Gilles Peskine
b4c571e603
Merge remote-tracking branch 'upstream-public/pr/1296' into HEAD
2018-03-11 00:44:14 +01:00
Gilles Peskine
3f1b89d251
This fixes #664
2018-03-11 00:35:39 +01:00
Gilles Peskine
08af538ec9
Fix grammar in ChangeLog entry
2018-03-11 00:20:08 +01:00
Gilles Peskine
29d7d4da2f
Merge remote-tracking branch 'upstream-public/pr/936' into development-proposed
2018-03-10 23:51:58 +01:00
Gilles Peskine
9c4f4038dd
Add changelog entry
2018-03-10 23:36:30 +01:00
Darryl Green
7c2dd5890f
Add script for ABI compatibility checking
2018-03-09 17:33:32 +00:00
Brendan Shanks
e61514d70d
benchmark: Fix incompatibility with C89 compilers
...
Initializing arrays using non-constant expressions is not permitted in
C89, and was causing errors when compiling with Metrowerks CodeWarrior
(for classic MacOS) in C89 mode. Clang also produces a warning when
compiling with '-Wc99-extensions':
test/benchmark.c:670:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
^~~~~~~~~~
test/benchmark.c:674:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 };
^~~~~~~~~~
Declaring the arrays as 'static' makes them constant expressions.
fixes #1353
2018-03-08 17:41:40 -08:00
Gilles Peskine
1ed45ea36b
Refer to X.690 by number
...
It's easier to identify and find by number than by its very wordy
title, especially as there was a typo in the title.
2018-03-08 18:19:17 +01:00
Hanno Becker
6f486a6fb5
Fix merge error
2018-03-08 13:31:44 +00:00
Hanno Becker
e494e20f0c
Move and reword deprecation warning/error on compression support
2018-03-08 13:26:12 +00:00
Manuel Pégourié-Gonnard
e57d7438b0
Improve documentation of some internal functions
2018-03-07 10:00:57 +01:00
Sanne Wouda
22797fcc57
Remove redundant dependency
2018-03-06 23:35:14 +01:00
Sanne Wouda
bb50113123
Rename test and update dependencies
2018-03-06 23:35:14 +01:00
Sanne Wouda
cf79312a6d
Update changelog entry
2018-03-06 23:31:52 +01:00
Sanne Wouda
52895b2b2e
Add Changelog entry
2018-03-06 23:31:52 +01:00
Sanne Wouda
90da97d587
Add test case found through fuzzing to pkparse test suite
2018-03-06 23:31:12 +01:00
Sanne Wouda
7b2e85dd7c
Use both applicable error codes and a proper coding style
2018-03-06 23:28:46 +01:00
Sanne Wouda
b2b29d5259
Add end-of-buffer check to prevent heap-buffer-overflow
...
Dereference of *p should not happen when it points past the end of the
buffer.
Internal reference: IOTSSL-1663
2018-03-06 23:28:46 +01:00
Hanno Becker
cf092b2ccf
Deprecate support for record compression
2018-03-06 14:27:09 +00:00
Hanno Becker
a3389ebb09
Merge branch 'development-restricted' into iotssl-1306-rsa-is-vulnerable-to-bellcore-glitch-attack
2018-03-06 11:55:21 +00:00
Manuel Pégourié-Gonnard
05c00ed8b2
Fix some more MSVC size_t -> int warnings
2018-03-06 11:48:50 +01:00
Manuel Pégourié-Gonnard
8c661b90c7
Fix section order in the ChangeLog
2018-03-06 10:00:00 +01:00
Manuel Pégourié-Gonnard
ce5673cbe6
Add reference to github issue in compat.sh
2018-03-06 09:54:10 +01:00
Manuel Pégourié-Gonnard
f5bb78183a
Fix MSVC warnings
...
library\x509_crt.c(2137): warning C4267: 'function' : conversion from 'size_t' to 'int', possible loss of data
library\x509_crt.c(2265): warning C4267: 'function' : conversion from 'size_t' to 'int', possible loss of data
2018-03-05 12:48:53 +01:00
Hanno Becker
7deee20cd2
Add ChangeLog entry for previous security fix
...
Fixes #825
2018-03-05 12:44:28 +01:00
Manuel Pégourié-Gonnard
05e464dff7
Merge branch 'development' into iotssl-1381-x509-verify-refactor-restricted
...
* development: (557 commits)
Add attribution for #1351 report
Adapt version_features.c
Note incompatibility of truncated HMAC extension in ChangeLog
Add LinkLibraryDependencies to VS2010 app template
Add ChangeLog entry for PR #1382
MD: Make deprecated functions not inline
Add ChangeLog entry for PR #1384
Have Visual Studio handle linking to mbedTLS.lib internally
Mention in ChangeLog that this fixes #1351
Add issue number to ChangeLog
Note in the changelog that this fixes an interoperability issue.
Style fix in ChangeLog
Add ChangeLog entries for PR #1168 and #1362
Add ChangeLog entry for PR #1165
ctr_drbg: Typo fix in the file description comment.
dhm: Fix typo in RFC 5114 constants
tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1
data_files/pkcs8-v2: add keys generated with PRF != SHA1
tests/pkcs5/pbkdf2_hmac: extend array to accommodate longer results
tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms
...
2018-03-05 11:55:38 +01:00
Manuel Pégourié-Gonnard
366e1b0464
aria: fix comment on aria_a function
...
The new version of the comment has been generated by the following python3
script, when the first constant is copy-pasted from RFC 5794 2.4.3.
#!/usr/bin/python3
RFC_A = """
y0 = x3 ^ x4 ^ x6 ^ x8 ^ x9 ^ x13 ^ x14,
y1 = x2 ^ x5 ^ x7 ^ x8 ^ x9 ^ x12 ^ x15,
y2 = x1 ^ x4 ^ x6 ^ x10 ^ x11 ^ x12 ^ x15,
y3 = x0 ^ x5 ^ x7 ^ x10 ^ x11 ^ x13 ^ x14,
y4 = x0 ^ x2 ^ x5 ^ x8 ^ x11 ^ x14 ^ x15,
y5 = x1 ^ x3 ^ x4 ^ x9 ^ x10 ^ x14 ^ x15,
y6 = x0 ^ x2 ^ x7 ^ x9 ^ x10 ^ x12 ^ x13,
y7 = x1 ^ x3 ^ x6 ^ x8 ^ x11 ^ x12 ^ x13,
y8 = x0 ^ x1 ^ x4 ^ x7 ^ x10 ^ x13 ^ x15,
y9 = x0 ^ x1 ^ x5 ^ x6 ^ x11 ^ x12 ^ x14,
y10 = x2 ^ x3 ^ x5 ^ x6 ^ x8 ^ x13 ^ x15,
y11 = x2 ^ x3 ^ x4 ^ x7 ^ x9 ^ x12 ^ x14,
y12 = x1 ^ x2 ^ x6 ^ x7 ^ x9 ^ x11 ^ x12,
y13 = x0 ^ x3 ^ x6 ^ x7 ^ x8 ^ x10 ^ x13,
y14 = x0 ^ x3 ^ x4 ^ x5 ^ x9 ^ x11 ^ x14,
y15 = x1 ^ x2 ^ x4 ^ x5 ^ x8 ^ x10 ^ x15.
"""
matrix = []
for l in RFC_A.split('\n')[1:-1]:
rhs = l.split('=')[1][:-1]
row = tuple(hex(int(t[2:]))[2:] for t in rhs.split('^'))
matrix.append(row)
out = {}
out['a'] = tuple(''.join(w) for w in zip(*(matrix[0:4])))
out['b'] = tuple(''.join(w) for w in zip(*(matrix[4:8])))
out['c'] = tuple(''.join(w) for w in zip(*(matrix[8:12])))
out['d'] = tuple(''.join(w) for w in zip(*(matrix[12:])))
out2 = {}
for o, r in out.items():
row = list(r)
for i in range(len(r) - 1):
w1 = row[i]
if len(set(w1)) == 2:
w2 = row[i+1]
nw1 = nw2 = ''
for j in range(len(w1)):
if w1[j] in nw1:
nw1 += w2[j]
nw2 += w1[j]
else:
nw1 += w1[j]
nw2 += w2[j]
row[i] = nw1
row[i+1] = nw2
out2[o] = row
for o in 'abcd':
print(o, '=', ' + '.join(out[o]))
print(' ', '=', ' + '.join(out2[o]))
2018-03-01 14:48:10 +01:00
Manuel Pégourié-Gonnard
977dc36b14
aria test suite: uniformize line wrapping
2018-03-01 13:51:52 +01:00
Manuel Pégourié-Gonnard
f6b787cbcc
Fix typo in documentation (CTR warning)
2018-03-01 13:48:21 +01:00
Manuel Pégourié-Gonnard
21662148f7
aria: improve compiler compat by using __asm
...
gcc --std=c99 doesn't like the shorter "asm" (this broke all.sh)
2018-03-01 11:28:51 +01:00
Manuel Pégourié-Gonnard
2078725feb
aria: check arm arch version for asm
...
rev and rev16 are only supported from v6 (all profiles) and up.
arm-none-eabi-gcc picks a lower architecture version by default, which means
before this commit it would fail to build (assembler error) unless you
manually specified -march=armv6-m -mthumb or similar, which broke all.sh.
Source for version-checking macros:
- GCC/Clang: use the -E -dM - </dev/null trick
- armcc5: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0472k/chr1359125007083.html
- armclang 6: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0774g/chr1383660321827.html
Tested with the following script:
#!/bin/sh
set -eu
ARMCLANG="env ARM_TOOL_VARIANT=ult $ARMC6_BIN_DIR/armclang"
build() {
echo "$@"
"$@" -Iinclude -c library/aria.c
}
build arm-none-eabi-gcc
build arm-none-eabi-gcc -march=armv5
build clang --target=arm-none-eabi
build clang --target=arm-none-eabi -march=armv5
build armcc
build armcc --gnu
build armcc --cpu=5T
build armcc --cpu=5T --gnu
build $ARMCLANG --target=arm-arm-none-eabi
check_asm() {
rm -f aria.o
build "$@"
arm-none-eabi-objdump -d aria.o | grep rev16
}
check_asm arm-none-eabi-gcc -march=armv6-m -mthumb
check_asm arm-none-eabi-gcc -march=armv7-m -mthumb
check_asm arm-none-eabi-gcc -march=armv8-m.base -mthumb
check_asm arm-none-eabi-gcc -march=armv7-a -mthumb
check_asm arm-none-eabi-gcc -march=armv8-a -mthumb
check_asm arm-none-eabi-gcc -march=armv7-a -marm
check_asm arm-none-eabi-gcc -march=armv8-a -marm
check_asm clang --target=arm-none-eabi -march=armv6-m
check_asm clang --target=arm-none-eabi -march=armv7-a
check_asm clang --target=arm-none-eabi -march=armv7-m
check_asm clang --target=arm-none-eabi -march=armv7-r
check_asm clang --target=arm-none-eabi -march=armv8-a
check_asm armcc -O0 --cpu=6-M
check_asm armcc -O0 --cpu=7-M
check_asm armcc -O0 --cpu=6
check_asm armcc -O0 --cpu=7-A
check_asm $ARMCLANG --target=arm-arm-none-eabi -march=armv6-m
check_asm $ARMCLANG --target=arm-arm-none-eabi -march=armv7-a
check_asm $ARMCLANG --target=arm-arm-none-eabi -march=armv7-m
check_asm $ARMCLANG --target=arm-arm-none-eabi -march=armv7-r
check_asm $ARMCLANG --target=arm-arm-none-eabi -march=armv8-a
check_asm $ARMCLANG --target=arm-arm-none-eabi -march=armv8-m.base
2018-03-01 11:28:51 +01:00
Manuel Pégourié-Gonnard
8abc349881
aria: rationalize buffer sizes in test functions
2018-03-01 11:28:51 +01:00
Manuel Pégourié-Gonnard
d82d79154c
aria: fix more whitespace
2018-03-01 11:28:38 +01:00
Manuel Pégourié-Gonnard
906bc90b30
aria: number of rounds is non-negative
2018-03-01 09:39:01 +01:00
Manuel Pégourié-Gonnard
7fc08795c1
aria: more whitespace fixes
2018-03-01 09:33:20 +01:00
Manuel Pégourié-Gonnard
5ad88b6d0d
aria: define constants for block size and max rounds
2018-03-01 09:25:31 +01:00
Manuel Pégourié-Gonnard
3c80009615
aria: add error codes for hw implementations
2018-03-01 09:25:05 +01:00
Manuel Pégourié-Gonnard
f3a46a9b4f
aria: fix some typos in comments
2018-03-01 09:25:05 +01:00
Manuel Pégourié-Gonnard
c0bb66f47e
aria: improve compiler inline compatibility
2018-03-01 09:25:05 +01:00
Manuel Pégourié-Gonnard
22997b7200
block ciphers: improve CTR nonce warning
2018-03-01 09:25:05 +01:00
Manuel Pégourié-Gonnard
5aa4e3b1d0
aria: align documentation on AES
2018-03-01 09:25:05 +01:00
itayzafrir
693a1d9ca7
Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
...
Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
2018-02-28 15:59:40 +02:00
mohammad1603
5bd15cbfa0
Avoid wraparound for ssl->in_left
...
Add check to avoid wraparound for ssl->in_left
2018-02-28 04:30:59 -08:00
Manuel Pégourié-Gonnard
4231e7f46f
Fix some whitespace and other style issues
...
In addition to whitespace:
- wrapped a few long lines
- added parenthesis to return statements
2018-02-28 11:34:01 +01:00
Manuel Pégourié-Gonnard
fdd4354329
config.h: SSL no longer uses ciphers directly
2018-02-28 10:49:02 +01:00
Manuel Pégourié-Gonnard
525168c7ef
aria: expand config.h entry: ciphersuites & caller
2018-02-28 10:47:02 +01:00
Manuel Pégourié-Gonnard
08d1e91ca9
aria: add ChangeLog entry
2018-02-27 12:43:35 +01:00
Manuel Pégourié-Gonnard
2268b967cb
aria: disable by default in config.h
2018-02-27 12:39:12 +01:00
Manuel Pégourié-Gonnard
26b54fabaf
aria: document optional asm usage in config.h
2018-02-27 12:39:12 +01:00
Manuel Pégourié-Gonnard
377b2b624d
aria: optimize byte perms on Arm
...
Use specific instructions for moving bytes around in a word. This speeds
things up, and as a side-effect, slightly lowers code size.
ARIA_P3 and ARIA_P1 are now 1 single-cycle instruction each (those
instructions are available in all architecture versions starting from v6-M).
Note: ARIA_P3 was already translated to a single instruction by Clang 3.8 and
armclang 6.5, but not arm-gcc 5.4 nor armcc 5.06.
ARIA_P2 is already efficiently translated to the minimal number of
instruction (1 in ARM mode, 2 in thumb mode) by all tested compilers
Manually compiled and inspected generated code with the following compilers:
arm-gcc 5.4, clang 3.8, armcc 5.06 (with and without --gnu), armclang 6.5.
Size reduction (arm-none-eabi-gcc -march=armv6-m -mthumb -Os): 5288 -> 5044 B
Effect on executing time of self-tests on a few boards:
FRDM-K64F (Cortex-M4): 444 -> 385 us (-13%)
LPC1768 (Cortex-M3): 488 -> 432 us (-11%)
FRDM-KL64Z (Cortex-M0): 1429 -> 1134 us (-20%)
Measured using a config.h with no cipher mode and the following program with
aria.c and aria.h copy-pasted to the online compiler:
#include "mbed.h"
#include "aria.h"
int main() {
Timer t;
t.start();
int ret = mbedtls_aria_self_test(0);
t.stop();
printf("ret = %d; time = %d us\n", ret, t.read_us());
}
2018-02-27 12:39:12 +01:00