Merge remote-tracking branch 'origin/pr/2700' into mbedtls-2.16

* origin/pr/2700:
  Changelog entry for HAVEGE fix
  Prevent building the HAVEGE module on platforms where it doesn't work
  Fix misuse of signed ints in the HAVEGE module
This commit is contained in:
Jaeden Amero 2019-07-05 15:43:18 +01:00
commit c041b4fc94
2 changed files with 22 additions and 9 deletions

View file

@ -12,6 +12,7 @@ Bugfix
irwir. irwir.
* Enable Suite B with subset of ECP curves. Make sure the code compiles even * Enable Suite B with subset of ECP curves. Make sure the code compiles even
if some curves are not defined. Fixes #1591 reported by dbedev. if some curves are not defined. Fixes #1591 reported by dbedev.
* Fix misuse of signed arithmetic in the HAVEGE module. #2598
Changes Changes
* Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h

View file

@ -38,8 +38,19 @@
#include "mbedtls/timing.h" #include "mbedtls/timing.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include <limits.h>
#include <string.h> #include <string.h>
/* If int isn't capable of storing 2^32 distinct values, the code of this
* module may cause a processor trap or a miscalculation. If int is more
* than 32 bits, the code may not calculate the intended values. */
#if INT_MIN + 1 != -0x7fffffff
#error "The HAVEGE module requires int to be exactly 32 bits, with INT_MIN = -2^31."
#endif
#if UINT_MAX != 0xffffffff
#error "The HAVEGE module requires unsigned to be exactly 32 bits."
#endif
/* ------------------------------------------------------------------------ /* ------------------------------------------------------------------------
* On average, one iteration accesses two 8-word blocks in the havege WALK * On average, one iteration accesses two 8-word blocks in the havege WALK
* table, and generates 16 words in the RES array. * table, and generates 16 words in the RES array.
@ -54,7 +65,7 @@
* ------------------------------------------------------------------------ * ------------------------------------------------------------------------
*/ */
#define SWAP(X,Y) { int *T = (X); (X) = (Y); (Y) = T; } #define SWAP(X,Y) { unsigned *T = (X); (X) = (Y); (Y) = T; }
#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; #define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; #define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
@ -77,7 +88,7 @@
PTX = (PT1 >> 18) & 7; \ PTX = (PT1 >> 18) & 7; \
PT1 &= 0x1FFF; \ PT1 &= 0x1FFF; \
PT2 &= 0x1FFF; \ PT2 &= 0x1FFF; \
CLK = (int) mbedtls_timing_hardclock(); \ CLK = (unsigned) mbedtls_timing_hardclock(); \
\ \
i = 0; \ i = 0; \
A = &WALK[PT1 ]; RES[i++] ^= *A; \ A = &WALK[PT1 ]; RES[i++] ^= *A; \
@ -100,7 +111,7 @@
\ \
IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \ IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \
*A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \ *A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \
*B = IN; CLK = (int) mbedtls_timing_hardclock(); \ *B = IN; CLK = (unsigned) mbedtls_timing_hardclock(); \
*C = (*C >> (7)) ^ (*C << (25)) ^ CLK; \ *C = (*C >> (7)) ^ (*C << (25)) ^ CLK; \
*D = (*D >> (8)) ^ (*D << (24)) ^ CLK; \ *D = (*D >> (8)) ^ (*D << (24)) ^ CLK; \
\ \
@ -151,19 +162,20 @@
PT1 ^= (PT2 ^ 0x10) & 0x10; \ PT1 ^= (PT2 ^ 0x10) & 0x10; \
\ \
for( n++, i = 0; i < 16; i++ ) \ for( n++, i = 0; i < 16; i++ ) \
hs->pool[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i]; POOL[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i];
/* /*
* Entropy gathering function * Entropy gathering function
*/ */
static void havege_fill( mbedtls_havege_state *hs ) static void havege_fill( mbedtls_havege_state *hs )
{ {
int i, n = 0; unsigned i, n = 0;
int U1, U2, *A, *B, *C, *D; unsigned U1, U2, *A, *B, *C, *D;
int PT1, PT2, *WALK, RES[16]; unsigned PT1, PT2, *WALK, *POOL, RES[16];
int PTX, PTY, CLK, PTEST, IN; unsigned PTX, PTY, CLK, PTEST, IN;
WALK = hs->WALK; WALK = (unsigned *) hs->WALK;
POOL = (unsigned *) hs->pool;
PT1 = hs->PT1; PT1 = hs->PT1;
PT2 = hs->PT2; PT2 = hs->PT2;