -"c1ggaSkOqFfRg/Nr2Qbf+fH0YPnHYSqHe/zSt0OMIvaaeXLcdKhEDSCUBRhE1HWB\r\n" \ -"kxR046WzgBeYzNQwycz9xwqsctJKGpeR9ute+5ANHPd3X9XtID0fqz8ctI5eZaSw\r\n" \ -"wApIW01ZQcAF8B+4WkkVuFXnpWW33yCOaRyPVOPHpnclr5WU1fS+3Q85QkW9rkej\r\n" \ -"97zlkl0QY9AHJqrXnoML1ywAK7ns+MVyNK8CggEAf62xcKZhOb1djeF72Ms+i/i/\r\n" \ -"WIAq4Q4YpsElgvJTHpNH2v9g4ngSTKe3ws3bGc502sWRlhcoTFMOW2rJNe/iqKkb\r\n" \ -"3cdeTkseDbpqozmJWz9dJWSVtXas2bZjzBEa//gQ7nHGVeQdqZJQ9rxPsoOAkfpi\r\n" \ -"qCFrmfUVUqC53e3XMt8+W+aSvKl+JZiB9ozkO9A6Q0vfQLKtjUMdQE3XaCFQT8DI\r\n" \ -"smaLBlBmeRaBpc02ENeC4ADlWosm1SwgxqMhuh2Alba/GrHOoPlVl4hDs9Fb5a6R\r\n" \ -"rmpXSt07GAxnG6j9jssA95E4rc1zO0CVKG5bvjVTxwi/sT0/VVX7VsJM4uTAQg==\r\n" \ -"-----END RSA PRIVATE KEY-----\r\n" - -#if defined _MSC_VER && !defined snprintf -#define snprintf _snprintf -#endif - -/* - * For heap usage estimates, we need an estimate of the overhead per allocated - * block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block, - * so use that as our baseline. - */ -#define MEM_BLOCK_OVERHEAD ( 2 * sizeof( size_t ) ) - -/* - * Size to use for the malloc buffer if MEMORY_BUFFER_ALLOC_C is defined. - */ -#define HEAP_SIZE (1u << 16) // 64k - -#define BUFSIZE 1024 -#define HEADER_FORMAT " %-24s : " -#define TITLE_LEN 25 - -#define OPTIONS \ - "md4, md5, ripemd160, sha1, sha256, sha512,\r\n" \ - "arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish,\r\n" \ - "havege, ctr_drbg, hmac_drbg\r\n" \ - "rsa, dhm, ecdsa, ecdh.\r\n" - -#if defined(MBEDTLS_ERROR_C) -#define PRINT_ERROR \ - mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \ - mbedtls_printf( "FAILED: %s\r\n", tmp ); -#else -#define PRINT_ERROR \ - mbedtls_printf( "FAILED: -0x%04x\r\n", -ret ); -#endif - -static unsigned long mbedtls_timing_hardclock( void ) -{ - static int dwt_started = 0; - - if( dwt_started == 0 ) - { - CoreDebug->DEMCR |= CoreDebug_DEMCR_TRCENA_Msk; - DWT->CTRL |= DWT_CTRL_CYCCNTENA_Msk; - } - - return( DWT->CYCCNT ); -} - -static volatile int alarmed; -static void alarm() { alarmed = 1; } - -#define TIME_AND_TSC( TITLE, CODE ) \ -do { \ - unsigned long i, j, tsc; \ - Timeout t; \ - \ - mbedtls_printf( HEADER_FORMAT, TITLE ); \ - fflush( stdout ); \ - \ - for( i = 1, alarmed = 0, t.attach( alarm, 1.0 ); !alarmed; i++ ) \ - { \ - CODE; \ - } \ - \ - tsc = mbedtls_timing_hardclock(); \ - for( j = 0; j < 1024; j++ ) \ - { \ - CODE; \ - } \ - \ - mbedtls_printf( "%9lu KiB/s, %9lu cycles/byte\r\n", \ - i * BUFSIZE / 1024, \ - ( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \ -} while( 0 ) - -#if defined(MBEDTLS_ERROR_C) -#define PRINT_ERROR \ - mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \ - mbedtls_printf( "FAILED: %s\r\n", tmp ); -#else -#define PRINT_ERROR \ - mbedtls_printf( "FAILED: -0x%04x\r\n", -ret ); -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) - -#define MEMORY_MEASURE_INIT \ - size_t max_used, max_blocks, max_bytes; \ - size_t prv_used, prv_blocks; \ - mbedtls_memory_buffer_alloc_cur_get( &prv_used, &prv_blocks ); \ - mbedtls_memory_buffer_alloc_max_reset( ); - -#define MEMORY_MEASURE_PRINT( title_len ) \ - mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \ - for( i = 12 - title_len; i != 0; i-- ) mbedtls_printf( " " ); \ - max_used -= prv_used; \ - max_blocks -= prv_blocks; \ - max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \ - mbedtls_printf( "%6u heap bytes", (unsigned) max_bytes ); - -#else -#define MEMORY_MEASURE_INIT -#define MEMORY_MEASURE_PRINT( title_len ) -#endif - -#define TIME_PUBLIC( TITLE, TYPE, CODE ) \ -do { \ - unsigned long ms; \ - int ret = 0; \ - Timer t; \ - MEMORY_MEASURE_INIT; \ - \ - mbedtls_printf( HEADER_FORMAT, TITLE ); \ - fflush( stdout ); \ - \ - t.start(); \ - CODE; \ - t.stop(); \ - ms = t.read_ms(); \ - \ - if( ret != 0 ) \ - { \ - PRINT_ERROR; \ - } \ - else \ - { \ - mbedtls_printf( "%6lu ms/" TYPE, ms ); \ - MEMORY_MEASURE_PRINT( sizeof( TYPE ) + 1 ); \ - mbedtls_printf( "\r\n" ); \ - } \ -} while( 0 ) - -static int myrand( void *rng_state, unsigned char *output, size_t len ) -{ - size_t use_len; - int rnd; - - if( rng_state != NULL ) - rng_state = NULL; - - while( len > 0 ) - { - use_len = len; - if( use_len > sizeof(int) ) - use_len = sizeof(int); - - rnd = rand(); - memcpy( output, &rnd, use_len ); - output += use_len; - len -= use_len; - } - - return( 0 ); -} - -/* - * Clear some memory that was used to prepare the context - */ -#if defined(MBEDTLS_ECP_C) -void ecp_clear_precomputed( mbedtls_ecp_group *grp ) -{ - if( grp->T != NULL ) - { - size_t i; - for( i = 0; i < grp->T_size; i++ ) - mbedtls_ecp_point_free( &grp->T[i] ); - mbedtls_free( grp->T ); - } - grp->T = NULL; - grp->T_size = 0; -} -#else -#define ecp_clear_precomputed( g ) -#endif - -unsigned char buf[BUFSIZE]; - -typedef struct { - char md4, md5, ripemd160, sha1, sha256, sha512, - arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish, - havege, ctr_drbg, hmac_drbg, - rsa, dhm, ecdsa, ecdh; -} todo_list; - -int benchmark( int argc, char *argv[] ) -{ - int i; - unsigned char tmp[200]; - char title[TITLE_LEN]; - todo_list todo; -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char malloc_buf[HEAP_SIZE] = { 0 }; -#endif - - if( argc <= 1 ) - { - memset( &todo, 1, sizeof( todo ) ); - } - else - { - memset( &todo, 0, sizeof( todo ) ); - - for( i = 1; i < argc; i++ ) - { - if( strcmp( argv[i], "md4" ) == 0 ) - todo.md4 = 1; - else if( strcmp( argv[i], "md5" ) == 0 ) - todo.md5 = 1; - else if( strcmp( argv[i], "ripemd160" ) == 0 ) - todo.ripemd160 = 1; - else if( strcmp( argv[i], "sha1" ) == 0 ) - todo.sha1 = 1; - else if( strcmp( argv[i], "sha256" ) == 0 ) - todo.sha256 = 1; - else if( strcmp( argv[i], "sha512" ) == 0 ) - todo.sha512 = 1; - else if( strcmp( argv[i], "arc4" ) == 0 ) - todo.arc4 = 1; - else if( strcmp( argv[i], "des3" ) == 0 ) - todo.des3 = 1; - else if( strcmp( argv[i], "des" ) == 0 ) - todo.des = 1; - else if( strcmp( argv[i], "aes_cbc" ) == 0 ) - todo.aes_cbc = 1; - else if( strcmp( argv[i], "aes_gcm" ) == 0 ) - todo.aes_gcm = 1; - else if( strcmp( argv[i], "aes_ccm" ) == 0 ) - todo.aes_ccm = 1; - else if( strcmp( argv[i], "camellia" ) == 0 ) - todo.camellia = 1; - else if( strcmp( argv[i], "blowfish" ) == 0 ) - todo.blowfish = 1; - else if( strcmp( argv[i], "havege" ) == 0 ) - todo.havege = 1; - else if( strcmp( argv[i], "ctr_drbg" ) == 0 ) - todo.ctr_drbg = 1; - else if( strcmp( argv[i], "hmac_drbg" ) == 0 ) - todo.hmac_drbg = 1; - else if( strcmp( argv[i], "rsa" ) == 0 ) - todo.rsa = 1; - else if( strcmp( argv[i], "dhm" ) == 0 ) - todo.dhm = 1; - else if( strcmp( argv[i], "ecdsa" ) == 0 ) - todo.ecdsa = 1; - else if( strcmp( argv[i], "ecdh" ) == 0 ) - todo.ecdh = 1; - else - { - mbedtls_printf( "Unrecognized option: %s\r\n", argv[i] ); - mbedtls_printf( "Available options: " OPTIONS ); - } - } - } - - mbedtls_printf( "\r\n\r\n" ); - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init( malloc_buf, sizeof( malloc_buf ) ); -#endif - memset( buf, 0xAA, sizeof( buf ) ); - memset( tmp, 0xBB, sizeof( tmp ) ); - -#if defined(MBEDTLS_MD4_C) - if( todo.md4 ) - TIME_AND_TSC( "MD4", mbedtls_md4( buf, BUFSIZE, tmp ) ); -#endif - -#if defined(MBEDTLS_MD5_C) - if( todo.md5 ) - TIME_AND_TSC( "MD5", mbedtls_md5( buf, BUFSIZE, tmp ) ); -#endif - -#if defined(MBEDTLS_RIPEMD160_C) - if( todo.ripemd160 ) - TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160( buf, BUFSIZE, tmp ) ); -#endif - -#if defined(MBEDTLS_SHA1_C) - if( todo.sha1 ) - TIME_AND_TSC( "SHA-1", mbedtls_sha1( buf, BUFSIZE, tmp ) ); -#endif - -#if defined(MBEDTLS_SHA256_C) - if( todo.sha256 ) - TIME_AND_TSC( "SHA-256", mbedtls_sha256( buf, BUFSIZE, tmp, 0 ) ); -#endif - -#if defined(MBEDTLS_SHA512_C) - if( todo.sha512 ) - TIME_AND_TSC( "SHA-512", mbedtls_sha512( buf, BUFSIZE, tmp, 0 ) ); -#endif - -#if defined(MBEDTLS_ARC4_C) - if( todo.arc4 ) - { - mbedtls_arc4_context arc4; - mbedtls_arc4_init( &arc4 ); - mbedtls_arc4_setup( &arc4, tmp, 32 ); - TIME_AND_TSC( "ARC4", mbedtls_arc4_crypt( &arc4, BUFSIZE, buf, buf ) ); - mbedtls_arc4_free( &arc4 ); - } -#endif - -#if defined(MBEDTLS_DES_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if( todo.des3 ) - { - mbedtls_des3_context des3; - mbedtls_des3_init( &des3 ); - mbedtls_des3_set3key_enc( &des3, tmp ); - TIME_AND_TSC( "3DES", - mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); - mbedtls_des3_free( &des3 ); - } - - if( todo.des ) - { - mbedtls_des_context des; - mbedtls_des_init( &des ); - mbedtls_des_setkey_enc( &des, tmp ); - TIME_AND_TSC( "DES", - mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); - mbedtls_des_free( &des ); - } -#endif - -#if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if( todo.aes_cbc ) - { - int keysize; - mbedtls_aes_context aes; - mbedtls_aes_init( &aes ); - for( keysize = 128; keysize <= 256; keysize += 64 ) - { - mbedtls_snprintf( title, sizeof( title ), "AES-CBC-%d", keysize ); - - memset( buf, 0, sizeof( buf ) ); - memset( tmp, 0, sizeof( tmp ) ); - mbedtls_aes_setkey_enc( &aes, tmp, keysize ); - - TIME_AND_TSC( title, - mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); - } - mbedtls_aes_free( &aes ); - } -#endif -#if defined(MBEDTLS_GCM_C) - if( todo.aes_gcm ) - { - int keysize; - mbedtls_gcm_context gcm; - - mbedtls_gcm_init( &gcm ); - for( keysize = 128; keysize <= 256; keysize += 64 ) - { - mbedtls_snprintf( title, sizeof( title ), "AES-GCM-%d", keysize ); - - memset( buf, 0, sizeof( buf ) ); - memset( tmp, 0, sizeof( tmp ) ); - mbedtls_gcm_setkey( &gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize ); - - TIME_AND_TSC( title, - mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp, - 12, NULL, 0, buf, buf, 16, tmp ) ); - - mbedtls_gcm_free( &gcm ); - } - } -#endif -#if defined(MBEDTLS_CCM_C) - if( todo.aes_ccm ) - { - int keysize; - mbedtls_ccm_context ccm; - - mbedtls_ccm_init( &ccm ); - for( keysize = 128; keysize <= 256; keysize += 64 ) - { - mbedtls_snprintf( title, sizeof( title ), "AES-CCM-%d", keysize ); - - memset( buf, 0, sizeof( buf ) ); - memset( tmp, 0, sizeof( tmp ) ); - mbedtls_ccm_setkey( &ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize ); - - TIME_AND_TSC( title, - mbedtls_ccm_encrypt_and_tag( &ccm, BUFSIZE, tmp, - 12, NULL, 0, buf, buf, tmp, 16 ) ); - - mbedtls_ccm_free( &ccm ); - } - } -#endif -#endif - -#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if( todo.camellia ) - { - int keysize; - mbedtls_camellia_context camellia; - mbedtls_camellia_init( &camellia ); - for( keysize = 128; keysize <= 256; keysize += 64 ) - { - mbedtls_snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize ); - - memset( buf, 0, sizeof( buf ) ); - memset( tmp, 0, sizeof( tmp ) ); - mbedtls_camellia_setkey_enc( &camellia, tmp, keysize ); - - TIME_AND_TSC( title, - mbedtls_camellia_crypt_cbc( &camellia, MBEDTLS_CAMELLIA_ENCRYPT, - BUFSIZE, tmp, buf, buf ) ); - } - mbedtls_camellia_free( &camellia ); - } -#endif - -#if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if( todo.blowfish ) - { - int keysize; - mbedtls_blowfish_context blowfish; - mbedtls_blowfish_init( &blowfish ); - - for( keysize = 128; keysize <= 256; keysize += 64 ) - { - mbedtls_snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize ); - - memset( buf, 0, sizeof( buf ) ); - memset( tmp, 0, sizeof( tmp ) ); - mbedtls_blowfish_setkey( &blowfish, tmp, keysize ); - - TIME_AND_TSC( title, - mbedtls_blowfish_crypt_cbc( &blowfish, MBEDTLS_BLOWFISH_ENCRYPT, BUFSIZE, - tmp, buf, buf ) ); - } - - mbedtls_blowfish_free( &blowfish ); - } -#endif - -#if defined(MBEDTLS_HAVEGE_C) - if( todo.havege ) - { - mbedtls_havege_state hs; - mbedtls_havege_init( &hs ); - TIME_AND_TSC( "HAVEGE", mbedtls_havege_random( &hs, buf, BUFSIZE ) ); - mbedtls_havege_free( &hs ); - } -#endif - -#if defined(MBEDTLS_CTR_DRBG_C) - if( todo.ctr_drbg ) - { - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_ctr_drbg_init( &ctr_drbg ); - - if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 ) - mbedtls_exit(1); - TIME_AND_TSC( "CTR_DRBG (NOPR)", - if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 ) - mbedtls_exit(1) ); - - if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 ) - mbedtls_exit(1); - mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON ); - TIME_AND_TSC( "CTR_DRBG (PR)", - if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 ) - mbedtls_exit(1) ); - mbedtls_ctr_drbg_free( &ctr_drbg ); - } -#endif - -#if defined(MBEDTLS_HMAC_DRBG_C) - if( todo.hmac_drbg ) - { - mbedtls_hmac_drbg_context hmac_drbg; - const mbedtls_md_info_t *md_info; - - mbedtls_hmac_drbg_init( &hmac_drbg ); - -#if defined(MBEDTLS_SHA1_C) - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) - mbedtls_exit(1); - - if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) - mbedtls_exit(1); - TIME_AND_TSC( "HMAC_DRBG SHA-1 (NOPR)", - if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 ) - mbedtls_exit(1) ); - mbedtls_hmac_drbg_free( &hmac_drbg ); - - if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) - mbedtls_exit(1); - mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg, - MBEDTLS_HMAC_DRBG_PR_ON ); - TIME_AND_TSC( "HMAC_DRBG SHA-1 (PR)", - if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 ) - mbedtls_exit(1) ); - mbedtls_hmac_drbg_free( &hmac_drbg ); -#endif - -#if defined(MBEDTLS_SHA256_C) - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == NULL ) - mbedtls_exit(1); - - if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) - mbedtls_exit(1); - TIME_AND_TSC( "HMAC_DRBG SHA-256 (NOPR)", - if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 ) - mbedtls_exit(1) ); - mbedtls_hmac_drbg_free( &hmac_drbg ); - - if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) - mbedtls_exit(1); - mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg, - MBEDTLS_HMAC_DRBG_PR_ON ); - TIME_AND_TSC( "HMAC_DRBG SHA-256 (PR)", - if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 ) - mbedtls_exit(1) ); - mbedtls_hmac_drbg_free( &hmac_drbg ); -#endif - } -#endif - -#if defined(MBEDTLS_RSA_C) && \ - defined(MBEDTLS_PEM_PARSE_C) && defined(MBEDTLS_PK_PARSE_C) - if( todo.rsa ) - { - mbedtls_pk_context pk; - mbedtls_rsa_context *rsa; - const char *rsa_keys[] = { RSA_PRIVATE_KEY_2048, RSA_PRIVATE_KEY_4096 }; - size_t i; - - for( i = 0; i < sizeof( rsa_keys ) / sizeof( rsa_keys[0] ); i++ ) - { - mbedtls_pk_init( &pk ); - mbedtls_pk_parse_key( &pk, (const unsigned char *) rsa_keys[i], - strlen( rsa_keys[i] ) + 1, NULL, 0 ); - rsa = mbedtls_pk_rsa( pk ); - - mbedtls_snprintf( title, sizeof( title ), "RSA-%d", mbedtls_pk_get_bitlen( &pk ) ); - - TIME_PUBLIC( title, " public", - buf[0] = 0; - ret = mbedtls_rsa_public( rsa, buf, buf ) ); - - TIME_PUBLIC( title, "private", - buf[0] = 0; - ret = mbedtls_rsa_private( rsa, myrand, NULL, buf, buf ) ); - - mbedtls_pk_free( &pk ); - } - } -#endif - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_BIGNUM_C) - if( todo.dhm ) - { - int dhm_sizes[] = { 2048, 3072 }; - const char *dhm_P[] = { - MBEDTLS_DHM_RFC3526_MODP_2048_P, - MBEDTLS_DHM_RFC3526_MODP_3072_P, - }; - const char *dhm_G[] = { - MBEDTLS_DHM_RFC3526_MODP_2048_G, - MBEDTLS_DHM_RFC3526_MODP_3072_G, - }; - - mbedtls_dhm_context dhm; - size_t olen; - for( i = 0; (size_t) i < sizeof( dhm_sizes ) / sizeof( dhm_sizes[0] ); i++ ) - { - mbedtls_dhm_init( &dhm ); - - if( mbedtls_mpi_read_string( &dhm.P, 16, dhm_P[i] ) != 0 || - mbedtls_mpi_read_string( &dhm.G, 16, dhm_G[i] ) != 0 ) - { - mbedtls_exit( 1 ); - } - - dhm.len = mbedtls_mpi_size( &dhm.P ); - mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, myrand, NULL ); - if( mbedtls_mpi_copy( &dhm.GY, &dhm.GX ) != 0 ) - mbedtls_exit( 1 ); - - mbedtls_snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] ); - TIME_PUBLIC( title, "handshake", - ret |= mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, - myrand, NULL ); - ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) ); - - mbedtls_snprintf( title, sizeof( title ), "DH-%d", dhm_sizes[i] ); - TIME_PUBLIC( title, "handshake", - ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) ); - - mbedtls_dhm_free( &dhm ); - } - } -#endif - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) - if( todo.ecdsa ) - { - mbedtls_ecdsa_context ecdsa; - const mbedtls_ecp_curve_info *curve_info; - size_t sig_len; - - memset( buf, 0x2A, sizeof( buf ) ); - - for( curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { - mbedtls_ecdsa_init( &ecdsa ); - - if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 ) - mbedtls_exit( 1 ); - ecp_clear_precomputed( &ecdsa.grp ); - - mbedtls_snprintf( title, sizeof( title ), "ECDSA-%s", - curve_info->name ); - TIME_PUBLIC( title, "sign", - ret = mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, - tmp, &sig_len, myrand, NULL ) ); - - mbedtls_ecdsa_free( &ecdsa ); - } - - for( curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { - mbedtls_ecdsa_init( &ecdsa ); - - if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 || - mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, - tmp, &sig_len, myrand, NULL ) != 0 ) - { - mbedtls_exit( 1 ); - } - ecp_clear_precomputed( &ecdsa.grp ); - - mbedtls_snprintf( title, sizeof( title ), "ECDSA-%s", - curve_info->name ); - TIME_PUBLIC( title, "verify", - ret = mbedtls_ecdsa_read_signature( &ecdsa, buf, curve_info->bit_size, - tmp, sig_len ) ); - - mbedtls_ecdsa_free( &ecdsa ); - } - } -#endif - -#if defined(MBEDTLS_ECDH_C) - if( todo.ecdh ) - { - mbedtls_ecdh_context ecdh; -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - mbedtls_mpi z; -#endif - const mbedtls_ecp_curve_info *curve_info; - size_t olen; - - for( curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { - mbedtls_ecdh_init( &ecdh ); - - if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 || - mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), - myrand, NULL ) != 0 || - mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 ) - { - mbedtls_exit( 1 ); - } - ecp_clear_precomputed( &ecdh.grp ); - - mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", - curve_info->name ); - TIME_PUBLIC( title, "handshake", - ret |= mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), - myrand, NULL ); - ret |= mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ), - myrand, NULL ) ); - mbedtls_ecdh_free( &ecdh ); - } - - /* Curve25519 needs to be handled separately */ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - mbedtls_ecdh_init( &ecdh ); - mbedtls_mpi_init( &z ); - - if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 ) - { - mbedtls_exit( 1 ); - } - - TIME_PUBLIC( "ECDHE-Curve25519", "handshake", - ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, - myrand, NULL ); - ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, - myrand, NULL ) ); - - mbedtls_ecdh_free( &ecdh ); - mbedtls_mpi_free( &z ); -#endif - - for( curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { - mbedtls_ecdh_init( &ecdh ); - - if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 || - mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), - myrand, NULL ) != 0 || - mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 || - mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), - myrand, NULL ) != 0 ) - { - mbedtls_exit( 1 ); - } - ecp_clear_precomputed( &ecdh.grp ); - - mbedtls_snprintf( title, sizeof( title ), "ECDH-%s", - curve_info->name ); - TIME_PUBLIC( title, "handshake", - ret |= mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ), - myrand, NULL ) ); - mbedtls_ecdh_free( &ecdh ); - } - - /* Curve25519 needs to be handled separately */ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - mbedtls_ecdh_init( &ecdh ); - mbedtls_mpi_init( &z ); - - if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, - myrand, NULL ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 ) - { - mbedtls_exit( 1 ); - } - - TIME_PUBLIC( "ECDH-Curve25519", "handshake", - ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, - myrand, NULL ) ); - - mbedtls_ecdh_free( &ecdh ); - mbedtls_mpi_free( &z ); -#endif - } -#endif - - mbedtls_printf( "\r\n" ); - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_free(); -#endif - -#if defined(_WIN32) - mbedtls_printf( " Press Enter to exit this program.\r\n" ); - fflush( stdout ); getchar(); -#endif - - return( 0 ); -} - -#include "mbed-drivers/test_env.h" -#include "minar/minar.h" - -static void run() { - MBED_HOSTTEST_TIMEOUT(150); - MBED_HOSTTEST_SELECT(default); - MBED_HOSTTEST_DESCRIPTION(mbed TLS benchmark program); - MBED_HOSTTEST_START("MBEDTLS_BENCHMARK"); - MBED_HOSTTEST_RESULT(benchmark(0, NULL) == 0); -} - -void app_start(int, char*[]) { - /* Use 115200 bps for consistency with other examples */ - get_stdio_serial().baud(115200); - minar::Scheduler::postCallback(mbed::util::FunctionPointer0(run).bind()); -} - -#endif /* TARGET_LIKE_MBED */ diff --git a/yotta/data/example-hashing/README.md b/yotta/data/example-hashing/README.md deleted file mode 100644 index 6f0f969d0..000000000 --- a/yotta/data/example-hashing/README.md +++ /dev/null @@ -1,67 +0,0 @@ -# SHA-256 Hash Example - -This application performs hashing of a buffer with SHA-256 using various APIs. It serves as a tutorial for the basic hashing APIs of mbed TLS. - -## Pre-requisites - -To build and run this example you must have: - -* A computer with the following software installed: - * [CMake](http://www.cmake.org/download/). - * [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows). - * [Python](https://www.python.org/downloads/). - * [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded). - * A serial terminal emulator (Like screen, pySerial and cu). -* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below). -* A micro-USB cable. -* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration). - -## Getting started - -1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board. - -2. Navigate to the mbedtls directory supplied with your release and open a terminal. - -3. Set the yotta target: - - ``` - yotta target frdm-k64f-gcc - ``` - -4. Build mbedtls and the examples. This may take a long time if this is your first compilation: - - ``` - $ yotta build - ``` - -5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-hashing.bin` to your mbed board and wait until the LED next to the USB port stops blinking. - -6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - - Use the following settings: - - * 115200 baud (not 9600). - * 8N1. - * No flow control. - -7. Press the Reset button on the board. - -8. The output in the terminal window should look like: - - ``` - {{timeout;10}} - {{host_test_name;default}} - {{description;mbed TLS example on hashing}} - {{test_id;MBEDTLS_EX_HASHING}} - {{start}} - - - Method 1: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3 - Method 2: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3 - Method 3: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3 - Method 4: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3 - - DONE - {{success}} - {{end}} - ``` diff --git a/yotta/data/example-hashing/main.cpp b/yotta/data/example-hashing/main.cpp deleted file mode 100644 index 574152ab8..000000000 --- a/yotta/data/example-hashing/main.cpp +++ /dev/null @@ -1,177 +0,0 @@ -/* - * Hello world example of using the hashing functions of mbed TLS - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -/* - * This program illustrates various ways of hashing a buffer. - * You normally need only one of these two includes. - */ -#include "mbedtls/sha256.h" /* SHA-256 only */ -#include "mbedtls/md.h" /* generic interface */ - -#if defined(TARGET_LIKE_MBED) -#include "mbed-drivers/mbed.h" -#endif -#include - -static void print_hex(const char *title, const unsigned char buf[], size_t len) -{ - printf("%s: ", title); - - for (size_t i = 0; i < len; i++) - printf("%02x", buf[i]); - - printf("\r\n"); -} - -static const char hello_str[] = "Hello, world!"; -static const unsigned char *hello_buffer = (const unsigned char *) hello_str; -static const size_t hello_len = sizeof hello_str - 1; - -int example(void) -{ - printf( "\r\n\r\n" ); - - /* - * Method 1: use all-in-one function of a specific SHA-xxx module - */ - unsigned char output1[32]; /* SHA-256 outputs 32 bytes */ - - /* 0 here means use the full SHA-256, not the SHA-224 variant */ - mbedtls_sha256(hello_buffer, hello_len, output1, 0); - - print_hex("Method 1", output1, sizeof output1); - - - /* - * Method 2: use the streaming interface of a specific SHA-xxx module - * This is useful if we get our input piecewise. - */ - unsigned char output2[32]; - mbedtls_sha256_context ctx2; - - mbedtls_sha256_init(&ctx2); - mbedtls_sha256_starts(&ctx2, 0); /* SHA-256, not 224 */ - - /* Simulating multiple fragments */ - mbedtls_sha256_update(&ctx2, hello_buffer, 1); - mbedtls_sha256_update(&ctx2, hello_buffer + 1, 1); - mbedtls_sha256_update(&ctx2, hello_buffer + 2, hello_len - 2); - - mbedtls_sha256_finish(&ctx2, output2); - print_hex("Method 2", output2, sizeof output2); - - /* Or you could re-use the context by doing mbedtls_sha256_starts() again */ - mbedtls_sha256_free(&ctx2); - - /* - * Method 3: use all-in-one function of the generice interface - */ - unsigned char output3[MBEDTLS_MD_MAX_SIZE]; /* Enough for any hash */ - - /* Can easily pick any hash you want, by identifier */ - const mbedtls_md_info_t *md_info3 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); - - if (md_info3 == NULL) - { - printf("SHA256 not available\r\n"); - return 1; - } - - int ret3 = mbedtls_md(md_info3, hello_buffer, hello_len, output3); - - if (ret3 != 0) - { - printf("md() returned -0x%04X\r\n", -ret3); - return 1; - } - - print_hex("Method 3", output3, mbedtls_md_get_size(md_info3)); - - - /* - * Method 4: streaming & generic interface - */ - unsigned char output4[MBEDTLS_MD_MAX_SIZE]; /* Enough for any hash */ - - const mbedtls_md_info_t *md_info4 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); - - if (md_info4 == NULL) - { - printf("SHA256 not available\r\n"); - return 1; - } - - mbedtls_md_context_t ctx4; - - mbedtls_md_init(&ctx4); - - int ret4 = mbedtls_md_init_ctx(&ctx4, md_info4); - if (ret4 != 0) - { - printf("md_init_ctx() returned -0x%04X\r\n", -ret4); - return 1; - } - - mbedtls_md_starts(&ctx4); - - /* Simulating multiple fragments */ - mbedtls_md_update(&ctx4, hello_buffer, 1); - mbedtls_md_update(&ctx4, hello_buffer + 1, 1); - mbedtls_md_update(&ctx4, hello_buffer + 2, hello_len - 2); - - mbedtls_md_finish(&ctx4, output4); - print_hex("Method 4", output4, mbedtls_md_get_size(md_info4)); - - /* Or you could re-use the context by doing mbedtls_md_starts() again */ - mbedtls_md_free(&ctx4); - - - printf("\r\nDONE\r\n"); - - return 0; -} - -#if defined(TARGET_LIKE_MBED) - -#include "mbed-drivers/test_env.h" -#include "minar/minar.h" - -static void run() { - MBED_HOSTTEST_TIMEOUT(10); - MBED_HOSTTEST_SELECT(default); - MBED_HOSTTEST_DESCRIPTION(mbed TLS example on hashing); - MBED_HOSTTEST_START("MBEDTLS_EX_HASHING"); - MBED_HOSTTEST_RESULT(example() == 0); -} - -void app_start(int, char*[]) { - /* Use 115200 bps for consistency with other examples */ - get_stdio_serial().baud(115200); - minar::Scheduler::postCallback(mbed::util::FunctionPointer0(run).bind()); -} - -#else - -int main() { - return example(); -} - -#endif diff --git a/yotta/data/example-selftest/README.md b/yotta/data/example-selftest/README.md deleted file mode 100644 index b8e9cd49e..000000000 --- a/yotta/data/example-selftest/README.md +++ /dev/null @@ -1,82 +0,0 @@ -# mbed TLS Selftest Example - -This application runs the various selftest functions of individual mbed TLS components. It serves as a basic sanity check to verify operation of mbed TLS on your platform. In the future, a wider portion of the mbed TLS test suite will become part of this example application. - -## Pre-requisites - -To build and run this example you must have: - -* A computer with the following software installed: - * [CMake](http://www.cmake.org/download/). - * [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows). - * [Python](https://www.python.org/downloads/). - * [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded). - * A serial terminal emulator (Like screen, pySerial and cu). -* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below). -* A micro-USB cable. -* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration). - -## Getting started - -1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board. - -2. Navigate to the mbedtls directory supplied with your release and open a terminal. - -3. Set the yotta target: - - ``` - yotta target frdm-k64f-gcc - ``` - -4. Build mbedtls and the examples. This may take a long time if this is your first compilation: - - ``` - $ yotta build - ``` - -5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-selftest.bin` to your mbed board and wait until the LED next to the USB port stops blinking. - -6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - - Use the following settings: - - * 115200 baud (not 9600). - * 8N1. - * No flow control. - -7. Press the Reset button on the board. - -8. The output in the terminal window should look like: - - ``` - {{timeout;40}} - {{host_test_name;default}} - {{description;mbed TLS selftest program}} - {{test_id;MBEDTLS_SELFTEST}} - {{start}} - - SHA-224 test #1: passed - SHA-224 test #2: passed - SHA-224 test #3: passed - SHA-256 test #1: passed - SHA-256 test #2: passed - SHA-256 test #3: passed - - [ ... several lines omitted ... ] - - CTR_DRBG (PR = TRUE) : passed - CTR_DRBG (PR = FALSE): passed - - HMAC_DRBG (PR = True) : passed - HMAC_DRBG (PR = False) : passed - - ECP test #1 (constant op_count, base point G): passed - ECP test #2 (constant op_count, other point): passed - - ENTROPY test: passed - - [ All tests passed ] - - {{success}} - {{end}} - ``` diff --git a/yotta/data/example-selftest/main.cpp b/yotta/data/example-selftest/main.cpp deleted file mode 100644 index 0ff5b048e..000000000 --- a/yotta/data/example-selftest/main.cpp +++ /dev/null @@ -1,268 +0,0 @@ -/* - * Self-test demonstration program - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#if !defined(POLARSSL_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include "mbedtls/entropy.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/dhm.h" -#include "mbedtls/gcm.h" -#include "mbedtls/ccm.h" -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" -#include "mbedtls/md5.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/arc4.h" -#include "mbedtls/des.h" -#include "mbedtls/aes.h" -#include "mbedtls/camellia.h" -#include "mbedtls/base64.h" -#include "mbedtls/bignum.h" -#include "mbedtls/rsa.h" -#include "mbedtls/x509.h" -#include "mbedtls/xtea.h" -#include "mbedtls/pkcs5.h" -#include "mbedtls/ecp.h" - -#include -#include - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -int selftest( int argc, char *argv[] ) -{ - int ret = 0, v; -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char buf[1000000]; -#endif - - if( argc == 2 && strcmp( argv[1], "-quiet" ) == 0 ) - v = 0; - else - { - v = 1; - mbedtls_printf( "\n" ); - } - -#if defined(MBEDTLS_SELF_TEST) - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) ); -#endif - -#if defined(MBEDTLS_MD2_C) - if( ( ret = mbedtls_md2_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_MD4_C) - if( ( ret = mbedtls_md4_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_MD5_C) - if( ( ret = mbedtls_md5_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_RIPEMD160_C) - if( ( ret = mbedtls_ripemd160_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_SHA1_C) - if( ( ret = mbedtls_sha1_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_SHA256_C) - if( ( ret = mbedtls_sha256_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_SHA512_C) - if( ( ret = mbedtls_sha512_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_ARC4_C) - if( ( ret = mbedtls_arc4_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_DES_C) - if( ( ret = mbedtls_des_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_AES_C) - if( ( ret = mbedtls_aes_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) - if( ( ret = mbedtls_gcm_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) - if( ( ret = mbedtls_ccm_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_BASE64_C) - if( ( ret = mbedtls_base64_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_BIGNUM_C) - if( ( ret = mbedtls_mpi_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_RSA_C) - if( ( ret = mbedtls_rsa_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_X509_USE_C) - if( ( ret = mbedtls_x509_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_XTEA_C) - if( ( ret = mbedtls_xtea_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_CAMELLIA_C) - if( ( ret = mbedtls_camellia_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_CTR_DRBG_C) - if( ( ret = mbedtls_ctr_drbg_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_HMAC_DRBG_C) - if( ( ret = mbedtls_hmac_drbg_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_ECP_C) - if( ( ret = mbedtls_ecp_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_DHM_C) - if( ( ret = mbedtls_dhm_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_ENTROPY_C) - if( ( ret = mbedtls_entropy_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_PKCS5_C) - if( ( ret = mbedtls_pkcs5_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#if defined(MBEDTLS_TIMING_C) - if( ( ret = mbedtls_timing_self_test( v ) ) != 0 ) - return( ret ); -#endif - -#else - mbedtls_printf( " POLARSSL_SELF_TEST not defined.\n" ); -#endif - - if( v != 0 ) - { -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_status(); -#endif - } - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_free(); - - if( ( ret = mbedtls_memory_buffer_alloc_self_test( v ) ) != 0 ) - return( ret ); -#endif - - if( v != 0 ) - { - mbedtls_printf( " [ All tests passed ]\n\n" ); -#if defined(_WIN32) - mbedtls_printf( " Press Enter to exit this program.\n" ); - fflush( stdout ); getchar(); -#endif - } - - return( ret ); -} - -#if defined(TARGET_LIKE_MBED) - -#include "mbed-drivers/test_env.h" -#include "minar/minar.h" - -static void run() { - MBED_HOSTTEST_TIMEOUT(40); - MBED_HOSTTEST_SELECT(default); - MBED_HOSTTEST_DESCRIPTION(mbed TLS selftest program); - MBED_HOSTTEST_START("MBEDTLS_SELFTEST"); - MBED_HOSTTEST_RESULT(selftest(0, NULL) == 0); -} - -void app_start(int, char*[]) { - /* Use 115200 bps for consistency with other examples */ - get_stdio_serial().baud(115200); - minar::Scheduler::postCallback(mbed::util::FunctionPointer0(run).bind()); -} - -#else - -int main() { - return selftest(0, NULL); -} - -#endif diff --git a/yotta/data/module.json b/yotta/data/module.json deleted file mode 100644 index 0b8b82283..000000000 --- a/yotta/data/module.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "mbedtls", - "version": "2.3.1", - "description": "The mbed TLS crypto/SSL/TLS library", - "licenses": [ - { - "url": "https://spdx.org/licenses/Apache-2.0", - "type": "Apache-2.0" - } - ], - "dependencies": {}, - "targetDependencies": { - "mbed": { "cmsis-core": "^1.0.0" } - }, - "testTargetDependencies": { - "mbed": { "mbed-drivers": "^1.0.0" } - } -} diff --git a/yotta/data/target_config.h b/yotta/data/target_config.h deleted file mode 100644 index f350ce3ec..000000000 --- a/yotta/data/target_config.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Temporary target-specific config.h for entropy collection - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#if defined(TARGET_LIKE_MBED) -#define MBEDTLS_NO_PLATFORM_ENTROPY -#undef MBEDTLS_HAVE_TIME_DATE -#undef MBEDTLS_FS_IO -#endif - -/* - * WARNING: this is temporary! - * This should be in a separate yotta module which would be a target - * dependency of mbedtls (see IOTSSL-313) - */ -#if defined(TARGET_LIKE_K64F) -#define MBEDTLS_ENTROPY_HARDWARE_ALT -#endif From c0514bfffeb453100be79eb3da32d4b1502f89dd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 26 Sep 2018 18:07:18 +0100 Subject: [PATCH 241/368] Added ChangeLog entry for yotta support removal --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 820c26b40..96ad045a7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Removed support for Yotta as a build tool. + = mbed TLS 2.13.1 branch released 2018-09-06 API Changes From 3725bb2d6d870ac2cf371380d3f59ea01ba31a4f Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 7 Sep 2018 19:12:36 +0100 Subject: [PATCH 242/368] rsa: pss: Enable use of big hashes with small keys It should be valid to RSASSA-PSS sign a SHA-512 hash with a 1024-bit or 1032-bit RSA key, but with the salt size being always equal to the hash size, this isn't possible: the key is too small. To enable use of hashes that are relatively large compared to the key size, allow reducing the salt size to no less than the hash size minus 2 bytes. We don't allow salt sizes smaller than the hash size minus 2 bytes because that too significantly changes the security guarantees the library provides compared to the previous implementation which always used a salt size equal to the hash size. The new calculated salt size remains compliant with FIPS 186-4. We also need to update the "hash too large" test, since we now reduce the salt size when certain key sizes are used. We used to not support 1024-bit keys with SHA-512, but now we support this by reducing the salt size to 62. Update the "hash too large" test to use a 1016-bit RSA key with SHA-512, which still has too large of a hash because we will not reduce the salt size further than 2 bytes shorter than the hash size. The RSA private key used for the test was generated using "openssl genrsa 1016" using OpenSSL 1.1.1-pre8. $ openssl genrsa 1016 Generating RSA private key, 1016 bit long modulus (2 primes) ..............++++++ ....++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICVwIBAAKBgACu54dKTbLxUQBEQF2ynxTfDze7z2H8vMmUo9McqvhYp0zI8qQK yanOeqmgaA9iz52NS4JxFFM/2/hvFvyd/ly/hX2GE1UZpGEf/FnLdHOGFhmnjj7D FHFegEz/gtbzLp9X3fOQVjYpiDvTT0Do20EyCbFRzul9gXpdZcfaVHNLAgMBAAEC gYAAiWht2ksmnP01B2nF8tGV1RQghhUL90Hd4D/AWFJdX1C4O1qc07jRBd1KLDH0 fH19WocLCImeSZooGCZn+jveTuaEH14w6I0EfnpKDcpWVAoIP6I8eSdAttrnTyTn Y7VgPrcobyq4WkCVCD/jLUbn97CneF7EHNspXGMTvorMeQJADjy2hF5SginhnPsk YR5oWawc6n01mStuLnloI8Uq/6A0AOQoMPkGl/CESZw+NYfe/BnnSeckM917cMKL DIKAtwJADEj55Frjj9tKUUO+N9eaEM1PH5eC7yakhIpESccs/XEsaDUIGHNjhctK mrbbWu+OlsVRA5z8yJFYIa7gae1mDQJABjtQ8JOQreTDGkFbZR84MbgCWClCIq89 5R3DFZUiAw4OdS1o4ja+Shc+8DFxkWDNm6+C63g/Amy5sVuWHX2p9QI/a69Cxmns TxHoXm1w9Azublk7N7DgB26yqxlTfWJo+ysOFmLEk47g0ekoCwLPxkwXlYIEoad2 JqPh418DwYExAkACcqrd9+rfxtrbCbTXHEizW7aHR+fVOr9lpXXDEZTlDJ57sRkS SpjXbAmylqQuKLqH8h/72RbiP36kEm5ptmw2 -----END RSA PRIVATE KEY----- --- ChangeLog | 6 ++++++ include/mbedtls/rsa.h | 10 ++++++++++ library/rsa.c | 18 ++++++++++++++---- tests/suites/test_suite_pkcs1_v21.data | 5 +++-- 4 files changed, 33 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 099df83f9..91a185537 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,12 @@ Changes mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites, or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914. * Add support for buffering of out-of-order handshake messages. + * Extend RSASSA-PSS signature to allow slightly a smaller salt size. + Previously, PSS signature always used a salt with the same length as the + hash, and returned an error if this was not possible. Now the salt size + may be up to two bytes shorter. This allows the library to support all + hash and signature sizes that comply with FIPS 186-4, including SHA-512 + with a 1024-bit key. INTERNAL NOTE: need to bump soversion of libmbedtls: - added new member 'mtu' to public 'mbedtls_ssl_conf' structure diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 6eea5af2f..b348299d4 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -894,6 +894,16 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * Specifications it is advised to keep both hashes the * same. * + * \note This function always uses the maximum possible salt size, + * up to the length of the payload hash. This choice of salt + * size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 + * v2.2) §9.1.1 step 3. Furthermore this function enforces a + * minimum salt size which is the hash size minus 2 bytes. If + * this minimum size is too large given the key size (the salt + * size, plus the hash size, plus 2 bytes must be no more than + * the key size in bytes), this function returns + * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. + * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library * are likely to remove the \p mode argument and have it diff --git a/library/rsa.c b/library/rsa.c index 58746e55b..593775737 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1521,7 +1521,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, size_t olen; unsigned char *p = sig; unsigned char salt[MBEDTLS_MD_MAX_SIZE]; - size_t slen, hlen, offset = 0; + size_t slen, min_slen, hlen, offset = 0; int ret; size_t msb; const mbedtls_md_info_t *md_info; @@ -1550,10 +1550,20 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hlen = mbedtls_md_get_size( md_info ); - slen = hlen; - if( olen < hlen + slen + 2 ) + /* Calculate the largest possible salt length. Normally this is the hash + * length, which is the maximum length the salt can have. If there is not + * enough room, use the maximum salt length that fits. The constraint is + * that the hash length plus the salt length plus 2 bytes must be at most + * the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017 + * (PKCS#1 v2.2) §9.1.1 step 3. */ + min_slen = hlen - 2; + if( olen < hlen + min_slen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + else if( olen >= hlen + hlen + 2 ) + slen = hlen; + else + slen = olen - hlen - 2; memset( sig, 0, olen ); @@ -1563,7 +1573,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, /* Note: EMSA-PSS encoding is over the length of N - 1 bits */ msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; - p += olen - hlen * 2 - 2; + p += olen - hlen - slen - 2; *p++ = 0x01; memcpy( p, salt, slen ); p += slen; diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data index 6258c6262..f21b84e07 100644 --- a/tests/suites/test_suite_pkcs1_v21.data +++ b/tests/suites/test_suite_pkcs1_v21.data @@ -376,8 +376,9 @@ pkcs1_rsassa_pss_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0 RSASSA-PSS Verification Test Vector Int pkcs1_rsassa_pss_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":0 -RSASSA-PSS Signing Test Vector Hash too large -pkcs1_rsassa_pss_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":16:"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA512:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA +RSASSA-PSS Signature RSA-1016, SHA-512: minimum salt size not met +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_sign:1016:16:"0e3cb6845e528229e19cfb24611e6859ac1cea7d35992b6e2e796823c52affa03400e42830f90697f084499c3e3587defc19e749e72433dd7b70c28b0c8280b7":16:"0c48f9e45ae38fdb4a5143be37d79a10cd4f1f9782ef26a4848a4449c72cfd712c68350818736385cb4a9ab6db5aef8e96c551039cfcc8915821aee069ed660d":16:"00aee7874a4db2f1510044405db29f14df0f37bbcf61fcbcc994a3d31caaf858a74cc8f2a40ac9a9ce7aa9a0680f62cf9d8d4b827114533fdbf86f16fc9dfe5cbf857d86135519a4611ffc59cb7473861619a78e3ec314715e804cff82d6f32e9f57ddf390563629883bd34f40e8db413209b151cee97d817a5d65c7da54734b":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSASSA-PSS Signature Example 1_1 pkcs1_rsassa_pss_sign:1024:16:"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443":16:"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd":16:"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0":"dee959c7e06411361420ff80185ed57f3e6776af":"9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c":0 From 80d99ea038d820cf553ebefa390caa37d32a3b62 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 7 Sep 2018 15:19:33 +0100 Subject: [PATCH 243/368] rsa: pss: Extend tests for variable salt length Since we wish to generate RSASSA-PSS signatures even when hashes are relatively large for the chosen RSA key size, we need some tests. Our main focus will be on 1024-bit keys and the couple key sizes larger than it. For example, we test for a signature generated using a salt length of 63 when a 1032-bit key is used. Other tests check the boundary conditions around other key sizes. We want to make sure we don't use a salt length larger than the hash length (because FIPS 186-4 requires this). We also want to make sure we don't use a salt that is too small (no smaller than 2 bytes away from the hash length). Test RSASSA-PSS signatures with: - 1024-bit key and SHA-512 (slen 62) - 1032-bit key and SHA-512 (slen 63) - 1040-bit key and SHA-512 (slen 64) - 1048-bit key and SHA-512 (slen 64) The tests also verify that we can properly verify the RSASSA-PSS signatures we've generated. We've manually verified that OpenSSL 1.1.1-pre8 can verify the RSASSA-PSS signatures we've generated. $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem writing RSA key $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem writing RSA key $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem writing RSA key $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem writing RSA key $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin Verified OK $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin Verified OK We've also added a new test that ensures we can properly validate a RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature 1032-bit w/SHA-512" test. The signature to verify was generated with the following command line. $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin The RSA private keys used by these tests were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 1024 Generating RSA private key, 1024 bit long modulus (2 primes) ........................................++++++ ......++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml 1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w== -----END RSA PRIVATE KEY----- $ openssl genrsa 1032 Generating RSA private key, 1032 bit long modulus (2 primes) ....................++++++ .................................++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu 2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2 995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK 9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b 28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH -----END RSA PRIVATE KEY----- $ openssl genkey 1040 Generating RSA private key, 1040 bit long modulus ........++++++ ........++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3 XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+ uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T -----END RSA PRIVATE KEY----- $ openssl genrsa 1048 Generating RSA private key, 1048 bit long modulus (2 primes) ...............................++++++ .++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1 03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+ k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p 6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0 3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF -----END RSA PRIVATE KEY----- --- tests/suites/test_suite_pkcs1_v21.data | 35 ++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data index f21b84e07..1977f7006 100644 --- a/tests/suites/test_suite_pkcs1_v21.data +++ b/tests/suites/test_suite_pkcs1_v21.data @@ -832,3 +832,38 @@ RSASSA-PSS verify ext, all-zero padding, automatic salt length depends_on:MBEDTLS_SHA256_C pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:"":"63a35294577c7e593170378175b7df27c293dae583ec2a971426eb2d66f2af483e897bfae5dc20300a9d61a3644e08c3aee61a463690a3498901563c46041056":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING +RSASSA-PSS Signature RSA-1024, SHA-512 +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_sign:1024:16:"00e8f95a716c127d5147dcc241a7c1fe8d5487b3e8b6e95e48a83334d21d00c79ad0a90e29941c0c53065b20059de95e9e406061416f7ac12edca1983b9ee28cc3":16:"00d72348b297e7e5dc4329f6ab874b17982584e0ab43174070a9be983c0f040320d6f893c40d2717cb3044380cb3230b7133621eb1c55a3ea56d0e7cee694b5df3":16:"00c3c9873548543591c1f947e412c33da56b9d1b94a58c2f410a8a620e9b4f1d9197643ebf527f5f62b202b9d67a32654d05f326a9b61e0106efdf4829673c4f3d23655996e2424059916ab47aa67e406c129679e5979ca46708866608ffa21f619843b959b4442e422598a2faab54a8cef1f131992677d2cf5bcaf2b5564f7419":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"655d1cf86a7af5113d1791ab7b6627845ea2aa7efbae82705a3563e5ba0337a1d033cb9283b38c042056e0a1d0529891173e3df6621dd8b184930caec8b3cbe4d1068524dab0ec6854f6638d86b77434cd792ddec0d02327a9eebffcd6911ffd32ad9bcb569d3237398c8169d9c62e7eea81c1b456fd36019aad1e4b268c604d":0 + +RSASSA-PSS Verification RSA-1024, SHA-512 +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_verify:1022:16:"00c3c9873548543591c1f947e412c33da56b9d1b94a58c2f410a8a620e9b4f1d9197643ebf527f5f62b202b9d67a32654d05f326a9b61e0106efdf4829673c4f3d23655996e2424059916ab47aa67e406c129679e5979ca46708866608ffa21f619843b959b4442e422598a2faab54a8cef1f131992677d2cf5bcaf2b5564f7419":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"655d1cf86a7af5113d1791ab7b6627845ea2aa7efbae82705a3563e5ba0337a1d033cb9283b38c042056e0a1d0529891173e3df6621dd8b184930caec8b3cbe4d1068524dab0ec6854f6638d86b77434cd792ddec0d02327a9eebffcd6911ffd32ad9bcb569d3237398c8169d9c62e7eea81c1b456fd36019aad1e4b268c604d":0 + +RSASSA-PSS Signature RSA-1032, SHA-512 +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_sign:1032:16:"0dfaedb709ada2105223e5e7764a5f31d07ae7a37bdc7b4a56c2499e1173147bcdcb165b8fb01a2528190cb6874656a936491898fca330db8af5a9ed5417268ed7":16:"0c339c56797a90c641292560d0ef675f71ac2c99fcaba6260c38e4f167dfd179eb7a9e255f9bdbc549e4181f9a2a19b1f30a80b292d5ef1ad75b9e658eaa6fb0bb":16:"00aa94ab91b4c26be257e469528228c4b0b6b4c99e73a84a272b3101892c07406911372b83ec4a7b8191f0ba4b4cb4cb3b732074e96c668297e1323b8ad0822a7e151182def03871a66a47b704b92845c6194142d4eeda19903e04043581f7a835dc288117863d21944c3aeded518458f1a30a41c7638aa4e098a88fdf2c2097270d":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13ad40169494129b907f061d885fbe50ab654fc7b4be657ff8629d7ca291838159e9a7b7adc93560dda2bb9127966eb8d57377fb19d5b043dca67a07ba3c23069b391ddd921b507a8cca2d5eb7ccc84b90089092ca88530e074e629c3cb6902b2d0475000269a28c4cd89cec0dca66571fa7fbe4976373abe905cbe4c66c8d5fbb":0 + +RSASSA-PSS Verification RSA-1032, SHA-512 +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_verify:1032:16:"00aa94ab91b4c26be257e469528228c4b0b6b4c99e73a84a272b3101892c07406911372b83ec4a7b8191f0ba4b4cb4cb3b732074e96c668297e1323b8ad0822a7e151182def03871a66a47b704b92845c6194142d4eeda19903e04043581f7a835dc288117863d21944c3aeded518458f1a30a41c7638aa4e098a88fdf2c2097270d":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13ad40169494129b907f061d885fbe50ab654fc7b4be657ff8629d7ca291838159e9a7b7adc93560dda2bb9127966eb8d57377fb19d5b043dca67a07ba3c23069b391ddd921b507a8cca2d5eb7ccc84b90089092ca88530e074e629c3cb6902b2d0475000269a28c4cd89cec0dca66571fa7fbe4976373abe905cbe4c66c8d5fbb":0 + +RSASSA-PSS Verification of OpenSSL-generated signature RSA-1032, SHA-512 +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_verify:1032:16:"00aa94ab91b4c26be257e469528228c4b0b6b4c99e73a84a272b3101892c07406911372b83ec4a7b8191f0ba4b4cb4cb3b732074e96c668297e1323b8ad0822a7e151182def03871a66a47b704b92845c6194142d4eeda19903e04043581f7a835dc288117863d21944c3aeded518458f1a30a41c7638aa4e098a88fdf2c2097270d":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"1de40b1c452691dfd8ceb42ecf5f0cbda944d871141b4407c1e30a6657c58c2e496b2a3ad10e025d45ca9606d25602ac1de04af8e0d24aa06e57ec3fea5c961ecf1e0a4e442fda0cdaba42469288cde5d7d0c223facceaf4c7caabe93505acd5664c9b4fae64272af4d5b74326a01724a25fabdb10b177821d2273650a84426dbd":0 + +RSASSA-PSS Signature RSA-1040, SHA-512 +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_sign:1040:16:"00fc7f4b490b4d3ef729db23fb5afbb5f2fc620a472342d8b8ff310cfdc124be76dc22ab6f4be35a38ddd31f24d7f64d310f67ab3a375e83f4e0559e4cb5dc43e875":16:"00d51e8680ab71dc01e1a8a68a298636bb1658cfab8d73ce528a62697722d485ab90cdafc5e27768b761839ff93420458ae55f15a69465dbc0c7b524dc9a385ff925":16:"00d2340538231dcd5a61edf83ab94b2e4b3a784394c4ed35a424c050c294157b7625f9aca8258c21e2d0a7aa9b7c9db576404e63090dba50d998f9a3ec72b1a5cf28d83251ab93341c7d2c1a90403d70f67bc1a9e413bc62facccb52441e24c3f2bc9fdeca1a783012e70b9528176260580c4e1026c58209e8dcc4de3bf3f5be5565e9":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13e695948d59ded5a975cd9fb14bffc48e4ff9725576a96a6693da1a3c4c90d17d6811a97a633180d76dba5b957d2244e3b97e7bf3463a77d0b6c39b28a88e0b6739113726cd74937ad5f693ae5a8fd77febc270a115df05c344ddffebc2438ae67a5eea6572f434881bdf350aed4ec8f3a530d279d3fff07bb78e510807114e6ee7":0 + +RSASSA-PSS Verification RSA-1040, SHA-512 +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_verify:1040:16:"00d2340538231dcd5a61edf83ab94b2e4b3a784394c4ed35a424c050c294157b7625f9aca8258c21e2d0a7aa9b7c9db576404e63090dba50d998f9a3ec72b1a5cf28d83251ab93341c7d2c1a90403d70f67bc1a9e413bc62facccb52441e24c3f2bc9fdeca1a783012e70b9528176260580c4e1026c58209e8dcc4de3bf3f5be5565e9":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13e695948d59ded5a975cd9fb14bffc48e4ff9725576a96a6693da1a3c4c90d17d6811a97a633180d76dba5b957d2244e3b97e7bf3463a77d0b6c39b28a88e0b6739113726cd74937ad5f693ae5a8fd77febc270a115df05c344ddffebc2438ae67a5eea6572f434881bdf350aed4ec8f3a530d279d3fff07bb78e510807114e6ee7":0 + +RSASSA-PSS Signature RSA-1048, SHA-512 +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_sign:1048:16:"0f39b79809516becc2e3481b6b47584aa2299bd2027ab8a303b9de5b0adcb4a5d38e38edb8c1fac3ea1dbd7e1d50b84323e362cff4df3f5a5182dafa9bb9217a73d7":16:"0d18164f8bd0d58d019998c8cb17c4c0354e62b8a9462acca30816894f982c2ae114e73993e30698930437b4eec44adec24d32ccbcbae7cc4c9f8911b1eb2100685b":16:"00c75d0f9fa17d1d24b939537a434017f390c6604444c35a13360d6b1fc986baf40159b84275d37b883278df5064dd9eb0f29b0d325acc790c4b59672737dbbf3acb88f5e2f2d54c919cafd072272c494591d52e158993315e71e2ca60b1c74feff8f3d77842b415d4e71734a498206a5cd9315c87b23e583e25eb4ca97056b45c96856d":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"9442a8ec48f87ebc81cc1273b03e528e7643c9e2fcc60ed85827d9341c5a36e5c76059baa8e9891df437e44c4047a266b46bcaaad3de1f1d4d3576defff080b791b013491636187fc45a930b70a533ed92abfd168f050df91b4c35d68d160a243ce589807a7d32661fc18b9547cdc0fd86d33acd349c98b34fb016ddd1bff23c58170e":0 + +RSASSA-PSS Verification RSA-1048, SHA-512 +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_verify:1048:16:"00c75d0f9fa17d1d24b939537a434017f390c6604444c35a13360d6b1fc986baf40159b84275d37b883278df5064dd9eb0f29b0d325acc790c4b59672737dbbf3acb88f5e2f2d54c919cafd072272c494591d52e158993315e71e2ca60b1c74feff8f3d77842b415d4e71734a498206a5cd9315c87b23e583e25eb4ca97056b45c96856d":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"9442a8ec48f87ebc81cc1273b03e528e7643c9e2fcc60ed85827d9341c5a36e5c76059baa8e9891df437e44c4047a266b46bcaaad3de1f1d4d3576defff080b791b013491636187fc45a930b70a533ed92abfd168f050df91b4c35d68d160a243ce589807a7d32661fc18b9547cdc0fd86d33acd349c98b34fb016ddd1bff23c58170e":0 From 65593d2ddd6cd6eb59207a56c373f4dde968f16a Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 11 Sep 2018 14:05:42 +0100 Subject: [PATCH 244/368] rsa: pss: Add no possible salt size tests Add signing tests with 528-bit and 520-bit RSA keys with SHA-512. These selections of key and hash size should lead to an error returned, as there is not enough room for our chosen minimum salt size of two bytes less than the hash size. These test the boundary around an available salt length of 0 or -1 bytes. The RSA keys were generated with OpenSSL 1.1.1-pre8. $ openssl genrsa 520 Generating RSA private key, 520 bit long modulus (2 primes) .............++++++++++++ .................++++++++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIIBPwIBAAJCANWgb4bludh0KFQBZcqWb6iJOmLipZ0L/XYXeAuwOfkWWjc6jhGd B2b43lVnEPM/ZwGRU7rYIjd155fUUdSCBvO/AgMBAAECQgDOMq+zy6XZEjWi8D5q j05zpRGgRRiKP/qEtB6BWbZ7gUV9DDgZhD4FFsqfanwjWNG52LkM9D1OQmUOtGGq a9COwQIhD+6l9iIPrCkblQjsK6jtKB6zmu5NXcaTJUEGgW68cA7PAiENaJGHhcOq /jHqqi2NgVbc5kWUD/dzSkVzN6Ub0AvIiBECIQIeL2Gw1XSFYm1Fal/DbQNQUX/e /dnhc94X7s118wbScQIhAMPVgbDc//VurZ+155vYc9PjZlYe3QIAwlkLX3HYKkGx AiEND8ndKyhkc8jLGlh8aRP8r03zpDIiZNKqCKiijMWVRYQ= -----END RSA PRIVATE KEY----- $ openssl genrsa 528 Generating RSA private key, 528 bit long modulus (2 primes) .........++++++++++++ ....++++++++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIIBQgIBAAJDAKJVTrpxW/ZuXs3z1tcY4+XZB+hmbnv1p2tBUQbgTrgn7EyyGZz/ ZkkdRUGQggWapbVLDPXu9EQ0AvMEfAsObwJQgQIDAQABAkJhHVXvFjglElxnK7Rg lERq0k73yqfYQts4wCegTHrrkv3HzqWQVVi29mGLSXTqoQ45gzWZ5Ru5NKjkTjko YtWWIVECIgDScqoo7SCFrG3zwFxnGe7V3rYYr6LkykpvczC0MK1IZy0CIgDFeINr qycUXbndZvF0cLYtSmEA+MoN7fRX7jY5w7lZYyUCIUxyiOurEDhe5eY5B5gQbJlW ePHIw7S244lO3+9lC12U1QIhWgzQ8YKFObZcEejl5xGXIiQvBEBv89Y1fPu2YrUs iuS5AiFE64NJs8iI+zZxp72esKHPXq/chJ1BvhHsXI0y1OBK8m8= -----END RSA PRIVATE KEY----- --- tests/suites/test_suite_pkcs1_v21.data | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data index 1977f7006..291c305a9 100644 --- a/tests/suites/test_suite_pkcs1_v21.data +++ b/tests/suites/test_suite_pkcs1_v21.data @@ -380,6 +380,14 @@ RSASSA-PSS Signature RSA-1016, SHA-512: minimum salt size not met depends_on:MBEDTLS_SHA512_C pkcs1_rsassa_pss_sign:1016:16:"0e3cb6845e528229e19cfb24611e6859ac1cea7d35992b6e2e796823c52affa03400e42830f90697f084499c3e3587defc19e749e72433dd7b70c28b0c8280b7":16:"0c48f9e45ae38fdb4a5143be37d79a10cd4f1f9782ef26a4848a4449c72cfd712c68350818736385cb4a9ab6db5aef8e96c551039cfcc8915821aee069ed660d":16:"00aee7874a4db2f1510044405db29f14df0f37bbcf61fcbcc994a3d31caaf858a74cc8f2a40ac9a9ce7aa9a0680f62cf9d8d4b827114533fdbf86f16fc9dfe5cbf857d86135519a4611ffc59cb7473861619a78e3ec314715e804cff82d6f32e9f57ddf390563629883bd34f40e8db413209b151cee97d817a5d65c7da54734b":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA +RSASSA-PSS Signature RSA-520, SHA-512: no possible salt size +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_sign:520:16:"0feea5f6220fac291b9508ec2ba8ed281eb39aee4d5dc693254106816ebc700ecf":16:"0d68918785c3aafe31eaaa2d8d8156dce645940ff7734a457337a51bd00bc88811":16:"00d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSASSA-PSS Signature RSA-528, SHA-512: zero salt size +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_sign:528:16:"00d272aa28ed2085ac6df3c05c6719eed5deb618afa2e4ca4a6f7330b430ad48672d":16:"00c578836bab27145db9dd66f17470b62d4a6100f8ca0dedf457ee3639c3b9596325":16:"00a2554eba715bf66e5ecdf3d6d718e3e5d907e8666e7bf5a76b415106e04eb827ec4cb2199cff66491d45419082059aa5b54b0cf5eef4443402f3047c0b0e6f025081":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + RSASSA-PSS Signature Example 1_1 pkcs1_rsassa_pss_sign:1024:16:"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443":16:"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd":16:"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0":"dee959c7e06411361420ff80185ed57f3e6776af":"9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c":0 From a9daa5c357b8156df234a3b52d86771956da584a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 17:49:57 +0200 Subject: [PATCH 245/368] Look for documentation only in specific directories Generate the documentation from include and doxygen/input only. Don't get snared by files containing Doxygen comments that lie in other directories such as tests, yotta, crypto/include, ... The only difference this makes in a fresh checkout is that the documentation no longer lists target_config.h. This file is from yotta, does not contain any Doxygen comment, and its inclusion in the rendered documentation was clearly an oversight. --- doxygen/mbedtls.doxyfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 2a87ada6a..8df061e31 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -664,7 +664,7 @@ WARN_LOGFILE = # directories like "/usr/src/myproject". Separate the files or directories # with spaces. -INPUT = .. +INPUT = ../include input # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is @@ -696,7 +696,7 @@ RECURSIVE = YES # Note that relative paths are relative to the directory from which doxygen is # run. -EXCLUDE = ../configs ../yotta/module +EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded From bd90a8c002d969f3ca9d13be645e18f88fe71bdc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 10:12:17 +0200 Subject: [PATCH 246/368] In keep-going mode, don't hard-fail on some tests Add if_build_succeeded in front of the invocation of some test runs where it was missing. --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d1d59e06a..af788cfa6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -531,10 +531,10 @@ msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s make test msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s -tests/ssl-opt.sh -f RSA +if_build_succeeded tests/ssl-opt.sh -f RSA msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min -tests/compat.sh -t RSA +if_build_succeeded tests/compat.sh -t RSA msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" cleanup From 5c39d7a97206b102791c80a7442a9b7aabcc3605 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 11:49:52 +0200 Subject: [PATCH 247/368] Remove redundant check in all.sh test -s can't fail if the subsequent grep succeeds. --- tests/scripts/all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index af788cfa6..326cfc0ca 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1063,7 +1063,6 @@ for optimization_flag in -O2 -O3 -Ofast -Os; do cleanup make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log - if_build_succeeded [ -s test_zeroize.log ] if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log if_build_succeeded not grep -i "error" test_zeroize.log rm -f test_zeroize.log From 427df37f84594c069f809f0960f117b6e0737133 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 11:50:24 +0200 Subject: [PATCH 248/368] Don't try to disable ASLR We don't need to disable ASLR, so don't try. If gdb tries but fails, the test runs normally, but all.sh then trips up because it sees `warning: Error disabling address space randomization: Operation not permitted` and interprets it as an error that indicates a test failure. --- tests/scripts/test_zeroize.gdb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 617ab5544..77c812a0b 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -41,6 +41,9 @@ # number does not need to be updated often. set confirm off +# We don't need to turn off ASLR, so don't try. +set disable-randomization off + file ./programs/test/zeroize break zeroize.c:100 From 6e3606e4f6b00a14e728fc5f866ba48fd1ecf5a0 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 30 Sep 2018 21:53:16 +0100 Subject: [PATCH 249/368] Fix run-test-suites.pl to screen for files Changes run-test-suites.pl to filter out directories, and select only files as on OSX, test coverage tests create .dSYM directories which were being accidentally selected to execute. --- tests/scripts/run-test-suites.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 02f9a2f6f..f35dfab98 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -37,7 +37,7 @@ if ( defined($switch) && ( $switch eq "-v" || $switch eq "--verbose" ) ) { # and profiling information, etc. We can't just grep {! /\./} because # some of our test cases' base names contain a dot. my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*'; -@suites = grep { !/\.c$/ && !/\.data$/ } @suites; +@suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites; die "$0: no test suite found\n" unless @suites; # in case test suites are linked dynamically From 404aa65813fccf751047e21b064ad87e055fc71b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 1 Oct 2018 14:44:22 +0100 Subject: [PATCH 250/368] Add ChangeLog entry for Windows threading fix --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 027a97174..9f463e1c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Change the use of Windows threading to use Microsoft Visual C++ runtime + calls, rather than Win32 API calls directly. This is necessary to avoid + conflict with C runtime usage. Found and fixed by irwir. + = mbed TLS 2.11.0 branch released 2018-06-18 Features From 95c5575e12508dfbf7554065850cef3c1f831d14 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Sep 2018 11:48:10 +0200 Subject: [PATCH 251/368] check-files: exclude .git and third-party files Exclude ".git" directories anywhere. This avoids spurious errors in git checkouts that contain branch names that look like a file check-files.py would check. Fix #1713 Exclude "mbed-os" anywhere and "examples" from the root. Switch to the new mechanism to exclude "yotta/module". These are directories where we store third-party files that do not need to match our preferences. Exclude "cov-int" from the root. Fix #1691 --- tests/scripts/check-files.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index f560d0378..0fb2117a3 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -155,6 +155,12 @@ class IntegrityChecker(object): ".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data", "Makefile", "CMakeLists.txt", "ChangeLog" ) + self.excluded_directories = ['.git', 'mbed-os'] + self.excluded_paths = list(map(os.path.normpath, [ + 'cov-int', + 'examples', + 'yotta/module' + ])) self.issues_to_check = [ PermissionIssueTracker(), EndOfFileNewlineIssueTracker(), @@ -179,12 +185,19 @@ class IntegrityChecker(object): console = logging.StreamHandler() self.logger.addHandler(console) + def prune_branch(self, root, d): + if d in self.excluded_directories: + return True + if os.path.normpath(os.path.join(root, d)) in self.excluded_paths: + return True + return False + def check_files(self): - for root, dirs, files in sorted(os.walk(".")): + for root, dirs, files in os.walk("."): + dirs[:] = sorted(d for d in dirs if not self.prune_branch(root, d)) for filename in sorted(files): filepath = os.path.join(root, filename) - if (os.path.join("yotta", "module") in filepath or - not filepath.endswith(self.files_to_check)): + if not filepath.endswith(self.files_to_check): continue for issue_to_check in self.issues_to_check: if issue_to_check.should_check_file(filepath): From d2642584cbd6e37f81d09a046022b21e0f43cef9 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 3 Oct 2018 15:11:19 +0100 Subject: [PATCH 252/368] Make inclusion of stdio.h conditional in x509_crt.c stdio.h was being included both conditionally if MBEDTLS_FS_IO was defined, and also unconditionally, which made at least one of them redundant. This change removes the unconditional inclusion of stdio.h and makes it conditional on MBEDTLS_PLATFORM_C. --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index a390f81ca..e67c32bae 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -43,7 +43,6 @@ #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" -#include #include #if defined(MBEDTLS_PEM_PARSE_C) @@ -53,6 +52,7 @@ #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else +#include #include #define mbedtls_free free #define mbedtls_calloc calloc From 16b1bd89326ece62712c8ecc1142a41bd257d443 Mon Sep 17 00:00:00 2001 From: Aurelien Jarno Date: Mon, 21 May 2018 22:01:21 +0200 Subject: [PATCH 253/368] bn_mul.h: add ARM DSP optimized MULADDC code The Cortex M4, M7 MCUs and the Cortex A CPUs support the ARM DSP instructions, and especially the umaal instruction which greatly speed up MULADDC code. In addition the patch switched the ASM constraints to registers instead of memory, giving the opportunity for the compiler to load them the best way. The speed improvement is variable depending on the crypto operation and the CPU. Here are the results on a Cortex M4, a Cortex M7 and a Cortex A8. All tests have been done with GCC 6.3 using -O2. RSA uses a RSA-4096 key. ECDSA uses a secp256r1 curve EC key pair. +--------+--------+--------+ | M4 | M7 | A8 | +----------------+--------+--------+--------+ | ECDSA signing | +6.3% | +7.9% | +4.1% | +----------------+--------+--------+--------+ | RSA signing | +43.7% | +68.3% | +26.3% | +----------------+--------+--------+--------+ | RSA encryption | +3.4% | +9.7% | +3.6% | +----------------+--------+--------+--------+ | RSA decryption | +43.0% | +67.8% | +22.8% | +----------------+--------+--------+--------+ I ran the whole testsuite on the Cortex A8 Linux environment, and it all passes. --- include/mbedtls/bn_mul.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index 354c1cc1a..b631ad278 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -630,6 +630,23 @@ "r6", "r7", "r8", "r9", "cc" \ ); +#elif defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) + +#define MULADDC_INIT \ + asm( + +#define MULADDC_CORE \ + "ldr r0, [%0], #4 \n\t" \ + "ldr r1, [%1] \n\t" \ + "umaal r1, %2, %3, r0 \n\t" \ + "str r1, [%1], #4 \n\t" + +#define MULADDC_STOP \ + : "=r" (s), "=r" (d), "=r" (c) \ + : "r" (b), "0" (s), "1" (d), "2" (c) \ + : "r0", "r1", "memory" \ + ); + #else #define MULADDC_INIT \ From 30a95102b182b73c16948c0592a5fc56e21d33dc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Oct 2018 09:49:33 +0100 Subject: [PATCH 254/368] Fix memory leak and freeing without initialization in cert_write * The variables `csr` and `issuer_crt` are initialized but not freed. * The variable `entropy` is unconditionally freed in the cleanup section but there's a conditional jump to that section before its initialization. This cmmot Moves it to the other initializations happening before the first conditional jump to the cleanup section. Fixes #1422. --- programs/x509/cert_write.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index fa994613d..3842ebce4 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -242,6 +242,7 @@ int main( int argc, char *argv[] ) mbedtls_pk_init( &loaded_subject_key ); mbedtls_mpi_init( &serial ); mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); #if defined(MBEDTLS_X509_CSR_PARSE_C) mbedtls_x509_csr_init( &csr ); #endif @@ -475,7 +476,6 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Seeding the random number generator..." ); fflush( stdout ); - mbedtls_entropy_init( &entropy ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -789,6 +789,10 @@ int main( int argc, char *argv[] ) exit_code = MBEDTLS_EXIT_SUCCESS; exit: +#if defined(MBEDTLS_X509_CSR_PARSE_C) + mbedtls_x509_csr_free( &csr ); +#endif /* MBEDTLS_X509_CSR_PARSE_C */ + mbedtls_x509_crt_free( &issuer_crt ); mbedtls_x509write_crt_free( &crt ); mbedtls_pk_free( &loaded_subject_key ); mbedtls_pk_free( &loaded_issuer_key ); From 617a321ed967ef9694e118344d4bc227a44fd2fc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Oct 2018 09:51:36 +0100 Subject: [PATCH 255/368] Adapt ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..7aede8a3b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,8 @@ Bugfix invalidated keys of a lifetime of less than a 1s. Fixes #1968. * Fix failure in hmac_drbg in the benchmark sample application, when MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 + * Fix memory leak and freeing without initialization in the example + program programs/x509/cert_write. Fixes #1422. Changes * Add tests for session resumption in DTLS. From 52f8491dc29e264897b62302f774b53b7300b14f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 5 Oct 2018 07:53:40 -0400 Subject: [PATCH 256/368] ssl-opt.sh: adjust tests to fit slower targets Adjust mtu sizes to be able to pass tests using a full configuration --- tests/ssl-opt.sh | 124 +++++++++++++++++++++++++++++++---------------- 1 file changed, 81 insertions(+), 43 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ac3580a32..23c25afcb 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5731,10 +5731,12 @@ run_test "DTLS fragmenting: none (for reference)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=4096" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + hs_timeout=2500-60000 \ max_frag_len=4096" \ 0 \ -S "found fragmented DTLS handshake message" \ @@ -5749,10 +5751,12 @@ run_test "DTLS fragmenting: server only (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + hs_timeout=2500-60000 \ max_frag_len=2048" \ 0 \ -S "found fragmented DTLS handshake message" \ @@ -5771,10 +5775,12 @@ run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=512" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + hs_timeout=2500-60000 \ max_frag_len=4096" \ 0 \ -S "found fragmented DTLS handshake message" \ @@ -5789,12 +5795,14 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=none \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - max_frag_len=512" \ - 0 \ + hs_timeout=2500-60000 \ + max_frag_len=1024" \ + 0 \ -S "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" @@ -5811,15 +5819,17 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=560" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=none \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - max_frag_len=512" \ + hs_timeout=2500-60000 \ + max_frag_len=1024" \ 0 \ -S "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5833,11 +5843,13 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - max_frag_len=512" \ + hs_timeout=2500-60000 \ + max_frag_len=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5855,15 +5867,17 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=560" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - max_frag_len=512" \ + hs_timeout=2500-60000 \ + max_frag_len=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5876,10 +5890,12 @@ run_test "DTLS fragmenting: none (for reference) (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ mtu=4096" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + hs_timeout=2500-60000 \ mtu=4096" \ 0 \ -S "found fragmented DTLS handshake message" \ @@ -5893,11 +5909,13 @@ run_test "DTLS fragmenting: client (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ mtu=4096" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=512" \ + hs_timeout=2500-60000 \ + mtu=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ -C "found fragmented DTLS handshake message" \ @@ -5910,10 +5928,12 @@ run_test "DTLS fragmenting: server (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + hs_timeout=2500-60000 \ mtu=2048" \ 0 \ -S "found fragmented DTLS handshake message" \ @@ -5924,15 +5944,17 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: both (MTU)" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=512" \ + hs_timeout=2500-60000 \ + mtu=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5944,15 +5966,15 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ - -p "$P_PXY mtu=508" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key\ - hs_timeout=100-400" \ + hs_timeout=100-10000" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=100-400" \ + hs_timeout=100-10000" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5985,15 +6007,17 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: proxy MTU, simple handshake" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6005,15 +6029,17 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - mtu=512 nbio=2" \ + mtu=1024 nbio=2 \ + hs_timeout=15000-60000" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=512 nbio=2" \ + mtu=1024 nbio=2 \ + hs_timeout=15000-60000" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6034,15 +6060,17 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ - -p "$P_PXY mtu=1450" \ + -p "$P_PXY mtu=1650" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - mtu=1450" \ + hs_timeout=10000-60000 \ + mtu=1650" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=1450 reconnect=1 reco_delay=1" \ + hs_timeout=10000-60000 \ + mtu=1650 reconnect=1 reco_delay=1" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6060,18 +6088,20 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_CHACHAPOLY_C run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6090,18 +6120,20 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6120,18 +6152,20 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CCM_C run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6151,18 +6185,20 @@ requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6181,18 +6217,20 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6204,15 +6242,15 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C client_needs_more_time 2 run_test "DTLS fragmenting: proxy MTU + 3d" \ - -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ + -p "$P_PXY mtu=1024 drop=8 delay=8 duplicate=8" \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - hs_timeout=250-10000 mtu=512" \ + hs_timeout=250-10000 mtu=1024" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=250-10000 mtu=512" \ + hs_timeout=250-10000 mtu=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -6223,15 +6261,15 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C client_needs_more_time 2 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ - -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ + -p "$P_PXY mtu=1024 drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - hs_timeout=250-10000 mtu=512 nbio=2" \ + hs_timeout=250-10000 mtu=1024 nbio=2" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=250-10000 mtu=512 nbio=2" \ + hs_timeout=250-10000 mtu=1024 nbio=2" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ From 6290dae90946c88aa3c08693d01cb7d223053e13 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 5 Oct 2018 08:06:01 -0400 Subject: [PATCH 257/368] Disable dtls fragmentation for ClientHello messages Set the handshake mtu to unlimited when encountering a ClienHello message and reset it to its previous value after writing the record. --- library/ssl_tls.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8bd74db8d..38826f93f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -212,7 +212,10 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) * delivered) of any compliant IPv4 (and IPv6) network, and should work * on most non-IP stacks too. */ if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min ) + { ssl->handshake->mtu = 508; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) ); + } new_timeout = 2 * ssl->handshake->retransmit_timeout; @@ -2945,6 +2948,7 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) { int ret; + uint16_t mtu_temp = 0; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) ); if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) @@ -2979,6 +2983,15 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) ssl_swap_epochs( ssl ); } + /* Disable handshake mtu for client hello message to avoid fragmentation. + * Setting it back after calling mbedtls_ssl_write_record */ + if( ssl->out_msg[0] == MBEDTLS_SSL_HS_CLIENT_HELLO ) + { + mtu_temp = ssl->handshake->mtu; + ssl->handshake->mtu = 0; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "disabling fragmentation of ClientHello message" ) ); + } + ret = ssl_get_remaining_payload_in_datagram( ssl ); if( ret < 0 ) return( ret ); @@ -3077,6 +3090,12 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); return( ret ); } + + if( mtu_temp != 0 ) + { + ssl->handshake->mtu = mtu_temp; + mtu_temp = 0; + } } if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) From 948fe80f421f6e92726458db0ae2e0bbd235fc35 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 5 Oct 2018 15:42:44 -0400 Subject: [PATCH 258/368] ssl-opt.sh: adjust test timeouts to fit slower targets --- tests/ssl-opt.sh | 116 +++++++++++++++++++++++++++-------------------- 1 file changed, 66 insertions(+), 50 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 23c25afcb..9c904c391 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5909,12 +5909,12 @@ run_test "DTLS fragmenting: client (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - hs_timeout=2500-60000 \ + hs_timeout=3500-60000 \ mtu=4096" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=2500-60000 \ + hs_timeout=3500-60000 \ mtu=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ @@ -6677,8 +6677,10 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ -p "$P_PXY delay_srv=ServerHello" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ -c "Next handshake message has been buffered - load"\ @@ -6691,8 +6693,10 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ -p "$P_PXY delay_srv=ServerHello" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ -c "found fragmented DTLS handshake message"\ @@ -6712,8 +6716,10 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ -c "Next handshake message has been buffered - load"\ @@ -6732,8 +6738,10 @@ requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \ -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ -c "attempt to make space by freeing buffered future messages" \ @@ -6747,8 +6755,10 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ -p "$P_PXY delay_cli=Certificate" \ - "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ -C "Next handshake message has been buffered - load"\ @@ -6761,8 +6771,10 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ -p "$P_PXY delay_srv=NewSessionTicket" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ -C "Next handshake message has been buffered - load"\ @@ -6775,8 +6787,10 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ -p "$P_PXY delay_cli=ClientKeyExchange" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ -C "Next handshake message has been buffered - load"\ @@ -6789,8 +6803,10 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ run_test "DTLS reordering: Buffer encrypted Finished message" \ -p "$P_PXY delay_ccs=1" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -s "Buffer record from epoch 1" \ -s "Found buffered record from current epoch - load" \ @@ -6830,9 +6846,9 @@ run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragme client_needs_more_time 2 run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ -s "Extra-header:" \ @@ -6841,8 +6857,8 @@ run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Extra-header:" \ @@ -6851,8 +6867,8 @@ run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -6860,8 +6876,8 @@ run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, FS, client auth" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -6869,8 +6885,8 @@ run_test "DTLS proxy: 3d, FS, client auth" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, FS, ticket" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -6878,8 +6894,8 @@ run_test "DTLS proxy: 3d, FS, ticket" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1 auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -6887,9 +6903,9 @@ run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, max handshake, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 nbio=2 tickets=1 \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 nbio=2 tickets=1" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -6897,9 +6913,9 @@ run_test "DTLS proxy: 3d, max handshake, nbio" \ client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, resumption" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 debug_level=3" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -6911,9 +6927,9 @@ run_test "DTLS proxy: 3d, min handshake, resumption" \ client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 debug_level=3 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ 0 \ @@ -6926,9 +6942,9 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ renegotiate=1 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -6941,9 +6957,9 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ renegotiate=1 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -6956,10 +6972,10 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ renegotiation=1 exchanges=4 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -6972,10 +6988,10 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ debug_level=2 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -6989,7 +7005,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 2048" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 tickets=0" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" @@ -6998,7 +7014,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 tickets=0" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" @@ -7007,7 +7023,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 nbio=2 tickets=0" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" @@ -7017,7 +7033,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 2048 -a" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 0 \ -s "Extra-header:" \ -c "Extra-header:" @@ -7028,7 +7044,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 0 \ -s "Extra-header:" \ -c "Extra-header:" @@ -7039,7 +7055,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 nbio=2" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ 0 \ -s "Extra-header:" \ -c "Extra-header:" From 0c161d1956d72eb89c8660965535baeb2ec87dd3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 Oct 2018 13:40:50 +0100 Subject: [PATCH 259/368] Fix bounds check in ssl_parse_server_psk_hint() In the previous bounds check `(*p) > end - len`, the computation of `end - len` might underflow if `end` is within the first 64KB of the address space (note that the length `len` is controlled by the peer). In this case, the bounds check will be bypassed, leading to `*p` exceed the message bounds by up to 64KB when leaving `ssl_parse_server_psk_hint()`. In a pure PSK-based handshake, this doesn't seem to have any consequences, as `*p*` is not accessed afterwards. In a PSK-(EC)DHE handshake, however, `*p` is read from in `ssl_parse_server_ecdh_params()` and `ssl_parse_server_dh_params()` which might lead to an application crash of information leakage. --- library/ssl_cli.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 838572011..b15bc515e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2097,7 +2097,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, * * opaque psk_identity_hint<0..2^16-1>; */ - if( (*p) > end - 2 ) + if( end - (*p) < 2 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " "(psk_identity_hint length)" ) ); @@ -2106,7 +2106,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, len = (*p)[0] << 8 | (*p)[1]; *p += 2; - if( (*p) > end - len ) + if( end - (*p) < len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " "(psk_identity_hint length)" ) ); From dc71ef8fcc448cf68c5ecf452d66378a1d189394 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 Oct 2018 13:51:38 +0100 Subject: [PATCH 260/368] Adapt ChangeLog --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..24ab8af1b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,13 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Fix a flawed bounds check in server PSK hint parsing. In case the + incoming message buffer was placed within the first 64KB of address + space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker + to trigger a memory access up to 64KB beyond the incoming message buffer, + potentially leading to application crash or information disclosure. + Bugfix * Fix a bug in the update function for SSL ticket keys which previously invalidated keys of a lifetime of less than a 1s. Fixes #1968. From d2c9009e5a61427107a895a92ad05069994ea6a2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 Oct 2018 14:32:55 +0100 Subject: [PATCH 261/368] Improve documentation of x509_attr_descriptor_t --- library/x509_create.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 2f36f2493..788b5d36d 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -33,11 +33,17 @@ #include +/* Structure linking OIDs for X.509 DN AttributeTypes to their + * string representations and default string encodings used by Mbed TLS. */ typedef struct { - const char *name; - size_t name_len; - const char*oid; - int tag; + const char *name; /* String representation of AttributeType, e.g. + * "CN" or "emailAddress". */ + size_t name_len; /* Length of \c name, without trailing \c 0 byte. */ + const char *oid; /* String representation of OID of AttributeType, + * as per RFC 5280, Appendix A.1. */ + int tag; /* The default character encoding used for the + * given attribute type, e.g. + * #MBEDTLS_ASN1_UTF8_STRING for UTF-8. */ } x509_attr_descriptor_t; #define ADD_STRLEN( s ) s, sizeof( s ) - 1 @@ -87,7 +93,7 @@ static const x509_attr_descriptor_t *x509_attr_descr_from_name( const char *name if ( cur->name == NULL ) return( NULL ); - + return( cur ); } From d0e21fbd27bedaf59d2587e8012878e2369d068a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 Oct 2018 14:41:31 +0100 Subject: [PATCH 262/368] Improve documentation of ASN.1 string-writing functions - mbedtls_asn1_write_tagged_string() - mbedtls_asn1_write_printable_string() - mbedtls_asn1_write_utf8_string() - mbedtls_asn1_write_ia5_string() --- include/mbedtls/asn1write.h | 91 +++++++++++++++++++++---------------- 1 file changed, 51 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 3dcf8eaf3..59e5d529a 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -153,64 +153,75 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ); /** - * \brief Write a given string tag and - * value in ASN.1 format + * \brief Write a string in ASN.1 format using a specific + * string encoding tag. * Note: function works backwards in data buffer * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param tag the tag to write - * \param text the text to write - * \param text_len length of the text + * \param p The reference to the current position pointer. + * \param start The start of the buffer (for bounds-checking). + * \param tag The string encoding tag to write, e.g. + * #MBEDTLS_ASN1_UTF8_STRING. + * \param text The string to write. + * \param text_len The length of \p text in bytes (which might + * be strictly larger than the number of characters). * - * \return the length written or a negative error code + * \return The number of bytes written to \p p on success. + * \return A negative error code on failure. */ int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag, const char *text, size_t text_len ); -/** - * \brief Write a printable string tag (MBEDTLS_ASN1_PRINTABLE_STRING) and - * value in ASN.1 format - * Note: function works backwards in data buffer - * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param text the text to write - * \param text_len length of the text - * - * \return the length written or a negative error code - */ -int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ); /** - * \brief Write a UTF8 string tag (MBEDTLS_ASN1_UTF8_STRING) and - * value in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write a string in ASN.1 format using the PrintableString + * string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING). + * Note: The function works backwards in data buffer. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param text the text to write - * \param text_len length of the text + * \param p The reference to the current position pointer. + * \param start The start of the buffer (for bounds-checking). + * \param text The string to write. + * \param text_len The length of \p text in bytes (which might + * be strictly larger than the number of characters). * - * \return the length written or a negative error code + * \return The number of bytes written to \p p on success. + * \return A negative error code on failure. + */ +int mbedtls_asn1_write_printable_string( unsigned char **p, + unsigned char *start, + const char *text, size_t text_len ); + +/** + * \brief Write a UTF8 string in ASN.1 format using the UTF8String + * string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING). + * Note: The function works backwards in data buffer. + * + * \param p The reference to the current position pointer. + * \param start The start of the buffer (for bounds-checking). + * \param text The string to write. + * \param text_len The length of \p text in bytes (which might + * be strictly larger than the number of characters). + * + * \return The number of bytes written to \p p on success. + * \return A negative error code on failure. */ int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ); + const char *text, size_t text_len ); /** - * \brief Write an IA5 string tag (MBEDTLS_ASN1_IA5_STRING) and - * value in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write a string in ASN.1 format using the IA5tring + * string encoding tag (#MBEDTLS_ASN1_IA5_STRING). + * Note: The function works backwards in data buffer. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param text the text to write - * \param text_len length of the text + * \param p The reference to the current position pointer. + * \param start The start of the buffer (for bounds-checking). + * \param text The string to write. + * \param text_len The length of \p text in bytes (which might + * be strictly larger than the number of characters). * - * \return the length written or a negative error code + * \return The number of bytes written to \p p on success. + * \return A negative error code on failure. */ int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ); + const char *text, size_t text_len ); /** * \brief Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and From d355e69aedf23ab3d466262f93971a2daff271d6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 Oct 2018 14:42:47 +0100 Subject: [PATCH 263/368] Rename `tag` to `default_tag` in x509_attr_descriptor_t --- library/x509_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 788b5d36d..63e255728 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -41,7 +41,7 @@ typedef struct { size_t name_len; /* Length of \c name, without trailing \c 0 byte. */ const char *oid; /* String representation of OID of AttributeType, * as per RFC 5280, Appendix A.1. */ - int tag; /* The default character encoding used for the + int default_tag; /* The default character encoding used for the * given attribute type, e.g. * #MBEDTLS_ASN1_UTF8_STRING for UTF-8. */ } x509_attr_descriptor_t; @@ -150,7 +150,7 @@ int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *na } // set tagType - cur->val.tag = attr_descr->tag; + cur->val.tag = attr_descr->default_tag; while( c < end && *(c + 1) == ' ' ) c++; From cfc47bab6902e25bf027996a9af0fd83eb3b17ab Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 Oct 2018 14:45:42 +0100 Subject: [PATCH 264/368] Correct some indentation and line lengths in x509_create.c --- library/x509_create.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 63e255728..fb9a83905 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -220,26 +220,30 @@ static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn size_t name_len = cur_name->val.len; // Write correct string tag and value - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tagged_string( p, start, cur_name->val.tag, - (const char *) name, - name_len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tagged_string( p, start, + cur_name->val.tag, + (const char *) name, + name_len ) ); // Write OID // - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, + oid_len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ); return( (int) len ); } int mbedtls_x509_write_names( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first ) + mbedtls_asn1_named_data *first ) { int ret; size_t len = 0; From 35b6854e543a81f4ecfead5394810f447f81abdc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 Oct 2018 14:47:38 +0100 Subject: [PATCH 265/368] Replace reference to RFC 3280 by reference to newer RFC 5280 --- library/x509_create.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_create.c b/library/x509_create.c index fb9a83905..8cb3a0356 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -48,7 +48,7 @@ typedef struct { #define ADD_STRLEN( s ) s, sizeof( s ) - 1 -// note: preset tag types as proposed in RFC3280 and widely used +/* X.509 DN attributes from RFC 5280, Appendix A.1. */ static const x509_attr_descriptor_t x509_attrs[] = { { ADD_STRLEN( "CN" ), MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, From 1624e2e8bb18e46202e8e9cca34a7671fb59b829 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 Oct 2018 14:52:20 +0100 Subject: [PATCH 266/368] Avoid overly long lines X.509 DN attr array def in x509_create.c --- library/x509_create.c | 84 ++++++++++++++++++++++++++++--------------- 1 file changed, 56 insertions(+), 28 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 8cb3a0356..8bd39fdde 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -51,34 +51,62 @@ typedef struct { /* X.509 DN attributes from RFC 5280, Appendix A.1. */ static const x509_attr_descriptor_t x509_attrs[] = { - { ADD_STRLEN( "CN" ), MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "commonName" ), MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "C" ), MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "countryName" ), MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "O" ), MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "organizationName" ), MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "L" ), MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "locality" ), MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "R" ), MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING}, - { ADD_STRLEN( "OU" ), MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "organizationalUnitName" ), MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "ST" ), MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "stateOrProvinceName" ), MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "emailAddress" ), MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN( "serialNumber" ), MBEDTLS_OID_AT_SERIAL_NUMBER, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "postalAddress" ), MBEDTLS_OID_AT_POSTAL_ADDRESS, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "postalCode" ), MBEDTLS_OID_AT_POSTAL_CODE, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "dnQualifier" ), MBEDTLS_OID_AT_DN_QUALIFIER, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "title" ), MBEDTLS_OID_AT_TITLE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "surName" ), MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "SN" ), MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "givenName" ), MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "GN" ), MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "initials" ), MBEDTLS_OID_AT_INITIALS, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "pseudonym" ), MBEDTLS_OID_AT_PSEUDONYM, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "generationQualifier" ), MBEDTLS_OID_AT_GENERATION_QUALIFIER, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "domainComponent" ), MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN( "DC" ), MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, + { ADD_STRLEN( "CN" ), + MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "commonName" ), + MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "C" ), + MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, + { ADD_STRLEN( "countryName" ), + MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, + { ADD_STRLEN( "O" ), + MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "organizationName" ), + MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "L" ), + MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "locality" ), + MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "R" ), + MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING }, + { ADD_STRLEN( "OU" ), + MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "organizationalUnitName" ), + MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "ST" ), + MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "stateOrProvinceName" ), + MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "emailAddress" ), + MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING }, + { ADD_STRLEN( "serialNumber" ), + MBEDTLS_OID_AT_SERIAL_NUMBER, MBEDTLS_ASN1_PRINTABLE_STRING }, + { ADD_STRLEN( "postalAddress" ), + MBEDTLS_OID_AT_POSTAL_ADDRESS, MBEDTLS_ASN1_PRINTABLE_STRING }, + { ADD_STRLEN( "postalCode" ), + MBEDTLS_OID_AT_POSTAL_CODE, MBEDTLS_ASN1_PRINTABLE_STRING }, + { ADD_STRLEN( "dnQualifier" ), + MBEDTLS_OID_AT_DN_QUALIFIER, MBEDTLS_ASN1_PRINTABLE_STRING }, + { ADD_STRLEN( "title" ), + MBEDTLS_OID_AT_TITLE, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "surName" ), + MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "SN" ), + MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "givenName" ), + MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "GN" ), + MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "initials" ), + MBEDTLS_OID_AT_INITIALS, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "pseudonym" ), + MBEDTLS_OID_AT_PSEUDONYM, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "generationQualifier" ), + MBEDTLS_OID_AT_GENERATION_QUALIFIER, MBEDTLS_ASN1_UTF8_STRING }, + { ADD_STRLEN( "domainComponent" ), + MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, + { ADD_STRLEN( "DC" ), + MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, { NULL, 0, NULL, MBEDTLS_ASN1_NULL } }; From 0fc9cf40cfd0dc31a28006b8fbd1afff9805b954 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 9 Oct 2018 03:09:41 -0400 Subject: [PATCH 267/368] ssl-opt.sh: increase proxy mtu sizes to contain entire datagrams --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9c904c391..f70a85c1c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5819,7 +5819,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=1024" \ + -p "$P_PXY mtu=1110" \ "$P_SRV dtls=1 debug_level=2 auth_mode=none \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ @@ -5867,7 +5867,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=1024" \ + -p "$P_PXY mtu=1110" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ From 095d9cf58ee365f32df5472941df05aa99c93ba6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 9 Oct 2018 12:39:13 +0100 Subject: [PATCH 268/368] Fix ordering of free()ing of internal structures in ssl_server2 If `MBEDTLS_MEMORY_BUFFER_ALLOC_C` is configured and Mbed TLS' custom buffer allocator is used for calloc() and free(), the read buffer used by the server example application is allocated from the buffer allocator, but freed after the buffer allocator has been destroyed. If memory backtracing is enabled, this leaves a memory leak in the backtracing structure allocated for the buffer, as found by valgrind. Fixes #2069. --- programs/ssl/ssl_server2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 4eac51f74..efda65d23 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3146,6 +3146,8 @@ exit: mbedtls_ssl_cookie_free( &cookie_ctx ); #endif + mbedtls_free( buf ); + #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_memory_buffer_alloc_status(); @@ -3153,7 +3155,6 @@ exit: mbedtls_memory_buffer_alloc_free(); #endif - mbedtls_free( buf ); mbedtls_printf( " done.\n" ); #if defined(_WIN32) From abe6003f5aae7206b0545a6fd9e090bcfc9b1422 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 9 Oct 2018 12:44:35 +0100 Subject: [PATCH 269/368] Adapt ChangeLog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..c6f90320f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,10 @@ Bugfix invalidated keys of a lifetime of less than a 1s. Fixes #1968. * Fix failure in hmac_drbg in the benchmark sample application, when MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 + * Fix wrong order of freeing in programs/ssl/ssl_server2 example + application leading to a memory leak in case both + MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE are set. + Fixes #2069. Changes * Add tests for session resumption in DTLS. From ef43ce6e25054718cee7e0837f127b39b9cb34db Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 9 Oct 2018 08:24:12 -0400 Subject: [PATCH 270/368] Dtls: change the way unlimited mtu is set for client hello messages --- library/ssl_tls.c | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 38826f93f..353c3471b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2948,7 +2948,6 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) { int ret; - uint16_t mtu_temp = 0; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) ); if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) @@ -2983,15 +2982,6 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) ssl_swap_epochs( ssl ); } - /* Disable handshake mtu for client hello message to avoid fragmentation. - * Setting it back after calling mbedtls_ssl_write_record */ - if( ssl->out_msg[0] == MBEDTLS_SSL_HS_CLIENT_HELLO ) - { - mtu_temp = ssl->handshake->mtu; - ssl->handshake->mtu = 0; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "disabling fragmentation of ClientHello message" ) ); - } - ret = ssl_get_remaining_payload_in_datagram( ssl ); if( ret < 0 ) return( ret ); @@ -3090,12 +3080,6 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); return( ret ); } - - if( mtu_temp != 0 ) - { - ssl->handshake->mtu = mtu_temp; - mtu_temp = 0; - } } if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) @@ -7924,6 +7908,12 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ) { + /* Return unlimited mtu for client hello messages to avoid fragmentation. */ + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO || + ssl->state == MBEDTLS_SSL_SERVER_HELLO ) ) + return ( 0 ); + if( ssl->handshake == NULL || ssl->handshake->mtu == 0 ) return( ssl->mtu ); From 35f2f300ca5724ab0389bed4ed3c7f9d25110290 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 9 Oct 2018 08:52:14 -0400 Subject: [PATCH 271/368] ssl-opt.sh: change expected pattern from 'resend' to 'autoreduction' --- tests/ssl-opt.sh | 74 ++++++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f70a85c1c..079b0f61c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5551,21 +5551,21 @@ run_test "DTLS cookie: enabled, nbio" \ # Tests for client reconnecting from the same port with DTLS -not_with_valgrind # spurious resend +not_with_valgrind # spurious autoreduction run_test "DTLS client reconnect from same port: reference" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \ 0 \ - -C "resend" \ + -C "autoreduction" \ -S "The operation timed out" \ -S "Client initiated reconnection from same port" -not_with_valgrind # spurious resend +not_with_valgrind # spurious autoreduction run_test "DTLS client reconnect from same port: reconnect" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 0 \ - -C "resend" \ + -C "autoreduction" \ -S "The operation timed out" \ -s "Client initiated reconnection from same port" @@ -6002,7 +6002,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ # the proxy shouldn't drop or mess up anything, so we shouldn't need to resend # OTOH the client might resend if the server is to slow to reset after sending # a HelloVerifyRequest, so only check for no retransmission server-side -not_with_valgrind # spurious resend due to timeout +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6019,12 +6019,12 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -not_with_valgrind # spurious resend due to timeout +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6041,7 +6041,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \ mtu=1024 nbio=2 \ hs_timeout=15000-60000" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" @@ -6051,11 +6051,11 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \ # Since we don't support reading fragmented ClientHello yet, # up the MTU to 1450 (larger than ClientHello with session ticket, # but still smaller than client's Certificate to ensure fragmentation). -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. # reco_delay avoids races where the client reconnects before the server has -# resumed listening, which would result in a spurious resend. -not_with_valgrind # spurious resend due to timeout +# resumed listening, which would result in a spurious autoreduction. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6072,14 +6072,14 @@ run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ hs_timeout=10000-60000 \ mtu=1650 reconnect=1 reco_delay=1" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. -not_with_valgrind # spurious resend due to timeout +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6103,14 +6103,14 @@ run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. -not_with_valgrind # spurious resend due to timeout +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6135,14 +6135,14 @@ run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. -not_with_valgrind # spurious resend due to timeout +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6167,14 +6167,14 @@ run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. -not_with_valgrind # spurious resend due to timeout +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6200,14 +6200,14 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. -not_with_valgrind # spurious resend due to timeout +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6232,7 +6232,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" @@ -6555,7 +6555,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \ # Tests for specific things with "unreliable" UDP connection -not_with_valgrind # spurious resend due to timeout +not_with_valgrind # spurious autoreduction due to timeout run_test "DTLS proxy: reference" \ -p "$P_PXY" \ "$P_SRV dtls=1 debug_level=2" \ @@ -6567,11 +6567,11 @@ run_test "DTLS proxy: reference" \ -S "record from another epoch" \ -C "discarding invalid record" \ -S "discarding invalid record" \ - -S "resend" \ + -S "autoreduction" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -not_with_valgrind # spurious resend due to timeout +not_with_valgrind # spurious autoreduction due to timeout run_test "DTLS proxy: duplicate every packet" \ -p "$P_PXY duplicate=1" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ @@ -6581,7 +6581,7 @@ run_test "DTLS proxy: duplicate every packet" \ -s "replayed record" \ -c "record from another epoch" \ -s "record from another epoch" \ - -S "resend" \ + -S "autoreduction" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" From f301d23cebf0a0c857f4531f69258a8120f4b11e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 14 Aug 2018 13:34:01 +0100 Subject: [PATCH 272/368] Bignum: Improve primality test for FIPS primes The FIPS 186-4 RSA key generation prescribes lower failure probability in primality testing and this makes key generation slower. We enable the caller to decide between compliance/security and performance. This python script calculates the base two logarithm of the formulas in HAC Fact 4.48 and was used to determine the breakpoints and number of rounds: def mrpkt_log_2(k, t): if t <= k/9.0: return 3*math.log(k,2)/2+t-math.log(t,2)/2+4-2*math.sqrt(t*k) elif t <= k/4.0: c1 = math.log(7.0*k/20,2)-5*t c2 = math.log(1/7.0,2)+15*math.log(k,2)/4.0-k/2.0-2*t c3 = math.log(12*k,2)-k/4.0-3*t return max(c1, c2, c3) else: return math.log(1/7.0)+15*math.log(k,2)/4.0-k/2.0-2*t --- include/mbedtls/bignum.h | 6 +++-- library/bignum.c | 57 +++++++++++++++++++++++++++++----------- 2 files changed, 46 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index cd0cba815..0ee32dd1c 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -726,7 +726,8 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N ); /** - * \brief Miller-Rabin primality test + * \brief Miller-Rabin primality test with error probability of + * 2-80 * * \param X MPI to check * \param f_rng RNG function @@ -747,7 +748,8 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, * mbedtls_mpi_gen_prime(). */ typedef enum { - MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */ + MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */ + MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2-80 to 2-128 */ } mbedtls_mpi_gen_prime_flag_t; /** diff --git a/library/bignum.c b/library/bignum.c index 51aa0b4cb..c9919fb30 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2056,7 +2056,7 @@ cleanup: /* * Miller-Rabin pseudo-primality test (HAC 4.24) */ -static int mpi_miller_rabin( const mbedtls_mpi *X, +static int mpi_miller_rabin( const mbedtls_mpi *X, int flags, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { @@ -2077,12 +2077,27 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) ); i = mbedtls_mpi_bitlen( X ); - /* - * HAC, table 4.4 - */ - n = ( ( i >= 1300 ) ? 2 : ( i >= 850 ) ? 3 : - ( i >= 650 ) ? 4 : ( i >= 350 ) ? 8 : - ( i >= 250 ) ? 12 : ( i >= 150 ) ? 18 : 27 ); + + if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR ) == 0 ) + { + /* + * 2^-80 error probability, number of rounds chosen per HAC, table 4.4 + */ + n = ( ( i >= 1300 ) ? 2 : ( i >= 850 ) ? 3 : + ( i >= 650 ) ? 4 : ( i >= 350 ) ? 8 : + ( i >= 250 ) ? 12 : ( i >= 150 ) ? 18 : 27 ); + } + else + { + /* + * 2^-100 error probability, number of rounds computed based on HAC, + * fact 4.48 + */ + n = ( ( i >= 1450 ) ? 4 : ( i >= 1150 ) ? 5 : + ( i >= 1000 ) ? 6 : ( i >= 850 ) ? 7 : + ( i >= 750 ) ? 8 : ( i >= 500 ) ? 13 : + ( i >= 250 ) ? 28 : ( i >= 150 ) ? 40 : 51 ); + } for( i = 0; i < n; i++ ) { @@ -2160,7 +2175,7 @@ cleanup: /* * Pseudo-primality test: small factors, then Miller-Rabin */ -int mbedtls_mpi_is_prime( const mbedtls_mpi *X, +int mpi_is_prime_internal( const mbedtls_mpi *X, int flags, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { @@ -2186,15 +2201,25 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, return( ret ); } - return( mpi_miller_rabin( &XX, f_rng, p_rng ) ); + return( mpi_miller_rabin( &XX, flags, f_rng, p_rng ) ); +} + +/* + * Pseudo-primality test, error probability 2^-80 + */ +int mbedtls_mpi_is_prime( const mbedtls_mpi *X, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + return mpi_is_prime_internal( X, 0, f_rng, p_rng ); } /* * Prime number generation * - * If flags is 0 and nbits is at least 1024, then the procedure - * follows the RSA probably-prime generation method of FIPS 186-4. - * NB. FIPS 186-4 only allows the specific bit lengths of 1024 and 1536. + * To generate an RSA key in a way recommended by FIPS 186-4, both primes must + * be either 1024 bits or 1536 bits long, and flags must contain + * MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR. */ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, int (*f_rng)(void *, unsigned char *, size_t), @@ -2231,7 +2256,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 ) { - ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ); + ret = mpi_is_prime_internal( X, flags, f_rng, p_rng ); if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) goto cleanup; @@ -2264,8 +2289,10 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, */ if( ( ret = mpi_check_small_factors( X ) ) == 0 && ( ret = mpi_check_small_factors( &Y ) ) == 0 && - ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 && - ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 ) + ( ret = mpi_miller_rabin( X, flags, f_rng, p_rng ) ) + == 0 && + ( ret = mpi_miller_rabin( &Y, flags, f_rng, p_rng ) ) + == 0 ) goto cleanup; if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) From a3cb7eb8ad6882f76fc8747c0809e1062f2f9545 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 14 Aug 2018 15:31:54 +0100 Subject: [PATCH 273/368] Bignum: Add test for improved prime generation --- tests/suites/test_suite_mpi.data | 12 ++++++++++++ tests/suites/test_suite_mpi.function | 6 +++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 5ff3f9317..c02a9b423 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -708,6 +708,18 @@ Test mbedtls_mpi_gen_prime (Safe) depends_on:MBEDTLS_GENPRIME mbedtls_mpi_gen_prime:128:MBEDTLS_MPI_GEN_PRIME_FLAG_DH:0 +Test mbedtls_mpi_gen_prime (Safe with lower error rate) +depends_on:MBEDTLS_GENPRIME +mbedtls_mpi_gen_prime:128:MBEDTLS_MPI_GEN_PRIME_FLAG_DH | MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0 + +Test mbedtls_mpi_gen_prime standard RSA #1 (lower error rate) +depends_on:MBEDTLS_GENPRIME +mbedtls_mpi_gen_prime:1024:MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0 + +Test mbedtls_mpi_gen_prime standard RSA #2 (lower error rate) +depends_on:MBEDTLS_GENPRIME +mbedtls_mpi_gen_prime:1536:MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0 + Test bit getting (Value bit 25) mbedtls_mpi_get_bit:10:"49979687":25:1 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 4754c6e53..e598f8dfc 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -809,14 +809,14 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ -void mbedtls_mpi_gen_prime( int bits, int safe, int ref_ret ) +void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) { mbedtls_mpi X; int my_ret; mbedtls_mpi_init( &X ); - my_ret = mbedtls_mpi_gen_prime( &X, bits, safe, rnd_std_rand, NULL ); + my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, rnd_std_rand, NULL ); TEST_ASSERT( my_ret == ref_ret ); if( ref_ret == 0 ) @@ -827,7 +827,7 @@ void mbedtls_mpi_gen_prime( int bits, int safe, int ref_ret ) TEST_ASSERT( actual_bits <= (size_t) bits + 1 ); TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 ); - if( safe ) + if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) { /* X = ( X - 1 ) / 2 */ TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); From b8fc1b02eed3fc0f9b43387250e961b11fd83470 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 3 Sep 2018 15:37:01 +0100 Subject: [PATCH 274/368] RSA: Use MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR --- library/rsa.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 88c1cf100..f225c500a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -502,6 +502,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, { int ret; mbedtls_mpi H, G, L; + int prime_quality = 0; if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -509,6 +510,14 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( nbits % 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + /* + * If the modulus is 1024 bit long or shorter, then the security strength of + * the RSA algorithm is less than or equal to 80 bits and therefore an error + * rate of 2^-80 is sufficient. + */ + if( nbits > 1024 ) + prime_quality = MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR; + mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); mbedtls_mpi_init( &L ); @@ -523,11 +532,11 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, do { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0, - f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, + prime_quality, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, - f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, + prime_quality, f_rng, p_rng ) ); /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) ); From 3332937538f3254ac15edf4cd4abb91911144927 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 6 Sep 2018 10:41:33 +0100 Subject: [PATCH 275/368] Changelog: Add entry for prime test improvement --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 820c26b40..fd625a48b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Add MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR flag to mbedtls_mpi_gen_prime() and + use it to reduce error probability in RSA key generation to levels mandated + by FIPS-186-4. + = mbed TLS 2.13.1 branch released 2018-09-06 API Changes From b728c291140b94a9219f098ec11e77f526b06808 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 4 Sep 2018 11:19:21 +0100 Subject: [PATCH 276/368] Bignum: Remove dead code Both variables affected by the code are overwritten before their next read. --- library/bignum.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index c9919fb30..8bdf2e9ba 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2104,15 +2104,6 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, int flags, /* * pick a random A, 1 < A < |X| - 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); - - if( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 ) - { - j = mbedtls_mpi_bitlen( &A ) - mbedtls_mpi_bitlen( &W ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j + 1 ) ); - } - A.p[0] |= 3; - count = 0; do { MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); From 64eca05ec2a9a93868c1eb08dfb36b8f45d3c432 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 5 Sep 2018 17:04:49 +0100 Subject: [PATCH 277/368] Bignum: Add tests for primality testing Primality tests have to deal with different distribution when generating primes and when validating primes. These new tests are testing if mbedtls_mpi_is_prime() is working properly in the latter setting. The new tests involve pseudoprimes with maximum number of non-witnesses. The non-witnesses were generated by printing them from mpi_miller_rabin(). The pseudoprimes were generated by the following function: void gen_monier( mbedtls_mpi* res, int nbits ) { mbedtls_mpi p_2x_plus_1, p_4x_plus_1, x, tmp; mbedtls_mpi_init( &p_2x_plus_1 ); mbedtls_mpi_init( &p_4x_plus_1 ); mbedtls_mpi_init( &x ); mbedtls_mpi_init( &tmp ); do { mbedtls_mpi_gen_prime( &p_2x_plus_1, nbits >> 1, 0, rnd_std_rand, NULL ); mbedtls_mpi_sub_int( &x, &p_2x_plus_1, 1 ); mbedtls_mpi_div_int( &x, &tmp, &x, 2 ); if( mbedtls_mpi_get_bit( &x, 0 ) == 0 ) continue; mbedtls_mpi_mul_int( &p_4x_plus_1, &x, 4 ); mbedtls_mpi_add_int( &p_4x_plus_1, &p_4x_plus_1, 1 ); if( mbedtls_mpi_is_prime( &p_4x_plus_1, rnd_std_rand, NULL ) == 0 ) break; } while( 1 ); mbedtls_mpi_mul_mpi( res, &p_2x_plus_1, &p_4x_plus_1 ); } --- tests/suites/test_suite_mpi.data | 8 ++++ tests/suites/test_suite_mpi.function | 66 ++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index c02a9b423..b046be77a 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -680,6 +680,14 @@ Test mbedtls_mpi_is_prime #20 depends_on:MBEDTLS_GENPRIME mbedtls_mpi_is_prime:10:"49979687":0 +Test mbedtls_mpi_is_prime_det (4 non-witnesses) +depends_on:MBEDTLS_GENPRIME +mbedtls_mpi_is_prime_det:"043BD64BA10B11DA83FBD296B04BCA9E0552FAF6E09CAC74E2D7E735ED0DB09FC47ED76145644203EE0C826013BC602F560BCDAAED557D04683859A65D659FF828A245A2C5B1AC41E01E4669A525A45E23AF":"040EA852F7935ACCECC0E87B845281F047D10DC9AAFEF990AF9D3D66770DA30B0C5B5E03EEA8C0CB79B936FE0BB8EE5389EC1D34EB16C58AA3F2E11AF084160CDF6400BE1CC179867AB074866952D9F34EE7042D27F960E715A97FCB93F3182247D0A6AE51BD21CC2F6B0651F9E572C5FB86F3137053FA85FD7A51816D69B3A53A5A438C17754836D04E98CA240B901F828332F2D72D88C497DA45F533F99A6E53EDEA6B0424EC8951B048FA9A80134B37D0A67014597934E3CFC52C5A4DD4751ADF8D66FC79E84E2A3148C4B15C17E12CB659390FD275F39A331FFC80EC699BC3F6FAB868E30E9B14575FCDAB6FAED01E00112DD28704177E09C335AD43A696FEA761E8DF3B0663277A5C3637F9060CB5E5654F72E9A6B0F369E660AD4CF7ABF4195493545B367BD55271CD4BB7D9C15D3F508FE8F7409C2126FC8E73B43A67CD4EFB21E9F15DBF040A2A8D5F5ED75CEAC12B595C0051F3EC9D5A58ACE82A9506E64F780E9836728260FFE1BFD73E8A9869E3D46A35A856D3028F7FEAB9F4F1A04449AEDC80017EE1014080D87F0B50C8EF255324CD89F7D039":82:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + +Test mbedtls_mpi_is_prime_det (39 non-witnesses) +depends_on:MBEDTLS_GENPRIME +mbedtls_mpi_is_prime_det:"155102B67930FBE8858DF6C0642D77D419A7B7968E622CC7500F3E3F2C5168368C50E0083187":"119B3E2C721834D83416239B04447AA18AE0163E61DCAE97054563D79E094A6FA4485BD6A0501445BF57FE9C058926CDB862E04CC1A95D79D61D9AB3466857A53E04F8D7470C9C86649B226A13DDC534E18DFD5C22FAEA317CA4D4960F18457FD6D2FFB5F3273F74C89980DC774590D8D30D1159CA81999ED94A042D67DA68C82616AD46C2C88288A8EBD0B37AC7C152D9522CA4544642AD1210F6B642FEBF43563FA872B0DEFAFC69D0B6570E8FEA9570D0AADCFA9B06CC8BFD62CEDC221541210EEEF9762448C6D49F26AA767A4D66CB168589E0201923015314E6CD4A480E5936E7CF145F73A564C5B782635B3AFC3028E2632C5D3458224A7C9E8BA1876E8F690463C878292D3DC011E9640331E7F7621F2B5E0F6713DD8C9D6767521C4BA880DA8D11C67753C8493D2C4C4F1443147550D0B25B7FAD04EAFA9F8AA60974C1365C8A794CFEECEB4279B1150909A97E5A7A10B5D91186CA5B25A612036631FE73529C8CFAE51E76FB704A772DE5320EFC1212E7A399B1FEBF57D014AF9129DFF5D2C5DFBBEEAC55F360CF6D22FA90B8E2E9AD0C71AB6495A9452A58D653B8CC26128C66B43EFBA6E39AEC5717A1A3C2AE1449FCABAFE1180B159DA55190CD81A3D9E8D798647E11B827F0A057D6DA5AAD78AB5112EE65E10E8B8B369BA24E1B8AD2CD8548C497016C07A143DE1232F8059BE303572456FA92E76A0F23D1340629228B7D27C02D3833A72745B91A3DBEB5E081117A9F19597F00E4277B414FAEA8C8CEB895C37F956A5A22F8D7A10ADA50B22BAB312504904511AA0EFDD4D3BF20ECB17E8A684564FFB5BBD5E22C429F9A75A4FB4AE468FE7612ED53C7A11212E7EF3435CC9CA6E7DB167B8CCE2BECF35F89013F8F876223C77FA81570970858663C6E32B91080AA47F9C90177F51E6FD7747B910C9489C7B6ACB070996198AD9A40A69711274159210A9A12DBAAA4FB4632446066AB70D735DC95F7C2BCE517E88C064D728DE82B1B043DF4AEE0EFF5131120A4E5B9B4180EB6F6B8A0D1491ABDA069058A9966B1A517D8E7B4997DC52A1E698FD79E271153DF1913FE6787A5D99DE69F39C3F22D26DC731CFBB33FF5C267D85D7A3DAE8E1C87E1DB2F1236212EF1942EA756967FB3D07D629E59EA4034D9A9B5E270DD4A31C8A3DFDA99C1094B5537132C196DA2AEAF5253A019B9AF25B5DCB0D4DD75C7C9C353DA9DAABFB23959A5455312E7E1C21268C1BC14E83DCFDF50C27FD3E8B4EDC04C5F3CB5FCFFF2B57151E1B1EE1A6456DC006BC43E1158674AA4CF7D146DE4A57103BE43ED130C8007294ED2418C7A2B769A7D20EBB5A8367A77B313F81BB119B9954305FF160FF83EED7F808EE6D340A5CCC000CF81AA497D315D350CCE4E86A31456B8AA85B677491FC662933DFA55EB5BFF64B8D85430D676A85D1CAFAFF383E68C4E6C22A51063739EC03FC58C36C07C44E54828BE2152B2E9AFB0F179B157D09B64C147B524BB5424BB1914419424D9100D06EDCFC718F4DF3D562E9E16C446663F35273CA7BC5426B868A80C8D415C9A12A1619CDB7CDB5BEBC70313150BDF8C3AB26B809FE62D28E798EF1EF98C410A2DA0A9071F82154AC569078B0E647E2C085D1D907E634453442803D0492D3D0C78CACB762020C0E589C8B0981321EA2771305FD0413F3B2963FCE9A232F6641DB7E12ADC009A032063C41756E5E19E5711DE12711F07AFE7545B4D83F3EFD7BFD0435297C89DF3D4AF96EBE2CE8D64B93E36EA5D7E5A0492151D0CAEE7449A7D35E1A3C83E22C3B35162C073CC3B1CF76FBDEE84270721FC042EAAEB7325110181415E2031CFB7462F15111291CDAC0560FF9F4C7341F2FA261B97CEF348D074AA2EB4DB153FE6B1410519DA4213B611999868F3B867A2B6D758D333C4989DE80782683CA26ECDE373C71524F01B76349CE8A07A5EBECBB42259CF970DDA756EC996B189FEA045FEE45F23D476960913106ECA2510B8517AA75D56FA4152B2BDDC212014E5D07FD964D6EE532F0616DF74E104659955132331FABF2D2AD265E71C93C648A956FA0A3DB21FF103D516527F2DA0E870340B61EE8A8ED913B60605EB5A67B834D0FC90564386012585609870FEF6530B3E3C037B55506F0B5694F6B0FC":38:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + Test mbedtls_mpi_gen_prime (Too small) depends_on:MBEDTLS_GENPRIME mbedtls_mpi_gen_prime:2:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index e598f8dfc..c6548b1af 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -1,5 +1,48 @@ /* BEGIN_HEADER */ #include "mbedtls/bignum.h" + +typedef struct mbedtls_test_mpi_random +{ + data_t *data; + size_t pos; + size_t chunk_len; +} mbedtls_test_mpi_random; + +/* + * This function is called by the Miller-Rabin primality test each time it + * chooses a random witness. The witnesses (or non-witnesses as provided by the + * test) are stored in the data member of the state structure. Each number is in + * the format that mbedtls_mpi_read_string understands and is chunk_len long. + */ +int mbedtls_test_mpi_miller_rabin_determinizer( void* state, + unsigned char* buf, + size_t len ) +{ + mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random*) state; + + if( random == NULL || random->data->x == NULL || buf == NULL ) + return( -1 ); + + if( random->pos + random->chunk_len > random->data->len + || random->chunk_len > len ) + { + return( -1 ); + } + + memset( buf, 0, len ); + + /* The witness is written to the end of the buffer, since the buffer is + * used as big endian, unsigned binary data in mbedtls_mpi_read_binary. + * Writing the witness to the start of the buffer would result in the + * buffer being 'witness 000...000', which would be treated as + * witness * 2^n for some n. */ + memcpy( buf + len - random->chunk_len, &random->data->x[random->pos], + random->chunk_len ); + + random->pos += random->chunk_len; + + return( 0 ); +} /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -808,6 +851,29 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ +void mbedtls_mpi_is_prime_det( data_t * input_X, data_t * witnesses, + int chunk_len, int div_result ) +{ + mbedtls_mpi X; + int res; + mbedtls_test_mpi_random rand; + + mbedtls_mpi_init( &X ); + rand.data = witnesses; + rand.pos = 0; + rand.chunk_len = chunk_len; + + TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 ); + res = mbedtls_mpi_is_prime( &X, mbedtls_test_mpi_miller_rabin_determinizer, + &rand ); + TEST_ASSERT( res == div_result ); + +exit: + mbedtls_mpi_free( &X ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) { From da31fa137a1183d3feed5981af6d05c550a8c005 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 3 Sep 2018 14:45:23 +0100 Subject: [PATCH 278/368] Bignum: Fix prime validation vulnerability The input distribution to primality testing functions is completely different when used for generating primes and when for validating primes. The constants used in the library are geared towards the prime generation use case and are weak when used for validation. (Maliciously constructed composite numbers can pass the test with high probability) The mbedtls_mpi_is_prime() function is in the public API and although it is not documented, it is reasonable to assume that the primary use case is validating primes. The RSA module too uses it for validating key material. --- library/bignum.c | 61 ++++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 8bdf2e9ba..6d166c655 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2056,12 +2056,12 @@ cleanup: /* * Miller-Rabin pseudo-primality test (HAC 4.24) */ -static int mpi_miller_rabin( const mbedtls_mpi *X, int flags, +static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret, count; - size_t i, j, k, n, s; + size_t i, j, k, s; mbedtls_mpi W, R, T, A, RR; mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A ); @@ -2078,28 +2078,7 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, int flags, i = mbedtls_mpi_bitlen( X ); - if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR ) == 0 ) - { - /* - * 2^-80 error probability, number of rounds chosen per HAC, table 4.4 - */ - n = ( ( i >= 1300 ) ? 2 : ( i >= 850 ) ? 3 : - ( i >= 650 ) ? 4 : ( i >= 350 ) ? 8 : - ( i >= 250 ) ? 12 : ( i >= 150 ) ? 18 : 27 ); - } - else - { - /* - * 2^-100 error probability, number of rounds computed based on HAC, - * fact 4.48 - */ - n = ( ( i >= 1450 ) ? 4 : ( i >= 1150 ) ? 5 : - ( i >= 1000 ) ? 6 : ( i >= 850 ) ? 7 : - ( i >= 750 ) ? 8 : ( i >= 500 ) ? 13 : - ( i >= 250 ) ? 28 : ( i >= 150 ) ? 40 : 51 ); - } - - for( i = 0; i < n; i++ ) + for( i = 0; i < rounds; i++ ) { /* * pick a random A, 1 < A < |X| - 1 @@ -2166,7 +2145,7 @@ cleanup: /* * Pseudo-primality test: small factors, then Miller-Rabin */ -int mpi_is_prime_internal( const mbedtls_mpi *X, int flags, +int mpi_is_prime_internal( const mbedtls_mpi *X, int rounds, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { @@ -2192,7 +2171,7 @@ int mpi_is_prime_internal( const mbedtls_mpi *X, int flags, return( ret ); } - return( mpi_miller_rabin( &XX, flags, f_rng, p_rng ) ); + return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) ); } /* @@ -2202,7 +2181,7 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - return mpi_is_prime_internal( X, 0, f_rng, p_rng ); + return mpi_is_prime_internal( X, 40, f_rng, p_rng ); } /* @@ -2225,6 +2204,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, #endif int ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; size_t k, n; + int rounds; mbedtls_mpi_uint r; mbedtls_mpi Y; @@ -2235,6 +2215,27 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, n = BITS_TO_LIMBS( nbits ); + if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR ) == 0 ) + { + /* + * 2^-80 error probability, number of rounds chosen per HAC, table 4.4 + */ + rounds = ( ( nbits >= 1300 ) ? 2 : ( nbits >= 850 ) ? 3 : + ( nbits >= 650 ) ? 4 : ( nbits >= 350 ) ? 8 : + ( nbits >= 250 ) ? 12 : ( nbits >= 150 ) ? 18 : 27 ); + } + else + { + /* + * 2^-100 error probability, number of rounds computed based on HAC, + * fact 4.48 + */ + rounds = ( ( nbits >= 1450 ) ? 4 : ( nbits >= 1150 ) ? 5 : + ( nbits >= 1000 ) ? 6 : ( nbits >= 850 ) ? 7 : + ( nbits >= 750 ) ? 8 : ( nbits >= 500 ) ? 13 : + ( nbits >= 250 ) ? 28 : ( nbits >= 150 ) ? 40 : 51 ); + } + while( 1 ) { MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); @@ -2247,7 +2248,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 ) { - ret = mpi_is_prime_internal( X, flags, f_rng, p_rng ); + ret = mpi_is_prime_internal( X, rounds, f_rng, p_rng ); if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) goto cleanup; @@ -2280,9 +2281,9 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, */ if( ( ret = mpi_check_small_factors( X ) ) == 0 && ( ret = mpi_check_small_factors( &Y ) ) == 0 && - ( ret = mpi_miller_rabin( X, flags, f_rng, p_rng ) ) + ( ret = mpi_miller_rabin( X, rounds, f_rng, p_rng ) ) == 0 && - ( ret = mpi_miller_rabin( &Y, flags, f_rng, p_rng ) ) + ( ret = mpi_miller_rabin( &Y, rounds, f_rng, p_rng ) ) == 0 ) goto cleanup; From a0b67c2f3e95139881bebe020c2cb8664349bfcd Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 18 Sep 2018 14:48:23 +0100 Subject: [PATCH 279/368] Bignum: Deprecate mbedtls_mpi_is_prime() When using a primality testing function the tolerable error rate depends on the scheme in question, the required security strength and wether it is used for key generation or parameter validation. To support all use cases we need more flexibility than what the old API provides. --- include/mbedtls/bignum.h | 43 ++++++++++++++++++++++++++-- library/bignum.c | 17 +++++++---- library/rsa_internal.c | 9 ++++-- programs/pkey/dh_genprime.c | 2 +- tests/suites/test_suite_mpi.data | 4 +-- tests/suites/test_suite_mpi.function | 13 +++++---- 6 files changed, 70 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 0ee32dd1c..40cfab49a 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -725,10 +725,19 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B */ int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N ); +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif /** * \brief Miller-Rabin primality test with error probability of * 2-80 * + * \deprecated Superseded by mbedtls_mpi_is_prime_ext() which allows + * specifying the number of Miller-Rabin rounds. + * * \param X MPI to check * \param f_rng RNG function * \param p_rng RNG parameter @@ -737,10 +746,38 @@ int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime */ -int mbedtls_mpi_is_prime( const mbedtls_mpi *X, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +/** + * \brief Miller-Rabin primality test. + * + * \warning If \p X is potentially generated by an adversary, for example + * when validating cryptographic parameters that you didn't + * generate yourself and that are supposed to be prime, then + * \p rounds should be at least the half of the security + * strength of the cryptographic algorithm. On the other hand, + * if \p X is chosen uniformly or non-adversially (as is the + * case when mbedtls_mpi_gen_prime calls this function), then + * \p rounds can be much lower. + * + * \param X MPI to check + * \param rounds Number of bases to perform Miller-Rabin primality test for. + * The probability of returning 0 on a composite is at most + * 2-2*\p rounds. + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \return 0 if successful (probably prime), + * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, + * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime + */ +int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); /** * \brief Flags for mbedtls_mpi_gen_prime() * diff --git a/library/bignum.c b/library/bignum.c index 6d166c655..9dc4e4d4f 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2145,9 +2145,9 @@ cleanup: /* * Pseudo-primality test: small factors, then Miller-Rabin */ -int mpi_is_prime_internal( const mbedtls_mpi *X, int rounds, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { int ret; mbedtls_mpi XX; @@ -2174,6 +2174,7 @@ int mpi_is_prime_internal( const mbedtls_mpi *X, int rounds, return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /* * Pseudo-primality test, error probability 2^-80 */ @@ -2181,8 +2182,14 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - return mpi_is_prime_internal( X, 40, f_rng, p_rng ); + /* + * In the past our key generation aimed for an error rate of at most + * 2^-80. Since this function is deprecated, aim for the same certainty + * here as well. + */ + return mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ); } +#endif /* * Prime number generation @@ -2248,7 +2255,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 ) { - ret = mpi_is_prime_internal( X, rounds, f_rng, p_rng ); + ret = mbedtls_mpi_is_prime_ext( X, rounds, f_rng, p_rng ); if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) goto cleanup; diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 507009f13..9a42d47ce 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -351,15 +351,20 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, */ #if defined(MBEDTLS_GENPRIME) + /* + * When generating keys, the strongest security we support aims for an error + * rate of at most 2^-100 and we are aiming for the same certainty here as + * well. + */ if( f_rng != NULL && P != NULL && - ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 ) + ( ret = mbedtls_mpi_is_prime_ext( P, 50, f_rng, p_rng ) ) != 0 ) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } if( f_rng != NULL && Q != NULL && - ( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 ) + ( ret = mbedtls_mpi_is_prime_ext( Q, 50, f_rng, p_rng ) ) != 0 ) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index dbe915338..360e3554a 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -156,7 +156,7 @@ int main( int argc, char **argv ) goto exit; } - if( ( ret = mbedtls_mpi_is_prime( &Q, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + if( ( ret = mbedtls_mpi_is_prime_ext( &Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret ); goto exit; diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index b046be77a..b8b7b9e7e 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -682,11 +682,11 @@ mbedtls_mpi_is_prime:10:"49979687":0 Test mbedtls_mpi_is_prime_det (4 non-witnesses) depends_on:MBEDTLS_GENPRIME -mbedtls_mpi_is_prime_det:"043BD64BA10B11DA83FBD296B04BCA9E0552FAF6E09CAC74E2D7E735ED0DB09FC47ED76145644203EE0C826013BC602F560BCDAAED557D04683859A65D659FF828A245A2C5B1AC41E01E4669A525A45E23AF":"040EA852F7935ACCECC0E87B845281F047D10DC9AAFEF990AF9D3D66770DA30B0C5B5E03EEA8C0CB79B936FE0BB8EE5389EC1D34EB16C58AA3F2E11AF084160CDF6400BE1CC179867AB074866952D9F34EE7042D27F960E715A97FCB93F3182247D0A6AE51BD21CC2F6B0651F9E572C5FB86F3137053FA85FD7A51816D69B3A53A5A438C17754836D04E98CA240B901F828332F2D72D88C497DA45F533F99A6E53EDEA6B0424EC8951B048FA9A80134B37D0A67014597934E3CFC52C5A4DD4751ADF8D66FC79E84E2A3148C4B15C17E12CB659390FD275F39A331FFC80EC699BC3F6FAB868E30E9B14575FCDAB6FAED01E00112DD28704177E09C335AD43A696FEA761E8DF3B0663277A5C3637F9060CB5E5654F72E9A6B0F369E660AD4CF7ABF4195493545B367BD55271CD4BB7D9C15D3F508FE8F7409C2126FC8E73B43A67CD4EFB21E9F15DBF040A2A8D5F5ED75CEAC12B595C0051F3EC9D5A58ACE82A9506E64F780E9836728260FFE1BFD73E8A9869E3D46A35A856D3028F7FEAB9F4F1A04449AEDC80017EE1014080D87F0B50C8EF255324CD89F7D039":82:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE +mbedtls_mpi_is_prime_det:"043BD64BA10B11DA83FBD296B04BCA9E0552FAF6E09CAC74E2D7E735ED0DB09FC47ED76145644203EE0C826013BC602F560BCDAAED557D04683859A65D659FF828A245A2C5B1AC41E01E4669A525A45E23AF":"040EA852F7935ACCECC0E87B845281F047D10DC9AAFEF990AF9D3D66770DA30B0C5B5E03EEA8C0CB79B936FE0BB8EE5389EC1D34EB16C58AA3F2E11AF084160CDF6400BE1CC179867AB074866952D9F34EE7042D27F960E715A97FCB93F3182247D0A6AE51BD21CC2F6B0651F9E572C5FB86F3137053FA85FD7A51816D69B3A53A5A438C17754836D04E98CA240B901F828332F2D72D88C497DA45F533F99A6E53EDEA6B0424EC8951B048FA9A80134B37D0A67014597934E3CFC52C5A4DD4751ADF8D66FC79E84E2A3148C4B15C17E12CB659390FD275F39A331FFC80EC699BC3F6FAB868E30E9B14575FCDAB6FAED01E00112DD28704177E09C335AD43A696FEA761E8DF3B0663277A5C3637F9060CB5E5654F72E9A6B0F369E660AD4CF7ABF4195493545B367BD55271CD4BB7D9C15D3F508FE8F7409C2126FC8E73B43A67CD4EFB21E9F15DBF040A2A8D5F5ED75CEAC12B595C0051F3EC9D5A58ACE82A9506E64F780E9836728260FFE1BFD73E8A9869E3D46A35A856D3028F7FEAB9F4F1A04449AEDC80017EE1014080D87F0B50C8EF255324CD89F7D039":82:5:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE Test mbedtls_mpi_is_prime_det (39 non-witnesses) depends_on:MBEDTLS_GENPRIME -mbedtls_mpi_is_prime_det:"155102B67930FBE8858DF6C0642D77D419A7B7968E622CC7500F3E3F2C5168368C50E0083187":"119B3E2C721834D83416239B04447AA18AE0163E61DCAE97054563D79E094A6FA4485BD6A0501445BF57FE9C058926CDB862E04CC1A95D79D61D9AB3466857A53E04F8D7470C9C86649B226A13DDC534E18DFD5C22FAEA317CA4D4960F18457FD6D2FFB5F3273F74C89980DC774590D8D30D1159CA81999ED94A042D67DA68C82616AD46C2C88288A8EBD0B37AC7C152D9522CA4544642AD1210F6B642FEBF43563FA872B0DEFAFC69D0B6570E8FEA9570D0AADCFA9B06CC8BFD62CEDC221541210EEEF9762448C6D49F26AA767A4D66CB168589E0201923015314E6CD4A480E5936E7CF145F73A564C5B782635B3AFC3028E2632C5D3458224A7C9E8BA1876E8F690463C878292D3DC011E9640331E7F7621F2B5E0F6713DD8C9D6767521C4BA880DA8D11C67753C8493D2C4C4F1443147550D0B25B7FAD04EAFA9F8AA60974C1365C8A794CFEECEB4279B1150909A97E5A7A10B5D91186CA5B25A612036631FE73529C8CFAE51E76FB704A772DE5320EFC1212E7A399B1FEBF57D014AF9129DFF5D2C5DFBBEEAC55F360CF6D22FA90B8E2E9AD0C71AB6495A9452A58D653B8CC26128C66B43EFBA6E39AEC5717A1A3C2AE1449FCABAFE1180B159DA55190CD81A3D9E8D798647E11B827F0A057D6DA5AAD78AB5112EE65E10E8B8B369BA24E1B8AD2CD8548C497016C07A143DE1232F8059BE303572456FA92E76A0F23D1340629228B7D27C02D3833A72745B91A3DBEB5E081117A9F19597F00E4277B414FAEA8C8CEB895C37F956A5A22F8D7A10ADA50B22BAB312504904511AA0EFDD4D3BF20ECB17E8A684564FFB5BBD5E22C429F9A75A4FB4AE468FE7612ED53C7A11212E7EF3435CC9CA6E7DB167B8CCE2BECF35F89013F8F876223C77FA81570970858663C6E32B91080AA47F9C90177F51E6FD7747B910C9489C7B6ACB070996198AD9A40A69711274159210A9A12DBAAA4FB4632446066AB70D735DC95F7C2BCE517E88C064D728DE82B1B043DF4AEE0EFF5131120A4E5B9B4180EB6F6B8A0D1491ABDA069058A9966B1A517D8E7B4997DC52A1E698FD79E271153DF1913FE6787A5D99DE69F39C3F22D26DC731CFBB33FF5C267D85D7A3DAE8E1C87E1DB2F1236212EF1942EA756967FB3D07D629E59EA4034D9A9B5E270DD4A31C8A3DFDA99C1094B5537132C196DA2AEAF5253A019B9AF25B5DCB0D4DD75C7C9C353DA9DAABFB23959A5455312E7E1C21268C1BC14E83DCFDF50C27FD3E8B4EDC04C5F3CB5FCFFF2B57151E1B1EE1A6456DC006BC43E1158674AA4CF7D146DE4A57103BE43ED130C8007294ED2418C7A2B769A7D20EBB5A8367A77B313F81BB119B9954305FF160FF83EED7F808EE6D340A5CCC000CF81AA497D315D350CCE4E86A31456B8AA85B677491FC662933DFA55EB5BFF64B8D85430D676A85D1CAFAFF383E68C4E6C22A51063739EC03FC58C36C07C44E54828BE2152B2E9AFB0F179B157D09B64C147B524BB5424BB1914419424D9100D06EDCFC718F4DF3D562E9E16C446663F35273CA7BC5426B868A80C8D415C9A12A1619CDB7CDB5BEBC70313150BDF8C3AB26B809FE62D28E798EF1EF98C410A2DA0A9071F82154AC569078B0E647E2C085D1D907E634453442803D0492D3D0C78CACB762020C0E589C8B0981321EA2771305FD0413F3B2963FCE9A232F6641DB7E12ADC009A032063C41756E5E19E5711DE12711F07AFE7545B4D83F3EFD7BFD0435297C89DF3D4AF96EBE2CE8D64B93E36EA5D7E5A0492151D0CAEE7449A7D35E1A3C83E22C3B35162C073CC3B1CF76FBDEE84270721FC042EAAEB7325110181415E2031CFB7462F15111291CDAC0560FF9F4C7341F2FA261B97CEF348D074AA2EB4DB153FE6B1410519DA4213B611999868F3B867A2B6D758D333C4989DE80782683CA26ECDE373C71524F01B76349CE8A07A5EBECBB42259CF970DDA756EC996B189FEA045FEE45F23D476960913106ECA2510B8517AA75D56FA4152B2BDDC212014E5D07FD964D6EE532F0616DF74E104659955132331FABF2D2AD265E71C93C648A956FA0A3DB21FF103D516527F2DA0E870340B61EE8A8ED913B60605EB5A67B834D0FC90564386012585609870FEF6530B3E3C037B55506F0B5694F6B0FC":38:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE +mbedtls_mpi_is_prime_det:"155102B67930FBE8858DF6C0642D77D419A7B7968E622CC7500F3E3F2C5168368C50E0083187":"119B3E2C721834D83416239B04447AA18AE0163E61DCAE97054563D79E094A6FA4485BD6A0501445BF57FE9C058926CDB862E04CC1A95D79D61D9AB3466857A53E04F8D7470C9C86649B226A13DDC534E18DFD5C22FAEA317CA4D4960F18457FD6D2FFB5F3273F74C89980DC774590D8D30D1159CA81999ED94A042D67DA68C82616AD46C2C88288A8EBD0B37AC7C152D9522CA4544642AD1210F6B642FEBF43563FA872B0DEFAFC69D0B6570E8FEA9570D0AADCFA9B06CC8BFD62CEDC221541210EEEF9762448C6D49F26AA767A4D66CB168589E0201923015314E6CD4A480E5936E7CF145F73A564C5B782635B3AFC3028E2632C5D3458224A7C9E8BA1876E8F690463C878292D3DC011E9640331E7F7621F2B5E0F6713DD8C9D6767521C4BA880DA8D11C67753C8493D2C4C4F1443147550D0B25B7FAD04EAFA9F8AA60974C1365C8A794CFEECEB4279B1150909A97E5A7A10B5D91186CA5B25A612036631FE73529C8CFAE51E76FB704A772DE5320EFC1212E7A399B1FEBF57D014AF9129DFF5D2C5DFBBEEAC55F360CF6D22FA90B8E2E9AD0C71AB6495A9452A58D653B8CC26128C66B43EFBA6E39AEC5717A1A3C2AE1449FCABAFE1180B159DA55190CD81A3D9E8D798647E11B827F0A057D6DA5AAD78AB5112EE65E10E8B8B369BA24E1B8AD2CD8548C497016C07A143DE1232F8059BE303572456FA92E76A0F23D1340629228B7D27C02D3833A72745B91A3DBEB5E081117A9F19597F00E4277B414FAEA8C8CEB895C37F956A5A22F8D7A10ADA50B22BAB312504904511AA0EFDD4D3BF20ECB17E8A684564FFB5BBD5E22C429F9A75A4FB4AE468FE7612ED53C7A11212E7EF3435CC9CA6E7DB167B8CCE2BECF35F89013F8F876223C77FA81570970858663C6E32B91080AA47F9C90177F51E6FD7747B910C9489C7B6ACB070996198AD9A40A69711274159210A9A12DBAAA4FB4632446066AB70D735DC95F7C2BCE517E88C064D728DE82B1B043DF4AEE0EFF5131120A4E5B9B4180EB6F6B8A0D1491ABDA069058A9966B1A517D8E7B4997DC52A1E698FD79E271153DF1913FE6787A5D99DE69F39C3F22D26DC731CFBB33FF5C267D85D7A3DAE8E1C87E1DB2F1236212EF1942EA756967FB3D07D629E59EA4034D9A9B5E270DD4A31C8A3DFDA99C1094B5537132C196DA2AEAF5253A019B9AF25B5DCB0D4DD75C7C9C353DA9DAABFB23959A5455312E7E1C21268C1BC14E83DCFDF50C27FD3E8B4EDC04C5F3CB5FCFFF2B57151E1B1EE1A6456DC006BC43E1158674AA4CF7D146DE4A57103BE43ED130C8007294ED2418C7A2B769A7D20EBB5A8367A77B313F81BB119B9954305FF160FF83EED7F808EE6D340A5CCC000CF81AA497D315D350CCE4E86A31456B8AA85B677491FC662933DFA55EB5BFF64B8D85430D676A85D1CAFAFF383E68C4E6C22A51063739EC03FC58C36C07C44E54828BE2152B2E9AFB0F179B157D09B64C147B524BB5424BB1914419424D9100D06EDCFC718F4DF3D562E9E16C446663F35273CA7BC5426B868A80C8D415C9A12A1619CDB7CDB5BEBC70313150BDF8C3AB26B809FE62D28E798EF1EF98C410A2DA0A9071F82154AC569078B0E647E2C085D1D907E634453442803D0492D3D0C78CACB762020C0E589C8B0981321EA2771305FD0413F3B2963FCE9A232F6641DB7E12ADC009A032063C41756E5E19E5711DE12711F07AFE7545B4D83F3EFD7BFD0435297C89DF3D4AF96EBE2CE8D64B93E36EA5D7E5A0492151D0CAEE7449A7D35E1A3C83E22C3B35162C073CC3B1CF76FBDEE84270721FC042EAAEB7325110181415E2031CFB7462F15111291CDAC0560FF9F4C7341F2FA261B97CEF348D074AA2EB4DB153FE6B1410519DA4213B611999868F3B867A2B6D758D333C4989DE80782683CA26ECDE373C71524F01B76349CE8A07A5EBECBB42259CF970DDA756EC996B189FEA045FEE45F23D476960913106ECA2510B8517AA75D56FA4152B2BDDC212014E5D07FD964D6EE532F0616DF74E104659955132331FABF2D2AD265E71C93C648A956FA0A3DB21FF103D516527F2DA0E870340B61EE8A8ED913B60605EB5A67B834D0FC90564386012585609870FEF6530B3E3C037B55506F0B5694F6B0FC":38:40:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE Test mbedtls_mpi_gen_prime (Too small) depends_on:MBEDTLS_GENPRIME diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index c6548b1af..95fe99cec 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -843,7 +843,7 @@ void mbedtls_mpi_is_prime( int radix_X, char * input_X, int div_result ) mbedtls_mpi_init( &X ); TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - res = mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ); + res = mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL ); TEST_ASSERT( res == div_result ); exit: @@ -853,7 +853,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ void mbedtls_mpi_is_prime_det( data_t * input_X, data_t * witnesses, - int chunk_len, int div_result ) + int chunk_len, int rounds, int div_result ) { mbedtls_mpi X; int res; @@ -865,7 +865,8 @@ void mbedtls_mpi_is_prime_det( data_t * input_X, data_t * witnesses, rand.chunk_len = chunk_len; TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 ); - res = mbedtls_mpi_is_prime( &X, mbedtls_test_mpi_miller_rabin_determinizer, + res = mbedtls_mpi_is_prime_ext( &X, rounds, + mbedtls_test_mpi_miller_rabin_determinizer, &rand ); TEST_ASSERT( res == div_result ); @@ -892,12 +893,14 @@ void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) TEST_ASSERT( actual_bits >= (size_t) bits ); TEST_ASSERT( actual_bits <= (size_t) bits + 1 ); - TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 ); + TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL ) + == 0 ); if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) { /* X = ( X - 1 ) / 2 */ TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 ); + TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL ) + == 0 ); } } From e0e7ddf99e3e8767fc276c2c30aebbb9056bdb3f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 6 Sep 2018 10:40:04 +0100 Subject: [PATCH 280/368] Changelog: Add entry for prime validation fix --- ChangeLog | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ChangeLog b/ChangeLog index fd625a48b..edd57110c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,24 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The + previous settings for the number of rounds made it practical for an + adversary to construct non-primes that would be erroneously accepted as + primes with high probability. This does not have an impact on the + security of TLS, but can matter in other contexts with potentially + adversarially-chosen numbers that should be prime and can be validated. + For example, the number of rounds was enough to securely generate RSA key + pairs or Diffie-Hellman parameters, but was insufficient to validate + Diffie-Hellman parameters properly. + See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and + Kenneth G. Paterson and Juraj Somorovsky. + +New deprecations + * Deprecate the function mbedtls_mpi_is_prime() in favor of + mbedtls_mpi_is_prime_ext() which allows specifying the number of + Miller-Rabin rounds. + Changes * Add MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR flag to mbedtls_mpi_gen_prime() and use it to reduce error probability in RSA key generation to levels mandated From e3f95ed25b36b592298f26c8117002a5a1c352d1 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Tue, 2 Oct 2018 13:21:35 +0100 Subject: [PATCH 281/368] Fix bias in random number generation in Miller-Rabin test When a random number is generated for the Miller-Rabin primality test, if the bit length of the random number is larger than the number being tested, the random number is shifted right to have the same bit length. This introduces bias, as the random number is now guaranteed to be larger than 2^(bit length-1). Changing this to instead zero all bits higher than the tested numbers bit length will remove this bias and keep the random number being uniformly generated. --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 9dc4e4d4f..ae5e7cfa0 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2090,7 +2090,7 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, j = mbedtls_mpi_bitlen( &A ); k = mbedtls_mpi_bitlen( &W ); if (j > k) { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j - k ) ); + A.p[A.n - 1] &= ( (mbedtls_mpi_uint) 1 << ( k - ( A.n - 1 ) * biL - 1 ) ) - 1; } if (count++ > 30) { From ac2ead0e68b1d54cd3cfd67a3f931144573346d3 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Tue, 2 Oct 2018 15:30:39 +0100 Subject: [PATCH 282/368] Improve deterministic test for prime testing Extend the mbedtls_mpi_is_prime_det test to check that it reports the number as prime when testing rounds-1 rounds, then reports the number as composite when testing the full number of rounds. --- tests/suites/test_suite_mpi.data | 4 ++-- tests/suites/test_suite_mpi.function | 13 +++++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index b8b7b9e7e..6ea3b2943 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -682,11 +682,11 @@ mbedtls_mpi_is_prime:10:"49979687":0 Test mbedtls_mpi_is_prime_det (4 non-witnesses) depends_on:MBEDTLS_GENPRIME -mbedtls_mpi_is_prime_det:"043BD64BA10B11DA83FBD296B04BCA9E0552FAF6E09CAC74E2D7E735ED0DB09FC47ED76145644203EE0C826013BC602F560BCDAAED557D04683859A65D659FF828A245A2C5B1AC41E01E4669A525A45E23AF":"040EA852F7935ACCECC0E87B845281F047D10DC9AAFEF990AF9D3D66770DA30B0C5B5E03EEA8C0CB79B936FE0BB8EE5389EC1D34EB16C58AA3F2E11AF084160CDF6400BE1CC179867AB074866952D9F34EE7042D27F960E715A97FCB93F3182247D0A6AE51BD21CC2F6B0651F9E572C5FB86F3137053FA85FD7A51816D69B3A53A5A438C17754836D04E98CA240B901F828332F2D72D88C497DA45F533F99A6E53EDEA6B0424EC8951B048FA9A80134B37D0A67014597934E3CFC52C5A4DD4751ADF8D66FC79E84E2A3148C4B15C17E12CB659390FD275F39A331FFC80EC699BC3F6FAB868E30E9B14575FCDAB6FAED01E00112DD28704177E09C335AD43A696FEA761E8DF3B0663277A5C3637F9060CB5E5654F72E9A6B0F369E660AD4CF7ABF4195493545B367BD55271CD4BB7D9C15D3F508FE8F7409C2126FC8E73B43A67CD4EFB21E9F15DBF040A2A8D5F5ED75CEAC12B595C0051F3EC9D5A58ACE82A9506E64F780E9836728260FFE1BFD73E8A9869E3D46A35A856D3028F7FEAB9F4F1A04449AEDC80017EE1014080D87F0B50C8EF255324CD89F7D039":82:5:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE +mbedtls_mpi_is_prime_det:"043BD64BA10B11DA83FBD296B04BCA9E0552FAF6E09CAC74E2D7E735ED0DB09FC47ED76145644203EE0C826013BC602F560BCDAAED557D04683859A65D659FF828A245A2C5B1AC41E01E4669A525A45E23AF":"040EA852F7935ACCECC0E87B845281F047D10DC9AAFEF990AF9D3D66770DA30B0C5B5E03EEA8C0CB79B936FE0BB8EE5389EC1D34EB16C58AA3F2E11AF084160CDF6400BE1CC179867AB074866952D9F34EE7042D27F960E715A97FCB93F3182247D0A6AE51BD21CC2F6B0651F9E572C5FB86F3137053FA85FD7A51816D69B3A53A5A438C17754836D04E98CA240B901F828332F2D72D88C497DA45F533F99A6E53EDEA6B0424EC8951B048FA9A80134B37D0A67014597934E3CFC52C5A4DD4751ADF8D66FC79E84E2A3148C4B15C17E12CB659390FD275F39A331FFC80EC699BC3F6FAB868E30E9B14575FCDAB6FAED01E00112DD28704177E09C335AD43A696FEA761E8DF3B0663277A5C3637F9060CB5E5654F72E9A6B0F369E660AD4CF7ABF4195493545B367BD55271CD4BB7D9C15D3F508FE8F7409C2126FC8E73B43A67CD4EFB21E9F15DBF040A2A8D5F5ED75CEAC12B595C0051F3EC9D5A58ACE82A9506E64F780E9836728260FFE1BFD73E8A9869E3D46A35A856D3028F7FEAB9F4F1A04449AEDC80017EE1014080D87F0B50C8EF255324CD89F7D039":82:5 Test mbedtls_mpi_is_prime_det (39 non-witnesses) depends_on:MBEDTLS_GENPRIME -mbedtls_mpi_is_prime_det:"155102B67930FBE8858DF6C0642D77D419A7B7968E622CC7500F3E3F2C5168368C50E0083187":"119B3E2C721834D83416239B04447AA18AE0163E61DCAE97054563D79E094A6FA4485BD6A0501445BF57FE9C058926CDB862E04CC1A95D79D61D9AB3466857A53E04F8D7470C9C86649B226A13DDC534E18DFD5C22FAEA317CA4D4960F18457FD6D2FFB5F3273F74C89980DC774590D8D30D1159CA81999ED94A042D67DA68C82616AD46C2C88288A8EBD0B37AC7C152D9522CA4544642AD1210F6B642FEBF43563FA872B0DEFAFC69D0B6570E8FEA9570D0AADCFA9B06CC8BFD62CEDC221541210EEEF9762448C6D49F26AA767A4D66CB168589E0201923015314E6CD4A480E5936E7CF145F73A564C5B782635B3AFC3028E2632C5D3458224A7C9E8BA1876E8F690463C878292D3DC011E9640331E7F7621F2B5E0F6713DD8C9D6767521C4BA880DA8D11C67753C8493D2C4C4F1443147550D0B25B7FAD04EAFA9F8AA60974C1365C8A794CFEECEB4279B1150909A97E5A7A10B5D91186CA5B25A612036631FE73529C8CFAE51E76FB704A772DE5320EFC1212E7A399B1FEBF57D014AF9129DFF5D2C5DFBBEEAC55F360CF6D22FA90B8E2E9AD0C71AB6495A9452A58D653B8CC26128C66B43EFBA6E39AEC5717A1A3C2AE1449FCABAFE1180B159DA55190CD81A3D9E8D798647E11B827F0A057D6DA5AAD78AB5112EE65E10E8B8B369BA24E1B8AD2CD8548C497016C07A143DE1232F8059BE303572456FA92E76A0F23D1340629228B7D27C02D3833A72745B91A3DBEB5E081117A9F19597F00E4277B414FAEA8C8CEB895C37F956A5A22F8D7A10ADA50B22BAB312504904511AA0EFDD4D3BF20ECB17E8A684564FFB5BBD5E22C429F9A75A4FB4AE468FE7612ED53C7A11212E7EF3435CC9CA6E7DB167B8CCE2BECF35F89013F8F876223C77FA81570970858663C6E32B91080AA47F9C90177F51E6FD7747B910C9489C7B6ACB070996198AD9A40A69711274159210A9A12DBAAA4FB4632446066AB70D735DC95F7C2BCE517E88C064D728DE82B1B043DF4AEE0EFF5131120A4E5B9B4180EB6F6B8A0D1491ABDA069058A9966B1A517D8E7B4997DC52A1E698FD79E271153DF1913FE6787A5D99DE69F39C3F22D26DC731CFBB33FF5C267D85D7A3DAE8E1C87E1DB2F1236212EF1942EA756967FB3D07D629E59EA4034D9A9B5E270DD4A31C8A3DFDA99C1094B5537132C196DA2AEAF5253A019B9AF25B5DCB0D4DD75C7C9C353DA9DAABFB23959A5455312E7E1C21268C1BC14E83DCFDF50C27FD3E8B4EDC04C5F3CB5FCFFF2B57151E1B1EE1A6456DC006BC43E1158674AA4CF7D146DE4A57103BE43ED130C8007294ED2418C7A2B769A7D20EBB5A8367A77B313F81BB119B9954305FF160FF83EED7F808EE6D340A5CCC000CF81AA497D315D350CCE4E86A31456B8AA85B677491FC662933DFA55EB5BFF64B8D85430D676A85D1CAFAFF383E68C4E6C22A51063739EC03FC58C36C07C44E54828BE2152B2E9AFB0F179B157D09B64C147B524BB5424BB1914419424D9100D06EDCFC718F4DF3D562E9E16C446663F35273CA7BC5426B868A80C8D415C9A12A1619CDB7CDB5BEBC70313150BDF8C3AB26B809FE62D28E798EF1EF98C410A2DA0A9071F82154AC569078B0E647E2C085D1D907E634453442803D0492D3D0C78CACB762020C0E589C8B0981321EA2771305FD0413F3B2963FCE9A232F6641DB7E12ADC009A032063C41756E5E19E5711DE12711F07AFE7545B4D83F3EFD7BFD0435297C89DF3D4AF96EBE2CE8D64B93E36EA5D7E5A0492151D0CAEE7449A7D35E1A3C83E22C3B35162C073CC3B1CF76FBDEE84270721FC042EAAEB7325110181415E2031CFB7462F15111291CDAC0560FF9F4C7341F2FA261B97CEF348D074AA2EB4DB153FE6B1410519DA4213B611999868F3B867A2B6D758D333C4989DE80782683CA26ECDE373C71524F01B76349CE8A07A5EBECBB42259CF970DDA756EC996B189FEA045FEE45F23D476960913106ECA2510B8517AA75D56FA4152B2BDDC212014E5D07FD964D6EE532F0616DF74E104659955132331FABF2D2AD265E71C93C648A956FA0A3DB21FF103D516527F2DA0E870340B61EE8A8ED913B60605EB5A67B834D0FC90564386012585609870FEF6530B3E3C037B55506F0B5694F6B0FC":38:40:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE +mbedtls_mpi_is_prime_det:"155102B67930FBE8858DF6C0642D77D419A7B7968E622CC7500F3E3F2C5168368C50E0083187":"119B3E2C721834D83416239B04447AA18AE0163E61DCAE97054563D79E094A6FA4485BD6A0501445BF57FE9C058926CDB862E04CC1A95D79D61D9AB3466857A53E04F8D7470C9C86649B226A13DDC534E18DFD5C22FAEA317CA4D4960F18457FD6D2FFB5F3273F74C89980DC774590D8D30D1159CA81999ED94A042D67DA68C82616AD46C2C88288A8EBD0B37AC7C152D9522CA4544642AD1210F6B642FEBF43563FA872B0DEFAFC69D0B6570E8FEA9570D0AADCFA9B06CC8BFD62CEDC221541210EEEF9762448C6D49F26AA767A4D66CB168589E0201923015314E6CD4A480E5936E7CF145F73A564C5B782635B3AFC3028E2632C5D3458224A7C9E8BA1876E8F690463C878292D3DC011E9640331E7F7621F2B5E0F6713DD8C9D6767521C4BA880DA8D11C67753C8493D2C4C4F1443147550D0B25B7FAD04EAFA9F8AA60974C1365C8A794CFEECEB4279B1150909A97E5A7A10B5D91186CA5B25A612036631FE73529C8CFAE51E76FB704A772DE5320EFC1212E7A399B1FEBF57D014AF9129DFF5D2C5DFBBEEAC55F360CF6D22FA90B8E2E9AD0C71AB6495A9452A58D653B8CC26128C66B43EFBA6E39AEC5717A1A3C2AE1449FCABAFE1180B159DA55190CD81A3D9E8D798647E11B827F0A057D6DA5AAD78AB5112EE65E10E8B8B369BA24E1B8AD2CD8548C497016C07A143DE1232F8059BE303572456FA92E76A0F23D1340629228B7D27C02D3833A72745B91A3DBEB5E081117A9F19597F00E4277B414FAEA8C8CEB895C37F956A5A22F8D7A10ADA50B22BAB312504904511AA0EFDD4D3BF20ECB17E8A684564FFB5BBD5E22C429F9A75A4FB4AE468FE7612ED53C7A11212E7EF3435CC9CA6E7DB167B8CCE2BECF35F89013F8F876223C77FA81570970858663C6E32B91080AA47F9C90177F51E6FD7747B910C9489C7B6ACB070996198AD9A40A69711274159210A9A12DBAAA4FB4632446066AB70D735DC95F7C2BCE517E88C064D728DE82B1B043DF4AEE0EFF5131120A4E5B9B4180EB6F6B8A0D1491ABDA069058A9966B1A517D8E7B4997DC52A1E698FD79E271153DF1913FE6787A5D99DE69F39C3F22D26DC731CFBB33FF5C267D85D7A3DAE8E1C87E1DB2F1236212EF1942EA756967FB3D07D629E59EA4034D9A9B5E270DD4A31C8A3DFDA99C1094B5537132C196DA2AEAF5253A019B9AF25B5DCB0D4DD75C7C9C353DA9DAABFB23959A5455312E7E1C21268C1BC14E83DCFDF50C27FD3E8B4EDC04C5F3CB5FCFFF2B57151E1B1EE1A6456DC006BC43E1158674AA4CF7D146DE4A57103BE43ED130C8007294ED2418C7A2B769A7D20EBB5A8367A77B313F81BB119B9954305FF160FF83EED7F808EE6D340A5CCC000CF81AA497D315D350CCE4E86A31456B8AA85B677491FC662933DFA55EB5BFF64B8D85430D676A85D1CAFAFF383E68C4E6C22A51063739EC03FC58C36C07C44E54828BE2152B2E9AFB0F179B157D09B64C147B524BB5424BB1914419424D9100D06EDCFC718F4DF3D562E9E16C446663F35273CA7BC5426B868A80C8D415C9A12A1619CDB7CDB5BEBC70313150BDF8C3AB26B809FE62D28E798EF1EF98C410A2DA0A9071F82154AC569078B0E647E2C085D1D907E634453442803D0492D3D0C78CACB762020C0E589C8B0981321EA2771305FD0413F3B2963FCE9A232F6641DB7E12ADC009A032063C41756E5E19E5711DE12711F07AFE7545B4D83F3EFD7BFD0435297C89DF3D4AF96EBE2CE8D64B93E36EA5D7E5A0492151D0CAEE7449A7D35E1A3C83E22C3B35162C073CC3B1CF76FBDEE84270721FC042EAAEB7325110181415E2031CFB7462F15111291CDAC0560FF9F4C7341F2FA261B97CEF348D074AA2EB4DB153FE6B1410519DA4213B611999868F3B867A2B6D758D333C4989DE80782683CA26ECDE373C71524F01B76349CE8A07A5EBECBB42259CF970DDA756EC996B189FEA045FEE45F23D476960913106ECA2510B8517AA75D56FA4152B2BDDC212014E5D07FD964D6EE532F0616DF74E104659955132331FABF2D2AD265E71C93C648A956FA0A3DB21FF103D516527F2DA0E870340B61EE8A8ED913B60605EB5A67B834D0FC90564386012585609870FEF6530B3E3C037B55506F0B5694F6B0FC":38:40 Test mbedtls_mpi_gen_prime (Too small) depends_on:MBEDTLS_GENPRIME diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 95fe99cec..9c1d78f7f 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -853,7 +853,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ void mbedtls_mpi_is_prime_det( data_t * input_X, data_t * witnesses, - int chunk_len, int rounds, int div_result ) + int chunk_len, int rounds ) { mbedtls_mpi X; int res; @@ -865,10 +865,19 @@ void mbedtls_mpi_is_prime_det( data_t * input_X, data_t * witnesses, rand.chunk_len = chunk_len; TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 ); + res = mbedtls_mpi_is_prime_ext( &X, rounds - 1, + mbedtls_test_mpi_miller_rabin_determinizer, + &rand ); + TEST_ASSERT( res == 0 ); + + rand.data = witnesses; + rand.pos = 0; + rand.chunk_len = chunk_len; + res = mbedtls_mpi_is_prime_ext( &X, rounds, mbedtls_test_mpi_miller_rabin_determinizer, &rand ); - TEST_ASSERT( res == div_result ); + TEST_ASSERT( res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); exit: mbedtls_mpi_free( &X ); From 8df10232cf7bc6b82cbc3e19429fb551d36da97b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Oct 2018 15:48:39 +0100 Subject: [PATCH 283/368] Add explicit unsigned-to-signed integer conversion The previous code triggered a compiler warning because of a comparison of a signed and an unsigned integer. The conversion is safe because `len` is representable by 16-bits, hence smaller than the maximum integer. --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index b15bc515e..74883b3c3 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2106,7 +2106,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, len = (*p)[0] << 8 | (*p)[1]; *p += 2; - if( end - (*p) < len ) + if( end - (*p) < (int) len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " "(psk_identity_hint length)" ) ); From e5fecec7bf2f0a283e7daff814c726f75caee932 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 11 Oct 2018 11:02:52 +0100 Subject: [PATCH 284/368] Add test for MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO to all.sh This commit adds a test to tests/scripts/all.sh exercising an ASan build of the default configuration with MBEDTLS_PLATFORM_MEMORY enabled, MBEDTLS_PLATFORM_CALLOC_MACRO set to std calloc MBEDTLS_PLATFORM_FREE_MACRO set to std free (This should functionally be indistinguishable from a default build) --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1faa5d561..feb6c0a5a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -736,6 +736,18 @@ make msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" make test +msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_PLATFORM_MEMORY +scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc +scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make + +msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" +make test + msg "build: default config with AES_FEWER_TABLES enabled" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From cfa2e33fd22d6f78091bac07faedb1e6c4838eeb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 11 Oct 2018 10:26:55 +0100 Subject: [PATCH 285/368] Omit runtime configuration of calloc/free if macro config enabled This commit removes the definition of the API function `mbedtls_platform_set_calloc_free()` from `library/platform.c` in case the macros `MBEDTLS_PLATFORM_CALLOC_MACRO` `MBEDTLS_PLATFORM_FREE_MACRO` for compile time configuration of calloc/free are set. This is in line with the corresponding header `mbedtls/platform.h` which declares `mbedtls_platform_set_calloc_free()` only if `MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO` are not defined. Fixes #1642. --- library/platform.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/library/platform.c b/library/platform.c index b24b2fa65..73a6db9eb 100644 --- a/library/platform.c +++ b/library/platform.c @@ -30,7 +30,14 @@ #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" -#if defined(MBEDTLS_PLATFORM_MEMORY) +/* The compile time configuration of memory allocation via the macros + * MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO takes precedence over the runtime + * configuration via mbedtls_platform_set_calloc_free(). So, omit everything + * related to the latter if MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO are defined. */ +#if defined(MBEDTLS_PLATFORM_MEMORY) && \ + !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \ + defined(MBEDTLS_PLATFORM_FREE_MACRO) ) + #if !defined(MBEDTLS_PLATFORM_STD_CALLOC) static void *platform_calloc_uninit( size_t n, size_t size ) { @@ -71,7 +78,9 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), mbedtls_free_func = free_func; return( 0 ); } -#endif /* MBEDTLS_PLATFORM_MEMORY */ +#endif /* MBEDTLS_PLATFORM_MEMORY && + !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && + defined(MBEDTLS_PLATFORM_FREE_MACRO) ) */ #if defined(_WIN32) #include From 780f0a4cc18d5f7ab28da57b52c2daac88c65cfc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Oct 2018 11:23:33 +0100 Subject: [PATCH 286/368] Reinitialize PK ctx in mbedtls_pk_parse_key before reuse are free Context: This commit makes a change to mbedtls_pk_parse_key() which is responsible for parsing of private keys. The function doesn't know the key format in advance (PEM vs. DER, encrypted vs. unencrypted) and tries them one by one, resetting the PK context in between. Issue: The previous code resets the PK context through a call to mbedtls_pk_free() along, lacking the accompanying mbedtls_pk_init() call. Practically, this is not an issue because functionally mbedtls_pk_free() + mbedtls_pk_init() is equivalent to mbedtls_pk_free() with the current implementation of these functions, but strictly speaking it's nonetheless a violation of the API semantics according to which xxx_free() functions leave a context in uninitialized state. (yet not entirely random, because xxx_free() functions must be idempotent, so they cannot just fill the context they operate on with garbage). Change: The commit adds calls to mbedtls_pk_init() after those calls to mbedtls_pk_free() within mbedtls_pk_parse_key() after which the PK context might still be used. --- library/pkparse.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index d6ac987e2..86d9fb004 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1295,6 +1295,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( 0 ); mbedtls_pk_free( pk ); + mbedtls_pk_init( pk ); if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH ) { @@ -1306,39 +1307,42 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( 0 ); mbedtls_pk_free( pk ); + mbedtls_pk_init( pk ); #if defined(MBEDTLS_RSA_C) pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), - key, keylen ) ) != 0 ) - { - mbedtls_pk_free( pk ); - } - else + if( mbedtls_pk_setup( pk, pk_info ) == 0 && + pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 ) { return( 0 ); } + mbedtls_pk_free( pk ); + mbedtls_pk_init( pk ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) - pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), - key, keylen ) ) != 0 ) - { - mbedtls_pk_free( pk ); - } - else + if( mbedtls_pk_setup( pk, pk_info ) == 0 && + pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), + key, keylen ) == 0 ) { return( 0 ); } - + mbedtls_pk_free( pk ); #endif /* MBEDTLS_ECP_C */ + /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't, + * it is ok to leave the PK context initialized but not + * freed: It is the caller's responsibility to call pk_init() + * before calling this function, and to call pk_free() + * when it fails. If MBEDTLS_ECP_C is defined but MBEDTLS_RSA_C + * isn't, this leads to mbedtls_pk_free() being called + * twice, once here and once by the caller, but this is + * also ok and in line with the mbedtls_pk_free() calls + * on failed PEM parsing attempts. */ + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); } From 7311c78074b161c04f4036addea4e57866921aa7 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 06:49:41 -0400 Subject: [PATCH 287/368] ssl-opt.sh: force ciphersuites to reduce mtu size --- tests/ssl-opt.sh | 164 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 134 insertions(+), 30 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 079b0f61c..ac2a7c07d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5943,7 +5943,7 @@ run_test "DTLS fragmenting: server (MTU)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -run_test "DTLS fragmenting: both (MTU)" \ +run_test "DTLS fragmenting: both (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ @@ -5960,21 +5960,54 @@ run_test "DTLS fragmenting: both (MTU)" \ -c "found fragmented DTLS handshake message" \ -C "error" -# Test for automatic MTU reduction on repeated resend +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SHA256_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C +run_test "DTLS fragmenting: both (MTU=512)" \ + -p "$P_PXY mtu=512" \ + "$P_SRV dtls=1 debug_level=2 auth_mode=required \ + crt_file=data_files/server7_int-ca.crt \ + key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ + mtu=512" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=data_files/server8_int-ca2.crt \ + key_file=data_files/server8.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=2500-60000 \ + mtu=512" \ + 0 \ + -s "found fragmented DTLS handshake message" \ + -c "found fragmented DTLS handshake message" \ + -C "error" + +# Test for automatic MTU reduction on repeated resend. +# The ratio of max/min timeout should ideally equal 4 to accept two +# retransmissions, but in some cases (like both the server and client using +# fragmentation and auto-reduction) an extra retransmission might occur, +# hence the ratio of 8. not_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ - -p "$P_PXY mtu=1024" \ + -p "$P_PXY mtu=508" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ - key_file=data_files/server7.key\ - hs_timeout=100-10000" \ + key_file=data_files/server7.key \ + hs_timeout=400-3200" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=100-10000" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=400-3200" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5984,15 +6017,19 @@ only_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ -p "$P_PXY mtu=508" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ - key_file=data_files/server7.key\ + key_file=data_files/server7.key \ hs_timeout=250-10000" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=250-10000" \ 0 \ -s "found fragmented DTLS handshake message" \ @@ -6006,7 +6043,7 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -run_test "DTLS fragmenting: proxy MTU, simple handshake" \ +run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ @@ -6024,22 +6061,77 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake" \ -c "found fragmented DTLS handshake message" \ -C "error" +# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend +# OTOH the client might resend if the server is to slow to reset after sending +# a HelloVerifyRequest, so only check for no retransmission server-side not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \ +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C +run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ + -p "$P_PXY mtu=512" \ + "$P_SRV dtls=1 debug_level=2 auth_mode=required \ + crt_file=data_files/server7_int-ca.crt \ + key_file=data_files/server7.key \ + hs_timeout=10000-60000 \ + mtu=512" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=data_files/server8_int-ca2.crt \ + key_file=data_files/server8.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=10000-60000 \ + mtu=512" \ + 0 \ + -S "autoreduction" \ + -s "found fragmented DTLS handshake message" \ + -c "found fragmented DTLS handshake message" \ + -C "error" + +not_with_valgrind # spurious autoreduction due to timeout +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_ECDSA_C +run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - mtu=1024 nbio=2 \ - hs_timeout=15000-60000" \ + hs_timeout=10000-60000 \ + mtu=1024 nbio=2" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=1024 nbio=2 \ - hs_timeout=15000-60000" \ + hs_timeout=10000-60000 \ + mtu=1024 nbio=2" \ + 0 \ + -S "autoreduction" \ + -s "found fragmented DTLS handshake message" \ + -c "found fragmented DTLS handshake message" \ + -C "error" + +not_with_valgrind # spurious autoreduction due to timeout +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C +run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ + -p "$P_PXY mtu=512" \ + "$P_SRV dtls=1 debug_level=2 auth_mode=required \ + crt_file=data_files/server7_int-ca.crt \ + key_file=data_files/server7.key \ + hs_timeout=10000-60000 \ + mtu=512 nbio=2" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=data_files/server8_int-ca2.crt \ + key_file=data_files/server8.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=10000-60000 \ + mtu=512 nbio=2" \ 0 \ -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ @@ -6059,18 +6151,22 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ - -p "$P_PXY mtu=1650" \ + -p "$P_PXY mtu=1450" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ hs_timeout=10000-60000 \ - mtu=1650" \ + mtu=1450" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ hs_timeout=10000-60000 \ - mtu=1650 reconnect=1 reco_delay=1" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + mtu=1450 reconnect=1 reco_delay=1" \ 0 \ -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ @@ -6088,20 +6184,20 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_CHACHAPOLY_C run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ - -p "$P_PXY mtu=1024" \ + -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ hs_timeout=10000-60000 \ - mtu=1024" \ + mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=10000-60000 \ - mtu=1024" \ + mtu=512" \ 0 \ -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ @@ -6120,20 +6216,20 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ - -p "$P_PXY mtu=1024" \ + -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=10000-60000 \ - mtu=1024" \ + mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=10000-60000 \ - mtu=1024" \ + mtu=512" \ 0 \ -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ @@ -6240,17 +6336,21 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C client_needs_more_time 2 run_test "DTLS fragmenting: proxy MTU + 3d" \ - -p "$P_PXY mtu=1024 drop=8 delay=8 duplicate=8" \ + -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - hs_timeout=250-10000 mtu=1024" \ + hs_timeout=250-10000 mtu=512" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=250-10000 mtu=1024" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=250-10000 mtu=512" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -6259,17 +6359,21 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C client_needs_more_time 2 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ - -p "$P_PXY mtu=1024 drop=8 delay=8 duplicate=8" \ + -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - hs_timeout=250-10000 mtu=1024 nbio=2" \ + hs_timeout=250-10000 mtu=512 nbio=2" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=250-10000 mtu=1024 nbio=2" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=250-10000 mtu=512 nbio=2" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ From 7c6df832ed339129b63e25d682bc2537de5d4031 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 07:06:12 -0400 Subject: [PATCH 288/368] ssl-opt.sh: revert unnecessary "autoreduction" checks return to the initial check for "resend" --- tests/ssl-opt.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ac2a7c07d..e309f4291 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5551,21 +5551,21 @@ run_test "DTLS cookie: enabled, nbio" \ # Tests for client reconnecting from the same port with DTLS -not_with_valgrind # spurious autoreduction +not_with_valgrind # spurious resend run_test "DTLS client reconnect from same port: reference" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \ 0 \ - -C "autoreduction" \ + -C "resend" \ -S "The operation timed out" \ -S "Client initiated reconnection from same port" -not_with_valgrind # spurious autoreduction +not_with_valgrind # spurious resend run_test "DTLS client reconnect from same port: reconnect" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 0 \ - -C "autoreduction" \ + -C "resend" \ -S "The operation timed out" \ -s "Client initiated reconnection from same port" @@ -6659,7 +6659,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \ # Tests for specific things with "unreliable" UDP connection -not_with_valgrind # spurious autoreduction due to timeout +not_with_valgrind # spurious resend due to timeout run_test "DTLS proxy: reference" \ -p "$P_PXY" \ "$P_SRV dtls=1 debug_level=2" \ @@ -6671,11 +6671,11 @@ run_test "DTLS proxy: reference" \ -S "record from another epoch" \ -C "discarding invalid record" \ -S "discarding invalid record" \ - -S "autoreduction" \ + -S "resend" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -not_with_valgrind # spurious autoreduction due to timeout +not_with_valgrind # spurious resend due to timeout run_test "DTLS proxy: duplicate every packet" \ -p "$P_PXY duplicate=1" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ @@ -6685,7 +6685,7 @@ run_test "DTLS proxy: duplicate every packet" \ -s "replayed record" \ -c "record from another epoch" \ -s "record from another epoch" \ - -S "autoreduction" \ + -S "resend" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" From 748face36f508e7f7b11150a8023935fb11a1621 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 07:20:19 -0400 Subject: [PATCH 289/368] ssl_tls: fix maximum output length set maximum output length to MBEDTLS_SSL_OUT_CONTENT_LEN instead of MBEDTLS_SSL_MAX_CONTENT_LEN. --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 353c3471b..9dfa05bc2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -151,7 +151,7 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl { int ret; size_t remaining, expansion; - size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN; + size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl ); From 7782605491f1b7e35bbba1d1c404933374aba672 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 07:34:08 -0400 Subject: [PATCH 290/368] ssl-opt.sh: add comments regarding ciphersuite forcing --- tests/ssl-opt.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e309f4291..96f0ba061 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5960,6 +5960,7 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -5986,6 +5987,7 @@ run_test "DTLS fragmenting: both (MTU=512)" \ -C "error" # Test for automatic MTU reduction on repeated resend. +# Forcing ciphersuite for this test to fit the MTU of 508 with full config. # The ratio of max/min timeout should ideally equal 4 to accept two # retransmissions, but in some cases (like both the server and client using # fragmentation and auto-reduction) an extra retransmission might occur, @@ -6013,6 +6015,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 508 with full config. only_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C @@ -6061,6 +6064,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 512 with full config. # the proxy shouldn't drop or mess up anything, so we shouldn't need to resend # OTOH the client might resend if the server is to slow to reset after sending # a HelloVerifyRequest, so only check for no retransmission server-side @@ -6112,6 +6116,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 512 with full config. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C @@ -6138,6 +6143,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 1450 with full config. # This ensures things still work after session_reset(). # It also exercises the "resumed handshake" flow. # Since we don't support reading fragmented ClientHello yet, @@ -6333,6 +6339,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6356,6 +6363,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C From b459346f67e3d9eaef8c1cff0386c31df6aff79c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 08:43:30 -0400 Subject: [PATCH 291/368] ssl-opt.sh: add a check for i686 targets Run DTLS fragmenting tests on non-i686 targets only. Remove reduntant gnutls requirements. --- tests/ssl-opt.sh | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 96f0ba061..548373418 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -262,6 +262,21 @@ requires_ipv6() { fi } +# skip next test if it's i686 or uname is not available +requires_not_i686() { + if [ -z "${IS_I686:-}" ]; then + IS_I686="YES" + if which "uname" >/dev/null 2>&1; then + if [ -z "$(uname -a | grep i686)" ]; then + IS_I686="NO" + fi + fi + fi + if [ "$IS_I686" = "YES" ]; then + SKIP_NEXT="YES" + fi +} + # Calculate the input & output maximum content lengths set in the config MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384") MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN") @@ -6391,7 +6406,6 @@ run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ # # here and below we just want to test that the we fragment in a way that # pleases other implementations, so we don't need the peer to fragment -requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6407,7 +6421,6 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ -c "fragmenting handshake message" \ -C "error" -requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6435,6 +6448,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_gnutls +requires_not_i686 run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ @@ -6450,6 +6464,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 requires_gnutls +requires_not_i686 run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ From 9580528248c3765abc59142e585b8bd29c4ce093 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 08:55:37 -0400 Subject: [PATCH 292/368] ssl-opt.sh: fix typo in mtu settings --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 548373418..f02d2ec79 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5964,7 +5964,7 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ hs_timeout=2500-60000 \ - mtu=512" \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ From 805f2e11bd1e3bfcffe5dc7a88daf3c18f26166c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 12 Oct 2018 16:31:41 +0100 Subject: [PATCH 293/368] Add missing zeroization of buffered handshake messages This commit ensures that buffers holding fragmented or future handshake messages get zeroized before they are freed when the respective handshake message is no longer needed. Previously, the handshake message content would leak on the heap. --- library/ssl_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8bd74db8d..b671c14ac 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8741,6 +8741,7 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, if( hs_buf->is_valid == 1 ) { hs->buffering.total_bytes_buffered -= hs_buf->data_len; + mbedtls_platform_zeroize( hs_buf->data, hs_buf->data_len ); mbedtls_free( hs_buf->data ); memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) ); } From 0b44d5cc79f7ef5ed876106c1a847e26d1e89559 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 12 Oct 2018 16:46:37 +0100 Subject: [PATCH 294/368] Zeroize sensitive data in aescrypt2 and crypt_and_hash examples This commit replaces multiple `memset()` calls in the example programs aes/aescrypt2.c and aes/crypt_and_hash.c by calls to the reliable zeroization function `mbedtls_zeroize()`. While not a security issue because the code is in the example programs, it's bad practice and should be fixed. --- programs/aes/aescrypt2.c | 13 +++++++------ programs/aes/crypt_and_hash.c | 13 +++++++------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 69c406000..5725eb0f3 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -43,6 +43,7 @@ #include "mbedtls/aes.h" #include "mbedtls/md.h" +#include "mbedtls/platform_util.h" #include #include @@ -450,13 +451,13 @@ exit: the case when the user has missed or reordered some, in which case the key might not be in argv[4]. */ for( i = 0; i < (unsigned int) argc; i++ ) - memset( argv[i], 0, strlen( argv[i] ) ); + mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) ); - memset( IV, 0, sizeof( IV ) ); - memset( key, 0, sizeof( key ) ); - memset( tmp, 0, sizeof( tmp ) ); - memset( buffer, 0, sizeof( buffer ) ); - memset( digest, 0, sizeof( digest ) ); + mbedtls_platform_zeroize( IV, sizeof( IV ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( buffer, sizeof( buffer ) ); + mbedtls_platform_zeroize( digest, sizeof( digest ) ); mbedtls_aes_free( &aes_ctx ); mbedtls_md_free( &sha_ctx ); diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index bc95eb9be..88b852b4b 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -46,6 +46,7 @@ defined(MBEDTLS_FS_IO) #include "mbedtls/cipher.h" #include "mbedtls/md.h" +#include "mbedtls/platform_util.h" #include #include @@ -547,13 +548,13 @@ exit: the case when the user has missed or reordered some, in which case the key might not be in argv[6]. */ for( i = 0; i < argc; i++ ) - memset( argv[i], 0, strlen( argv[i] ) ); + mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) ); - memset( IV, 0, sizeof( IV ) ); - memset( key, 0, sizeof( key ) ); - memset( buffer, 0, sizeof( buffer ) ); - memset( output, 0, sizeof( output ) ); - memset( digest, 0, sizeof( digest ) ); + mbedtls_platform_zeroize( IV, sizeof( IV ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( buffer, sizeof( buffer ) ); + mbedtls_platform_zeroize( output, sizeof( output ) ); + mbedtls_platform_zeroize( digest, sizeof( digest ) ); mbedtls_cipher_free( &cipher_ctx ); mbedtls_md_free( &md_ctx ); From f0bbd7e3fd6c5ce10dbc5ab0bc4e3e11759a45ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 15 Oct 2018 13:22:41 +0200 Subject: [PATCH 295/368] Misc documentation fixes/improvements. --- ChangeLog | 16 ++++++++++------ include/mbedtls/config.h | 14 ++++++++------ include/mbedtls/ecdh.h | 16 ++++++++-------- include/mbedtls/ecdsa.h | 14 +++++++------- include/mbedtls/ecp.h | 6 +++--- include/mbedtls/pk.h | 4 ++-- include/mbedtls/x509_crt.h | 2 +- library/error.c | 2 +- 8 files changed, 40 insertions(+), 34 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9ec9d4d94..e7a2f4df6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,12 +3,16 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Features - * Add support for restartable ECC operations, enabled by - MBEDTLS_ECP_RESTARTABLE (disabled by default) at compile time and - mbedtls_ecp_set_max_ops() at runtime, using new xxx_restartable functions - in ECP, ECDSA, PK and X509 (CRL not supported yet), and using existing - functions in ECDH and SSL (currently only implemented client-side, for - ECDHE-ECDSA ciphersuites with TLS 1.2, including client authentication). + * Add support for temporarily suspending expensive ECC computations after + some configurable amount of operations, to be used in single-threaded + constrained systems where ECC is time consuming and blocking until + completion cannot be tolerated. This is enabled by + MBEDTLS_ECP_RESTARTABLE at compile time (disabled by default) and + configured by mbedtls_ecp_set_max_ops() at runtime. It applies to new + xxx_restartable functions in ECP, ECDSA, PK and X.509 (CRL not supported + yet), and to existing functions in ECDH and SSL (currently only + implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2, + including client authentication). Bugfix * Fix a bug in the update function for SSL ticket keys which previously diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3f248d5c4..92f024a17 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -682,14 +682,16 @@ * * Enable "non-blocking" ECC operations that can return early and be resumed. * - * This enables \c mbedtls_ecp_set_max_ops() and allows various functions - * to return #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL - * module, #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) when needed, and then be - * called again later with the same arguments in order to further progress and - * eventually complete the operation, see \c mbedtls_ecp_set_max_ops(). + * This allows various functions to pause by returning + * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in + * order to further progress and eventually complete their operation. This is + * controlled through mbedtls_ecp_set_max_ops() which limits the maximum + * number of ECC operations a function may perform before pausing; see + * mbedtls_ecp_set_max_ops() for more information. * * This is useful in non-threaded environments if you want to avoid blocking - * for too long on ECC (hence, X509 or SSL/TLS) operations. + * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. * * Uncomment this macro to enable restartable ECC computations. */ diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index ed3e8df42..8b75b9386 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -91,10 +91,10 @@ mbedtls_ecdh_context; * \param p_rng The RNG context. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX or - * \c MBEDTLS_MPI_XXX error code on failure. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). + * \return Another \c MBEDTLS_ERR_ECP_XXX or + * \c MBEDTLS_MPI_XXX error code on failure. */ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), @@ -121,10 +121,10 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp * \param p_rng The RNG context. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX or - * \c MBEDTLS_MPI_XXX error code on failure. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). + * \return Another \c MBEDTLS_ERR_ECP_XXX or + * \c MBEDTLS_MPI_XXX error code on failure. */ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, const mbedtls_ecp_point *Q, const mbedtls_mpi *d, @@ -166,9 +166,9 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); * \param p_rng The RNG context. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). + * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, @@ -210,9 +210,9 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, * 0: The key of the peer. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). + * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, @@ -235,9 +235,9 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypai * \param p_rng The RNG context. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). + * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, @@ -283,9 +283,9 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, * \param p_rng The RNG context. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). + * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index d5f7985cd..4057828d4 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -73,7 +73,7 @@ typedef mbedtls_ecp_keypair mbedtls_ecdsa_context; /** * \brief Internal restart context for ecdsa_verify() * - * \note Opaque struct + * \note Opaque struct, defined in ecdsa.c */ typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx; @@ -273,13 +273,13 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t * \param slen The length of the signature written. * \param f_rng The RNG function. * \param p_rng The RNG context. - * \param rs_ctx The restart context. + * \param rs_ctx The restart context (NULL disables restart). * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or - * \c MBEDTLS_ERR_ASN1_XXX error code on failure. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). + * \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or + * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, @@ -387,16 +387,16 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, * \param hlen The size of the hash. * \param sig The signature to read and verify. * \param slen The size of \p sig. - * \param rs_ctx The restart context + * \param rs_ctx The restart context (NULL disables restart). * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid * signature in \p sig, but its length is less than \p siglen. - * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX - * error code on failure for any other reason. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). + * \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX + * error code on failure for any other reason. */ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 15aee04c7..d13f3ba22 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -50,7 +50,7 @@ #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< The buffer contains a valid signature followed by more data. */ #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< The ECP hardware accelerator failed. */ -#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 /**< Operation in progress, try again with the same parameters. */ +#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 /**< Operation in progress, call again with the same parameters to continue. */ #ifdef __cplusplus extern "C" { @@ -747,7 +747,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \param P The point to multiply. * \param f_rng The RNG function. * \param p_rng The RNG context. - * \param rs_ctx The restart context. + * \param rs_ctx The restart context (NULL disables restart). * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private @@ -804,7 +804,7 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \param P The point to multiply by \p m. * \param n The integer by which to multiply \p Q. * \param Q The point to be multiplied by \p n. - * \param rs_ctx The restart context. + * \param rs_ctx The restart context (NULL disables restart). * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 3b486cfe9..9ec33da05 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -127,7 +127,7 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; */ typedef struct mbedtls_pk_context { - const mbedtls_pk_info_t * pk_info; /**< Public key informations */ + const mbedtls_pk_info_t * pk_info; /**< Public key information */ void * pk_ctx; /**< Underlying public key context */ } mbedtls_pk_context; @@ -137,7 +137,7 @@ typedef struct mbedtls_pk_context */ typedef struct { - const mbedtls_pk_info_t * pk_info; /**< Public key informations */ + const mbedtls_pk_info_t * pk_info; /**< Public key information */ void * rs_ctx; /**< Underlying restart context */ } mbedtls_pk_restart_ctx; #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 961db9844..afeefca60 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -426,7 +426,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, * \param flags result of the verification * \param f_vrfy verification function * \param p_vrfy verification parameter - * \param rs_ctx restart context + * \param rs_ctx restart context (NULL to disable restart) * * \return See \c mbedtls_crt_verify_with_profile(), or * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of diff --git a/library/error.c b/library/error.c index d48ba8f79..3345481f0 100644 --- a/library/error.c +++ b/library/error.c @@ -290,7 +290,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "ECP - The ECP hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_ECP_IN_PROGRESS) ) - mbedtls_snprintf( buf, buflen, "ECP - Operation in progress, try again with the same parameters" ); + mbedtls_snprintf( buf, buflen, "ECP - Operation in progress, call again with the same parameters to continue" ); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) From 7e1f3bedd96f056d3305f2dfa390a4549ee68154 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 15 Oct 2018 13:20:28 +0100 Subject: [PATCH 296/368] Adapt ChangeLog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..9b89c4d92 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,10 @@ Bugfix invalidated keys of a lifetime of less than a 1s. Fixes #1968. * Fix failure in hmac_drbg in the benchmark sample application, when MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 + * Zeroize memory used for buffering or reassembling handshake messages + after use. + * Use `mbedtls_platform_zeroize()` instead of `memset()` for zeroization + of sensitive data in the example programs aescrypt2 and crypt_and_hash. Changes * Add tests for session resumption in DTLS. From 32df91183e8b603deeb14d627f9da63a6f6ee1ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 15 Oct 2018 13:29:21 +0200 Subject: [PATCH 297/368] Fix documentation of what functions restart when The previous comment in ecp.h that only functions that take a "restart context" argument can restart was wrong due to ECDH and SSL functions. Changing that criterion to "document says if can return IN PROGRESS". This requires updating the documentation of the SSL functions to mention this explicitly, but it's something we really ought to do anyway, a bit embarrassing that this wasn't done already - callers need to know what `MBEDTLS_ERR_SSL_xxx` error codes to special-case. Note that the documentation of the relevant functions was in a suboptimal state, so it was improved in the process - it could use some more improvement, but only the changes that helped cleanly insert the info about the IN_PROGRESS part were done here. Also, while updating the ecp.h comment, I noticed several functions in the ECDH module were wrongfully documented as restartable, which is probably a left-over from the days before `mbedtls_ecdh_enable_restart()` was introduced. Fixing that as well, to make the criterion used in ecp.h correct. --- include/mbedtls/ecdh.h | 6 -- include/mbedtls/ecp.h | 16 +++- include/mbedtls/ssl.h | 183 ++++++++++++++++++++++++++--------------- 3 files changed, 131 insertions(+), 74 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 8b75b9386..27f2ffc6a 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -91,8 +91,6 @@ mbedtls_ecdh_context; * \param p_rng The RNG context. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return Another \c MBEDTLS_ERR_ECP_XXX or * \c MBEDTLS_MPI_XXX error code on failure. */ @@ -121,8 +119,6 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp * \param p_rng The RNG context. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return Another \c MBEDTLS_ERR_ECP_XXX or * \c MBEDTLS_MPI_XXX error code on failure. */ @@ -210,8 +206,6 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, * 0: The key of the peer. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index d13f3ba22..3bacf5cab 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -350,9 +350,19 @@ mbedtls_ecp_keypair; * same; they must not be used until the function finally * returns 0. * - * This only affects functions that accept a pointer to a - * \c mbedtls_ecp_restart_ctx as an argument, and only works - * if that pointer is valid (in particular, not NULL). + * This only applies to functions whose documentation + * mentions they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS for functions in the + * SSL module). For functions that accept a "restart context" + * argument, passing NULL disables restart and makes the + * function equivalent to the function with the same name + * with \c _restartable removed. For functions in the ECDH + * module, restart is disabled unless the function accepts + * an "ECDH context" argument and + * mbedtls_ecdh_enable_restart() was previously called on + * that context. For function in the SSL module, restart is + * only enabled for specific sides and key exchanges + * (currently only for clients and ECDHE-ECDSA). * * \param max_ops Maximum number of basic operations done in a row. * Default: 0 (unlimited). diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0ce05a56d..942bf2c15 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2914,15 +2914,41 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * * \param ssl SSL context * - * \return 0 if successful, or - * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or - * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or - * a specific SSL error code. + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE + * in the handshake is incomplete but or waiting for data to + * be availaible for reading from or writing to the underlying + * transport - in this case you must call this function again + * when the underlying transport is ready for the operation. + * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous + * operation is in progress (see + * mbedtls_ssl_conf_async_private_cb()) - in this case you + * must call this function again when the operation is ready. + * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic + * operation is in progress (see mbedtls_ecp_set_max_ops()) - + * in this case you must call this function again to complete + * the handshake when you're done attending other tasks. + * \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use + * and the client did not demonstrate reachability yet - in + * this case you must stop using the context (see below). + * \return Another SSL error code - in this case you must stop using + * the context (see below). * - * If this function returns MBEDTLS_ERR_SSL_WANT_READ, the - * handshake is unfinished and no further data is available - * from the underlying transport. In this case, you must call - * the function again at some later stage. + * \warning If this function returns something other than + * \c 0, + * #MBEDTLS_ERR_SSL_WANT_READ, + * #MBEDTLS_ERR_SSL_WANT_WRITE, + * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, + * you must stop using the SSL context for reading or writing, + * and either free it or call \c mbedtls_ssl_session_reset() + * on it before re-using it for a new connection; the current + * connection must be closed. + * + * \note If DTLS is in use, then you may choose to handle + * #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging + * purposes, as it is an expected return value rather than an + * actual error, but you still need to reset/free the context. * * \note Remarks regarding event-driven DTLS: * If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram @@ -2932,17 +2958,6 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * in which case the datagram of the underlying transport that is * currently being processed might or might not contain further * DTLS records. - * - * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using - * the SSL context for reading or writing, and either free it or - * call \c mbedtls_ssl_session_reset() on it before re-using it - * for a new connection; the current connection must be closed. - * - * \note If DTLS is in use, then you may choose to handle - * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging - * purposes, as it is an expected return value rather than an - * actual error, but you still need to reset/free the context. */ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); @@ -2950,20 +2965,21 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); * \brief Perform a single step of the SSL handshake * * \note The state of the context (ssl->state) will be at - * the next state after execution of this function. Do not + * the next state after this function returns \c 0. Do not * call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER. * - * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using - * the SSL context for reading or writing, and either free it or - * call \c mbedtls_ssl_session_reset() on it before re-using it - * for a new connection; the current connection must be closed. - * * \param ssl SSL context * - * \return 0 if successful, or - * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or - * a specific SSL error code. + * \return See mbedtls_ssl_handshake(). + * + * \warning If this function returns something other than \c 0, + * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE, + * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using + * the SSL context for reading or writing, and either free it + * or call \c mbedtls_ssl_session_reset() on it before + * re-using it for a new connection; the current connection + * must be closed. */ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); @@ -2978,13 +2994,18 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); * \param ssl SSL context * * \return 0 if successful, or any mbedtls_ssl_handshake() return - * value. + * value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't + * happen during a renegotiation. + * + * \warning If this function returns something other than \c 0, + * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE, + * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using + * the SSL context for reading or writing, and either free it + * or call \c mbedtls_ssl_session_reset() on it before + * re-using it for a new connection; the current connection + * must be closed. * - * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using - * the SSL context for reading or writing, and either free it or - * call \c mbedtls_ssl_session_reset() on it before re-using it - * for a new connection; the current connection must be closed. */ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_RENEGOTIATION */ @@ -2996,40 +3017,54 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * \param buf buffer that will hold the data * \param len maximum number of bytes to read * - * \return One of the following: - * - 0 if the read end of the underlying transport was closed, - * - the (positive) number of bytes read, or - * - a negative error code on failure. + * \return The (positive) number of bytes read if successful. + * \return \c 0 is the read end of the underlying transport was closed + * - in this case you must stop using the context (see below). + * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE + * in the handshake is incomplete but or waiting for data to + * be availaible for reading from or writing to the underlying + * transport - in this case you must call this function again + * when the underlying transport is ready for the operation. + * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous + * operation is in progress (see + * mbedtls_ssl_conf_async_private_cb()) - in this case you + * must call this function again when the operation is ready. + * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic + * operation is in progress (see mbedtls_ecp_set_max_ops()) - + * in this case you must call this function again to complete + * the handshake when you're done attending other tasks. + * \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server + * side of a DTLS connection and the client is initiating a + * new commection using the same source port. See below. + * \return Another SSL error code - in this case you must stop using + * the context (see below). * - * If MBEDTLS_ERR_SSL_WANT_READ is returned, no application data - * is available from the underlying transport. In this case, - * the function needs to be called again at some later stage. + * \warning If this function returns something other than + * a positive value, + * #MBEDTLS_ERR_SSL_WANT_READ, + * #MBEDTLS_ERR_SSL_WANT_WRITE, + * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT, + * you must stop using the SSL context for reading or writing, + * and either free it or call \c mbedtls_ssl_session_reset() + * on it before re-using it for a new connection; the current + * connection must be closed. * - * If MBEDTLS_ERR_SSL_WANT_WRITE is returned, a write is pending - * but the underlying transport isn't available for writing. In this - * case, the function needs to be called again at some later stage. - * - * When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT + * \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT * (which can only happen server-side), it means that a client * is initiating a new connection using the same source port. * You can either treat that as a connection close and wait * for the client to resend a ClientHello, or directly * continue with \c mbedtls_ssl_handshake() with the same - * context (as it has beeen reset internally). Either way, you - * should make sure this is seen by the application as a new + * context (as it has been reset internally). Either way, you + * must make sure this is seen by the application as a new * connection: application state, if any, should be reset, and * most importantly the identity of the client must be checked * again. WARNING: not validating the identity of the client * again, or not transmitting the new identity to the * application layer, would allow authentication bypass! * - * \note If this function returns something other than a positive value - * or MBEDTLS_ERR_SSL_WANT_READ/WRITE or MBEDTLS_ERR_SSL_CLIENT_RECONNECT, - * you must stop using the SSL context for reading or writing, - * and either free it or call \c mbedtls_ssl_session_reset() on it - * before re-using it for a new connection; the current connection - * must be closed. - * * \note Remarks regarding event-driven DTLS: * - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram * from the underlying transport layer is currently being processed, @@ -3060,16 +3095,34 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * \param buf buffer holding the data * \param len how many bytes must be written * - * \return the number of bytes actually written (may be less than len), - * or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ, - * or another negative error code. + * \return The (non-negative) number of bytes actually written if + * successfull (may be less than \p len). + * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE + * in the handshake is incomplete but or waiting for data to + * be availaible for reading from or writing to the underlying + * transport - in this case you must call this function again + * when the underlying transport is ready for the operation. + * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous + * operation is in progress (see + * mbedtls_ssl_conf_async_private_cb()) - in this case you + * must call this function again when the operation is ready. + * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic + * operation is in progress (see mbedtls_ecp_set_max_ops()) - + * in this case you must call this function again to complete + * the handshake when you're done attending other tasks. + * \return Another SSL error code - in this case you must stop using + * the context (see below). * - * \note If this function returns something other than 0, a positive - * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop - * using the SSL context for reading or writing, and either - * free it or call \c mbedtls_ssl_session_reset() on it before - * re-using it for a new connection; the current connection - * must be closed. + * \warning If this function returns something other than + * a non-negative value, + * #MBEDTLS_ERR_SSL_WANT_READ, + * #MBEDTLS_ERR_SSL_WANT_WRITE, + * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, + * you must stop using the SSL context for reading or writing, + * and either free it or call \c mbedtls_ssl_session_reset() + * on it before re-using it for a new connection; the current + * connection must be closed. * * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, * it must be called later with the *same* arguments, From ee68cff813a8ee703121a1fd1e6a5baac850d664 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 15 Oct 2018 15:27:49 +0200 Subject: [PATCH 298/368] Fix or improve some comments (and whitespace) --- library/ecdh.c | 4 ++-- library/ecp.c | 52 ++++++++++++++++++++-------------------------- library/pk.c | 2 +- library/pk_wrap.c | 4 ++-- library/x509_crt.c | 1 - 5 files changed, 28 insertions(+), 35 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index a118de534..833691280 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -200,7 +200,7 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, #endif if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng, rs_ctx ) ) != 0 ) + f_rng, p_rng, rs_ctx ) ) != 0 ) return( ret ); if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) ) @@ -211,7 +211,7 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, blen -= grp_len; if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format, - &pt_len, buf, blen ) ) != 0 ) + &pt_len, buf, blen ) ) != 0 ) return( ret ); *olen = grp_len + pt_len; diff --git a/library/ecp.c b/library/ecp.c index b2ee5235a..94b42b97c 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1428,7 +1428,7 @@ cleanup: * * - For the sake of compactness, only the seven low-order bits of x[i] * are used to represent its absolute value (K_i in the paper), and the msb - * of x[i] encodes the the sign (s_i in the paper): it is set if and only if + * of x[i] encodes the sign (s_i in the paper): it is set if and only if * if s_i == -1; * * Calling conventions: @@ -1480,10 +1480,10 @@ static void ecp_comb_recode_core( unsigned char x[], size_t d, * * Note: Even comb values (those where P would be omitted from the * sum defining T[i] above) are not needed in our adaption - * the the comb method. See ecp_comb_recode_core(). + * the comb method. See ecp_comb_recode_core(). * * This function currently works in four steps: - * (1) [dbl] Computation of intermediate T[i] for 2-powers values of i + * (1) [dbl] Computation of intermediate T[i] for 2-power values of i * (2) [norm_dbl] Normalization of coordinates of these T[i] * (3) [add] Computation of all T[i] * (4) [norm_add] Normalization of all T[i] @@ -1513,10 +1513,6 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, const unsigned char T_size = 1U << ( w - 1 ); mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; -#if !defined(MBEDTLS_ECP_RESTARTABLE) - (void) rs_ctx; -#endif - #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) { @@ -1529,12 +1525,10 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add ) goto norm_add; } +#else + (void) rs_ctx; #endif - /* - * Set T[0] = P and - * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) - */ #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) { @@ -1546,7 +1540,10 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, dbl: #endif - + /* + * Set T[0] = P and + * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) + */ MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -1569,17 +1566,16 @@ dbl: MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); } - /* - * Normalize current elements in T. As T has holes, - * use an auxiliary array of pointers to elements in T. - */ #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl; norm_dbl: #endif - + /* + * Normalize current elements in T. As T has holes, + * use an auxiliary array of pointers to elements in T. + */ j = 0; for( i = 1; i < T_size; i <<= 1 ) TT[j++] = T + i; @@ -1588,17 +1584,16 @@ norm_dbl: MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); - /* - * Compute the remaining ones using the minimal number of additions - * Be careful to update T[2^l] only after using it! - */ #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) rs_ctx->rsm->state = ecp_rsm_pre_add; add: #endif - + /* + * Compute the remaining ones using the minimal number of additions + * Be careful to update T[2^l] only after using it! + */ MBEDTLS_ECP_BUDGET( ( T_size - 1 ) * MBEDTLS_ECP_OPS_ADD ); for( i = 1; i < T_size; i <<= 1 ) @@ -1608,18 +1603,17 @@ add: MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) ); } - /* - * Normalize final elements in T. Even though there are no holes now, - * we still need the auxiliary array for homogeneity with last time. - * Also, skip T[0] which is already normalised, being a copy of P. - */ #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) rs_ctx->rsm->state = ecp_rsm_pre_norm_add; norm_add: #endif - + /* + * Normalize final elements in T. Even though there are no holes now, + * we still need the auxiliary array for homogeneity with last time. + * Also, skip T[0] which is already normalised, being a copy of P. + */ for( j = 0; j + 1 < T_size; j++ ) TT[j] = T + j + 1; @@ -1965,7 +1959,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, if( p_eq_g ) { /* almost transfer ownership of T to the group, but keep a copy of - * the pointer to use for caling the next function more easily */ + * the pointer to use for calling the next function more easily */ grp->T = T; grp->T_size = T_size; } diff --git a/library/pk.c b/library/pk.c index ba8950e8d..ce8dbb5bb 100644 --- a/library/pk.c +++ b/library/pk.c @@ -204,7 +204,7 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len * Helper to set up a restart context if needed */ static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx, - const mbedtls_pk_info_t *info ) + const mbedtls_pk_info_t *info ) { /* Don't do anything if already set up or invalid */ if( ctx == NULL || ctx->pk_info != NULL ) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index cb08ebac3..87806be33 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -337,7 +337,7 @@ static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, if( rs == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - /* set up our own sub-context if needed */ + /* set up our own sub-context if needed (that is, on first run) */ if( rs->ecdsa_ctx.grp.pbits == 0 ) MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); @@ -362,7 +362,7 @@ static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, if( rs == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - /* set up our own sub-context if needed */ + /* set up our own sub-context if needed (that is, on first run) */ if( rs->ecdsa_ctx.grp.pbits == 0 ) MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 5d9c6230f..5f9b74f71 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2727,7 +2727,6 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ) return; mbedtls_pk_restart_free( &ctx->pk ); - mbedtls_x509_crt_restart_init( ctx ); } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ From 25781f90da956adaa4e0903850da4fc6ad51fa4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 15 Oct 2018 15:28:16 +0200 Subject: [PATCH 299/368] Fix missing check in example client And a mis-indented check as well. --- programs/ssl/ssl_client2.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 146bdfbeb..15c778d31 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1570,8 +1570,8 @@ int main( int argc, char *argv[] ) } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) - continue; + if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) + continue; #endif /* For event-driven IO, wait for socket to become available */ @@ -1674,6 +1674,11 @@ int main( int argc, char *argv[] ) goto exit; } +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) + continue; +#endif + /* For event-driven IO, wait for socket to become available */ if( opt.event == 1 /* level triggered IO */ ) { From a27190b774e7e89860c2e3b1874ea316629e189b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 15 Oct 2018 16:33:43 +0300 Subject: [PATCH 300/368] Rename platform error code and value Rename the PLATFORM HW error, to avoid ABI breakage with Mbed OS. The value changed as well, as previous value was not in the range of Mbed TLS low level error codes. --- include/mbedtls/platform.h | 2 +- library/error.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 5f5b982a4..e30edc2e0 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -43,7 +43,7 @@ #include "platform_time.h" #endif -#define MBEDTLS_ERR_PLATFORM_HW_FAILED -0x0080 /**< Hardware failed platform operation. */ +#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware failed platform operation. */ #ifdef __cplusplus extern "C" { diff --git a/library/error.c b/library/error.c index c6292171b..0a1c79462 100644 --- a/library/error.c +++ b/library/error.c @@ -826,7 +826,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #endif /* MBEDTLS_PADLOCK_C */ #if defined(MBEDTLS_PLATFORM_C) - if( use_ret == -(MBEDTLS_ERR_PLATFORM_HW_FAILED) ) + if( use_ret == -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware failed platform operation" ); #endif /* MBEDTLS_PLATFORM_C */ From 5267b62248c53f0f1c6d99efe081c6fa12f15eda Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 15 Oct 2018 18:44:42 +0300 Subject: [PATCH 301/368] Change error description 1. Change error description to a clearer one. 2. Change value in the error codes ranges description. --- include/mbedtls/error.h | 2 +- include/mbedtls/platform.h | 2 +- library/error.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index c9a825035..6c69a9b4a 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -80,7 +80,7 @@ * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B * CHACHAPOLY 2 0x0054-0x0056 - * PLATFORM 1 0x0080-0x0080 + * PLATFORM 1 0x0070-0x0070 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index e30edc2e0..5cd143ce5 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -43,7 +43,7 @@ #include "platform_time.h" #endif -#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware failed platform operation. */ +#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware accelerator failed */ #ifdef __cplusplus extern "C" { diff --git a/library/error.c b/library/error.c index 0a1c79462..12902e305 100644 --- a/library/error.c +++ b/library/error.c @@ -827,7 +827,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_PLATFORM_C) if( use_ret == -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware failed platform operation" ); + mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware accelerator failed" ); #endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_POLY1305_C) From c37423fa7628dd39d77090fb1fea7cde2408bc1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Oct 2018 10:28:17 +0200 Subject: [PATCH 302/368] Fix misleading sub-state name and comments The enum constant had 'ske' in its name while this was a sub-state of the "write client key exchange" state; corresponding issue in the comment. --- include/mbedtls/ssl_internal.h | 4 ++-- library/ssl_cli.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index c09fd7007..97abb9f90 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -301,8 +301,8 @@ struct mbedtls_ssl_handshake_params enum { /* this complements ssl->state with info on intra-state operations */ ssl_ecrs_none = 0, /*!< nothing going on (yet) */ ssl_ecrs_crt_verify, /*!< Certificate: crt_verify() */ - ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: step 1 */ - ssl_ecrs_ske_ecdh_calc_secret, /*!< ServerKeyExchange: ECDH step 2 */ + ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: pk_verify() */ + ssl_ecrs_cke_ecdh_calc_secret, /*!< ClientKeyExchange: ECDH step 2 */ ssl_ecrs_crt_vrfy_sign, /*!< CertificateVerify: pk_sign() */ } ecrs_state; /*!< current (or last) operation */ size_t ecrs_n; /*!< place for saving a length */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 7b88e61e3..5720a4b88 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2946,7 +2946,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled ) { - if( ssl->handshake->ecrs_state == ssl_ecrs_ske_ecdh_calc_secret ) + if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret ) goto ecdh_calc_secret; mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); @@ -2973,7 +2973,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) if( ssl->handshake->ecrs_enabled ) { ssl->handshake->ecrs_n = n; - ssl->handshake->ecrs_state = ssl_ecrs_ske_ecdh_calc_secret; + ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; } ecdh_calc_secret: From d8b73f2312a2b5bff26210f4de82c0de573d8d07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Oct 2018 10:34:13 +0200 Subject: [PATCH 303/368] Remove unnecessary calls to init() from free() Our API makes no guarantee that you can use a context after free()ing it without re-init()ing it first, so better not give the wrong impression that we do, while it's not policy and the rest of the code might not allow it. --- library/ecdh.c | 2 -- library/ecdsa.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 833691280..fb46845c9 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -161,8 +161,6 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_free( &ctx->rs ); #endif - - mbedtls_ecdh_init( ctx ); } #if defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/library/ecdsa.c b/library/ecdsa.c index 663433c90..9e35da1f7 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -126,8 +126,6 @@ static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx ) mbedtls_mpi_free( &ctx->k ); mbedtls_mpi_free( &ctx->r ); - - ecdsa_restart_sig_init( ctx ); } #if defined(MBEDTLS_ECDSA_DETERMINISTIC) From c0edc96704c36c68a57da05f0cd20cf49376a000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Oct 2018 10:38:19 +0200 Subject: [PATCH 304/368] Add comment on internal function API --- library/ecdh.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ecdh.c b/library/ecdh.c index fb46845c9..eaad62c99 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -41,6 +41,10 @@ #if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) /* * Generate public key (restartable version) + * + * Note: this internal function relies on its caller preserving the value of + * the output parameter 'd' accross continuation calls. This would not be + * acceptable for a public function but is OK here as we control call sites. */ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, From b843b15a02aa5eb4c466422193b4a2df44859265 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Oct 2018 10:41:31 +0200 Subject: [PATCH 305/368] Fix function name to fit conventions --- include/mbedtls/ecp.h | 2 +- library/ecdsa.c | 2 +- library/ecp.c | 4 ++-- library/pk.c | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 3bacf5cab..448549cfc 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -399,7 +399,7 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ); * \return \c 0 if \c max_ops == 0 (restart disabled) * \return \c 1 otherwise (restart enabled) */ -int mbedtls_ecp_restart_enabled( void ); +int mbedtls_ecp_restart_is_enabled( void ); #endif /* MBEDTLS_ECP_RESTARTABLE */ /** diff --git a/library/ecdsa.c b/library/ecdsa.c index 9e35da1f7..abac015ce 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -177,7 +177,7 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) rs_ctx->ecp.ops_done = 0; \ \ /* set up our own sub-context if needed */ \ - if( mbedtls_ecp_restart_enabled() && \ + if( mbedtls_ecp_restart_is_enabled() && \ rs_ctx != NULL && rs_ctx->SUB == NULL ) \ { \ rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \ diff --git a/library/ecp.c b/library/ecp.c index 94b42b97c..df85ca4a5 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -106,7 +106,7 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ) /* * Check if restart is enabled */ -int mbedtls_ecp_restart_enabled( void ) +int mbedtls_ecp_restart_is_enabled( void ) { return( ecp_max_ops != 0 ); } @@ -266,7 +266,7 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, rs_ctx->ops_done = 0; \ \ /* set up our own sub-context if needed */ \ - if( mbedtls_ecp_restart_enabled() && \ + if( mbedtls_ecp_restart_is_enabled() && \ rs_ctx != NULL && rs_ctx->SUB == NULL ) \ { \ rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \ diff --git a/library/pk.c b/library/pk.c index ce8dbb5bb..e0e8dbad2 100644 --- a/library/pk.c +++ b/library/pk.c @@ -239,7 +239,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* optimization: use non-restartable version if restart disabled */ if( rs_ctx != NULL && - mbedtls_ecp_restart_enabled() && + mbedtls_ecp_restart_is_enabled() && ctx->pk_info->verify_rs_func != NULL ) { int ret; @@ -352,7 +352,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* optimization: use non-restartable version if restart disabled */ if( rs_ctx != NULL && - mbedtls_ecp_restart_enabled() && + mbedtls_ecp_restart_is_enabled() && ctx->pk_info->sign_rs_func != NULL ) { int ret; From a58e011ac06b1bc05df613345fdebc47c993cd6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Oct 2018 10:42:47 +0200 Subject: [PATCH 306/368] Fix alignment in a macro definition --- library/ecp.c | 54 +++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index df85ca4a5..55d7eb88d 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -260,36 +260,36 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, } /* Call this when entering a function that needs its own sub-context */ -#define ECP_RS_ENTER( SUB ) do { \ - /* reset ops count for this call if top-level */ \ - if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) \ - rs_ctx->ops_done = 0; \ - \ - /* set up our own sub-context if needed */ \ - if( mbedtls_ecp_restart_is_enabled() && \ - rs_ctx != NULL && rs_ctx->SUB == NULL ) \ - { \ - rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \ - if( rs_ctx->SUB == NULL ) \ - return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \ - \ - ecp_restart_## SUB ##_init( rs_ctx->SUB ); \ - } \ +#define ECP_RS_ENTER( SUB ) do { \ + /* reset ops count for this call if top-level */ \ + if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) \ + rs_ctx->ops_done = 0; \ + \ + /* set up our own sub-context if needed */ \ + if( mbedtls_ecp_restart_is_enabled() && \ + rs_ctx != NULL && rs_ctx->SUB == NULL ) \ + { \ + rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \ + if( rs_ctx->SUB == NULL ) \ + return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \ + \ + ecp_restart_## SUB ##_init( rs_ctx->SUB ); \ + } \ } while( 0 ) /* Call this when leaving a function that needs its own sub-context */ -#define ECP_RS_LEAVE( SUB ) do { \ - /* clear our sub-context when not in progress (done or error) */ \ - if( rs_ctx != NULL && rs_ctx->SUB != NULL && \ - ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \ - { \ - ecp_restart_## SUB ##_free( rs_ctx->SUB ); \ - mbedtls_free( rs_ctx->SUB ); \ - rs_ctx->SUB = NULL; \ - } \ - \ - if( rs_ctx != NULL ) \ - rs_ctx->depth--; \ +#define ECP_RS_LEAVE( SUB ) do { \ + /* clear our sub-context when not in progress (done or error) */ \ + if( rs_ctx != NULL && rs_ctx->SUB != NULL && \ + ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \ + { \ + ecp_restart_## SUB ##_free( rs_ctx->SUB ); \ + mbedtls_free( rs_ctx->SUB ); \ + rs_ctx->SUB = NULL; \ + } \ + \ + if( rs_ctx != NULL ) \ + rs_ctx->depth--; \ } while( 0 ) #else /* MBEDTLS_ECP_RESTARTABLE */ From 90f31b71a866b7813e0798b5424ba372eac7d803 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Oct 2018 10:45:24 +0200 Subject: [PATCH 307/368] Improve readability by moving counter decrement Avoid the slightly awkward rs_ctx-> i = i + 1 --- library/ecp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 55d7eb88d..66ad12ef9 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1711,9 +1711,11 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); } - while( i-- != 0 ) + while( i != 0 ) { MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD ); + --i; + MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) ); MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) ); MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) ); @@ -1727,8 +1729,7 @@ cleanup: if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - /* was decreased before actually doing it */ - rs_ctx->rsm->i = i + 1; + rs_ctx->rsm->i = i; /* no need to save R, already pointing to rs_ctx->rsm->R */ } #endif From 7a28e99fa09471689995d766d04e05a84668fc02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Oct 2018 11:22:45 +0200 Subject: [PATCH 308/368] Expand test to ensure no assumption on output The functions don't require the caller to preserve the content of the output parameter - let's ensure that they don't assume that. --- tests/suites/test_suite_ecp.function | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 65736f365..65c487ef8 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -2,6 +2,10 @@ #include "mbedtls/ecp.h" #define ECP_PF_UNKNOWN -1 + +#define ECP_PT_RESET( x ) \ + mbedtls_ecp_point_free( x ); \ + mbedtls_ecp_point_init( x ); /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -78,13 +82,14 @@ void ecp_test_vect_restart( int id, */ mbedtls_ecp_restart_ctx ctx; mbedtls_ecp_group grp; - mbedtls_ecp_point R; + mbedtls_ecp_point R, P; mbedtls_mpi dA, xA, yA, dB, xZ, yZ; int cnt_restarts; int ret; mbedtls_ecp_restart_init( &ctx ); - mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); + mbedtls_ecp_group_init( &grp ); + mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &P ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ ); @@ -103,6 +108,7 @@ void ecp_test_vect_restart( int id, /* Base point case */ cnt_restarts = 0; do { + ECP_PT_RESET( &R ); ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G, NULL, NULL, &ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); @@ -114,9 +120,11 @@ void ecp_test_vect_restart( int id, TEST_ASSERT( cnt_restarts <= max_restarts ); /* Non-base point case */ + mbedtls_ecp_copy( &P, &R ); cnt_restarts = 0; do { - ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &R, NULL, NULL, &ctx ); + ECP_PT_RESET( &R ); + ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); TEST_ASSERT( ret == 0 ); @@ -130,13 +138,14 @@ void ecp_test_vect_restart( int id, * This test only makes sense when we actually restart */ if( min_restarts > 0 ) { - ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &R, NULL, NULL, &ctx ); + ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); } exit: mbedtls_ecp_restart_free( &ctx ); - mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R ); + mbedtls_ecp_group_free( &grp ); + mbedtls_ecp_point_free( &R ); mbedtls_ecp_point_free( &P ); mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); mbedtls_mpi_free( &yA ); mbedtls_mpi_free( &dB ); mbedtls_mpi_free( &xZ ); mbedtls_mpi_free( &yZ ); } @@ -183,6 +192,7 @@ void ecp_muladd_restart( int id, char *xR_str, char *yR_str, cnt_restarts = 0; do { + ECP_PT_RESET( &R ); ret = mbedtls_ecp_muladd_restartable( &grp, &R, &u1, &grp.G, &u2, &Q, &ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); From a5a3e40c4eadc4dc52ac9f2eaf0d81880fb0761b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Oct 2018 11:27:23 +0200 Subject: [PATCH 309/368] Fix missing dereference. Went unnoticed because it was only on a defensive code path, in an internal function, so not exercised. --- library/x509_crt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5f9b74f71..25aaff3b0 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2182,8 +2182,8 @@ static int x509_crt_find_parent( /* extra precaution against mistakes in the caller */ if( parent == NULL ) { - parent_is_trusted = 0; - signature_is_good = 0; + *parent_is_trusted = 0; + *signature_is_good = 0; } return( 0 ); From b25cb603bbb68f225a3fc5a25c22adb81eaf6c34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Oct 2018 11:48:09 +0200 Subject: [PATCH 310/368] Add a comment to clarify code flow --- library/ecp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ecp.c b/library/ecp.c index 66ad12ef9..dff5f9004 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1933,6 +1933,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, rs_ctx->rsm->T = NULL; rs_ctx->rsm->T_size = 0; + /* This effectively jumps to the call to mul_comb_after_precomp() */ T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core; } else From 96f3b4ee42c77567fe1a865a4b5c80d57dc57177 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Oct 2018 14:10:21 +0200 Subject: [PATCH 311/368] Remove yotta support from check-files.py Complements "Remove Yotta support from the docs, tests and build scripts". --- tests/scripts/check-files.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 0fb2117a3..ed6787289 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -159,7 +159,6 @@ class IntegrityChecker(object): self.excluded_paths = list(map(os.path.normpath, [ 'cov-int', 'examples', - 'yotta/module' ])) self.issues_to_check = [ PermissionIssueTracker(), From 198611db322f52ecc57f3d7005c8dd6af249e4e0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 17 Oct 2018 13:58:19 +0100 Subject: [PATCH 312/368] Add missing return value check in ECDSA test suite The test case `ecdsa_det_test_vectors` from the ECDSA test suite called `mbedtls_md()` without checking its return value. --- tests/suites/test_suite_ecdsa.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 48ce586be..8e76154de 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -117,7 +117,8 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); hlen = mbedtls_md_get_size( md_info ); - mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash ); + TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg, + strlen( msg ), hash ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_sign_det( &grp, &r, &s, &d, hash, hlen, md_alg ) == 0 ); From dd3ab13da3fd3dc9ec2d3d247c25ac954ca66f5e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 17 Oct 2018 14:43:14 +0100 Subject: [PATCH 313/368] Fail when encountering invalid CBC padding in EtM records This commit changes the behavior of the record decryption routine `ssl_decrypt_buf()` in the following situation: 1. A CBC ciphersuite with Encrypt-then-MAC is used. 2. A record with valid MAC but invalid CBC padding is received. In this situation, the previous code would not raise and error but instead forward the decrypted packet, including the wrong padding, to the user. This commit changes this behavior to return the error MBEDTLS_ERR_SSL_INVALID_MAC instead. While erroneous, the previous behavior does not constitute a security flaw since it can only happen for properly authenticated records, that is, if the peer makes a mistake while preparing the padded plaintext. --- library/ssl_tls.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8bd74db8d..6afb624c5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2304,13 +2304,13 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) correct = 0; } auth_done++; - - /* - * Finally check the correct flag - */ - if( correct == 0 ) - return( MBEDTLS_ERR_SSL_INVALID_MAC ); } + + /* + * Finally check the correct flag + */ + if( correct == 0 ) + return( MBEDTLS_ERR_SSL_INVALID_MAC ); #endif /* SSL_SOME_MODES_USE_MAC */ /* Make extra sure authentication was performed, exactly once */ From f24c3360fc5550dd748e6c4bf0b04a05ae07c233 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 17 Oct 2018 14:53:05 +0100 Subject: [PATCH 314/368] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..acf1bd7ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ Bugfix invalidated keys of a lifetime of less than a 1s. Fixes #1968. * Fix failure in hmac_drbg in the benchmark sample application, when MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 + * Fix a bug in the record decryption routine ssl_decrypt_buf() + which lead to accepting properly authenticated but improperly + padded records in case of CBC ciphersuites using Encrypt-then-MAC. Changes * Add tests for session resumption in DTLS. From b51e267bee83d7cbea5b48c766cfd2a1f9e66186 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Fri, 19 Oct 2018 15:25:10 +0100 Subject: [PATCH 315/368] Add Jenkinsfile for PR job --- tests/.jenkins/Jenkinsfile | 1 + 1 file changed, 1 insertion(+) create mode 100644 tests/.jenkins/Jenkinsfile diff --git a/tests/.jenkins/Jenkinsfile b/tests/.jenkins/Jenkinsfile new file mode 100644 index 000000000..ed04053d2 --- /dev/null +++ b/tests/.jenkins/Jenkinsfile @@ -0,0 +1 @@ +mbedtls.run_job() From ca29fdf569a43a0302895fd6f8b6443f1cbba581 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Oct 2018 09:56:53 +0200 Subject: [PATCH 316/368] Fix some typos in documentation and comments --- include/mbedtls/ssl.h | 20 ++++++++++---------- library/ecdh.c | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 942bf2c15..163ca3871 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2917,7 +2917,7 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * \return \c 0 if successful. * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE * in the handshake is incomplete but or waiting for data to - * be availaible for reading from or writing to the underlying + * be available for reading from or writing to the underlying * transport - in this case you must call this function again * when the underlying transport is ready for the operation. * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous @@ -2951,7 +2951,7 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * actual error, but you still need to reset/free the context. * * \note Remarks regarding event-driven DTLS: - * If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram + * If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram * from the underlying transport layer is currently being processed, * and it is safe to idle until the timer or the underlying transport * signal a new event. This is not true for a successful handshake, @@ -3022,7 +3022,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * - in this case you must stop using the context (see below). * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE * in the handshake is incomplete but or waiting for data to - * be availaible for reading from or writing to the underlying + * be available for reading from or writing to the underlying * transport - in this case you must call this function again * when the underlying transport is ready for the operation. * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous @@ -3035,7 +3035,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * the handshake when you're done attending other tasks. * \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server * side of a DTLS connection and the client is initiating a - * new commection using the same source port. See below. + * new connection using the same source port. See below. * \return Another SSL error code - in this case you must stop using * the context (see below). * @@ -3051,7 +3051,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * on it before re-using it for a new connection; the current * connection must be closed. * - * \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT + * \note When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT * (which can only happen server-side), it means that a client * is initiating a new connection using the same source port. * You can either treat that as a connection close and wait @@ -3066,7 +3066,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * application layer, would allow authentication bypass! * * \note Remarks regarding event-driven DTLS: - * - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram + * - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram * from the underlying transport layer is currently being processed, * and it is safe to idle until the timer or the underlying transport * signal a new event. @@ -3096,10 +3096,10 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * \param len how many bytes must be written * * \return The (non-negative) number of bytes actually written if - * successfull (may be less than \p len). + * successful (may be less than \p len). * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE * in the handshake is incomplete but or waiting for data to - * be availaible for reading from or writing to the underlying + * be available for reading from or writing to the underlying * transport - in this case you must call this function again * when the underlying transport is ready for the operation. * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous @@ -3124,10 +3124,10 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * on it before re-using it for a new connection; the current * connection must be closed. * - * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, + * \note When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ, * it must be called later with the *same* arguments, * until it returns a value greater that or equal to 0. When - * the function returns MBEDTLS_ERR_SSL_WANT_WRITE there may be + * the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be * some partial data in the output buffer, however this is not * yet sent. * diff --git a/library/ecdh.c b/library/ecdh.c index eaad62c99..80e967641 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -43,7 +43,7 @@ * Generate public key (restartable version) * * Note: this internal function relies on its caller preserving the value of - * the output parameter 'd' accross continuation calls. This would not be + * the output parameter 'd' across continuation calls. This would not be * acceptable for a public function but is OK here as we control call sites. */ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp, From a966fdea72678e38beb06c1160768afa6362e295 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 23 Oct 2018 10:41:11 +0200 Subject: [PATCH 317/368] Fix some documentation typos and improve a comment --- include/mbedtls/ssl.h | 8 ++++---- library/ecp.c | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 163ca3871..e8f664a78 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2916,7 +2916,7 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * * \return \c 0 if successful. * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * in the handshake is incomplete but or waiting for data to + * if the handshake is incomplete and waiting for data to * be available for reading from or writing to the underlying * transport - in this case you must call this function again * when the underlying transport is ready for the operation. @@ -3018,10 +3018,10 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * \param len maximum number of bytes to read * * \return The (positive) number of bytes read if successful. - * \return \c 0 is the read end of the underlying transport was closed + * \return \c 0 if the read end of the underlying transport was closed * - in this case you must stop using the context (see below). * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * in the handshake is incomplete but or waiting for data to + * if the handshake is incomplete and waiting for data to * be available for reading from or writing to the underlying * transport - in this case you must call this function again * when the underlying transport is ready for the operation. @@ -3098,7 +3098,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * \return The (non-negative) number of bytes actually written if * successful (may be less than \p len). * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * in the handshake is incomplete but or waiting for data to + * if the handshake is incomplete and waiting for data to * be available for reading from or writing to the underlying * transport - in this case you must call this function again * when the underlying transport is ready for the operation. diff --git a/library/ecp.c b/library/ecp.c index dff5f9004..b193ad4f8 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1610,9 +1610,9 @@ add: norm_add: #endif /* - * Normalize final elements in T. Even though there are no holes now, - * we still need the auxiliary array for homogeneity with last time. - * Also, skip T[0] which is already normalised, being a copy of P. + * Normalize final elements in T. Even though there are no holes now, we + * still need the auxiliary array for homogeneity with the previous + * call. Also, skip T[0] which is already normalised, being a copy of P. */ for( j = 0; j + 1 < T_size; j++ ) TT[j] = T + j + 1; From cc40d86edb559fd95fb5a16fe2947f82103a5bdb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 23 Oct 2018 10:28:01 +0100 Subject: [PATCH 318/368] Improve documentation of mbedtls_ssl_get_verify_result() Fixes #517. --- include/mbedtls/ssl.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 83849a564..855ddcc4d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2773,13 +2773,14 @@ size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ); /** * \brief Return the result of the certificate verification * - * \param ssl SSL context + * \param ssl The SSL context to use. * - * \return 0 if successful, - * -1 if result is not available (eg because the handshake was - * aborted too early), or - * a combination of BADCERT_xxx and BADCRL_xxx flags, see - * x509.h + * \return \c 0 if the certificate verification was successful. + * \return \c -1u if the result is not available. This may happen + * e.g. if the handshake aborts early, or a verification + * callback returned a fatal error. + * \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX + * and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h. */ uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ); From 8381fcb3f9fcab6206556d1410b06246f3de8117 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 11 Oct 2018 12:06:15 +0100 Subject: [PATCH 319/368] aes: xts: Update inaccurate comments It is inaccurate to call a data unit a "sector". A disk sector is a common use case for the data unit, but there exist other types of data units that are not sectors. --- library/aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aes.c b/library/aes.c index 5c939bba4..ef4b8f9aa 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1142,7 +1142,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, unsigned char prev_tweak[16]; unsigned char tmp[16]; - /* Sectors must be at least 16 bytes. */ + /* Data units must be at least 16 bytes long. */ if( length < 16 ) return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; From a74faba27a4a490e06d4de48dc606e4f339f41b2 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 11 Oct 2018 12:07:43 +0100 Subject: [PATCH 320/368] aes: xts: Correct NIST 80-38E to 800-38E Correct a typo in an AES XTS implementation comment where the relevant NIST standard was incorrectly referred to as NIST 80-38E instead of NIST 800-38E. --- library/aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aes.c b/library/aes.c index ef4b8f9aa..fce32ce84 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1146,7 +1146,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, if( length < 16 ) return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; - /* NIST SP 80-38E disallows data units larger than 2**20 blocks. */ + /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */ if( length > ( 1 << 20 ) * 16 ) return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; From e4f965da14aa28e81eeb9f4f3e489335d6512544 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 11 Oct 2018 10:54:45 +0100 Subject: [PATCH 321/368] Adapt ChangeLog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..da0d7b88d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,10 @@ Bugfix invalidated keys of a lifetime of less than a 1s. Fixes #1968. * Fix failure in hmac_drbg in the benchmark sample application, when MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 + * Fix compilation failure for configurations which use compile time + replacements of standard calloc/free functions through the macros + MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO. + Reported by ole-de and ddhome2006. Fixes #882, #1642 and #1706. Changes * Add tests for session resumption in DTLS. From 76cf60beb32f9bb95489e8682371b77a6d6b60be Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 25 Oct 2018 21:51:32 +0100 Subject: [PATCH 322/368] Remove merge conflict marker in ssl-opt.sh Commit 6346a75dfb96 introduced a merge conflict marker into ssl-opt.sh by accident. This commit removes it. --- tests/ssl-opt.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7c408e406..ce9aee28a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5242,7 +5242,6 @@ run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ -C "mbedtls_pk_verify.*4b00" \ -C "mbedtls_ecdh_make_public.*4b00" \ -C "mbedtls_pk_sign.*4b00" -======= # Tests of asynchronous private key support in SSL From 0eb8fb85a6dd7f1e12a1268add7713d5571c0e2b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Oct 2018 09:53:16 +0100 Subject: [PATCH 323/368] Correct typo in documentation of MBEDTLS_SSL_RENEGOTIATION --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 81438c5b1..9e8547c90 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1288,7 +1288,7 @@ /** * \def MBEDTLS_SSL_RENEGOTIATION * - * Disable support for TLS renegotiation. + * Enable support for TLS renegotiation. * * The two main uses of renegotiation are (1) refresh keys on long-lived * connections and (2) client authentication after the initial handshake. From abdf67ee9fa976d8248aa8f74e6a2aec8b54ee92 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Oct 2018 13:28:32 +0100 Subject: [PATCH 324/368] Cast number of operations to `uint` in MBEDTLS_ECP_BUDGET Context: The macro `MBEDTLS_ECP_BUDGET()` is called before performing a number of potentially time-consuming ECC operations. If restartable ECC is enabled, it wraps a call to `mbedtls_ecp_check_budget()` which in turn checks if the requested number of operations can be performed without exceeding the maximum number of consecutive ECC operations. Issue: The function `mbedtls_ecp_check_budget()` expects a the number of requested operations to be given as a value of type `unsigned`, while some calls of the wrapper macro `MBEDTLS_ECP_BUDGET()` use expressions of type `size_t`. This rightfully leads to warnings about implicit truncation from `size_t` to `unsigned` on some compilers. Fix: This commit makes the truncation explicit by adding an explicit cast to `unsigned` in the expansion of the `MBEDTLS_ECP_BUDGET()` macro. Justification: Functionally, the new version is equivalent to the previous code. The warning about truncation can be discarded because, as can be inferred from `ecp.h`, the number of requested operations is never larger than 1000. --- include/mbedtls/ecp.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 448549cfc..5db87524e 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -233,7 +233,9 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, unsigned ops ); /* Utility macro for checking and updating ops budget */ -#define MBEDTLS_ECP_BUDGET( ops ) MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, ops ) ); +#define MBEDTLS_ECP_BUDGET( ops ) \ + MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \ + (unsigned) (ops) ) ); #else /* MBEDTLS_ECP_RESTARTABLE */ From b10c66073f3f83359d8333768f9fed2733c11c87 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Oct 2018 13:50:13 +0100 Subject: [PATCH 325/368] Detect unsigned integer overflow in mbedtls_ecp_check_budget() This commit modifies a bounds check in `mbedtls_ecp_check_budget()` to be correct even if the requested number of ECC operations would overflow the operation counter. --- library/ecp.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index b193ad4f8..de5725c70 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -248,9 +248,16 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, else if( grp->pbits >= 384 ) ops *= 2; - /* avoid infinite loops: always allow first step */ - if( rs_ctx->ops_done != 0 && rs_ctx->ops_done + ops > ecp_max_ops ) + /* Avoid infinite loops: always allow first step. + * Because of that, however, it's not generally true + * that ops_done <= ecp_max_ops, so the check + * ops_done > ecp_max_ops below is mandatory. */ + if( ( rs_ctx->ops_done != 0 ) && + ( rs_ctx->ops_done > ecp_max_ops || + ops > ecp_max_ops - rs_ctx->ops_done ) ) + { return( MBEDTLS_ERR_ECP_IN_PROGRESS ); + } /* update running count */ rs_ctx->ops_done += ops; From 4a865ef2335f16f09512e72b891d84940cae9157 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 28 Oct 2018 18:00:51 +0000 Subject: [PATCH 326/368] Add ChangeLog entry for PR #1618 - ARM DSP instruction support --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index d87cc4d01..5687be6ed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,10 @@ Features application leading to a memory leak in case both MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE are set. Fixes #2069. + * Add support for Arm CPU DSP extensions to accelerate asymmetric key + operations. On CPUs where the extensions are available, they can accelerate + MPI multiplications used in ECC and RSA cryptography. Contributed by + Aurelien Jarno. Bugfix * Fix a bug in the update function for SSL ticket keys which previously From 0bb204cab1c294a19940aa8e06f67d9fce8dc8d3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 30 Oct 2018 10:08:33 +0000 Subject: [PATCH 327/368] Adapt ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..9a56ed8d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ Changes * Close a test gap in (D)TLS between the client side and the server side: test the handling of large packets and small packets on the client side in the same way as on the server side. + * Improve documentation of mbedtls_ssl_get_verify_result(). + Fixes #517 reported by github-monoculture. = mbed TLS 2.13.1 branch released 2018-09-06 From 2b5be1e630dde3f2a87367ecedf2d8d7ad92715e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 30 Oct 2018 15:55:10 +0000 Subject: [PATCH 328/368] Fix ChangeLog entry for #2069 The fix for #2069 had accidentally been added to features, not bugfixes. --- ChangeLog | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3154965c6..7e1955ae1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,16 +13,16 @@ Features yet), and to existing functions in ECDH and SSL (currently only implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2, including client authentication). - * Fix wrong order of freeing in programs/ssl/ssl_server2 example - application leading to a memory leak in case both - MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE are set. - Fixes #2069. * Add support for Arm CPU DSP extensions to accelerate asymmetric key operations. On CPUs where the extensions are available, they can accelerate MPI multiplications used in ECC and RSA cryptography. Contributed by Aurelien Jarno. Bugfix + * Fix wrong order of freeing in programs/ssl/ssl_server2 example + application leading to a memory leak in case both + MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE are set. + Fixes #2069. * Fix a bug in the update function for SSL ticket keys which previously invalidated keys of a lifetime of less than a 1s. Fixes #1968. * Fix failure in hmac_drbg in the benchmark sample application, when @@ -32,7 +32,7 @@ Bugfix padded records in case of CBC ciphersuites using Encrypt-then-MAC. * Fix memory leak and freeing without initialization in the example program programs/x509/cert_write. Fixes #1422. - * Ignore iv in mbedtls_cipher_set_iv() when the cipher mode is MBEDTLS_MODE_ECB + * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is MBEDTLS_MODE_ECB Fix for #1091 raised by ezdevelop Changes From 8493f80e65781d1de73bd40c5aa463b8ed0a99a4 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 1 Nov 2018 11:32:15 +0200 Subject: [PATCH 329/368] conditionaly compile ECDH and ECDSA alt functions Return the condition compilation flags surrounding `mbedtls_ecdh_compute_shared()`, `mbedtls_ecdh_gen_public()`, `mbedtls_ecdsa_sign()` and `mbedtls_ecdsa_verify()` that were accidentally removed in a previous merge. Resolves #2163 --- library/ecdh.c | 23 ++++++++++++++++++++++- library/ecdsa.c | 25 ++++++++++++++++++++----- 2 files changed, 42 insertions(+), 6 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 80e967641..f05e2c06a 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -110,7 +110,6 @@ cleanup: return( ret ); } -#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ /* * Compute shared secret (SEC1 3.3.1) @@ -123,6 +122,7 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, return( ecdh_compute_shared_restartable( grp, z, Q, d, f_rng, p_rng, NULL ) ); } +#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ /* * Initialize context @@ -201,9 +201,16 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, rs_ctx = &ctx->rs; #endif + +#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) + if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng ) ) != 0 ) + return( ret ); +#else if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng, rs_ctx ) ) != 0 ) return( ret ); +#endif if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) ) != 0 ) @@ -287,9 +294,15 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, rs_ctx = &ctx->rs; #endif +#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) + if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng ) ) != 0 ) + return( ret ); +#else if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng, rs_ctx ) ) != 0 ) return( ret ); +#endif return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format, olen, buf, blen ); @@ -335,11 +348,19 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, rs_ctx = &ctx->rs; #endif +#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) + if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, + &ctx->d, f_rng, p_rng ) ) != 0 ) + { + return( ret ); + } +#else if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d, f_rng, p_rng, rs_ctx ) ) != 0 ) { return( ret ); } +#endif if( mbedtls_mpi_size( &ctx->z ) > blen ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); diff --git a/library/ecdsa.c b/library/ecdsa.c index abac015ce..37379bcdc 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -237,7 +237,6 @@ cleanup: return( ret ); } -#if !defined(MBEDTLS_ECDSA_SIGN_ALT) /* * Compute ECDSA signature of a hashed message (SEC1 4.1.3) * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message) @@ -369,8 +368,8 @@ cleanup: return( ret ); } -#endif /* MBEDTLS_ECDSA_SIGN_ALT */ +#if !defined(MBEDTLS_ECDSA_SIGN_ALT) /* * Compute ECDSA signature of a hashed message */ @@ -381,6 +380,7 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, return( ecdsa_sign_restartable( grp, r, s, d, buf, blen, f_rng, p_rng, NULL ) ); } +#endif /* MBEDTLS_ECDSA_SIGN_ALT */ #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /* @@ -432,8 +432,13 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, sign: #endif +#if defined(MBEDTLS_ECDSA_SIGN_ALT) + ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, p_rng ); +#else ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, mbedtls_hmac_drbg_random, p_rng, rs_ctx ); +#endif cleanup: mbedtls_hmac_drbg_free( &rng_ctx ); @@ -455,7 +460,6 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ -#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /* * Verify ECDSA signature of hashed message (SEC1 4.1.4) * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message) @@ -564,8 +568,8 @@ cleanup: return( ret ); } -#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ +#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /* * Verify ECDSA signature of hashed message */ @@ -575,6 +579,7 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, { return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) ); } +#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ /* * Convert a signature (given by context) to ASN.1 @@ -626,8 +631,13 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, #else (void) md_alg; +#if defined(MBEDTLS_ECDSA_SIGN_ALT) + MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ctx->grp, &r, &s, &ctx->d, + hash, hlen, f_rng, p_rng ) ); +#else MBEDTLS_MPI_CHK( ecdsa_sign_restartable( &ctx->grp, &r, &s, &ctx->d, hash, hlen, f_rng, p_rng, rs_ctx ) ); +#endif #endif MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) ); @@ -712,10 +722,15 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } - +#if defined(MBEDTLS_ECDSA_VERIFY_ALT) + if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen, + &ctx->Q, &r, &s ) ) != 0 ) + goto cleanup; +#else if( ( ret = ecdsa_verify_restartable( &ctx->grp, hash, hlen, &ctx->Q, &r, &s, rs_ctx ) ) != 0 ) goto cleanup; +#endif /* At this point we know that the buffer starts with a valid signature. * Return 0 if the buffer just contains the signature, and a specific From 936d284f4d803de343f5fb98db86fc046bafdaff Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 1 Nov 2018 13:05:52 +0200 Subject: [PATCH 330/368] Minor fixes 1. Fix unused symbols compilation warnings. 2. Add comments for the closing `endif`. --- library/ecdh.c | 16 +++++++++++----- library/ecdsa.c | 16 ++++++++-------- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index f05e2c06a..9fad8e10b 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -76,7 +76,7 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp { return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) ); } -#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */ #if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) /* @@ -122,7 +122,7 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, return( ecdh_compute_shared_restartable( grp, z, Q, d, f_rng, p_rng, NULL ) ); } -#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ +#endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ /* * Initialize context @@ -191,7 +191,9 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, { int ret; size_t grp_len, pt_len; +#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) mbedtls_ecp_restart_ctx *rs_ctx = NULL; +#endif if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); @@ -210,7 +212,7 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng, rs_ctx ) ) != 0 ) return( ret ); -#endif +#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) ) != 0 ) @@ -284,7 +286,9 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int ret; +#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) mbedtls_ecp_restart_ctx *rs_ctx = NULL; +#endif if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); @@ -302,7 +306,7 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng, rs_ctx ) ) != 0 ) return( ret ); -#endif +#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format, olen, buf, blen ); @@ -338,7 +342,9 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int ret; +#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) mbedtls_ecp_restart_ctx *rs_ctx = NULL; +#endif if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); @@ -360,7 +366,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, { return( ret ); } -#endif +#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ if( mbedtls_mpi_size( &ctx->z ) > blen ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); diff --git a/library/ecdsa.c b/library/ecdsa.c index 37379bcdc..54ecab11e 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -237,6 +237,7 @@ cleanup: return( ret ); } +#if !defined(MBEDTLS_ECDSA_SIGN_ALT) /* * Compute ECDSA signature of a hashed message (SEC1 4.1.3) * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message) @@ -369,7 +370,6 @@ cleanup: return( ret ); } -#if !defined(MBEDTLS_ECDSA_SIGN_ALT) /* * Compute ECDSA signature of a hashed message */ @@ -380,7 +380,7 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, return( ecdsa_sign_restartable( grp, r, s, d, buf, blen, f_rng, p_rng, NULL ) ); } -#endif /* MBEDTLS_ECDSA_SIGN_ALT */ +#endif /* !MBEDTLS_ECDSA_SIGN_ALT */ #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /* @@ -438,7 +438,7 @@ sign: #else ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, mbedtls_hmac_drbg_random, p_rng, rs_ctx ); -#endif +#endif /* MBEDTLS_ECDSA_SIGN_ALT */ cleanup: mbedtls_hmac_drbg_free( &rng_ctx ); @@ -460,6 +460,7 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ +#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /* * Verify ECDSA signature of hashed message (SEC1 4.1.4) * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message) @@ -569,7 +570,6 @@ cleanup: return( ret ); } -#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /* * Verify ECDSA signature of hashed message */ @@ -579,7 +579,7 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, { return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) ); } -#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ +#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */ /* * Convert a signature (given by context) to ASN.1 @@ -637,7 +637,7 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, #else MBEDTLS_MPI_CHK( ecdsa_sign_restartable( &ctx->grp, &r, &s, &ctx->d, hash, hlen, f_rng, p_rng, rs_ctx ) ); -#endif +#endif /* MBEDTLS_ECDSA_SIGN_ALT */ #endif MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) ); @@ -730,7 +730,7 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, if( ( ret = ecdsa_verify_restartable( &ctx->grp, hash, hlen, &ctx->Q, &r, &s, rs_ctx ) ) != 0 ) goto cleanup; -#endif +#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ /* At this point we know that the buffer starts with a valid signature. * Return 0 if the buffer just contains the signature, and a specific @@ -755,7 +755,7 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, return( mbedtls_ecp_group_load( &ctx->grp, gid ) || mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); } -#endif /* MBEDTLS_ECDSA_GENKEY_ALT */ +#endif /* !MBEDTLS_ECDSA_GENKEY_ALT */ /* * Set context from an mbedtls_ecp_keypair From 2b161c33bef53b2ac43bfbe7dffe2a8489e6d086 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 1 Nov 2018 16:18:20 +0200 Subject: [PATCH 331/368] Fix compilation issue Fix compilation error when both `MBEDTLS_ECP_RESTARTABLE` and the alternative definition of ECDH function are defined. --- library/ecdh.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 9fad8e10b..b7e25dcc9 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -198,7 +198,7 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) && !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) if( ctx->restart_enabled ) rs_ctx = &ctx->rs; #endif @@ -293,7 +293,7 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) && !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) if( ctx->restart_enabled ) rs_ctx = &ctx->rs; #endif @@ -349,7 +349,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) && !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) if( ctx->restart_enabled ) rs_ctx = &ctx->rs; #endif From f745733bb16768af3a95ca482ee2538012a0acc6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 Oct 2018 17:14:42 +0100 Subject: [PATCH 332/368] Add 'md' cmd line parameter to cert_req example program This commit adds a command line option `md` to the example application `programs/x509/cert_req` allowing to specify the hash algorithm to use when signing the CSR. --- programs/x509/cert_req.c | 59 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 58 insertions(+), 1 deletion(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 30df2162a..dcfc14108 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -61,6 +61,7 @@ int main( void ) #define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK" #define DFL_KEY_USAGE 0 #define DFL_NS_CERT_TYPE 0 +#define DFL_MD_ALG MBEDTLS_MD_SHA256 #define USAGE \ "\n usage: cert_req param=<>...\n" \ @@ -87,6 +88,11 @@ int main( void ) " ssl_ca\n" \ " email_ca\n" \ " object_signing_ca\n" \ + " md=%%s default: SHA256\n" \ + " possible values:\n" \ + " MD4, MD5, SHA1\n" \ + " SHA224, SHA256\n" \ + " SHA384, SHA512\n" \ "\n" /* @@ -100,6 +106,7 @@ struct options const char *subject_name; /* subject name for certificate request */ unsigned char key_usage; /* key usage flags */ unsigned char ns_cert_type; /* NS cert type */ + mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ } opt; int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file, @@ -147,7 +154,6 @@ int main( int argc, char *argv[] ) * Set to sane values */ mbedtls_x509write_csr_init( &req ); - mbedtls_x509write_csr_set_md_alg( &req, MBEDTLS_MD_SHA256 ); mbedtls_pk_init( &key ); mbedtls_ctr_drbg_init( &ctr_drbg ); memset( buf, 0, sizeof( buf ) ); @@ -166,6 +172,7 @@ int main( int argc, char *argv[] ) opt.subject_name = DFL_SUBJECT_NAME; opt.key_usage = DFL_KEY_USAGE; opt.ns_cert_type = DFL_NS_CERT_TYPE; + opt.md_alg = DFL_MD_ALG; for( i = 1; i < argc; i++ ) { @@ -189,6 +196,54 @@ int main( int argc, char *argv[] ) { opt.subject_name = q; } + else if( strcmp( p, "md" ) == 0 ) + { + if( strcmp( q, "SHA256" ) == 0 ) + { + opt.md_alg = MBEDTLS_MD_SHA256; + } + else if( strcmp( q, "SHA224" ) == 0 ) + { + opt.md_alg = MBEDTLS_MD_SHA224; + } + else +#if defined(MBEDTLS_MD5_C) + if( strcmp( q, "MD5" ) == 0 ) + { + opt.md_alg = MBEDTLS_MD_MD5; + } + else +#endif /* MBEDTLS_MD5_C */ +#if defined(MBEDTLS_MD4_C) + if( strcmp( q, "MD4" ) == 0 ) + { + opt.md_alg = MBEDTLS_MD_MD4; + } + else +#endif /* MBEDTLS_MD5_C */ +#if defined(MBEDTLS_SHA1_C) + if( strcmp( q, "SHA1" ) == 0 ) + { + opt.md_alg = MBEDTLS_MD_SHA1; + } + else +#endif /* MBEDTLS_SHA1_C */ +#if defined(MBEDTLS_SHA512_C) + if( strcmp( q, "SHA384" ) == 0 ) + { + opt.md_alg = MBEDTLS_MD_SHA384; + } + else + if( strcmp( q, "SHA512" ) == 0 ) + { + opt.md_alg = MBEDTLS_MD_SHA512; + } + else +#endif /* MBEDTLS_SHA512_C */ + { + goto usage; + } + } else if( strcmp( p, "key_usage" ) == 0 ) { while( q != NULL ) @@ -247,6 +302,8 @@ int main( int argc, char *argv[] ) goto usage; } + mbedtls_x509write_csr_set_md_alg( &req, opt.md_alg ); + if( opt.key_usage ) mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage ); From 56e84632ef0be6b66a04d87b6a1efbc93cd8cf1d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 1 Nov 2018 14:10:23 +0000 Subject: [PATCH 333/368] Add 'password' cmd line parameter to cert_req example program --- programs/x509/cert_req.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index dcfc14108..951844783 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -56,6 +56,7 @@ int main( void ) #include #define DFL_FILENAME "keyfile.key" +#define DFL_PASSWORD NULL #define DFL_DEBUG_LEVEL 0 #define DFL_OUTPUT_FILENAME "cert.req" #define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK" @@ -67,6 +68,7 @@ int main( void ) "\n usage: cert_req param=<>...\n" \ "\n acceptable parameters:\n" \ " filename=%%s default: keyfile.key\n" \ + " password=%%s default: NULL\n" \ " debug_level=%%d default: 0 (disabled)\n" \ " output_file=%%s default: cert.req\n" \ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ @@ -101,6 +103,7 @@ int main( void ) struct options { const char *filename; /* filename of the key file */ + const char *password; /* password for the key file */ int debug_level; /* level of debugging */ const char *output_file; /* where to store the constructed key file */ const char *subject_name; /* subject name for certificate request */ @@ -167,6 +170,7 @@ int main( int argc, char *argv[] ) } opt.filename = DFL_FILENAME; + opt.password = DFL_PASSWORD; opt.debug_level = DFL_DEBUG_LEVEL; opt.output_file = DFL_OUTPUT_FILENAME; opt.subject_name = DFL_SUBJECT_NAME; @@ -184,6 +188,8 @@ int main( int argc, char *argv[] ) if( strcmp( p, "filename" ) == 0 ) opt.filename = q; + else if( strcmp( p, "password" ) == 0 ) + opt.password = q; else if( strcmp( p, "output_file" ) == 0 ) opt.output_file = q; else if( strcmp( p, "debug_level" ) == 0 ) @@ -347,7 +353,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Loading the private key ..." ); fflush( stdout ); - ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL ); + ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password ); if( ret != 0 ) { From 50cb93a04c66ef83fd994245ade892de525378b9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 Oct 2018 17:15:28 +0100 Subject: [PATCH 334/368] Generate server1* CRTs and CSRs through Mbed TLS applications Previously, CSRs and CRTs from the server1* family in testa/data_files were generated through OpenSSL. This commit changes the build instructions to use Mbed TLS' example applications programs/x509/cert_write and programs/x509/cert_req instead. --- tests/data_files/Makefile | 88 +++++++++++++++++++++++++++++---------- 1 file changed, 66 insertions(+), 22 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 4a24352e3..0eedbc94b 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -14,6 +14,8 @@ OPENSSL ?= openssl FAKETIME ?= faketime MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write +MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req + ## Build the generated test data. Note that since the final outputs ## are committed to the repository, this target should do nothing on a @@ -714,6 +716,50 @@ ec_prv.pk8param.pem: ec_prv.pk8param.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_prv.pk8param.pem +################################################################ +### Generate CSRs for X.509 write test suite +################################################################ + +server1.req.sha1: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 +all_final += server1.req.sha1 + +server1.req.md4: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD4 +all_final += server1.req.md4 + +server1.req.md5: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5 +all_final += server1.req.md5 + +server1.req.sha224: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224 +all_final += server1.req.sha224 + +server1.req.sha256: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256 +all_final += server1.req.sha256 + +server1.req.sha384: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 +all_final += server1.req.sha384 + +server1.req.sha512: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512 +all_final += server1.req.sha512 + +server1.req.cert_type: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 +all_final += server1.req.cert_type + +server1.req.key_usage: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 +all_final += server1.req.key_usage + +server1.req.ku-ct: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 +all_final += server1.req.ku-ct + ################################################################ ### Generate certificates for CRT write check tests ################################################################ @@ -730,36 +776,34 @@ test_ca_server1_db = test-ca.server1.db test_ca_server1_serial = test-ca.server1.serial test_ca_server1_config_file = test-ca.server1.opensslconf -server1.csr: server1.key server1_csr.opensslconf - $(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new -all_final += server1.csr +# server1* -server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) - $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@ -server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) - $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ +server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@ +server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ server1.der: server1.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ all_final += server1.crt server1.noauthid.crt server1.der -server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) - $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ -server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) - $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ +server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ +server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ server1.key_usage.der: server1.key_usage.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der -server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) - $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ -server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) - $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ +server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ +server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ server1.cert_type.der: server1.cert_type.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der -server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) - $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@ +server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@ server1.v1.der: server1.v1.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ all_final += server1.v1.crt server1.v1.der @@ -767,11 +811,11 @@ all_final += server1.v1.crt server1.v1.der # OpenSSL-generated certificates for comparison # Also provide certificates in DER format to allow # direct binary comparison using e.g. dumpasn1 -server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) +server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) echo "01" > $(test_ca_server1_serial) rm -f $(test_ca_server1_db) touch $(test_ca_server1_db) - $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@ + $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@ server1.der.openssl: server1.crt.openssl $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ server1.key_usage.der.openssl: server1.key_usage.crt.openssl @@ -779,15 +823,15 @@ server1.key_usage.der.openssl: server1.key_usage.crt.openssl server1.cert_type.der.openssl: server1.cert_type.crt.openssl $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ -server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) +server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) echo "01" > $(test_ca_server1_serial) rm -f $(test_ca_server1_db) touch $(test_ca_server1_db) - $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@ + $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@ server1.v1.der.openssl: server1.v1.crt.openssl $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ -server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl +server1_all: server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl From b83777532a36a46c90325e28d9fa467176c6ef50 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 31 Oct 2018 15:29:19 +0000 Subject: [PATCH 335/368] Generate test-ca* CSRs and CRTs through Mbed TLS applications --- tests/data_files/Makefile | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 0eedbc94b..05984a0e3 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -39,14 +39,20 @@ test_ca_key_file_rsa = test-ca.key test_ca_pwd_rsa = PolarSSLTest test_ca_config_file = test-ca.opensslconf -test-ca.csr: $(test_ca_key_file_rsa) $(test_ca_config_file) - $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ -all_intermediate += test-ca.csr -test-ca-sha1.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr - $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha1 -in test-ca.csr -out $@ +test-ca.req.sha256: $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 +all_intermediate += test-ca.req.sha256 + +test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 + $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@ +all_final += test-ca.crt + +test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 + $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@ all_final += test-ca-sha1.crt -test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr - $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@ + +test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 + $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA256 version=3 output_file=$@ all_final += test-ca-sha256.crt test_ca_key_file_rsa_alt = test-ca-alt.key From ebc1f40aa008f6a2ba42e7436e4596d8f780b612 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 31 Oct 2018 16:35:59 +0000 Subject: [PATCH 336/368] Generate server2* CSRs and CRTs through Mbed TLS applications --- tests/data_files/Makefile | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 05984a0e3..dd946e5ba 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -102,13 +102,6 @@ cli-rsa-sha256.crt: $(cli_crt_key_file_rsa) test-ca-sha256.crt cli-rsa.csr $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@ all_final += cli-rsa-sha256.crt -server2-rsa.csr: server2.key - $(OPENSSL) req -new -key server2.key -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ -all_intermediate += server2-rsa.csr -server2-sha256.crt: server2-rsa.csr - $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@ -all_final += server2-sha256.crt - test_ca_int_rsa1 = test-int-ca.crt server7.csr: server7.key @@ -766,6 +759,12 @@ server1.req.ku-ct: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 all_final += server1.req.ku-ct +# server2* + +server2.req.sha256: server2.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 +all_intermediate += server2.req.sha256 + ################################################################ ### Generate certificates for CRT write check tests ################################################################ @@ -839,6 +838,16 @@ server1.v1.der.openssl: server1.v1.crt.openssl server1_all: server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl +# server2* + +server2.crt: server2.req.sha256 + $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@ +all_final += server2.crt + +server2-sha256.crt: server2.req.sha256 + $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@ +all_final += server2-sha256.crt + ################################################################ From 0dd11396d4679f183070d3168901437556262250 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 2 Nov 2018 08:56:15 +0000 Subject: [PATCH 337/368] Generate server5.req.ku.sha1 through Mbed TLS application --- tests/data_files/Makefile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index dd946e5ba..084b0ab05 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -765,6 +765,13 @@ server2.req.sha256: server2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 all_intermediate += server2.req.sha256 +# server5* + +# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' +server5.req.ku.sha1: server5.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 +all_final += server5.req.ku.sha1 + ################################################################ ### Generate certificates for CRT write check tests ################################################################ From 386f99c65ca6f70dc27bb17f68de303aa4897607 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 1 Nov 2018 17:20:22 +0000 Subject: [PATCH 338/368] Generate cli-rsa* CSRs and CRTs through Mbed TLS applications --- tests/data_files/Makefile | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 084b0ab05..a833984bf 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -93,13 +93,14 @@ cli_crt_key_file_rsa = cli-rsa.key cli_crt_extensions_file = cli.opensslconf cli-rsa.csr: $(cli_crt_key_file_rsa) - $(OPENSSL) req -new -key $(cli_crt_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Client 2" -out $@ + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1 all_intermediate += cli-rsa.csr -cli-rsa-sha1.crt: $(cli_crt_key_file_rsa) test-ca-sha1.crt cli-rsa.csr - $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha1.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha1 -in cli-rsa.csr -out $@ -all_final += cli-rsa-sha1.crt -cli-rsa-sha256.crt: $(cli_crt_key_file_rsa) test-ca-sha256.crt cli-rsa.csr - $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@ + +cli-rsa-sha1.crt: cli-rsa.csr + $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@ + +cli-rsa-sha256.crt: cli-rsa.csr + $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@ all_final += cli-rsa-sha256.crt test_ca_int_rsa1 = test-int-ca.crt From b963081df14fb855ad3a04a9ec59b4f7c9dd0db0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 31 Oct 2018 16:28:05 +0000 Subject: [PATCH 339/368] Generate tests/data_files/test-ca_cat[12|21].crt from Makefile --- tests/data_files/Makefile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index a833984bf..dc14c11f6 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -75,6 +75,16 @@ all_final += test-ca-good-alt.crt test_ca_crt_file_ec = test-ca2.crt test_ca_key_file_ec = test-ca2.key +test_ca_crt_cat12 = test-ca_cat12.crt +$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec) + cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@ +all_final += $(test_ca_crt_cat12) + +test_ca_crt_cat21 = test-ca_cat21.crt +$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec) + cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@ +all_final += $(test_ca_crt_cat21) + test-int-ca.csr: test-int-ca.key $(test_ca_config_file) $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ all_intermediate += test-int-ca.csr From 52acdb5926b7dd7803c0f625648b56d388e04854 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 2 Nov 2018 10:09:48 +0000 Subject: [PATCH 340/368] Add tests for relaxed CRL-CA name comparison This commit introduces variants test-ca_utf8.crt, test-ca_printablestring.crt and test-ca_uppercase.crt of tests/data_files/test-ca.crt which differ from test-ca.crt in their choice of string encoding and upper and lower case letters in the DN field. These changes should be immaterial to the recovation check, and three tests are added that crl.pem, which applies to test-ca.crt, is also considered as applying to test-ca_*.crt. --- tests/data_files/test-ca_printable.crt | 21 +++++++++++++++++++++ tests/data_files/test-ca_uppercase.crt | 20 ++++++++++++++++++++ tests/data_files/test-ca_utf8.crt | 20 ++++++++++++++++++++ tests/suites/test_suite_x509parse.data | 12 ++++++++++++ 4 files changed, 73 insertions(+) create mode 100644 tests/data_files/test-ca_printable.crt create mode 100644 tests/data_files/test-ca_uppercase.crt create mode 100644 tests/data_files/test-ca_utf8.crt diff --git a/tests/data_files/test-ca_printable.crt b/tests/data_files/test-ca_printable.crt new file mode 100644 index 000000000..d16da09a2 --- /dev/null +++ b/tests/data_files/test-ca_printable.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH +/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV +BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz +dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ +SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H +DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF +pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf +m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ +7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca_uppercase.crt b/tests/data_files/test-ca_uppercase.crt new file mode 100644 index 000000000..e8b537c72 --- /dev/null +++ b/tests/data_files/test-ca_uppercase.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA +A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI +yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv +czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST +S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM +iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS +NWqiX9GyusBZjezaCaHabjDLU0qQ +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca_utf8.crt b/tests/data_files/test-ca_utf8.crt new file mode 100644 index 000000000..e8b537c72 --- /dev/null +++ b/tests/data_files/test-ca_utf8.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA +A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI +yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv +czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST +S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM +iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS +NWqiX9GyusBZjezaCaHabjDLU0qQ +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 80e49d226..85f0d6556 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -399,6 +399,18 @@ X509 Certificate verification #5 (Revoked Cert) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" +X509 Certificate verification #5' (Revoked Cert, differing DN string formats #1) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca_utf8.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" + +X509 Certificate verification #5'' (Revoked Cert, differing DN string formats #2) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca_printable.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" + +X509 Certificate verification #5''' (Revoked Cert, differing upper and lower case) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca_uppercase.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" + X509 Certificate verification #6 (Revoked Cert) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" From 0f6903d84ccb0b5dd4b9809a3a9e040628e3343d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 2 Nov 2018 09:19:16 +0000 Subject: [PATCH 341/368] Move static x509_name_cmp() in library/x509_crt.c A subsequent change will need this function earlier within the file. --- library/x509_crt.c | 260 ++++++++++++++++++++++----------------------- 1 file changed, 130 insertions(+), 130 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 25aaff3b0..f75684372 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -227,6 +227,136 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, return( -1 ); } +/* + * Like memcmp, but case-insensitive and always returns -1 if different + */ +static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) +{ + size_t i; + unsigned char diff; + const unsigned char *n1 = s1, *n2 = s2; + + for( i = 0; i < len; i++ ) + { + diff = n1[i] ^ n2[i]; + + if( diff == 0 ) + continue; + + if( diff == 32 && + ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || + ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) + { + continue; + } + + return( -1 ); + } + + return( 0 ); +} + +/* + * Return 0 if name matches wildcard, -1 otherwise + */ +static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) +{ + size_t i; + size_t cn_idx = 0, cn_len = strlen( cn ); + + /* We can't have a match if there is no wildcard to match */ + if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) + return( -1 ); + + for( i = 0; i < cn_len; ++i ) + { + if( cn[i] == '.' ) + { + cn_idx = i; + break; + } + } + + if( cn_idx == 0 ) + return( -1 ); + + if( cn_len - cn_idx == name->len - 1 && + x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) + { + return( 0 ); + } + + return( -1 ); +} + +/* + * Compare two X.509 strings, case-insensitive, and allowing for some encoding + * variations (but not all). + * + * Return 0 if equal, -1 otherwise. + */ +static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b ) +{ + if( a->tag == b->tag && + a->len == b->len && + memcmp( a->p, b->p, b->len ) == 0 ) + { + return( 0 ); + } + + if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && + ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && + a->len == b->len && + x509_memcasecmp( a->p, b->p, b->len ) == 0 ) + { + return( 0 ); + } + + return( -1 ); +} + +/* + * Compare two X.509 Names (aka rdnSequence). + * + * See RFC 5280 section 7.1, though we don't implement the whole algorithm: + * we sometimes return unequal when the full algorithm would return equal, + * but never the other way. (In particular, we don't do Unicode normalisation + * or space folding.) + * + * Return 0 if equal, -1 otherwise. + */ +static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b ) +{ + /* Avoid recursion, it might not be optimised by the compiler */ + while( a != NULL || b != NULL ) + { + if( a == NULL || b == NULL ) + return( -1 ); + + /* type */ + if( a->oid.tag != b->oid.tag || + a->oid.len != b->oid.len || + memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) + { + return( -1 ); + } + + /* value */ + if( x509_string_cmp( &a->val, &b->val ) != 0 ) + return( -1 ); + + /* structure of the list of sets */ + if( a->next_merged != b->next_merged ) + return( -1 ); + + a = a->next; + b = b->next; + } + + /* a == NULL == b */ + return( 0 ); +} + /* * Reset (init or clear) a verify_chain */ @@ -1756,136 +1886,6 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, } #endif /* MBEDTLS_X509_CRL_PARSE_C */ -/* - * Like memcmp, but case-insensitive and always returns -1 if different - */ -static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) -{ - size_t i; - unsigned char diff; - const unsigned char *n1 = s1, *n2 = s2; - - for( i = 0; i < len; i++ ) - { - diff = n1[i] ^ n2[i]; - - if( diff == 0 ) - continue; - - if( diff == 32 && - ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || - ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) - { - continue; - } - - return( -1 ); - } - - return( 0 ); -} - -/* - * Return 0 if name matches wildcard, -1 otherwise - */ -static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) -{ - size_t i; - size_t cn_idx = 0, cn_len = strlen( cn ); - - /* We can't have a match if there is no wildcard to match */ - if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) - return( -1 ); - - for( i = 0; i < cn_len; ++i ) - { - if( cn[i] == '.' ) - { - cn_idx = i; - break; - } - } - - if( cn_idx == 0 ) - return( -1 ); - - if( cn_len - cn_idx == name->len - 1 && - x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) - { - return( 0 ); - } - - return( -1 ); -} - -/* - * Compare two X.509 strings, case-insensitive, and allowing for some encoding - * variations (but not all). - * - * Return 0 if equal, -1 otherwise. - */ -static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b ) -{ - if( a->tag == b->tag && - a->len == b->len && - memcmp( a->p, b->p, b->len ) == 0 ) - { - return( 0 ); - } - - if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && - ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && - a->len == b->len && - x509_memcasecmp( a->p, b->p, b->len ) == 0 ) - { - return( 0 ); - } - - return( -1 ); -} - -/* - * Compare two X.509 Names (aka rdnSequence). - * - * See RFC 5280 section 7.1, though we don't implement the whole algorithm: - * we sometimes return unequal when the full algorithm would return equal, - * but never the other way. (In particular, we don't do Unicode normalisation - * or space folding.) - * - * Return 0 if equal, -1 otherwise. - */ -static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b ) -{ - /* Avoid recursion, it might not be optimised by the compiler */ - while( a != NULL || b != NULL ) - { - if( a == NULL || b == NULL ) - return( -1 ); - - /* type */ - if( a->oid.tag != b->oid.tag || - a->oid.len != b->oid.len || - memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) - { - return( -1 ); - } - - /* value */ - if( x509_string_cmp( &a->val, &b->val ) != 0 ) - return( -1 ); - - /* structure of the list of sets */ - if( a->next_merged != b->next_merged ) - return( -1 ); - - a = a->next; - b = b->next; - } - - /* a == NULL == b */ - return( 0 ); -} - /* * Check the signature of a certificate by its parent */ From cb93813e0497ccfd15d1f7a709519f5d2fbb2c3d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 2 Nov 2018 09:19:54 +0000 Subject: [PATCH 342/368] Don't perform binary comparison of CRL issuer and CA subject Previously, when checking whether a CRT was revoked through one of the configured CRLs, the library would only consider those CRLs whose `issuer` field binary-matches the `subject` field of the CA that has issued the CRT in question. If those fields were not binary equivalent, the corresponding CRL was discarded. This is not in line with RFC 5280, which demands that the comparison should be format- and case-insensitive. For example: - If the same string is once encoded as a `PrintableString` and another time as a `UTF8String`, they should compare equal. - If two strings differ only in their choice of upper and lower case letters, they should compare equal. This commit fixes this by using the dedicated x509_name_cmp() function to compare the CRL issuer with the CA subject. Fixes #1784. --- library/x509_crt.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index f75684372..97a4bbf24 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1814,9 +1814,7 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, while( crl_list != NULL ) { if( crl_list->version == 0 || - crl_list->issuer_raw.len != ca->subject_raw.len || - memcmp( crl_list->issuer_raw.p, ca->subject_raw.p, - crl_list->issuer_raw.len ) != 0 ) + x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 ) { crl_list = crl_list->next; continue; @@ -1826,7 +1824,8 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, * Check if the CA is configured to sign CRLs */ #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - if( mbedtls_x509_crt_check_key_usage( ca, MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) + if( mbedtls_x509_crt_check_key_usage( ca, + MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; From b12fd31415e68bf4c003f8422f48d36e7144bc7f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 2 Nov 2018 09:36:45 +0000 Subject: [PATCH 343/368] Adapt ChangeLog --- ChangeLog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index 7e1955ae1..b88599895 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,15 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Fix overly strict DN comparison when looking for CRLs + belonging to a particular CA. This previously lead to + ignoring CRLs when the CRL's issuer name and the CA's + subject name differed in their string encoding (e.g., + one using PrintableString and the other UTF8String) or + in the choice of upper and lower case. Reported by + HenrikRosenquistAndersson in #1784. + Features * Add support for temporarily suspending expensive ECC computations after some configurable amount of operations, to be used in single-threaded From 381c77c0c4e9ea73be15a788e3351be1433bf761 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 1 Nov 2018 15:07:42 +0000 Subject: [PATCH 344/368] Change serial in test-ca.crt from 0 to 3 to circumvent ASN.1 bug As of 2.13.1, mbedtls_asn1_write_mpi() doesn't write 0 correctly. #2166. --- tests/suites/test_suite_x509parse.data | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 406cf5931..ccdc5fabd 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -8,7 +8,7 @@ x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number X509 Certificate information #3 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C -x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" +x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" X509 Certificate information MD2 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C @@ -813,7 +813,7 @@ x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss- X509 Certificate verification callback: simple depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: simple, EE expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE @@ -825,15 +825,15 @@ x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt": X509 Certificate verification callback: two trusted roots depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: two trusted roots, reversed order depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" +x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C @@ -861,11 +861,11 @@ x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expire X509 Certificate verification callback: two intermediates depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates, root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates, top int trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C From 6e1adee42b3a9b9c2a439ddf0d2d5584a3ec53f9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 1 Nov 2018 16:53:21 +0000 Subject: [PATCH 345/368] Regenerate test files Previous commits have added or modified build instructions for server1*, server2*, server5*, test-ca*, cli-rsa* in the Makefile tests/data_files/Makefile, or the apps they invoke have been changed. This commit regenerates those files to make sure they are in match with the build instructions. --- library/certs.c | 22 +++-- tests/data_files/cli-rsa-sha1.crt | 21 +++-- tests/data_files/cli-rsa-sha256.crt | 21 +++-- tests/data_files/server1.cert_type.crt | 16 ++-- .../data_files/server1.cert_type_noauthid.crt | 18 ++-- tests/data_files/server1.crt | 16 ++-- tests/data_files/server1.key_usage.crt | 16 ++-- .../data_files/server1.key_usage_noauthid.crt | 18 ++-- tests/data_files/server1.noauthid.crt | 16 ++-- tests/data_files/server1.req.cert_type | 18 ++-- tests/data_files/server1.req.key_usage | 18 ++-- tests/data_files/server1.req.ku-ct | 16 ++-- tests/data_files/server1.req.md4 | 16 ++-- tests/data_files/server1.req.md5 | 16 ++-- tests/data_files/server1.req.sha1 | 16 ++-- tests/data_files/server1.req.sha224 | 16 ++-- tests/data_files/server1.req.sha256 | 16 ++-- tests/data_files/server1.req.sha384 | 16 ++-- tests/data_files/server1.req.sha512 | 16 ++-- tests/data_files/server1.v1.crt | 18 ++-- tests/data_files/server2-sha256.crt | 23 +++--- tests/data_files/server2.crt | 75 ++--------------- tests/data_files/server5.req.ku.sha1 | 8 +- tests/data_files/test-ca-alt-good.crt | 21 +++-- tests/data_files/test-ca-good-alt.crt | 21 +++-- tests/data_files/test-ca-sha1.crt | 21 +++-- tests/data_files/test-ca-sha256.crt | 21 +++-- tests/data_files/test-ca.crt | 82 +++---------------- tests/data_files/test-ca_cat12.crt | 82 +++---------------- tests/data_files/test-ca_cat21.crt | 82 +++---------------- 30 files changed, 271 insertions(+), 511 deletions(-) diff --git a/library/certs.c b/library/certs.c index f1379b8cb..374f12fc1 100644 --- a/library/certs.c +++ b/library/certs.c @@ -218,12 +218,13 @@ const size_t mbedtls_test_ca_key_rsa_len = sizeof( mbedtls_test_ca_key_rsa ); const char mbedtls_test_ca_pwd_rsa[] = "PolarSSLTest"; const size_t mbedtls_test_ca_pwd_rsa_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1; +/* tests/data_files/server2.crt */ const char mbedtls_test_srv_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" -"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" +"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" "MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" -"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" +"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" @@ -231,16 +232,17 @@ const char mbedtls_test_srv_crt_rsa[] = "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" -"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY\r\n" -"oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw\r\n" -"UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y\r\n" -"iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M\r\n" -"wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS\r\n" -"RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8\r\n" -"zhuYwjVuX6JHG0c=\r\n" +"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAAFzC0rF\r\n" +"y6De8WMcdgQrEw3AhBHFjzqnxZw1ene4IBSC7lTw8rBSy3jOWQdPUWn+0y/pCeeF\r\n" +"kti6sevFdl1hLemGtd4q+T9TKEKGg3ND4ARfB5AUZZ9uEHq8WBkiwus5clGS17Qd\r\n" +"dS/TOisB59tQruLx1E1bPLtBKyqk4koC5WAULJwfpswGSyWJTpYwIpxcWE3D2tBu\r\n" +"UB6MZfXZFzWmWEOyKbeoXjXe8GBCGgHLywvYDsGQ36HSGtEsAvR2QaTLSxWYcfk1\r\n" +"fbDn4jSWkb4yZy1r01UEigFQtONieGwRFaUqEcFJHJvEEGVgh9keaVlOj2vrwf5r\r\n" +"4mN4lW7gLdenN6g=\r\n" "-----END CERTIFICATE-----\r\n"; const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa ); +/* tests/data_files/server2.key */ const char mbedtls_test_srv_key_rsa[] = "-----BEGIN RSA PRIVATE KEY-----\r\n" "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" @@ -271,6 +273,7 @@ const char mbedtls_test_srv_key_rsa[] = "-----END RSA PRIVATE KEY-----\r\n"; const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa ); +/* tests/data_files/cli-rsa-sha256.crt */ const char mbedtls_test_cli_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" @@ -295,6 +298,7 @@ const char mbedtls_test_cli_crt_rsa[] = "-----END CERTIFICATE-----\r\n"; const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa ); +/* tests/data_files/cli-rsa.key */ const char mbedtls_test_cli_key_rsa[] = "-----BEGIN RSA PRIVATE KEY-----\r\n" "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" diff --git a/tests/data_files/cli-rsa-sha1.crt b/tests/data_files/cli-rsa-sha1.crt index 906f6dfa7..ffbe21a17 100644 --- a/tests/data_files/cli-rsa-sha1.crt +++ b/tests/data_files/cli-rsa-sha1.crt @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTcwNTA1MTMwNzEwWhcNMjcwNTA2MTMwNzEwWjA8MQswCQYDVQQGEwJOTDERMA8G +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu @@ -9,13 +9,12 @@ M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v 4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/ /DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB -o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa -gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV -BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud -EwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAE/yq2fOqjI0jm52TwdVsTUvZ+B2s16u -C4Qj/c89iZ7VfplpOAEV9+G6gHm/gf2O7Jgj0yXfFugQ2d+lR70cH64JFn9N1Rg9 -gCo5EDBLourI8R0Kkg9zdlShBv7giwqg667Qjsu+oEWVerICOqNQGolotYSZvmtJ -7RiD8I4MXB4Qt0sSjxE897pvc4ODem10zXzvedv/q11q1mUn2L1fFc1dGIguk1fn -I/XP87FCapRobUTYrF6IvdqFaUMQ7lF3GiUIvjDPb4Wt1CyHhi/tu/SfV3fmX3rs -19UeGnvC7AdQ+OwLt3nEIlSpqVKPXHKfRKZg1WzZNgCQtNB1SrZAzFc= +o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC +AQEAX0vLL6qw6zYaO7a1ZXXJhWL8/vm1+yz5HrnXPX62xBD7P+cVGrOoNbD1QAj9 +otOpUsWYmHRvhotO42oqPsnoPA0JpGRR2elbTrcK9uDxg6PWwoix3uHPRuXdRIsU +jee2TcGilXgJw1HDvJ04E5qowAtAgOcE41ZraAN43GHO2PjxcXEEoWzqSqvlUrv3 +AOaCTn9X73izMRgPbQBnJjknIzoYwWgVFaDEW/lZE0+LLa99/mxFFUBhYzAY+h/R +rmtslJIyIzTd3sLo+XZ0hNtlBM0u1okOspSWtmoNdSiJDZMJ4LL71xuJYG46Sl/0 +1hH/1pZigeufZgYrQgqG8oHT4A== -----END CERTIFICATE----- diff --git a/tests/data_files/cli-rsa-sha256.crt b/tests/data_files/cli-rsa-sha256.crt index a0fc11e20..c81f98fb3 100644 --- a/tests/data_files/cli-rsa-sha256.crt +++ b/tests/data_files/cli-rsa-sha256.crt @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTcwNTA1MTMwNzU5WhcNMjcwNTA2MTMwNzU5WjA8MQswCQYDVQQGEwJOTDERMA8G +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu @@ -9,13 +9,12 @@ M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v 4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/ /DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB -o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa -gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV -BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud -EwQCMAAwDQYJKoZIhvcNAQELBQADggEBAC7yO786NvcHpK8UovKIG9cB32oSQQom -LoR0eHDRzdqEkoq7yGZufHFiRAAzbMqJfogRtxlrWAeB4y/jGaMBV25IbFOIcH2W -iCEaMMbG+VQLKNvuC63kmw/Zewc9ThM6Pa1Hcy0axT0faf1B/U01j0FIcw/6mTfK -D8w48OIwc1yr0JtutCVjig5DC0yznGMt32RyseOLcUe+lfq005v2PAiCozr5X8rE -ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj -c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q= +o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC +AQEAlHabem2Tu69VUN7EipwnQn1dIHdgvT5i+iQHpSxY1crPnBbAeSdAXwsVEqLQ +gOOIAQD5VIITNuoGgo4i+4OpNh9u7ZkpRHla+/swsfrFWRRbBNP5Bcu74AGLstwU +zM8gIkBiyfM1Q1qDQISV9trlCG6O8vh8dp/rbI3rfzo99BOHXgFCrzXjCuW4vDsF +r+Dao26bX3sJ6UnEWg1H3o2x6PpUcvQ36h71/bz4TEbbUUEpe02V4QWuL+wrhHJL +U7o3SVE3Og7jPF8sat0a50YUWhwEFI256m02KAXLg89ueUyYKEr6rNwhcvXJpvU9 +giIVvd0Sbjjnn7NC4VDbcXV8vw== -----END CERTIFICATE----- diff --git a/tests/data_files/server1.cert_type.crt b/tests/data_files/server1.cert_type.crt index 91c3a9021..cf384cbaf 100644 --- a/tests/data_files/server1.cert_type.crt +++ b/tests/data_files/server1.cert_type.crt @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE----- MIIDUjCCAjqgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf @@ -11,10 +11,10 @@ lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zARBglghkgBhvhCAQEEBAMC -AEAwDQYJKoZIhvcNAQEFBQADggEBAJ28VuktjDGkUWcVpM/W+YjohFDay676Yozx -BbBLU3QZiDkcdXZbX/jOaKKBGWrjWiB6txchV4XrlvEtVtPgPrQLil2xaD20LOqJ -e/ZEFIAIndf06CAcimdQaPD6mww04v3gZw3cwPQd/aMQCw9tm93tyf6YU4uIh/o8 -evG1ZBrNHRyiW18kbuueLNZ2daYQIISRJSIFrAERacfOvA8r7yXJCqZnB6AU5j9u -V+ySNW3sdZIOTfs1nWKU6SECWo72dd89Yvs7wCf3NSZNM2UemLeOjQOmZIHBiR8L -PAhDxhra5B/QBKaWeTVQohEvKz75pLAWouUGIKlgHiqJ4cvBGcg= +AEAwDQYJKoZIhvcNAQEFBQADggEBAEQOk5Ejgu/GsxvMo+RknXcta5Qr6MiNo1EM +G5Xrf++aaf4Mi38p5ZxWDxQDyBmutSnuJgzO+Dxe5w/RNojFa4ri4g5Zk8zwfIcQ +8jR6a9DJtxarxDj/UqEzaiBa5MpxsbQqbmou7X7YW9LHDzmCgzbaabyWCuGYxvmh +lDbcISST73G+vJEeExcBHyom/GV9TNcFAGa66YV/FtABg2tiy9znmUeMnZeYkC9S +05m6UstAU6pMdwiTpjZjovsTlAcmC76XmE/GpREhRvtGCKTb2pUi3agqsrapABmF +EGZT9cpwkrl3cxh+jxAMEuhJLdEScDWHVsiNS5y9yxitWC4NqR4= -----END CERTIFICATE----- diff --git a/tests/data_files/server1.cert_type_noauthid.crt b/tests/data_files/server1.cert_type_noauthid.crt index ed8b80baa..7545e0b46 100644 --- a/tests/data_files/server1.cert_type_noauthid.crt +++ b/tests/data_files/server1.cert_type_noauthid.crt @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE----- MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf @@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR -BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBABNT+r+6vvlpjtyz -mewrGOKPt5iwb8w2aReJ0AWuyQzTiduN26MhXq93cXHV0pHj2rD7MfiBEwBSWnf9 -FcxkE0g77GVyM9Vs9Uy/MspIqOce7JD0c36G4EI8lYce2TYwQLE9CGNl+LDxqkLy -prijXBl/FaD+IO/SNMr3VVnfFEZqPUxg+BSTaGgD+52Z7B4nPP0xGPjlW367RGDv -9dIkr1thve2WOeC9ixxl9K/864I7/0GdbgKSf77xl3/5vnQUOY7kugRvkvxWIgHS -HNVnmEN2I2Nb0M8lQNF1sFDbpFwVbh9CkBF5LJNesy0VWd67Ho6EntPEb7vBFF/x -jz0b2l4= +BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBAJc3yZUS9X3/lb63 +Nlt8rtXC45wbWZUoOK8N55IzEJC7FrttAStq24kq9QV0qiox8m1WLA+6xVaeZaXu +h2z3WlUlyCNaKqHEpuSYu/XQ0td6j3jCMj3VDSZGHnKgliQ9fkkt+waPVCAZldwj +rHsZibl2Dqzb3KttKqD1VyEVOUJ+saXRDJLFdK1M9nwdWMfOg/XE0WbqfVzw9COs +08dJ6KL7SOvXtiOVQLNv7XN/2j+wF6+IoLDdLCDByj5VtK2q2vyVk5tpDJI1S696 +dP8Zi7VbBTS9OlVC+Gw3CntDKZA8e215MNG6iBuEM2mgi4i0umo7mN8FoA1zusnE +8mCO55Q= -----END CERTIFICATE----- diff --git a/tests/data_files/server1.crt b/tests/data_files/server1.crt index d81b26afc..dfc92b3ee 100644 --- a/tests/data_files/server1.crt +++ b/tests/data_files/server1.crt @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf @@ -11,10 +11,10 @@ lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC -AQEAvc+WwZUemsJu2IiI2Cp6liA+UAvIx98dQe3kZs2zAoF9VwQbXcYzWQ/BILkj -NImKbPL9x0g2jIDn4ZvGYFywMwIO/d++YbwYiQw42/v7RiMy94zBPnzeHi86dy/0 -jpOOJUx3IXRsGLdyjb/1T11klcFqGnARiK+8VYolMPP6afKvLXX7K4kiUpsFQhUp -E5VeM5pV1Mci2ETOJau2cO40FJvI/C9W/wR+GAArMaw2fxG77E3laaa0LAOlexM6 -A4KOb5f5cGTM5Ih6tEF5FVq3/9vzNIYMa1FqzacBLZF8zSHYLEimXBdzjBoN4qDU -/WzRyYRBRjAI49mzHX6raleqnw== +AQEAm9GKWy4Z6eS483GoR5omwx32meCStm/vFuW+nozRwqwTG5d2Etx4TPnz73s8 +fMtM1QB0QbfBDDHxfGymEsKwICmCkJszKE7c03j3mkddrrvN2eIYiL6358S3yHMj +iLVCraRUoEm01k7iytjxrcKb//hxFvHoxD1tdMqbuvjMlTS86kJSrkUMDw68UzfL +jvo3oVjiexfasjsICXFNoncjthKtS7v4zrsgXNPz92h58NgXnDtQU+Eb9tVA9kUs +Ln/az3v5DdgrNoAO60zK1zYAmekLil7pgba/jBLPeAQ2fZVgFxttKv33nUnUBzKA +Od8i323fM5dQS1qQpBjBc/5fPw== -----END CERTIFICATE----- diff --git a/tests/data_files/server1.key_usage.crt b/tests/data_files/server1.key_usage.crt index 8f4e59f2d..3a678ff31 100644 --- a/tests/data_files/server1.key_usage.crt +++ b/tests/data_files/server1.key_usage.crt @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE----- MIIDTzCCAjegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf @@ -11,10 +11,10 @@ lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCAeAw -DQYJKoZIhvcNAQEFBQADggEBABKC/1x0m57EY4H412ue3ghCWgg07VcRKamnUSTs -tnqI5T0mSvuPrxhINdQB6360ibctBkXP3S9rxGHiUdeK/JqxYs2YamCs50TSWpon -p4Hzcmjsw1YgXsQ6pmYwkzU03zqs361gt7JSOzL2dN0IjwIy47qfLQb/AXhX2Ims -7gBuqVpYqJuSHR0qsN/c6WgIE3IrbK1MB6CJTkxBfcSc5E4oUIBHmww+RSVLOczM -nGk3U13dmfG0ndhMtrMyyxBZZSUwoZLjRZ6J5mHSv+k8oo1PYQeiivNEP53mgVaY -ha0gLUIk6zNBRpY1uUmxQ+RQSMIyYPBb1RedHn2s8El2mlo= +DQYJKoZIhvcNAQEFBQADggEBAE4sz3ghfpolZ0rH6Q3CWIYQ1Q+aGBwQiCCBsApP +8qZd880Kt+BiEdSsaU16S8CIMdOcHGQGB7dXK9wdTWkIqaW9I7fRPgDNDIhJoYDD +67h1P+cEQeXT9900H173nYlM1vL9zLcnmmqEO7j8jXSpsR5mcCMPkR52RqxweLJw +LGPeSlA+DF0WbezJc28FUgXAl8Kxm3Od40exMeicHtfgCnIykH1NEW3gXpc91nFT +RoNRdEAIGHMX5Dd5QDlt2vlaKNXFtcx2xUXXIi71YNQybH3p6KXayPMFQzrBwoXJ +YHevmjUaw7UH31fULa1dtd/dWmp8cCaKB4vBr0DBJPiMJMw= -----END CERTIFICATE----- diff --git a/tests/data_files/server1.key_usage_noauthid.crt b/tests/data_files/server1.key_usage_noauthid.crt index d66e51535..4a72ac1bc 100644 --- a/tests/data_files/server1.key_usage_noauthid.crt +++ b/tests/data_files/server1.key_usage_noauthid.crt @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE----- MIIDLjCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf @@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO -BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBAJZRIISo4+rDvHXXaS43 -shfSkyJyur588mNJFzty1WVfhaIkwjMIGHeGlHS29fwgPsBUgelZ3Qv3J7wsm42+ -3BwQet0l36FIBIJtFhcrTGlaCFUo/5bZJUPGgiOFB9ec/8lOszVlX8cH34UimWqg -q2wXRGoXWPbuRnUWlJhI2bAv5ri9Mt7Rs4nK4wyS1ZjC8ByXMn4tk3yMjkUEqu0o -37zoQiF+FJApu0eTKK5goA2hisyfCX9eJMppAbcyvJwoj/AmiBkXW8J3kEMJtLmZ -VoxXYknnXumxBLxUrGuamR/3cmbaJHIHE1Dqox7hB+9miyp4lue1/uXHCocGAIeF -JTo= +BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBALqfFzzWOViKBXoFhtcc +Ulzg1ShK20z3zeD6TL5Ss2+kMIGhvvvUMtcATIFa9LxZ//a0as1CACphxmrsqaju +LDvnXjWLB+e7pJPQ+4XixKmA3QoQI6sduH03/4eRp/Er/+zXD7+uapz+GimiExJt +mjW1Oz5n2Q7L9vQabqz0n9+8rM/chsfgipQSKmV0rXe/K1N4yuggh62r8kn9UaUR +TKm6HaMIFBrZNwMy8TAc3gSq5rqbN8/ONiCBpW/LvwTnd7fFSl7yeetAbj08gpu2 +dkfYp/DK9Hs1KQFCi0u1pr9JIqFxNy6tUTO90ydq6QXj4E5yZhmitLPk5wPCozN+ +rIc= -----END CERTIFICATE----- diff --git a/tests/data_files/server1.noauthid.crt b/tests/data_files/server1.noauthid.crt index 99c004f62..f778ae9e4 100644 --- a/tests/data_files/server1.noauthid.crt +++ b/tests/data_files/server1.noauthid.crt @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE----- MIIDHjCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf @@ -10,10 +10,10 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB oywwKjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAN -BgkqhkiG9w0BAQUFAAOCAQEAUMDKviuchRc4ICoVwi9LFyfQjxFQLgjnX1UYSqc5 -UptiJsDpbJ+TMbOhNBs7YRV7ju61J33ax1fqgcFWkc2M2Vsqzz9+3zJlQoQuOLxH -5C6v5/rhUEV9HMy3K5SIa/BVem9osWvMwDnB8g5k3wCZAnOuFcT6ttvzRqz6Oh9d -avozrYHsATzPXBal41Gf95cNVcJ1pn/JgE4EOijMqmAPldVbCqfXLl6TB0nJS6dm -q9z73DGrVQlOwmCVI+qD2POJI67LuQ0g6Y0WVMxsWilMppt+UrEknMzk4O4qOaUs -1B20vI/bN4XPDnw58psazdoBxFL+fAk5MbTNKETNHjBsIg== +BgkqhkiG9w0BAQUFAAOCAQEAaf6oVaFgPEUYjT6cNoMf3p4Ja7EKr2Lp9jX0aV0D +Q4WwTg/QG3OVBX9IdK+ezAPuBRE7YWFKfbUR5MajWQt0MQPKXh0u7Tr4Z5JG3lXH +P/QzYZqTkSD9zlb0MHvYUl1T/Ulc4Ws7qSvf3iocvtSAZJIxNi9hxu2nXk2N4OGY +zyTONjlBtKjXa1THHKZzA5o1e4n2crtCDzXJFVqLeeIwW4zAqepXhGU1nepbazNP +B3IYzD+JM36XiDPAlci7ZDwpXHrT6fqlBOtfrUH+NAHXCSG2WT+6B4nVZW/P/Qrv +Hxrq4lP5fgpyX4jxa4UFW9YwRaUN7IAWuZL5dWINbiJZbg== -----END CERTIFICATE----- diff --git a/tests/data_files/server1.req.cert_type b/tests/data_files/server1.req.cert_type index 5677f32be..b9b9f067c 100644 --- a/tests/data_files/server1.req.cert_type +++ b/tests/data_files/server1.req.cert_type @@ -1,17 +1,17 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICpTCCAY0CAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow -GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +MIICpTCCAY0CAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAkMCIGCSqGSIb3DQEJDjEV -MBMwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQB95Pkjpg/N -Jbgl5nZcAk8maGMpUFlrhJS4kGutQKZugNX9v8cfABW905IHYXV1dm6zxVcyeqZM -FiOgbV943fu5JbufoazdYXnnR2/iKMigqX4CzZrK3F5ZzegxkfDIfDrn/shC+rWb -SS5WBVLJ3QNj9vwn3/b66IRbp/ViOwHx7+9JT4K/rLId/ynjYf2T57AsmNd/jptc -Zs19fGgtrUXweWkliEZN2zE47Cc53jkx6+Li4TNs4Bjk5P/aXrCP0fBwgGt2K6YW -dQ/nr0PwIbXzVlgUukSTHkJJfhF4Y/WqcUfOPrRdw+zxOLusJ9nzJBR0FOohcBxM -kPBVna0dze/o +MBMwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQCMX3H6BiGP +VRvLu8UHIhsj9WgrGDRogOMVHOrQm+0fnGyxZa2UwftSZf2qLBZ+DmJStHabXibw +QuWA9BMVFDih5yGMhdzQC8iQQCjfYOS0sfhy7p76q89rVO0E9KAtvFH2ApbaDAck +m1WdQvYey2rYnT1ucHGdn017Iu1CaY8qnmh7Fhuov++69eGGG4MjRVT/7Ywufjo5 +Fn+JsMhj4IonP/jwKIUBskK15MkTQhKpyl5rQK/8v+7bWlsuqhiNPSYg6rgIrjmN +QxxzqP5NLPdlS4ksN6zcuwdq21l+li8zakjbeUvyqZb7E6vTHJaNBOp7Y7jv25gG +5/PjwquYbKFr -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.key_usage b/tests/data_files/server1.req.key_usage index 053aed909..4c20eeded 100644 --- a/tests/data_files/server1.req.key_usage +++ b/tests/data_files/server1.req.key_usage @@ -1,17 +1,17 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICnzCCAYcCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow -GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +MIICnzCCAYcCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAeMBwGCSqGSIb3DQEJDjEP -MA0wCwYDVR0PBAQDAgHgMA0GCSqGSIb3DQEBBQUAA4IBAQCj6jCu0wE5OQ1JGQwZ -FNwPqZrvKntSq2yLIbgmGxwlvDLxOzn0KmidSFiKRqh0KXwj9siodlz5C0d9tUqq -7xUXg+j+wDHqUV8zo42Jke+UmWXFPpnXx/fDFGTITdLSn8ZDxkt31ESLTEVZvPFD -odm+C+zWJtKpyL+9op4KvyBQ1MZ9nWZpwMaK4g4mdtOIsz75gMa74w8ZT7VzhGMY -cZGmafsl7x++GDDtf0oCPgrj9xy+Ovv/GyUBaB+6lweflTfPDTRSoN0meFlP5ynF -vqcBM5JKH2FUQIizfc9o6Z8tKxe9FCov3x8szAuoMRA7bjhVngeQIrEkTcaQBvBY -NalC +MA0wCwYDVR0PBAQDAgHgMA0GCSqGSIb3DQEBBQUAA4IBAQAIDkjGHokLINOSKAij +DuBWyW72udNBwSmRAFYDyNoybWX+KJLFckyReF1S0YRHXWOljwxERF6htUEqIJDI +vIzlXyV0YqHNmWEFpyRxyIllQ7X4NWnVm3zHYORx2utdy3EyNsNb4Rb/JNh6Qpqr +27DB+frWaBYk27RPTdZz/ItZIicX8iHrAHL0aC6raQYvZfM1ybYehAh7Qx3asHKI +XDcrbV50Kzrd0SgC4P6Z6/5C5uUL9AfcKnB2oj5VP2TM0BA6q+XRQFkJ3TO1UTLB +lCKb9B1cIpVsT0YsOg/qptUh90zgd0x7FDa084ccwUJG73VXtHC6eioE4fbfrm5L +9BNK -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.ku-ct b/tests/data_files/server1.req.ku-ct index 0e057d58a..98666d272 100644 --- a/tests/data_files/server1.req.ku-ct +++ b/tests/data_files/server1.req.ku-ct @@ -1,6 +1,6 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICsjCCAZoCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow -GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +MIICsjCCAZoCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF @@ -8,10 +8,10 @@ W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAxMC8GCSqGSIb3DQEJDjEi MCAwCwYDVR0PBAQDAgHgMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQUF -AAOCAQEANlNG9hW852OzVKj2Z8TtU9jxstAoSCH9yc9Coj4Vw2TTjs1zcuBWsMl1 -2bf2I6ZvEH6ZhcQY7i7nyHQyPlqE4l6U9D8ct967QN7smuAHNY2HiQ2++eCBTHck -PdtGJAzIvNlXcoqNi8UC5fGepNtI1usNo41SKMvbg6nGA5gdcQKk7CVlk8lrD0qI -Xn/HvjSRoDE4ZGxAtNvPXWorGSxtgcy8EMPoXVUab5fNt8q//x/NQ4yEQKPrexmR -IuOiQ8VW8QZtkORGpZbGSvskU0WfKANui4zCcXYRc4mVR4Wf0C+fyHeihhjslSnT -RbC7nQn5HSHp31qJlr80QodywaK1Dg== +AAOCAQEAhDH3BQWViy67+9sdlrTvv0cIJ1IbogaM221MUasNIbfLi+KKfw50mzTa +V/BCXPT+EzmOptBl+F2iZVQyr2c0nWbBZBHnykS3f0fgifm6yWVEYwJqxUC5+uxK +bZztsHocTuqODpqYILycYkFXCcY8ZFHmz9XZorpUVTpZULW33EmLee5/BYI7whkA +bVoSNB5tAb8kGZQffDnGkHiRfu8dbbEnkPYqm/cerN+4yCh1v1CGFh2lMn4d5p0L +o9GvMsPM8pxdffZWZI9T0JnlHwtAJDA5G/MFYJdHzLzcHpvDA99MdNO4DMAiUyWb +PCDL5e7mJ0lnBp8RppLBR7GEkznIQQ== -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.md4 b/tests/data_files/server1.req.md4 index 44c53d760..15585499c 100644 --- a/tests/data_files/server1.req.md4 +++ b/tests/data_files/server1.req.md4 @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow -GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBAwUA -A4IBAQAPPUzYvUA+HQTteMhkGcuD6XtsZ3i2gQdDGgLUxtMAVFw+/5ZS6l+WqPgq -WQIOsEINPHnjUAMz5pjbFdFqu7X5G29THa2da0Ua2bJO/bu3CZ6EksGmclqaQ2Zl -vfkWaI3bfPFh8eKHF+F5oaVp0gHviCakNqxot4rrZdL8pnJC5JJ+f76y6SgHYOao -SGCv1gYURhIsX0gWCqldsCwxJQFEig9HISUcXViGGVnLdshUtuKL9yNZ/HNAOuOk -7N7a7ur8KMmvar1jkTq+zKSSuSrzmU2JvxFdqU0Gr7A35jgnVG8sj66L4lAcwdoG -sP8OmC1hWh4U3avH6EHdEG8lw0U7 +A4IBAQAu8SbWDi5udXrs/lljV+jdHky2BFuVFNxZgj5QvLslffdx2/Tj4MVCsqkY +tAcy5g/urW1WwHcnJ20PRgt60m3BSUJffdKF/kgRyTN1oBFpApHGAJEHPahR/3Mz +hMBk4D/r6lga60iUhIfky8o8KU+ovHXROHzGfYaVySatpyJW6tkJOz/1ZKLI4s4K +HGLFxKBd6bvyuMSCpV31J7ZHPQfSH38VEEaTLJ2QOltWDX5k4DlL/F3I5K4VFWOm +DMndMXkb7LhL9jcaJJRzEmbX3aMdt2aXhQt2LDFMnMCeSHI014URnQd6IzRQYZPp +qGZf2UmuJdLeIMzSNX2rZ+SVDX9o -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.md5 b/tests/data_files/server1.req.md5 index 950f5c4bd..57714ede3 100644 --- a/tests/data_files/server1.req.md5 +++ b/tests/data_files/server1.req.md5 @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow -GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBAUA -A4IBAQAQx+EjsPUUYac3t1v24lPOYqrKM52XYDwSnwW5Okjn+YxJowZyd8gfzmfp -vp4+//h5P3VlQDwaXeMTgKCizjf+jdACNJe60/RxYpYFKrvy67ZSr/h7fhdm52Jz -/tSCbh6FwH1075loBuWLuzD7Pvm1X1FJmbp2ceaJozDnXTAKFdVTqdiRYwyg4iPl -krhONGNe132aYZtFssdjSCim+bB+/sagR3SuJPoQ+8EjDXYG75n4ZVa4dAcjVoYk -pg0YK5cuH1FHCXOBO4N1+G0skL8AZwlv+rhKQk6lpGt+AQ8LSjCz2zHUnfpaXXWp -s1dq9ufjbJdaHDjkBY1gZ3BMmXPw +A4IBAQCEiv3QM4xyKhYTsoOjyzQdXMhsXK3Kpw+Rh874Hf6pXHxUaYy7xLUZUx6K +x5Bvem1HMHAdmOqYTzsE9ZblAMZNRwv/CKGS3pvMkx/VZwXQhFGlHLFG//fPrgl3 +j4dt20QsWP8LnL4LweYSYI1wt1rjgYRHeF6bG/VIck6BIYQhKOGlzIwWUmfAGym6 +q4SYrd+ObZullSarGGSfNKjIUEpYtfQBz31f5tRsyzSps7oG4uc7Xba4qnl2o9FN +lWOMEER79QGwr7+T41FTHFztFddfJ06CCjoRCfEn0Tcsg11tSMS0851oLkMm8RyY +aozIzO82R3Em7aPhZBiBDy3wZC2l -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.sha1 b/tests/data_files/server1.req.sha1 index f4c61bc57..578ec7f79 100644 --- a/tests/data_files/server1.req.sha1 +++ b/tests/data_files/server1.req.sha1 @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow -GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBQUA -A4IBAQCACO1GoBxMdGoWLtk0USbZIJkJidvraTyuuVMMvTaRHAseepNZWtbI2VjZ -8BYFKnY9uSX4uozODi5Tkv2dCSwAFFJs7bsALqpjqfU1kwQSbfLoT8twf7o51Zw8 -LAEKW0GpifhI4NJAaIeh5EyfMeXH5RFAz31T95Eat56eLcewDK5nWUdQx/KkkSIb -AFKqPKz8F9KS1tEty5UYmC1QV+q7NG1aOrWcuqvszpyUbsz/u32QH0Lp7E3lXMt1 -vyFfAsA6KBLTUmyTVQHz4snQAb5CFNLOrXnHbtjem7ZmhDzE1DS/7o8NK49zuXUW -YUMPRpZDSNUpIBmZs2NBTARSEc04 +A4IBAQCiYQMOv2ALPUeg8wHKn9L5SdDbNxOzuMwhYsCYTw2TJMQO7NLUq6icEzxY +pUIIFt60JUQjZHxQSY3y9cSivwKXQA7pPfaPaFC/aMA2GxG23t2eaIWNQX8MfcWf +XAa8bl/vmC1MTov+mP2DGoXRiKYORrEInyDS2RaTathvHckcAv25nCIx7wYO9tC9 +LUwyoE9bhiQ7fo3KFlz4dK1HukyCM/FoPbJuL7NgdzmKVPyYCLh5Ah+TTD6+sltz +dFc4fj28w1v3jsBXz+tLrgFQidzuUI2poxt5UwU9TKY0dAJaTCtfIRcXW3h6DGG7 +EDR6rim6sbIQkGzYvGqs4TNoJOR+ -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.sha224 b/tests/data_files/server1.req.sha224 index e52196dbc..a4f2af4c1 100644 --- a/tests/data_files/server1.req.sha224 +++ b/tests/data_files/server1.req.sha224 @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow -GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDgUA -A4IBAQAed2cYY9P/xJNHBrHDxjeh5uFyDskCvw06Kvy8FJt6G/0ncnfhSpPnevao -UPf2jk07iMIFiaDDKc3yg4H2Uh44+Ud2YdAxHYWttKnvj43XSoWSnmUDEiUqgPAP -C4EmgPEfsxtj+nI5fwIGEvfb3mJ31FJxnSJREcaH8uqyXW4vfF8e0o+9gdM+aTw/ -OJj+dYvepfIpB+1jIq1srr9NLJjKlvHBhQFbIcIgQXJKcw5z04hgjdoSuQckMO5z -3gVaaHfjCJQT1tDWfjLTCceDoJPskeo7xbDvXnCho+ZLtyMesoCvOEeZLJhDYTlw -H5jw6f9GW8Q9XP+EQcf6ZhtmYLrU +A4IBAQArYR2mLKU5lsHyAyGHr4PlmC/cfePmCRyC/mj1riGTjDlNC2X3J1VZDqKb +U/uUxLudP7sbuttRksIAREATT74Pa40bMWiPUlBfA/M2mFTmKb/91uXeIISW8DL3 +xM/5BCDrhnZ/cjP23gKDgJRk+IGBNhYZDGz50TIBbDJ2e4GDkFjzANngUW64UcCQ +7hZOYtnYLBnoRvPwtal5jZqHwsgaPPePXu+SQ8mfuAJwJ78MOCAaKw0IP1h1OnPG +iubdl34lSIaYWwbHTdjaqUSQG3SSs4oxEvluYymrpZ6XGKXtphJXEPdTRiLu9d9l +A5NYVgvqHFQPmuXS92zrGzB788pV -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.sha256 b/tests/data_files/server1.req.sha256 index 804c4a551..6d21dc5d9 100644 --- a/tests/data_files/server1.req.sha256 +++ b/tests/data_files/server1.req.sha256 @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow -GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA -A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb -+OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr -eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19 -3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm -TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF -ox+ATHKxQ/XpRQP+2OTb9sw1kM59 +A4IBAQCVlSU7qeKri7E3u8JCZbCyjsGJTH9iHYyeDZ/nDLig7iKGYvyNmyzJ76Qu ++EntSmL2OtL95Yqooc6h1AQHzoCs+SO2wPoTUs3Ypi9r7vNNVO3ZnnxVtGgqCRVA +W+z9W4p2mHXQhgW1HkuLa5JD1SvJViyZbx9z3ie1BQ9NVKfv++ArPIv70zBtA7O3 +PZNG1JYN30Esz7RsCDRHbz6Npvu9ggUQL/U3mvQQ+Yo+xhwu1yFV+dRH7PebBeQv +vjcD2fXDabeofK3zztIpUIyUULX0GGClM9jslgJ/ZHUlArWKpLZph0AgF1Dzts// +M6c/sRw7gtjXmV0zq2tf2fL4+e2b -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.sha384 b/tests/data_files/server1.req.sha384 index 7c764f7a8..b857af7f1 100644 --- a/tests/data_files/server1.req.sha384 +++ b/tests/data_files/server1.req.sha384 @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow -GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDAUA -A4IBAQA/XVYxhCWWWExy+O5y/zI1121L5MPjrlLypgP+ZDU8TUq8fusryYAgVATo -njpff6RF9QTKZhouFmgwicEnE6Xuw1LZt4SWskEyISMsTemx3eiY3YSu7uqpMIIh -h5ht1qGxkFZaLG0REIlUWqVTKk9oWLOg6pv+qees00SAn031Vc2C3++ctQONUrko -fc8aAGAi9DvSuFkfjhZkp8Fr4d7buHQPmJiYxRp27K5NbVxrr0GCB3wh7ruGc8Mc -K+PNQvoz425dHK3dHzeoIWD2Ka25mbjglbW1rqAdTkZSYH2QqZTHsKCr0u5iPtSD -gF7K0AMuT2LIeSs1p82n+cLF78fz +A4IBAQBy35zHYLiYaScq1niQkzQ/BScUbdiWd2V90isBsB5Q3NjVoJl/yCaMrla3 +2XfrutpFpdqwenl5jM0o6+enKCmfur+z2/ije69Dju2aBd6A62cx1AEvFiMq7lyF +4DYJ32+2ty6KA8EhzE3NFs7zKXxmD5ybp+oXNEvXoeU3W8a+Ld5c1K/n+Ipa0TUy +cFBs6dCsbYO9wI6npwWqC5Hc9r/0zziMFO+4N5VORdYUFqObq4vCYOMXETpl8ryu +lGZorNUoJ7vV55T31CDqEtb0EE+nO+nT4agfDobncYjvc3WpQuLtUB4UwR5gpZl6 +ZI+j4uwikOgGO9gcx4IjaRP3q63F -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.sha512 b/tests/data_files/server1.req.sha512 index 43d709533..85d52460d 100644 --- a/tests/data_files/server1.req.sha512 +++ b/tests/data_files/server1.req.sha512 @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow -GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDQUA -A4IBAQBH78JrIboWUlOiUzEwxuYkaRBr22DfdSHlNVjnenrTsSsSdfPenfrUbs42 -NfzhJtvLBnDMs9olsiyPNKZnROmjl/4Da5ScVBfdA7oSImwdsaL0krAju8lJosy7 -ypqNejQQDgjL00HkaVyqjnEWY68enAkaK64suQ4w0pkGmtdZyg0nBiH1VI72PcPR -Fu2wxSkvvYj+BcHVAY/GWRMTHw1mkmsQna7AsZ1MFIF3ycIW5Fom6d0wpB6clJ3M -vNTBc7kZIR1BQyblyU96acesxJURJn5xO9Yf9OSsTbd7Xm5xK6DpQWxFFEgdVtir -hSAqtp54nVnLe4QihmVAlM8zt2ON +A4IBAQBb8jNpt0nkNVWstVoOCepQSF5R1R9hF0yEr7mk3HB9oO/nK07R1Oamgjw+ +CHQReTSjIKUX53o7ZwNZB5E+jBDsGz/2Yyj/vxNHJFk2exELtW30he8K2omVHE1F +XESbftCssWLNpTSDq6ME12+llkEDtgCtkv69oRUkuuF5ESUSZRGIZN4Vledm8SM1 +uGFtaG/PXbBbtUaNwNISDeIWDKRtbuca5web+QEi1djiUH21ZWIGEpOy7mtkYmRs +Qt1D32FoaqFNhafiaxNIXO11yd4lgpaDDlmrOSBsELcTIF9916o3DwMeVXy0GONW +BrwaO8q8rg+C+xvMY7858Kk8kwjb -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.v1.crt b/tests/data_files/server1.v1.crt index b13be4351..e85ed30fc 100644 --- a/tests/data_files/server1.v1.crt +++ b/tests/data_files/server1.v1.crt @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- MIIC6zCCAdMCAQEwDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UEBhMCTkwxETAPBgNV -BAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4XDTExMDIx -MjE0NDQwNloXDTIxMDIxMjE0NDQwNlowPDELMAkGA1UEBhMCTkwxETAPBgNVBAoT -CFBvbGFyU1NMMRowGAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZI +BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBMB4XDTExMDIx +MjE0NDQwNloXDTIxMDIxMjE0NDQwNlowPDELMAkGA1UEBhMCTkwxETAPBgNVBAoM +CFBvbGFyU1NMMRowGAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb 7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJ BEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8Yw fhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5B Xhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1Y ieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAATANBgkq -hkiG9w0BAQUFAAOCAQEAPMRfR9ql7b06b5DdNyJhD96lBzuVSUOW2MgVHT2Vs7NB -tk5L1htpA5N4uaIeyt6YM0xU0nHdHUKaywNcDiXcnzvRoctGWiWdpcEvdA0rYRF5 -T4MGPpjEuLJcG3aTU8mV8wUEbrY6IEnSpC1G9iasjhkwAF7pb/Ic8+/riwmPD/Fh -zBrRfBCgi5VXbX9IvY+yQHRVRal8y+n4eh9/hFxBKDbvuidFropGzcuparEwCIRi -U7L/7aZ3A5wsQp9GPDliSjpeYCf5tok/bvjG4xU041pGQ7yVNpu2mEIoqDz9v+Ay -IKqsWradEnFG/1ov78a2RB+2+iIPE4iCDtmKUkgPjQ== +hkiG9w0BAQUFAAOCAQEAOKzKoIMPjmKis0WH0t9/Bn5cMAPsBAgeqROeWqAs1N7j +FIpCoyQW43t1rAtga946X6/IanTuLKScPkhNrcX4ASn0+DzaNxVelumjjfD6NEcn +/Fnq0a+5oNcqXrM9lCBtqFnGcDoFJq3VMA3P+YCqZ9ZaYy30mOkZRVlddMQCpk7g +RxVBLEaPL1DlSmR1hIvsHQ51DGU6xEnbrxGn19dFf1yfC+vnf5mhKPB8XGWd+IjZ +WkYsfmBe2hwH58XNvVf0suX9aQS16vwqpPbPi3wQ2d3cX1/vCCW4cCYW7Pytc3Op +pBjHEIkmil2/30+Rqk4SbZvo99MMPGIOREOJ81sNRw== -----END CERTIFICATE----- diff --git a/tests/data_files/server2-sha256.crt b/tests/data_files/server2-sha256.crt index 006d9dbed..f8a5b8b97 100644 --- a/tests/data_files/server2-sha256.crt +++ b/tests/data_files/server2-sha256.crt @@ -1,21 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTcwNTA5MTM1MTA1WhcNMjcwNTEwMTM1MTA1WjA0MQswCQYDVQQGEwJOTDERMA8G +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya -HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBkjCBjzAd -BgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwYwYDVR0jBFwwWoAUtFrkpbPe -0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh -clNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBDQYIBADAJBgNVHRMEAjAAMA0G -CSqGSIb3DQEBCwUAA4IBAQAQf85QSjAeP+l6hirPorUL+k/3BznAh/6RXdveBO3K -uwtqK5qI59+3N+ZLXP7fr2Z5eO8qpchRgNNwT0LKglAEXGWn30PYI1GKSiqAaK0X -CUNIrxV3qKqOLbtqP1dMdiwsmiHYrN8E9UdysObedE2yDNLpTMHPJBZ+k6FowTyZ -IpUuabkxMBFxmLv+nOBDOiaCzintEcdJdY4F6p5j8jwMvVNVAXNfxAEwa0MoVRTt -/GORvq4ZEfsatVA+HRi602m+dZETTWKSODrj8AuQcG8/i1AOhk3C1WNOFKj/ZSfB -2P6EQmhLeRp4bO+3rG73T3R2yn0PZYQ7ZrjFPPKqgu+n +HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD +VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw +FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAGGEshT5 +kvnRmLVScVeUEdwIrvW7ezbGbUvJ8VxeJ79/HSjlLiGbMc4uUathwtzEdi9R/4C5 +DXBNeEPTkbB+fhG1W06iHYj/Dp8+aaG7fuDxKVKHVZSqBnmQLn73ymyclZNHii5A +3nTS8WUaHAzxN/rajOtoM7aH1P9tULpHrl+7HOeLMpxUnwI12ZqZaLIzxbcdJVcr +ra2F00aXCGkYVLvyvbZIq7LC+yVysej5gCeQYD7VFOEks0jhFjrS06gP0/XnWv6v +eBoPez9d+CCjkrhseiWzXOiriIMICX48EloO/DrsMRAtvlwq7EDz4QhILz6ffndm +e4K1cVANRPN2o9Y= -----END CERTIFICATE----- diff --git a/tests/data_files/server2.crt b/tests/data_files/server2.crt index dca4c2423..33393ee1b 100644 --- a/tests/data_files/server2.crt +++ b/tests/data_files/server2.crt @@ -1,65 +1,8 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Validity - Not Before: Feb 12 14:44:06 2011 GMT - Not After : Feb 12 14:44:06 2021 GMT - Subject: C=NL, O=PolarSSL, CN=localhost - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c1:4d:a3:dd:e7:cd:1d:d1:04:d7:49:72:b8:99: - ac:0e:78:e4:3a:3c:4a:cf:3a:13:16:d0:5a:e4:cd: - a3:00:88:a7:ee:1e:6b:96:a7:52:b4:90:ef:2d:72: - 7a:3e:24:9a:fc:b6:34:ac:24:f5:77:e0:26:64:8c: - 9c:b0:28:7d:a1:da:ea:8c:e6:c9:1c:96:bc:fe:c1: - 04:52:b3:36:d4:a3:fa:e1:b1:76:d8:90:c1:61:b4: - 66:52:36:a2:26:53:aa:ab:74:5e:07:7d:19:82:db: - 2a:d8:1f:a0:d9:0d:1c:2d:49:66:f7:5b:25:73:46: - e8:0b:8a:4f:69:0c:b5:00:90:e1:da:82:10:66:7d: - ae:54:2b:8b:65:79:91:a1:e2:61:c3:cd:40:49:08: - ee:68:0c:f1:8b:86:d2:46:bf:d0:b8:aa:11:03:1e: - 7f:56:a8:1a:1e:44:18:0f:0f:85:8b:da:8b:44:5e: - e2:18:c6:62:2f:c7:66:8d:fa:5d:d8:7d:f3:27:89: - 29:01:c5:90:0e:3f:27:f1:30:c8:4a:0e:ef:d6:de: - c7:c7:27:6b:c7:05:3d:7a:c4:02:3c:9a:1d:3e:0f: - e8:34:98:5b:cb:73:4b:52:96:d8:11:a2:2c:80:88: - 69:39:5a:d3:0f:b0:de:59:2f:11:c7:f7:ea:12:01: - 30:97 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - A5:05:E8:64:B8:DC:DF:60:0F:50:12:4D:60:A8:64:AF:4D:8B:43:93 - X509v3 Authority Key Identifier: - keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - - Signature Algorithm: sha1WithRSAEncryption - 9c:67:5c:29:58:a0:79:1b:a7:bd:1c:a8:1a:ec:19:72:f2:6c: - 0e:f8:73:36:ce:e5:17:4b:12:01:6c:ee:b1:d5:4b:da:fe:73: - 6f:77:96:e4:bf:29:d9:62:2d:27:19:a8:0c:d8:57:29:70:51: - f4:56:bc:a3:28:5a:11:d8:2a:9d:dd:10:84:b8:c5:35:e4:eb: - fe:73:5f:18:6f:f5:1c:3c:48:67:3c:aa:7e:af:21:31:e4:d5: - 2d:66:3d:eb:ed:7a:48:1a:b1:8e:58:89:64:2e:33:78:78:61: - 59:51:1f:71:c7:10:c0:03:d5:39:c0:7b:17:d7:1c:70:c5:40: - 67:be:05:dd:62:01:bc:f5:fe:c1:fd:1f:c9:78:4a:dc:17:e9: - e8:2f:4c:ad:cc:c1:74:70:90:a9:2f:8c:a6:84:0c:0f:40:4d: - b6:71:d2:62:3c:2c:6b:31:4a:e0:aa:7b:da:fd:77:28:e6:b6: - d7:78:ec:9d:69:d5:1b:a5:cf:70:8b:cd:a4:5c:54:8b:92:45: - 14:1f:68:3f:27:78:cf:5c:d5:2f:e2:27:f6:a6:4d:5a:89:c4: - 0d:4a:39:d3:92:e7:bf:34:5a:13:df:48:0a:c0:fa:0e:2a:02: - 64:a3:7a:57:37:a7:8c:16:a6:16:bc:ce:1b:98:c2:35:6e:5f: - a2:47:1b:47 -----BEGIN CERTIFICATE----- MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM @@ -67,11 +10,11 @@ tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw -FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY -oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw -UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y -iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M -wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS -RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8 -zhuYwjVuX6JHG0c= +FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAAFzC0rF +y6De8WMcdgQrEw3AhBHFjzqnxZw1ene4IBSC7lTw8rBSy3jOWQdPUWn+0y/pCeeF +kti6sevFdl1hLemGtd4q+T9TKEKGg3ND4ARfB5AUZZ9uEHq8WBkiwus5clGS17Qd +dS/TOisB59tQruLx1E1bPLtBKyqk4koC5WAULJwfpswGSyWJTpYwIpxcWE3D2tBu +UB6MZfXZFzWmWEOyKbeoXjXe8GBCGgHLywvYDsGQ36HSGtEsAvR2QaTLSxWYcfk1 +fbDn4jSWkb4yZy1r01UEigFQtONieGwRFaUqEcFJHJvEEGVgh9keaVlOj2vrwf5r +4mN4lW7gLdenN6g= -----END CERTIFICATE----- diff --git a/tests/data_files/server5.req.ku.sha1 b/tests/data_files/server5.req.ku.sha1 index 7556d1a05..39fc346b4 100644 --- a/tests/data_files/server5.req.ku.sha1 +++ b/tests/data_files/server5.req.ku.sha1 @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGjAY -BgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +MIIBFzCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY +BgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD -AgHAMAsGByqGSM49BAEFAANIADBFAiBjnnD7nwsFnCL+MpPPFJE3K/Tgj+5rAgXj -e5UejDX2CAIhAKdbigWJL/ZatvG9CFHq7ykrRns2x8JEXehWu8DsXdx9 +AgHAMAsGByqGSM49BAEFAANJADBGAiEA5MGFTJkpOtCV7bAx+N+t4gP3JDM9RH3W +mIXzSpcBwvACIQDf7f9ytclwouV1DQTFSUKxExIm48H60hk3lh19i3bGOw== -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/test-ca-alt-good.crt b/tests/data_files/test-ca-alt-good.crt index 50c145358..f9beba032 100644 --- a/tests/data_files/test-ca-alt-good.crt +++ b/tests/data_files/test-ca-alt-good.crt @@ -20,9 +20,9 @@ QHOkQQQJM9UoV0fEA1N5lsc9uSQxPmZCVMw/W+MFIEkH6nbgh0bM/qjcaqDsWXyT n5RutVDPESLLKaZxeR7J8srX/0nzhOiPIX+hDRWqhwQLxVkkRs6MxVDoiw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny @@ -30,13 +30,12 @@ mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA -FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE -CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j -4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w -XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB -G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57 -ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY -n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA== +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA +A4IBAQB2W2dIy4q4KysbrTL4HIaOqu62RceGuQ/KhyiI6O0ndCtQ/PgCBqHHTP8u +8F1X2ivb60ynHV6baMLPI4Kf1k4MONtLSf/++1qh0Gdycd3A8IDAfy0YnC1F3OPK +vWO/cZGitKoTbEpP4y4Rng3sFCDndRCWIRIDOEEW/H3lCcfL7sOQojdLl85ajFkh +YvcDqjmnTcspUnuq9Y00C7porXJthZwz1S18qVjcFNk0zEhVMUbupSrdXVmKtOJW +MWZjgcA+OXzcnb2hSKWbhjykH/u6/PqkuHPkD723rwXbmHdxRVS9CW57kDkn5ezJ +5pE6Sam4qFsCNFJNBV9FRf3ZBMFi -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca-good-alt.crt b/tests/data_files/test-ca-good-alt.crt index 9edf4c228..f360a7696 100644 --- a/tests/data_files/test-ca-good-alt.crt +++ b/tests/data_files/test-ca-good-alt.crt @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny @@ -9,15 +9,14 @@ mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA -FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE -CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j -4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w -XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB -G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57 -ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY -n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA== +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA +A4IBAQB2W2dIy4q4KysbrTL4HIaOqu62RceGuQ/KhyiI6O0ndCtQ/PgCBqHHTP8u +8F1X2ivb60ynHV6baMLPI4Kf1k4MONtLSf/++1qh0Gdycd3A8IDAfy0YnC1F3OPK +vWO/cZGitKoTbEpP4y4Rng3sFCDndRCWIRIDOEEW/H3lCcfL7sOQojdLl85ajFkh +YvcDqjmnTcspUnuq9Y00C7porXJthZwz1S18qVjcFNk0zEhVMUbupSrdXVmKtOJW +MWZjgcA+OXzcnb2hSKWbhjykH/u6/PqkuHPkD723rwXbmHdxRVS9CW57kDkn5ezJ +5pE6Sam4qFsCNFJNBV9FRf3ZBMFi -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER diff --git a/tests/data_files/test-ca-sha1.crt b/tests/data_files/test-ca-sha1.crt index 7cb35d48b..e8b537c72 100644 --- a/tests/data_files/test-ca-sha1.crt +++ b/tests/data_files/test-ca-sha1.crt @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny @@ -9,13 +9,12 @@ mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA -FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE -CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T -BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfDd5khSv/+K3De9qmH/ID3CVapGS -EN5MlXS5vvGCjZSA41MuXkUl11akKHXQ9aLlp85OZUdGbfQ5wwCoj/MymbT4fES2 -1dI8O1oI3PZI/0dqEvQETlIwSoZV2c/oaPRfh2E99v2+8FNIaZOfV2MX1n9+6AdO -W2nlK2oklozXSYg6KWtISr8N8Ofew2LQ9+riFlrrdaxsr8CoJqPqMDTq7FUmkDmO -oHize/h9bFksIunKoVQHa8P4w/W9bnR69nziyhZotbwOOkAWVnIyEM9QnaKWXeIy -rP6ewcTQjNYkguHJ8RY9rW+5bdaSY4EljSqZ3P3F+zo8P6sVi3qSlai5lQ== +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA +A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI +yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv +czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST +S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM +iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS +NWqiX9GyusBZjezaCaHabjDLU0qQ -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca-sha256.crt b/tests/data_files/test-ca-sha256.crt index b14e405dd..9b08fe20a 100644 --- a/tests/data_files/test-ca-sha256.crt +++ b/tests/data_files/test-ca-sha256.crt @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny @@ -9,13 +9,12 @@ mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA -FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE -CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j -4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w -XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB -G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57 -ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY -n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA== +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA +A4IBAQB2W2dIy4q4KysbrTL4HIaOqu62RceGuQ/KhyiI6O0ndCtQ/PgCBqHHTP8u +8F1X2ivb60ynHV6baMLPI4Kf1k4MONtLSf/++1qh0Gdycd3A8IDAfy0YnC1F3OPK +vWO/cZGitKoTbEpP4y4Rng3sFCDndRCWIRIDOEEW/H3lCcfL7sOQojdLl85ajFkh +YvcDqjmnTcspUnuq9Y00C7porXJthZwz1S18qVjcFNk0zEhVMUbupSrdXVmKtOJW +MWZjgcA+OXzcnb2hSKWbhjykH/u6/PqkuHPkD723rwXbmHdxRVS9CW57kDkn5ezJ +5pE6Sam4qFsCNFJNBV9FRf3ZBMFi -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca.crt b/tests/data_files/test-ca.crt index f0eee2b82..e8b537c72 100644 --- a/tests/data_files/test-ca.crt +++ b/tests/data_files/test-ca.crt @@ -1,80 +1,20 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Validity - Not Before: Feb 12 14:44:00 2011 GMT - Not After : Feb 12 14:44:00 2021 GMT - Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32: - 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18: - 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87: - 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93: - e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14: - cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9: - ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90: - 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60: - c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb: - 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0: - e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72: - 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1: - 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13: - 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6: - e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38: - 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9: - ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f: - a2:d5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Subject Key Identifier: - B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - X509v3 Authority Key Identifier: - keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA - serial:00 - - Signature Algorithm: sha1WithRSAEncryption - b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07: - 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a: - 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9: - 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62: - 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26: - 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d: - 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5: - e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7: - e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f: - 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5: - 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce: - 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6: - 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca: - e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de: - f7:e0:e9:54 -----BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny 50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH -/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV -BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz -dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ -SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H -DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF -pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf -m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ -7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA +A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI +yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv +czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST +S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM +iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS +NWqiX9GyusBZjezaCaHabjDLU0qQ -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca_cat12.crt b/tests/data_files/test-ca_cat12.crt index 5e4bf063d..d989e3b13 100644 --- a/tests/data_files/test-ca_cat12.crt +++ b/tests/data_files/test-ca_cat12.crt @@ -1,82 +1,22 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Validity - Not Before: Feb 12 14:44:00 2011 GMT - Not After : Feb 12 14:44:00 2021 GMT - Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32: - 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18: - 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87: - 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93: - e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14: - cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9: - ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90: - 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60: - c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb: - 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0: - e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72: - 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1: - 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13: - 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6: - e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38: - 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9: - ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f: - a2:d5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Subject Key Identifier: - B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - X509v3 Authority Key Identifier: - keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA - serial:00 - - Signature Algorithm: sha1WithRSAEncryption - b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07: - 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a: - 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9: - 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62: - 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26: - 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d: - 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5: - e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7: - e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f: - 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5: - 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce: - 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6: - 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca: - e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de: - f7:e0:e9:54 -----BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny 50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH -/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV -BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz -dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ -SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H -DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF -pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf -m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ -7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA +A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI +yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv +czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST +S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM +iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS +NWqiX9GyusBZjezaCaHabjDLU0qQ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT diff --git a/tests/data_files/test-ca_cat21.crt b/tests/data_files/test-ca_cat21.crt index 5630789eb..97b4d2c9e 100644 --- a/tests/data_files/test-ca_cat21.crt +++ b/tests/data_files/test-ca_cat21.crt @@ -13,83 +13,23 @@ CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv uCjn8pwUOkABXK8Mss90fzCfCEOtIA== -----END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Validity - Not Before: Feb 12 14:44:00 2011 GMT - Not After : Feb 12 14:44:00 2021 GMT - Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32: - 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18: - 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87: - 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93: - e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14: - cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9: - ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90: - 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60: - c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb: - 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0: - e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72: - 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1: - 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13: - 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6: - e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38: - 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9: - ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f: - a2:d5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Subject Key Identifier: - B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - X509v3 Authority Key Identifier: - keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA - serial:00 - - Signature Algorithm: sha1WithRSAEncryption - b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07: - 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a: - 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9: - 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62: - 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26: - 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d: - 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5: - e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7: - e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f: - 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5: - 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce: - 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6: - 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca: - e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de: - f7:e0:e9:54 -----BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny 50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH -/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV -BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz -dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ -SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H -DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF -pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf -m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ -7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA +A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI +yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv +czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST +S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM +iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS +NWqiX9GyusBZjezaCaHabjDLU0qQ -----END CERTIFICATE----- From beffcd8d4acfd8a01ecf23a3a622a91ebb81e732 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 1 Nov 2018 17:23:27 +0000 Subject: [PATCH 346/368] Update hardcoded certificates in library/certs.c library/certs.c provides some hardcoded certificates that are used e.g. by the test applications ssl_server2, ssl_client2 in case no certificates are provided on the command line. The certificates used are from the tests/data_files folder and have been updated in the latest commits. This commit updates their copies in certs.c. It also adds comments indicating the files from which the data is taken, in order to ease update in the future. --- library/certs.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/library/certs.c b/library/certs.c index 374f12fc1..ff0f11e92 100644 --- a/library/certs.c +++ b/library/certs.c @@ -276,9 +276,9 @@ const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa ); /* tests/data_files/cli-rsa-sha256.crt */ const char mbedtls_test_cli_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" -"MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" +"MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" -"MTcwNTA1MTMwNzU5WhcNMjcwNTA2MTMwNzU5WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" +"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" @@ -286,15 +286,14 @@ const char mbedtls_test_cli_crt_rsa[] = "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" -"o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa\r\n" -"gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV\r\n" -"BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud\r\n" -"EwQCMAAwDQYJKoZIhvcNAQELBQADggEBAC7yO786NvcHpK8UovKIG9cB32oSQQom\r\n" -"LoR0eHDRzdqEkoq7yGZufHFiRAAzbMqJfogRtxlrWAeB4y/jGaMBV25IbFOIcH2W\r\n" -"iCEaMMbG+VQLKNvuC63kmw/Zewc9ThM6Pa1Hcy0axT0faf1B/U01j0FIcw/6mTfK\r\n" -"D8w48OIwc1yr0JtutCVjig5DC0yznGMt32RyseOLcUe+lfq005v2PAiCozr5X8rE\r\n" -"ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n" -"c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n" +"o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" +"BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" +"AQEAlHabem2Tu69VUN7EipwnQn1dIHdgvT5i+iQHpSxY1crPnBbAeSdAXwsVEqLQ\r\n" +"gOOIAQD5VIITNuoGgo4i+4OpNh9u7ZkpRHla+/swsfrFWRRbBNP5Bcu74AGLstwU\r\n" +"zM8gIkBiyfM1Q1qDQISV9trlCG6O8vh8dp/rbI3rfzo99BOHXgFCrzXjCuW4vDsF\r\n" +"r+Dao26bX3sJ6UnEWg1H3o2x6PpUcvQ36h71/bz4TEbbUUEpe02V4QWuL+wrhHJL\r\n" +"U7o3SVE3Og7jPF8sat0a50YUWhwEFI256m02KAXLg89ueUyYKEr6rNwhcvXJpvU9\r\n" +"giIVvd0Sbjjnn7NC4VDbcXV8vw==\r\n" "-----END CERTIFICATE-----\r\n"; const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa ); From ee334a3a5cfbc78abbb74d81aa74c5e8e9e6597e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 24 Oct 2018 12:33:07 +0100 Subject: [PATCH 347/368] Remove Doxygen tags from documentation of private structure --- library/x509_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 8bd39fdde..9d34801bc 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -38,12 +38,12 @@ typedef struct { const char *name; /* String representation of AttributeType, e.g. * "CN" or "emailAddress". */ - size_t name_len; /* Length of \c name, without trailing \c 0 byte. */ + size_t name_len; /* Length of 'name', without trailing 0 byte. */ const char *oid; /* String representation of OID of AttributeType, * as per RFC 5280, Appendix A.1. */ int default_tag; /* The default character encoding used for the * given attribute type, e.g. - * #MBEDTLS_ASN1_UTF8_STRING for UTF-8. */ + * MBEDTLS_ASN1_UTF8_STRING for UTF-8. */ } x509_attr_descriptor_t; #define ADD_STRLEN( s ) s, sizeof( s ) - 1 From cec1c2685f93949a5972da3a345411eb938fb8b6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 24 Oct 2018 12:31:45 +0100 Subject: [PATCH 348/368] Break overly long line in library/x509_create.c --- library/x509_create.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 9d34801bc..546e8fa1a 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -168,9 +168,10 @@ int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *na } else if( !in_tag && ( *c == ',' || c == end ) ) { - mbedtls_asn1_named_data* cur = mbedtls_asn1_store_named_data( head, oid, strlen( oid ), - (unsigned char *) data, - d - data ); + mbedtls_asn1_named_data* cur = + mbedtls_asn1_store_named_data( head, oid, strlen( oid ), + (unsigned char *) data, + d - data ); if(cur == NULL ) { From 5517755353edbd179fe680ac00dbb40fce9b1d9e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 24 Oct 2018 12:29:53 +0100 Subject: [PATCH 349/368] Improve wording and formatting of ASN.1 write module documentation --- include/mbedtls/asn1write.h | 251 +++++++++++++++++++++--------------- 1 file changed, 146 insertions(+), 105 deletions(-) diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 59e5d529a..76c1780b5 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -26,139 +26,171 @@ #include "asn1.h" -#define MBEDTLS_ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else \ - g += ret; } while( 0 ) +#define MBEDTLS_ASN1_CHK_ADD(g, f) \ + do { \ + if( ( ret = f ) < 0 ) \ + return( ret ); \ + else \ + g += ret; \ + } while( 0 ) #ifdef __cplusplus extern "C" { #endif /** - * \brief Write a length field in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write a length field in ASN.1 format. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param len the length to write + * \note This function works backwards in data buffer. * - * \return the length written or a negative error code + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * \param len The length value to write. + * + * \return The number of bytes written to \p p on success. + * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len ); - +int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, + size_t len ); /** - * \brief Write a ASN.1 tag in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write an ASN.1 tag in ASN.1 format. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param tag the tag to write + * \note This function works backwards in data buffer. * - * \return the length written or a negative error code + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * \param tag The tag to write. + * + * \return The number of bytes written to \p p on success. + * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, - unsigned char tag ); + unsigned char tag ); /** - * \brief Write raw buffer data - * Note: function works backwards in data buffer + * \brief Write raw buffer data. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param buf data buffer to write - * \param size length of the data buffer + * \note This function works backwards in data buffer. * - * \return the length written or a negative error code + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * \param buf The data buffer to write. + * \param size The length of the data buffer. + * + * \return The number of bytes written to \p p on success. + * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t size ); + const unsigned char *buf, size_t size ); #if defined(MBEDTLS_BIGNUM_C) /** - * \brief Write a big number (MBEDTLS_ASN1_INTEGER) in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write a arbitrary-precision number (#MBEDTLS_ASN1_INTEGER) + * in ASN.1 format. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param X the MPI to write + * \note This function works backwards in data buffer. * - * \return the length written or a negative error code + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * \param X The MPI to write. + * + * \return The number of bytes written to \p p on success. + * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X ); +int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, + const mbedtls_mpi *X ); #endif /* MBEDTLS_BIGNUM_C */ /** - * \brief Write a NULL tag (MBEDTLS_ASN1_NULL) with zero data in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write a NULL tag (#MBEDTLS_ASN1_NULL) with zero data + * in ASN.1 format. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) + * \note This function works backwards in data buffer. * - * \return the length written or a negative error code + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * + * \return The number of bytes written to \p p on success. + * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start ); /** - * \brief Write an OID tag (MBEDTLS_ASN1_OID) and data in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data + * in ASN.1 format. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param oid the OID to write - * \param oid_len length of the OID + * \note This function works backwards in data buffer. * - * \return the length written or a negative error code + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * \param oid The OID to write. + * \param oid_len The length of the OID. + * + * \return The number of bytes written to \p p on success. + * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len ); + const char *oid, size_t oid_len ); /** - * \brief Write an AlgorithmIdentifier sequence in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write an AlgorithmIdentifier sequence in ASN.1 format. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param oid the OID of the algorithm - * \param oid_len length of the OID - * \param par_len length of parameters, which must be already written. + * \note This function works backwards in data buffer. + * + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * \param oid The OID of the algorithm to write. + * \param oid_len The length of the algorithm's OID. + * \param par_len The length of the parameters, which must be already written. * If 0, NULL parameters are added * - * \return the length written or a negative error code + * \return The number of bytes written to \p p on success. + * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - size_t par_len ); +int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, + unsigned char *start, + const char *oid, size_t oid_len, + size_t par_len ); /** - * \brief Write a boolean tag (MBEDTLS_ASN1_BOOLEAN) and value in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value + * in ASN.1 format. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param boolean 0 or 1 + * \note This function works backwards in data buffer. * - * \return the length written or a negative error code + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * \param boolean The boolean value to write, either \c 0 or \c 1. + * + * \return The number of bytes written to \p p on success. + * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean ); +int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, + int boolean ); /** - * \brief Write an int tag (MBEDTLS_ASN1_INTEGER) and value in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value + * in ASN.1 format. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param val the integer value + * \note This function works backwards in data buffer. * - * \return the length written or a negative error code + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * \param val The integer value to write. + * + * \return The number of bytes written to \p p on success. + * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ); /** * \brief Write a string in ASN.1 format using a specific * string encoding tag. - * Note: function works backwards in data buffer + + * \note This function works backwards in data buffer. * * \param p The reference to the current position pointer. - * \param start The start of the buffer (for bounds-checking). + * \param start The start of the buffer, for bounds-checking. * \param tag The string encoding tag to write, e.g. * #MBEDTLS_ASN1_UTF8_STRING. * \param text The string to write. @@ -169,15 +201,17 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ); * \return A negative error code on failure. */ int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, - int tag, const char *text, size_t text_len ); + int tag, const char *text, + size_t text_len ); /** * \brief Write a string in ASN.1 format using the PrintableString * string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING). - * Note: The function works backwards in data buffer. + * + * \note This function works backwards in data buffer. * * \param p The reference to the current position pointer. - * \param start The start of the buffer (for bounds-checking). + * \param start The start of the buffer, for bounds-checking. * \param text The string to write. * \param text_len The length of \p text in bytes (which might * be strictly larger than the number of characters). @@ -192,10 +226,11 @@ int mbedtls_asn1_write_printable_string( unsigned char **p, /** * \brief Write a UTF8 string in ASN.1 format using the UTF8String * string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING). - * Note: The function works backwards in data buffer. + * + * \note This function works backwards in data buffer. * * \param p The reference to the current position pointer. - * \param start The start of the buffer (for bounds-checking). + * \param start The start of the buffer, for bounds-checking. * \param text The string to write. * \param text_len The length of \p text in bytes (which might * be strictly larger than the number of characters). @@ -207,12 +242,13 @@ int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start, const char *text, size_t text_len ); /** - * \brief Write a string in ASN.1 format using the IA5tring + * \brief Write a string in ASN.1 format using the IA5String * string encoding tag (#MBEDTLS_ASN1_IA5_STRING). - * Note: The function works backwards in data buffer. + * + * \note This function works backwards in data buffer. * * \param p The reference to the current position pointer. - * \param start The start of the buffer (for bounds-checking). + * \param start The start of the buffer, for bounds-checking. * \param text The string to write. * \param text_len The length of \p text in bytes (which might * be strictly larger than the number of characters). @@ -224,34 +260,38 @@ int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start, const char *text, size_t text_len ); /** - * \brief Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and - * value in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and + * value in ASN.1 format. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param buf the bitstring - * \param bits the total number of bits in the bitstring + * \note This function works backwards in data buffer. * - * \return the length written or a negative error code + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * \param buf The bitstring to write. + * \param bits The total number of bits in the bitstring. + * + * \return The number of bytes written to \p p on success. + * \return A negative error code on failure. */ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t bits ); + const unsigned char *buf, size_t bits ); /** - * \brief Write an octet string tag (MBEDTLS_ASN1_OCTET_STRING) and - * value in ASN.1 format - * Note: function works backwards in data buffer + * \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING) + * and value in ASN.1 format. * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param buf data buffer to write - * \param size length of the data buffer + * \note This function works backwards in data buffer. * - * \return the length written or a negative error code + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * \param buf The buffer holding the data to write. + * \param size The length of the data buffer \p buf. + * + * \return The number of bytes written to \p p on success. + * \return A negative error code on failure. */ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t size ); + const unsigned char *buf, size_t size ); /** * \brief Create or find a specific named_data entry for writing in a @@ -259,15 +299,16 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, * a new entry is added to the head of the list. * Warning: Destructive behaviour for the val data! * - * \param list Pointer to the location of the head of the list to seek - * through (will be updated in case of a new entry) - * \param oid The OID to look for - * \param oid_len Size of the OID - * \param val Data to store (can be NULL if you want to fill it by hand) - * \param val_len Minimum length of the data buffer needed + * \param list The pointer to the location of the head of the list to seek + * through (will be updated in case of a new entry). + * \param oid The OID to look for. + * \param oid_len The size of the OID. + * \param val The data to store (can be \c NULL if you want to fill + * it by hand). + * \param val_len The minimum length of the data buffer needed. * - * \return NULL if if there was a memory allocation error, or a pointer - * to the new / existing entry. + * \return A pointer to the new / existing entry on success. + * \return \c NULL if if there was a memory allocation error. */ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list, const char *oid, size_t oid_len, From a8b13d79bf9c61793b6e946d03b35c67f5769acc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 2 Nov 2018 10:09:48 +0000 Subject: [PATCH 350/368] Add tests for relaxed CRL-CA name comparison This commit introduces variants test-ca_utf8.crt, test-ca_printablestring.crt and test-ca_uppercase.crt of tests/data_files/test-ca.crt which differ from test-ca.crt in their choice of string encoding and upper and lower case letters in the DN field. These changes should be immaterial to the recovation check, and three tests are added that crl.pem, which applies to test-ca.crt, is also considered as applying to test-ca_*.crt. The test files were generated using PR #1641 which - adds a build instruction for test-ca.crt to tests/data_files/Makefile which allows easy change of the subject DN. - changes the default string format from `PrintableString` to `UTF8String`. Specifically: - `test-ca_utf8.crt` was generated by running `rm test-ca.crt && make test-ca.crt` on PR #1641. - `test-ca_uppercase.crt`, too, was generated by running `rm test-ca.crt && make test-ca.crt` on PR #1641, after modifying the subject DN line in the build instruction for `test-ca.crt` in `tests/data_files/Makefile`. - `test-ca_printable.crt` is a copy of `test-ca.crt` because at the time of this commit, `PrintableString` is still the default string format. --- tests/data_files/test-ca_printable.crt | 21 +++++++++++++++++++++ tests/data_files/test-ca_uppercase.crt | 20 ++++++++++++++++++++ tests/data_files/test-ca_utf8.crt | 20 ++++++++++++++++++++ tests/suites/test_suite_x509parse.data | 12 ++++++++++++ 4 files changed, 73 insertions(+) create mode 100644 tests/data_files/test-ca_printable.crt create mode 100644 tests/data_files/test-ca_uppercase.crt create mode 100644 tests/data_files/test-ca_utf8.crt diff --git a/tests/data_files/test-ca_printable.crt b/tests/data_files/test-ca_printable.crt new file mode 100644 index 000000000..d16da09a2 --- /dev/null +++ b/tests/data_files/test-ca_printable.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH +/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV +BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz +dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ +SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H +DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF +pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf +m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ +7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca_uppercase.crt b/tests/data_files/test-ca_uppercase.crt new file mode 100644 index 000000000..e8b537c72 --- /dev/null +++ b/tests/data_files/test-ca_uppercase.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA +A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI +yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv +czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST +S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM +iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS +NWqiX9GyusBZjezaCaHabjDLU0qQ +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca_utf8.crt b/tests/data_files/test-ca_utf8.crt new file mode 100644 index 000000000..e8b537c72 --- /dev/null +++ b/tests/data_files/test-ca_utf8.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA +A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI +yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv +czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST +S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM +iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS +NWqiX9GyusBZjezaCaHabjDLU0qQ +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 80e49d226..85f0d6556 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -399,6 +399,18 @@ X509 Certificate verification #5 (Revoked Cert) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" +X509 Certificate verification #5' (Revoked Cert, differing DN string formats #1) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca_utf8.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" + +X509 Certificate verification #5'' (Revoked Cert, differing DN string formats #2) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca_printable.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" + +X509 Certificate verification #5''' (Revoked Cert, differing upper and lower case) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca_uppercase.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" + X509 Certificate verification #6 (Revoked Cert) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" From 1f8527f1cf1c2137c67b87cdcd50e85cc6109137 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 2 Nov 2018 09:19:16 +0000 Subject: [PATCH 351/368] Move static x509_name_cmp() in library/x509_crt.c A subsequent change will need this function earlier within the file. --- library/x509_crt.c | 260 ++++++++++++++++++++++----------------------- 1 file changed, 130 insertions(+), 130 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 25aaff3b0..f75684372 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -227,6 +227,136 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, return( -1 ); } +/* + * Like memcmp, but case-insensitive and always returns -1 if different + */ +static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) +{ + size_t i; + unsigned char diff; + const unsigned char *n1 = s1, *n2 = s2; + + for( i = 0; i < len; i++ ) + { + diff = n1[i] ^ n2[i]; + + if( diff == 0 ) + continue; + + if( diff == 32 && + ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || + ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) + { + continue; + } + + return( -1 ); + } + + return( 0 ); +} + +/* + * Return 0 if name matches wildcard, -1 otherwise + */ +static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) +{ + size_t i; + size_t cn_idx = 0, cn_len = strlen( cn ); + + /* We can't have a match if there is no wildcard to match */ + if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) + return( -1 ); + + for( i = 0; i < cn_len; ++i ) + { + if( cn[i] == '.' ) + { + cn_idx = i; + break; + } + } + + if( cn_idx == 0 ) + return( -1 ); + + if( cn_len - cn_idx == name->len - 1 && + x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) + { + return( 0 ); + } + + return( -1 ); +} + +/* + * Compare two X.509 strings, case-insensitive, and allowing for some encoding + * variations (but not all). + * + * Return 0 if equal, -1 otherwise. + */ +static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b ) +{ + if( a->tag == b->tag && + a->len == b->len && + memcmp( a->p, b->p, b->len ) == 0 ) + { + return( 0 ); + } + + if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && + ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && + a->len == b->len && + x509_memcasecmp( a->p, b->p, b->len ) == 0 ) + { + return( 0 ); + } + + return( -1 ); +} + +/* + * Compare two X.509 Names (aka rdnSequence). + * + * See RFC 5280 section 7.1, though we don't implement the whole algorithm: + * we sometimes return unequal when the full algorithm would return equal, + * but never the other way. (In particular, we don't do Unicode normalisation + * or space folding.) + * + * Return 0 if equal, -1 otherwise. + */ +static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b ) +{ + /* Avoid recursion, it might not be optimised by the compiler */ + while( a != NULL || b != NULL ) + { + if( a == NULL || b == NULL ) + return( -1 ); + + /* type */ + if( a->oid.tag != b->oid.tag || + a->oid.len != b->oid.len || + memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) + { + return( -1 ); + } + + /* value */ + if( x509_string_cmp( &a->val, &b->val ) != 0 ) + return( -1 ); + + /* structure of the list of sets */ + if( a->next_merged != b->next_merged ) + return( -1 ); + + a = a->next; + b = b->next; + } + + /* a == NULL == b */ + return( 0 ); +} + /* * Reset (init or clear) a verify_chain */ @@ -1756,136 +1886,6 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, } #endif /* MBEDTLS_X509_CRL_PARSE_C */ -/* - * Like memcmp, but case-insensitive and always returns -1 if different - */ -static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) -{ - size_t i; - unsigned char diff; - const unsigned char *n1 = s1, *n2 = s2; - - for( i = 0; i < len; i++ ) - { - diff = n1[i] ^ n2[i]; - - if( diff == 0 ) - continue; - - if( diff == 32 && - ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || - ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) - { - continue; - } - - return( -1 ); - } - - return( 0 ); -} - -/* - * Return 0 if name matches wildcard, -1 otherwise - */ -static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) -{ - size_t i; - size_t cn_idx = 0, cn_len = strlen( cn ); - - /* We can't have a match if there is no wildcard to match */ - if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) - return( -1 ); - - for( i = 0; i < cn_len; ++i ) - { - if( cn[i] == '.' ) - { - cn_idx = i; - break; - } - } - - if( cn_idx == 0 ) - return( -1 ); - - if( cn_len - cn_idx == name->len - 1 && - x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) - { - return( 0 ); - } - - return( -1 ); -} - -/* - * Compare two X.509 strings, case-insensitive, and allowing for some encoding - * variations (but not all). - * - * Return 0 if equal, -1 otherwise. - */ -static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b ) -{ - if( a->tag == b->tag && - a->len == b->len && - memcmp( a->p, b->p, b->len ) == 0 ) - { - return( 0 ); - } - - if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && - ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && - a->len == b->len && - x509_memcasecmp( a->p, b->p, b->len ) == 0 ) - { - return( 0 ); - } - - return( -1 ); -} - -/* - * Compare two X.509 Names (aka rdnSequence). - * - * See RFC 5280 section 7.1, though we don't implement the whole algorithm: - * we sometimes return unequal when the full algorithm would return equal, - * but never the other way. (In particular, we don't do Unicode normalisation - * or space folding.) - * - * Return 0 if equal, -1 otherwise. - */ -static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b ) -{ - /* Avoid recursion, it might not be optimised by the compiler */ - while( a != NULL || b != NULL ) - { - if( a == NULL || b == NULL ) - return( -1 ); - - /* type */ - if( a->oid.tag != b->oid.tag || - a->oid.len != b->oid.len || - memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) - { - return( -1 ); - } - - /* value */ - if( x509_string_cmp( &a->val, &b->val ) != 0 ) - return( -1 ); - - /* structure of the list of sets */ - if( a->next_merged != b->next_merged ) - return( -1 ); - - a = a->next; - b = b->next; - } - - /* a == NULL == b */ - return( 0 ); -} - /* * Check the signature of a certificate by its parent */ From b75ffb5061a732a6869b87bd50dac58986f15486 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 2 Nov 2018 09:19:54 +0000 Subject: [PATCH 352/368] Don't perform binary comparison of CRL issuer and CA subject Previously, when checking whether a CRT was revoked through one of the configured CRLs, the library would only consider those CRLs whose `issuer` field binary-matches the `subject` field of the CA that has issued the CRT in question. If those fields were not binary equivalent, the corresponding CRL was discarded. This is not in line with RFC 5280, which demands that the comparison should be format- and case-insensitive. For example: - If the same string is once encoded as a `PrintableString` and another time as a `UTF8String`, they should compare equal. - If two strings differ only in their choice of upper and lower case letters, they should compare equal. This commit fixes this by using the dedicated x509_name_cmp() function to compare the CRL issuer with the CA subject. Fixes #1784. --- library/x509_crt.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index f75684372..97a4bbf24 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1814,9 +1814,7 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, while( crl_list != NULL ) { if( crl_list->version == 0 || - crl_list->issuer_raw.len != ca->subject_raw.len || - memcmp( crl_list->issuer_raw.p, ca->subject_raw.p, - crl_list->issuer_raw.len ) != 0 ) + x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 ) { crl_list = crl_list->next; continue; @@ -1826,7 +1824,8 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, * Check if the CA is configured to sign CRLs */ #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - if( mbedtls_x509_crt_check_key_usage( ca, MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) + if( mbedtls_x509_crt_check_key_usage( ca, + MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; From d3445da3eff6351339e7c0be8ff0c147152f82f3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 2 Nov 2018 09:36:45 +0000 Subject: [PATCH 353/368] Adapt ChangeLog --- ChangeLog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index 7e1955ae1..b88599895 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,15 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Fix overly strict DN comparison when looking for CRLs + belonging to a particular CA. This previously lead to + ignoring CRLs when the CRL's issuer name and the CA's + subject name differed in their string encoding (e.g., + one using PrintableString and the other UTF8String) or + in the choice of upper and lower case. Reported by + HenrikRosenquistAndersson in #1784. + Features * Add support for temporarily suspending expensive ECC computations after some configurable amount of operations, to be used in single-threaded From 5ed8c1ededa349cde7cb949171202d151067f9b4 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 5 Nov 2018 14:04:26 +0200 Subject: [PATCH 354/368] Avoid using restartable and alternative ECP imp. 1. Add a check that MBEDTLS_ECP_RESTARTABLE is not defined along any EC* alternative implementation. 2. Add a closing comment foran `#endif`. --- include/mbedtls/check_config.h | 10 ++++++++++ include/mbedtls/config.h | 3 +++ library/ecdsa.c | 4 ++-- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 9e6bb8a46..425e3ea58 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -108,6 +108,16 @@ #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_ECP_RESTARTABLE) && \ + ( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ + defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \ + defined(MBEDTLS_ECDSA_SIGN_ALT) || \ + defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ + defined(MBEDTLS_ECDSA_GENKEY_ALT) || \ + defined(MBEDTLS_ECP_ALT) ) +#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation" +#endif + #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C) #error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 28e860b18..c594b6944 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -694,6 +694,9 @@ * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. * * Uncomment this macro to enable restartable ECC computations. + * + * \note MBEDTLS_ECP_RESTARTABLE cannot be defined if there is an alternative + * implementation for one of the ECP, ECDSA or ECDH functions. * */ //#define MBEDTLS_ECP_RESTARTABLE diff --git a/library/ecdsa.c b/library/ecdsa.c index 54ecab11e..a62c14cbe 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -638,7 +638,7 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, MBEDTLS_MPI_CHK( ecdsa_sign_restartable( &ctx->grp, &r, &s, &ctx->d, hash, hlen, f_rng, p_rng, rs_ctx ) ); #endif /* MBEDTLS_ECDSA_SIGN_ALT */ -#endif +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) ); @@ -662,7 +662,7 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) ); } -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) && \ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) && \ defined(MBEDTLS_ECDSA_DETERMINISTIC) int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, From 19779c47397f68837566d7f051fb8aaa17f34792 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 5 Nov 2018 16:58:13 +0200 Subject: [PATCH 355/368] Some style and documentation fixes 1. Change description of of hte `MBEDTLS_ECP_RESTARTABLE` in the configuration file. 2. Change check for compilation of `rs_ctx` to positive flow. --- include/mbedtls/config.h | 5 +++-- library/ecdh.c | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c594b6944..950319a10 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -695,8 +695,9 @@ * * Uncomment this macro to enable restartable ECC computations. * - * \note MBEDTLS_ECP_RESTARTABLE cannot be defined if there is an alternative - * implementation for one of the ECP, ECDSA or ECDH functions. * + * \note This option only works with the default software implementation of + * elliptic curve functionality. It is incompatible with + * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_xxx_ALT and MBEDTLS_ECDSA_xxx_ALT. */ //#define MBEDTLS_ECP_RESTARTABLE diff --git a/library/ecdh.c b/library/ecdh.c index b7e25dcc9..307ee1fb2 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -191,14 +191,14 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, { int ret; size_t grp_len, pt_len; -#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) +#if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); -#if defined(MBEDTLS_ECP_RESTARTABLE) && !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( ctx->restart_enabled ) rs_ctx = &ctx->rs; #endif From b430d9f26209c18102719b9f6ab70af75744b92f Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 5 Nov 2018 17:18:29 +0200 Subject: [PATCH 356/368] Change to positive checks 1. Checge to check for `MBEDTLS_ECP_RESTARTABLE` for all definitions of `rs_ctx`. 2. Remove checks for `_ALT` when using `rs_ctx` as they cannot coexist with the Restartable configuration. --- library/ecdh.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 307ee1fb2..5fb06cca3 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -212,7 +212,7 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng, rs_ctx ) ) != 0 ) return( ret ); -#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */ if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) ) != 0 ) @@ -286,14 +286,14 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int ret; -#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) +#if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); -#if defined(MBEDTLS_ECP_RESTARTABLE) && !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( ctx->restart_enabled ) rs_ctx = &ctx->rs; #endif @@ -342,14 +342,14 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int ret; -#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) +#if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif if( ctx == NULL || ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); -#if defined(MBEDTLS_ECP_RESTARTABLE) && !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) +#if defined(MBEDTLS_ECP_RESTARTABLE) if( ctx->restart_enabled ) rs_ctx = &ctx->rs; #endif From 93ace0199b05cb5d9cd3d3853c54f7c52087fae8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 5 Nov 2018 17:50:07 +0200 Subject: [PATCH 357/368] Revert positive flow check Revert changes for checking whether `MBEDTLS_ECP_RESTARTABLE` is defined, since it broke the CI. The context is used whether the restartable feature is defined or not. --- library/ecdh.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 5fb06cca3..0fed2d19d 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -191,7 +191,7 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, { int ret; size_t grp_len, pt_len; -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif @@ -286,7 +286,7 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int ret; -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif @@ -342,7 +342,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int ret; -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif From 2981d8f16183e06a3fae2013ef8731842b1d5f89 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 5 Nov 2018 18:07:10 +0200 Subject: [PATCH 358/368] Change to positive flow for all cases Use the `rs_ctx` only when `MBEDTLS_ECP_RESTARTABLE` is defined. --- library/ecdh.c | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 0fed2d19d..e6ae99994 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -191,7 +191,7 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, { int ret; size_t grp_len, pt_len; -#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) +#if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif @@ -204,15 +204,15 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, #endif -#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) - if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng ) ) != 0 ) - return( ret ); -#else +#if defined(MBEDTLS_ECP_RESTARTABLE) if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng, rs_ctx ) ) != 0 ) return( ret ); -#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +#else + if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng ) ) != 0 ) + return( ret ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) ) != 0 ) @@ -286,7 +286,7 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int ret; -#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) +#if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif @@ -298,15 +298,15 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, rs_ctx = &ctx->rs; #endif -#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) - if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng ) ) != 0 ) - return( ret ); -#else +#if defined(MBEDTLS_ECP_RESTARTABLE) if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng, rs_ctx ) ) != 0 ) return( ret ); -#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +#else + if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng ) ) != 0 ) + return( ret ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format, olen, buf, blen ); @@ -342,7 +342,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int ret; -#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) +#if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif @@ -354,19 +354,19 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, rs_ctx = &ctx->rs; #endif -#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) - if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, - &ctx->d, f_rng, p_rng ) ) != 0 ) - { - return( ret ); - } -#else +#if defined(MBEDTLS_ECP_RESTARTABLE) if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d, f_rng, p_rng, rs_ctx ) ) != 0 ) { return( ret ); } -#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ +#else + if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, + &ctx->d, f_rng, p_rng ) ) != 0 ) + { + return( ret ); + } +#endif /* MBEDTLS_ECP_RESTARTABLE */ if( mbedtls_mpi_size( &ctx->z ) > blen ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); From 7213744b076d068820aa35a0325cadf9d98886bd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 5 Nov 2018 22:31:32 +0200 Subject: [PATCH 359/368] Fix typo in comment Change from from lower case to upper case in XXX_ALT comment in `MBEDTLS_ECP_RESTARTABLE` description. --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 950319a10..9f8192fd6 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -697,7 +697,7 @@ * * \note This option only works with the default software implementation of * elliptic curve functionality. It is incompatible with - * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_xxx_ALT and MBEDTLS_ECDSA_xxx_ALT. + * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT. */ //#define MBEDTLS_ECP_RESTARTABLE From f143a78011140c1f3ac7bc142b8ab9fa41932dc8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 6 Nov 2018 17:43:16 +0000 Subject: [PATCH 360/368] Adapt ChangeLog --- ChangeLog | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ChangeLog b/ChangeLog index b88599895..8b3ea4c69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,11 @@ Bugfix program programs/x509/cert_write. Fixes #1422. * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is MBEDTLS_MODE_ECB Fix for #1091 raised by ezdevelop + * Change the default string format used for various X.509 DN attributes to + UTF8String. Previously, the use of the PrintableString format led to + wildcards and non-ASCII characters being unusable in some DN attributes. + Reported by raprepo in #1860 and by kevinpt in #468. + Fix contributed by Thomas-Dee in #1641. Changes * Removed support for Yotta as a build tool. @@ -52,6 +57,14 @@ Changes in the same way as on the server side. * Change the dtls_client and dtls_server samples to work by default over IPv6 and optionally by a build option over IPv4. + * Remember the string format of X.509 DN attributes when replicating X.509 DNs. + Previously, DN attributes were always written in their default string format + (mostly PrintableString), which could lead to CRTs being created which used + PrintableStrings in the issuer field even though the signing CA used + UTF8Strings in its subject field; while X.509 compliant, such CRTs were + rejected in some applications, e.g. some versions of Firefox, curl + and GnuTLS. Reported in #1033 by Moschn. Fix contributed by + Thomas-Dee in #1641. = mbed TLS 2.13.1 branch released 2018-09-06 From bcca58c6cdb7ca8407c1576ec09b6447a53d084e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 3 Oct 2018 16:33:21 +0300 Subject: [PATCH 361/368] Add common feature unavailable error Add a common error for the feature unavailable, in the platform module. --- include/mbedtls/error.h | 2 +- include/mbedtls/platform.h | 3 ++- library/error.c | 2 ++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 39cd67fdb..0c3888987 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -80,7 +80,7 @@ * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B * CHACHAPOLY 2 0x0054-0x0056 - * PLATFORM 1 0x0070-0x0070 + * PLATFORM 1 0x0070-0x0072 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 5cd143ce5..89fe8a7b1 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -43,7 +43,8 @@ #include "platform_time.h" #endif -#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware accelerator failed */ +#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware accelerator failed */ +#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072 /**< The requested feature is not supported by the platform */ #ifdef __cplusplus extern "C" { diff --git a/library/error.c b/library/error.c index 27692dbf7..eabee9e21 100644 --- a/library/error.c +++ b/library/error.c @@ -834,6 +834,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_PLATFORM_C) if( use_ret == -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware accelerator failed" ); + if( use_ret == -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) ) + mbedtls_snprintf( buf, buflen, "PLATFORM - The requested feature is not supported by the platform" ); #endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_POLY1305_C) From 9924bdc7921ab4b6d2c54ff58bfbdc0ea49dbd33 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 4 Oct 2018 10:59:13 +0300 Subject: [PATCH 362/368] Deprecate hardware acceleration errors Deprecate the module-specific XXX_HW_ACCEL_FAILED and XXX_FEATURE_UNAVAILABLE errors, as alternative implementations should now return `MBEDTLS_ERR_PLATFORM_HW_FAILED` and `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED`. --- include/mbedtls/aes.h | 4 ++++ include/mbedtls/arc4.h | 1 + include/mbedtls/aria.h | 5 +++++ include/mbedtls/blowfish.h | 4 ++++ include/mbedtls/camellia.h | 3 +++ include/mbedtls/ccm.h | 2 ++ include/mbedtls/chacha20.h | 6 ++++++ include/mbedtls/cipher.h | 2 ++ include/mbedtls/cmac.h | 1 + include/mbedtls/des.h | 2 ++ include/mbedtls/dhm.h | 3 +++ include/mbedtls/ecp.h | 3 +++ include/mbedtls/gcm.h | 14 ++++++++------ include/mbedtls/md.h | 2 ++ include/mbedtls/md2.h | 1 + include/mbedtls/md4.h | 1 + include/mbedtls/md5.h | 1 + include/mbedtls/pk.h | 2 ++ include/mbedtls/poly1305.h | 6 ++++++ include/mbedtls/ripemd160.h | 2 ++ include/mbedtls/rsa.h | 37 +++++++++++++++++++++---------------- include/mbedtls/sha1.h | 1 + include/mbedtls/sha256.h | 1 + include/mbedtls/sha512.h | 1 + include/mbedtls/threading.h | 3 +++ include/mbedtls/xtea.h | 2 ++ library/aes.c | 9 +++++---- library/gcm.c | 5 ++--- 28 files changed, 95 insertions(+), 29 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 4c8dab315..cfb20c4fc 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -60,7 +60,11 @@ /* Error codes in range 0x0021-0x0025 */ #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */ + +/* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */ #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */ + +/* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h index 83a7461f3..c43f4065f 100644 --- a/include/mbedtls/arc4.h +++ b/include/mbedtls/arc4.h @@ -36,6 +36,7 @@ #include +/* MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */ #ifdef __cplusplus diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 4a79c1387..483d4c299 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -48,7 +48,12 @@ #define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */ #define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ + +/* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used. + */ #define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */ + +/* MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */ #if !defined(MBEDTLS_ARIA_ALT) diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index eea6882f7..82b772ada 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -41,7 +41,11 @@ #define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ #define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */ + +/* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used. + */ #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ + #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ #ifdef __cplusplus diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index fa1e05ee7..1555867cf 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -38,6 +38,9 @@ #define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */ #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ + +/* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used. + */ #define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ #ifdef __cplusplus diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index e1dc124b8..dfb1b5e56 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -53,6 +53,8 @@ #define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */ #define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ + +/* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index cfea40a57..529f22d9c 100644 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -43,7 +43,13 @@ #include #define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051 /**< Invalid input parameter(s). */ + +/* MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE is deprecated and should not be + * used. */ #define MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE -0x0053 /**< Feature not available. For example, s part of the API is not implemented. */ + +/* MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED is deprecated and should not be used. + */ #define MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED -0x0055 /**< Chacha20 hardware accelerator failed. */ #ifdef __cplusplus diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index dfb154110..58a5d63dd 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -62,6 +62,8 @@ #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ #define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid. For example, because it was freed. */ + +/* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 /**< Cipher hardware accelerator failed. */ #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */ diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index a4fd55256..c19679353 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -34,6 +34,7 @@ extern "C" { #endif +/* MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A /**< CMAC hardware accelerator failed. */ #define MBEDTLS_AES_BLOCK_SIZE 16 diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 91d16b6fb..d62042d14 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -42,6 +42,8 @@ #define MBEDTLS_DES_DECRYPT 0 #define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */ + +/* MBEDTLS_ERR_DES_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_DES_HW_ACCEL_FAILED -0x0033 /**< DES hardware accelerator failed. */ #define MBEDTLS_DES_KEY_SIZE 8 diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 3e1178940..8e2d0208d 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -84,7 +84,10 @@ #define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */ #define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read or write of file failed. */ + +/* MBEDTLS_ERR_DHM_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED -0x3500 /**< DHM hardware accelerator failed. */ + #define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580 /**< Setting the modulus and generator failed. */ #ifdef __cplusplus diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 5db87524e..2fb1af49a 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -49,7 +49,10 @@ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */ #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< The buffer contains a valid signature followed by more data. */ + +/* MBEDTLS_ERR_ECP_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< The ECP hardware accelerator failed. */ + #define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 /**< Operation in progress, call again with the same parameters to continue. */ #ifdef __cplusplus diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index d2098eb9f..93d15ee80 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -41,7 +41,10 @@ #define MBEDTLS_GCM_DECRYPT 0 #define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */ + +/* MBEDTLS_ERR_GCM_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */ + #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ #ifdef __cplusplus @@ -146,9 +149,9 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * \return \c 0 if the encryption or decryption was performed * successfully. Note that in #MBEDTLS_GCM_DECRYPT mode, * this does not indicate that the data is authentic. - * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid. - * \return #MBEDTLS_ERR_GCM_HW_ACCEL_FAILED or a cipher-specific - * error code if the encryption or decryption failed. + * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid or + * a cipher-specific error code if the encryption + * or decryption failed. */ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, int mode, @@ -185,9 +188,8 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * * \return \c 0 if successful and authenticated. * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match. - * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid. - * \return #MBEDTLS_ERR_GCM_HW_ACCEL_FAILED or a cipher-specific - * error code if the decryption failed. + * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid or + * a cipher-specific error code if the decryption failed. */ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, size_t length, diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index bf2952498..8bcf766a6 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -39,6 +39,8 @@ #define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ #define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */ + +/* MBEDTLS_ERR_MD_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_MD_HW_ACCEL_FAILED -0x5280 /**< MD hardware accelerator failed. */ #ifdef __cplusplus diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index a46bddb74..f9bd98f80 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -37,6 +37,7 @@ #include +/* MBEDTLS_ERR_MD2_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */ #ifdef __cplusplus diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 1672e9074..dc3c04894 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -38,6 +38,7 @@ #include #include +/* MBEDTLS_ERR_MD4_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */ #ifdef __cplusplus diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 4c9509010..6c3354fd3 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -37,6 +37,7 @@ #include #include +/* MBEDTLS_ERR_MD5_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */ #ifdef __cplusplus diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 9ec33da05..df3a03c7c 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -64,6 +64,8 @@ #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */ #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */ #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */ + +/* MBEDTLS_ERR_PK_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */ #ifdef __cplusplus diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index c490cdf2b..b02f968b5 100644 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -43,7 +43,13 @@ #include #define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057 /**< Invalid input parameter(s). */ + +/* MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE is deprecated and should not be + * used. */ #define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE -0x0059 /**< Feature not available. For example, s part of the API is not implemented. */ + +/* MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED is deprecated and should not be used. + */ #define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED -0x005B /**< Poly1305 hardware accelerator failed. */ #ifdef __cplusplus diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 0c8e568b9..c74b7d2c6 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -33,6 +33,8 @@ #include #include +/* MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED is deprecated and should not be used. + */ #define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */ #ifdef __cplusplus diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index b348299d4..406a317d4 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -55,7 +55,12 @@ #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ + +/* MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is deprecated and should not be used. + */ #define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation does not offer the requested operation, for example, because of security violations or lack of functionality. */ + +/* MBEDTLS_ERR_RSA_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_RSA_HW_ACCEL_FAILED -0x4580 /**< RSA hardware accelerator failed. */ /* @@ -281,7 +286,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); * zero Bytes. * * Possible reasons for returning - * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
    + * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
      *
    • An alternative RSA implementation is in use, which * stores the key externally, and either cannot or should * not export it into RAM.
      • @@ -301,7 +306,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); * \param E The MPI to hold the public exponent, or NULL. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the + * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the * requested parameters cannot be done due to missing * functionality or because of security policies. * \return A non-zero return code on any other failure. @@ -321,7 +326,7 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * zero Bytes. * * Possible reasons for returning - * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
        + * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
          *
        • An alternative RSA implementation is in use, which * stores the key externally, and either cannot or should * not export it into RAM.
          • @@ -350,7 +355,7 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * \param E_len The size of the buffer for the public exponent. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the + * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the * requested parameters cannot be done due to missing * functionality or because of security policies. * \return A non-zero return code on any other failure. @@ -563,7 +568,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1 @@ -598,7 +603,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for padding and @@ -633,7 +638,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for padding and PKCS#1 v2.1 @@ -682,7 +687,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. @@ -725,7 +730,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. @@ -770,7 +775,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. @@ -817,7 +822,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for @@ -856,7 +861,7 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. @@ -911,7 +916,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for @@ -957,7 +962,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA public key context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. @@ -995,7 +1000,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA public key context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. @@ -1044,7 +1049,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The RSA public key context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 7a19da0a4..bcaeab5eb 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -40,6 +40,7 @@ #include #include +/* MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ #ifdef __cplusplus diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 33aff2831..47a31e83a 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -36,6 +36,7 @@ #include #include +/* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ #ifdef __cplusplus diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 014589042..020f95de6 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -35,6 +35,7 @@ #include #include +/* MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */ #ifdef __cplusplus diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 75298bf8a..92e6e6b98 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -36,7 +36,10 @@ extern "C" { #endif +/* MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE is deprecated and should not be + * used. */ #define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE -0x001A /**< The selected feature is not available. */ + #define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C /**< Bad input parameters to function. */ #define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E /**< Locking / unlocking / free failed with error code. */ diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h index c70c3fe26..6430c1318 100644 --- a/include/mbedtls/xtea.h +++ b/include/mbedtls/xtea.h @@ -37,6 +37,8 @@ #define MBEDTLS_XTEA_DECRYPT 0 #define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */ + +/* MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */ #ifdef __cplusplus diff --git a/library/aes.c b/library/aes.c index 5c939bba4..eab9043b2 100644 --- a/library/aes.c +++ b/library/aes.c @@ -36,6 +36,7 @@ #include #include "mbedtls/aes.h" +#include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #if defined(MBEDTLS_PADLOCK_C) #include "mbedtls/padlock.h" @@ -1757,7 +1758,7 @@ int mbedtls_aes_self_test( int verbose ) * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) + if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) { mbedtls_printf( "skipped\n" ); continue; @@ -1821,7 +1822,7 @@ int mbedtls_aes_self_test( int verbose ) * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) + if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) { mbedtls_printf( "skipped\n" ); continue; @@ -1886,7 +1887,7 @@ int mbedtls_aes_self_test( int verbose ) * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) + if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) { mbedtls_printf( "skipped\n" ); continue; @@ -1949,7 +1950,7 @@ int mbedtls_aes_self_test( int verbose ) * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) + if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) { mbedtls_printf( "skipped\n" ); continue; diff --git a/library/gcm.c b/library/gcm.c index 57b027933..c486ef765 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -48,9 +48,8 @@ #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) #include "mbedtls/aes.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else +#if !defined(MBEDTLS_PLATFORM_C) #include #define mbedtls_printf printf #endif /* MBEDTLS_PLATFORM_C */ @@ -764,7 +763,7 @@ int mbedtls_gcm_self_test( int verbose ) * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && key_len == 192 ) + if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192 ) { mbedtls_printf( "skipped\n" ); break; From 6aa9fb49161ae9c071c0f84290e9e5816164ec66 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 4 Oct 2018 14:32:05 +0300 Subject: [PATCH 363/368] Add ChangeLog entry Add the ChangeLog entry describing the change. --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 83eb55426..87b7f765a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +API Changes + * Add a common error code for a feature that is not supported by the + underlying alternative implementations. + Features * Add support for temporarily suspending expensive ECC computations after some configurable amount of operations, to be used in single-threaded @@ -24,6 +28,12 @@ Features hash and signature sizes that comply with FIPS 186-4, including SHA-512 with a 1024-bit key. +New deprecations + * All the current module specific errors that mean a feature is not available + are deprecated, so the platform error should be used. + * All the module specific generic hardware accelaration errors that existed + are deprecated, so the platform error should be used. + Bugfix * Fix wrong order of freeing in programs/ssl/ssl_server2 example application leading to a memory leak in case both From 2ab14bb2ca8cebc3175b076fa42c293a2bc72202 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 9 Nov 2018 20:09:33 +0000 Subject: [PATCH 364/368] Clarified new platform errors in the ChangeLog Clarified new platform errors and error code deprecations in the ChangeLog. --- ChangeLog | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index dea8bfd03..4abb6254c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,14 +34,19 @@ Features with a 1024-bit key. API Changes - * Add a common error code for a feature that is not supported by the - underlying alternative implementations. + * Add a common error code of `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` for + a feature that is not supported by underlying alternative + implementations implementing cryptographic primitives. This is useful for + hardware accelerators that don't implement all options or features. New deprecations - * All the current module specific errors that mean a feature is not available - are deprecated, so the platform error should be used. - * All the module specific generic hardware accelaration errors that existed - are deprecated, so the platform error should be used. + * All module specific errors following the form + MBEDTLS_ERR_XXX_FEATURE_UNAVAILABLE that indicate a feature is not + supported are deprecated and are now replaced by the new equivalent + platform error. + * All module specific generic hardware accelaration errors following the + form MBEDTLS_ERR_XXX_HW_ACCEL_FAILED that are deprecated and are replaced + by the equivalent plaform error. Bugfix * Fix wrong order of freeing in programs/ssl/ssl_server2 example From 06d80cf1720bebcaec8833a6941fc9bce40500a6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 6 Nov 2018 23:46:04 +0000 Subject: [PATCH 365/368] Fix merge of Changelog 128bit CTR_DRBG entry The entry describing support for 128-bit keys in CTR_DRBG was merged into the wrong version. --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7aa8775a2..fee12dc63 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,8 @@ Features may be up to two bytes shorter. This allows the library to support all hash and signature sizes that comply with FIPS 186-4, including SHA-512 with a 1024-bit key. + * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter + than 256 bits limits the security of generated material to 128 bits. API Changes * Add a common error code of `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` for @@ -252,8 +254,6 @@ Features independently contributed again by Paul Sokolovsky. * Add support for key wrapping modes based on AES as defined by NIST SP 800-38F algorithms KW and KWP and by RFC 3394 and RFC 5649. - * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter - than 256 bits limits the security of generated material to 128 bits. Bugfix * Fix the key_app_writer example which was writing a leading zero byte which From 681edee803e9429716e579f6fa2225f354244a80 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 7 Nov 2018 16:25:38 +0000 Subject: [PATCH 366/368] Fix language and formatting in ChangeLog Changed the formatting and language in the ChangeLog to the house-style. --- ChangeLog | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index fee12dc63..9f7a6fd5f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,13 +3,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Security - * Fix overly strict DN comparison when looking for CRLs - belonging to a particular CA. This previously lead to - ignoring CRLs when the CRL's issuer name and the CA's - subject name differed in their string encoding (e.g., - one using PrintableString and the other UTF8String) or - in the choice of upper and lower case. Reported by - HenrikRosenquistAndersson in #1784. + * Fix overly strict DN comparison when looking for CRLs belonging to a + particular CA. This previously lead to ignoring CRLs when the CRL's issuer + name and the CA's subject name differed in their string encoding (e.g., + one using PrintableString and the other UTF8String) or in the choice of + upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue + #1784. * Fix a flawed bounds check in server PSK hint parsing. In case the incoming message buffer was placed within the first 64KB of address space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker @@ -19,8 +18,8 @@ Security previous settings for the number of rounds made it practical for an adversary to construct non-primes that would be erroneously accepted as primes with high probability. This does not have an impact on the - security of TLS, but can matter in other contexts with potentially - adversarially-chosen numbers that should be prime and can be validated. + security of TLS, but can matter in other contexts with numbers chosen + potentially by an adversary that should be prime and can be validated. For example, the number of rounds was enough to securely generate RSA key pairs or Diffie-Hellman parameters, but was insufficient to validate Diffie-Hellman parameters properly. @@ -62,7 +61,7 @@ New deprecations MBEDTLS_ERR_XXX_FEATURE_UNAVAILABLE that indicate a feature is not supported are deprecated and are now replaced by the new equivalent platform error. - * All module specific generic hardware accelaration errors following the + * All module specific generic hardware acceleration errors following the form MBEDTLS_ERR_XXX_HW_ACCEL_FAILED that are deprecated and are replaced by the equivalent plaform error. * Deprecate the function mbedtls_mpi_is_prime() in favor of @@ -83,8 +82,8 @@ Bugfix padded records in case of CBC ciphersuites using Encrypt-then-MAC. * Fix memory leak and freeing without initialization in the example program programs/x509/cert_write. Fixes #1422. - * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is MBEDTLS_MODE_ECB - Fix for #1091 raised by ezdevelop + * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is + MBEDTLS_MODE_ECB. Found by ezdevelop. Fixes #1091. * Zeroize memory used for buffering or reassembling handshake messages after use. * Use `mbedtls_platform_zeroize()` instead of `memset()` for zeroization @@ -92,8 +91,8 @@ Bugfix * Change the default string format used for various X.509 DN attributes to UTF8String. Previously, the use of the PrintableString format led to wildcards and non-ASCII characters being unusable in some DN attributes. - Reported by raprepo in #1860 and by kevinpt in #468. - Fix contributed by Thomas-Dee in #1641. + Reported by raprepo in #1860 and by kevinpt in #468. Fix contributed by + Thomas-Dee. * Fix compilation failure for configurations which use compile time replacements of standard calloc/free functions through the macros MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO. @@ -110,14 +109,14 @@ Changes * Change the use of Windows threading to use Microsoft Visual C++ runtime calls, rather than Win32 API calls directly. This is necessary to avoid conflict with C runtime usage. Found and fixed by irwir. - * Remember the string format of X.509 DN attributes when replicating X.509 DNs. - Previously, DN attributes were always written in their default string format - (mostly PrintableString), which could lead to CRTs being created which used - PrintableStrings in the issuer field even though the signing CA used - UTF8Strings in its subject field; while X.509 compliant, such CRTs were - rejected in some applications, e.g. some versions of Firefox, curl - and GnuTLS. Reported in #1033 by Moschn. Fix contributed by - Thomas-Dee in #1641. + * Remember the string format of X.509 DN attributes when replicating + X.509 DNs. Previously, DN attributes were always written in their default + string format (mostly PrintableString), which could lead to CRTs being + created which used PrintableStrings in the issuer field even though the + signing CA used UTF8Strings in its subject field; while X.509 compliant, + such CRTs were rejected in some applications, e.g. some versions of + Firefox, curl and GnuTLS. Reported in #1033 by Moschn. Fix contributed by + Thomas-Dee. * Improve documentation of mbedtls_ssl_get_verify_result(). Fixes #517 reported by github-monoculture. * Add MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR flag to mbedtls_mpi_gen_prime() and From b35e59d36d00eb0bf9763a8c068ec7683bfebd82 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 19 Nov 2018 15:49:26 +0000 Subject: [PATCH 367/368] Refine the language in the ChangeLog Fix the language and descriptions in the ChangeLog following review of the Release Notes for the next release. --- ChangeLog | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9f7a6fd5f..9137396f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,16 +4,16 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix overly strict DN comparison when looking for CRLs belonging to a - particular CA. This previously lead to ignoring CRLs when the CRL's issuer + particular CA. This previously led to ignoring CRLs when the CRL's issuer name and the CA's subject name differed in their string encoding (e.g., one using PrintableString and the other UTF8String) or in the choice of upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue #1784. * Fix a flawed bounds check in server PSK hint parsing. In case the - incoming message buffer was placed within the first 64KB of address + incoming message buffer was placed within the first 64KiB of address space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker - to trigger a memory access up to 64KB beyond the incoming message buffer, - potentially leading to application crash or information disclosure. + to trigger a memory access up to 64KiB beyond the incoming message buffer, + potentially leading to an application crash or information disclosure. * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The previous settings for the number of rounds made it practical for an adversary to construct non-primes that would be erroneously accepted as @@ -28,11 +28,11 @@ Security Features * Add support for temporarily suspending expensive ECC computations after - some configurable amount of operations, to be used in single-threaded - constrained systems where ECC is time consuming and blocking until - completion cannot be tolerated. This is enabled by - MBEDTLS_ECP_RESTARTABLE at compile time (disabled by default) and - configured by mbedtls_ecp_set_max_ops() at runtime. It applies to new + some configurable amount of operations. This is intended to be used in + constrained, single-threaded systems where ECC is time consuming and can + block other operations until they complete. This is disabled by default, + but can be enabled by MBEDTLS_ECP_RESTARTABLE at compile time and + configured by mbedtls_ecp_set_max_ops() at runtime. It applies to the new xxx_restartable functions in ECP, ECDSA, PK and X.509 (CRL not supported yet), and to existing functions in ECDH and SSL (currently only implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2, @@ -41,12 +41,11 @@ Features operations. On CPUs where the extensions are available, they can accelerate MPI multiplications used in ECC and RSA cryptography. Contributed by Aurelien Jarno. - * Extend RSASSA-PSS signature to allow slightly a smaller salt size. - Previously, PSS signature always used a salt with the same length as the - hash, and returned an error if this was not possible. Now the salt size - may be up to two bytes shorter. This allows the library to support all - hash and signature sizes that comply with FIPS 186-4, including SHA-512 - with a 1024-bit key. + * Extend RSASSA-PSS signature to allow a smaller salt size. Previously, PSS + signature always used a salt with the same length as the hash, and returned + an error if this was not possible. Now the salt size may be up to two bytes + shorter. This allows the library to support all hash and signature sizes + that comply with FIPS 186-4, including SHA-512 with a 1024-bit key. * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter than 256 bits limits the security of generated material to 128 bits. From c1b98921772e1115bdf3c1315593aea82cd87b38 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 19 Nov 2018 18:31:40 +0000 Subject: [PATCH 368/368] Update library version number to 2.14.0 --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 10 +++++----- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9137396f6..8f0e8c1c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.14.0 branch released 2018-11-19 Security * Fix overly strict DN comparison when looking for CRLs belonging to a diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index b9f9ec1c4..44280d252 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.13.1 source code documentation + * @mainpage mbed TLS v2.14.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 8df061e31..fd22cdbc9 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.13.1" +PROJECT_NAME = "mbed TLS v2.14.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 326b8bd45..492fde38a 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,17 +39,17 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 13 -#define MBEDTLS_VERSION_PATCH 1 +#define MBEDTLS_VERSION_MINOR 14 +#define MBEDTLS_VERSION_PATCH 0 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x020D0100 -#define MBEDTLS_VERSION_STRING "2.13.1" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.13.1" +#define MBEDTLS_VERSION_NUMBER 0x020E0000 +#define MBEDTLS_VERSION_STRING "2.14.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.14.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 275eda3bb..ea5136339 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -159,15 +159,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.13.1 SOVERSION 3) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.14.0 SOVERSION 3) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.13.1 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.14.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.13.1 SOVERSION 12) + set_target_properties(mbedtls PROPERTIES VERSION 2.14.0 SOVERSION 12) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index c3542e559..3fe549ab7 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.13.1" +check_compiletime_version:"2.14.0" Check runtime library version -check_runtime_version:"2.13.1" +check_runtime_version:"2.14.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0