From 248ae6dbb812367ce3d3dd41ee5cfe8d69842e3c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 11:27:39 +0100 Subject: [PATCH 01/64] Improve documentation of PKCS1 decryption functions Document the preconditions on the input and output buffers for the PKCS1 decryption functions - mbedtls_rsa_pkcs1_decrypt, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt - mbedtls_rsa_rsaes_oaep_decrypt --- include/mbedtls/rsa.h | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 54653dfdcd..7d7469d509 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -329,9 +329,15 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -355,9 +361,15 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -383,9 +395,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), From a9e775efe46b2d9de2e10fecf5f808e3f68d5aba Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 02/64] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 7 +++++++ include/mbedtls/threading.h | 3 --- library/ecp.c | 20 -------------------- library/threading.c | 9 --------- 4 files changed, 7 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2f0116bcfc..29acca9351 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x released xxxx-xx-xx + +Changes + * Removed mutexes from ECP hardware accelerator code. Now all hardware + accelerator code in the library leaves concurrency handling to the + platform. Reported by Steven Cooreman. #863 + = mbed TLS 2.5.1 released 2017-06-21 Security diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index a89fd64967..b0c34ecc74 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -97,9 +97,6 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -extern mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex; -#endif #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/ecp.c b/library/ecp.c index 56f22c2726..1cfd4b10f6 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1690,11 +1690,6 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return( ret ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1719,11 +1714,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ return( ret ); } @@ -1831,11 +1821,6 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1853,11 +1838,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ mbedtls_ecp_point_free( &mP ); diff --git a/library/threading.c b/library/threading.c index 55091e8dba..07586756f2 100644 --- a/library/threading.c +++ b/library/threading.c @@ -113,9 +113,6 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_init( &mbedtls_threading_ecp_mutex ); -#endif } /* @@ -125,9 +122,6 @@ void mbedtls_threading_free_alt( void ) { mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_free( &mbedtls_threading_ecp_mutex ); -#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -139,8 +133,5 @@ void mbedtls_threading_free_alt( void ) #endif mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex MUTEX_INIT; -#endif #endif /* MBEDTLS_THREADING_C */ From 8c1b0be111c81bc354504168b732c978dab16d8b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 23 Jun 2017 13:05:44 +0100 Subject: [PATCH 03/64] Enable MBEDTLS_AES_ROM_TABLES in config-no-entropy Enable the MBEDTLS_AES_ROM_TABLES option in the configs/config-no-entropy.h to place AES lookup tables in ROM. This saves considerable RAM space, a resource that is very limited in small devices that use this configuration. --- configs/config-no-entropy.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 95f17d456b..73758602ab 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -80,6 +80,9 @@ #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_CRL_PARSE_C +/* Miscellaneous options */ +#define MBEDTLS_AES_ROM_TABLES + #include "check_config.h" #endif /* MBEDTLS_CONFIG_H */ From 6f45598d32d0fc2a322d6f8993097b5d5661cc37 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 12:57:44 +0100 Subject: [PATCH 04/64] Add ChangeLog entry for config-no-entropy.h change --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 29acca9351..fd51943755 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 + * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file + config-no-entropy.h to reduce the RAM footprint. = mbed TLS 2.5.1 released 2017-06-21 From ee5a0ca3bba93e6906c8220db227be0215a221b8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 20 Jun 2017 15:23:23 +0300 Subject: [PATCH 05/64] Minor: Fix typos in program comments Fix a couple of typos and writer's mistakes, in some reference program applications --- programs/pkey/ecdh_curve25519.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index aa15c46870..e7ead9a938 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -204,7 +204,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); /* - * Verification: are the computed secret equal? + * Verification: are the computed secrets equal? */ mbedtls_printf( " . Checking if both computed secrets are equal..." ); fflush( stdout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3e6366cecd..a25886824e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2168,7 +2168,7 @@ handshake: #if defined(MBEDTLS_X509_CRT_PARSE_C) /* - * 5. Verify the server certificate + * 5. Verify the client certificate */ mbedtls_printf( " . Verifying peer X.509 certificate..." ); From e1b92fee55661a9adc61351784a13c1b01f016bf Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 06/64] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 ++- library/gcm.c | 6 ++- tests/suites/test_suite_gcm.aes128_de.data | 4 ++ tests/suites/test_suite_gcm.aes128_en.data | 4 ++ tests/suites/test_suite_gcm.aes192_de.data | 4 ++ tests/suites/test_suite_gcm.aes192_en.data | 4 ++ tests/suites/test_suite_gcm.aes256_de.data | 4 ++ tests/suites/test_suite_gcm.aes256_en.data | 4 ++ tests/suites/test_suite_gcm.function | 43 ++++++++++++++++++++++ 9 files changed, 76 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index fd51943755..491b18bd2c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/gcm.c b/library/gcm.c index f1210c52c3..fccb092bdd 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -277,8 +277,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, size_t use_len, olen = 0; /* IV and AD are limited to 2^64 bits, so 2^61 bytes */ - if( ( (uint64_t) iv_len ) >> 61 != 0 || - ( (uint64_t) add_len ) >> 61 != 0 ) + /* IV is not allowed to be zero length */ + if( iv_len == 0 || + ( (uint64_t) iv_len ) >> 61 != 0 || + ( (uint64_t) add_len ) >> 61 != 0 ) { return( MBEDTLS_ERR_GCM_BAD_INPUT ); } diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data index 6eaa711b9d..2a2e32f0d3 100644 --- a/tests/suites/test_suite_gcm.aes128_de.data +++ b/tests/suites/test_suite_gcm.aes128_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data index d8bee9d561..9453ffa702 100644 --- a/tests/suites/test_suite_gcm.aes128_en.data +++ b/tests/suites/test_suite_gcm.aes128_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe481476fce76efcfc78ed144b0756f1":"246e1f2babab8da98b17cc928bd49504d7d87ea2cc174f9ffb7dbafe5969ff824a0bcb52f35441d22f3edcd10fab0ec04c0bde5abd3624ca25cbb4541b5d62a3deb52c00b75d68aaf0504d51f95b8dcbebdd8433f4966c584ac7f8c19407ca927a79fa4ead2688c4a7baafb4c31ef83c05e8848ec2b4f657aab84c109c91c277":"1a2c18c6bf13b3b2785610c71ccd98ca":"b0ab3cb5256575774b8242b89badfbe0dfdfd04f5dd75a8e5f218b28d3f6bc085a013defa5f5b15dfb46132db58ed7a9ddb812d28ee2f962796ad988561a381c02d1cf37dca5fd33e081d61cc7b3ab0b477947524a4ca4cb48c36f48b302c440be6f5777518a60585a8a16cea510dbfc5580b0daac49a2b1242ff55e91a8eae8":"5587620bbb77f70afdf3cdb7ae390edd0473286d86d3f862ad70902d90ff1d315947c959f016257a8fe1f52cc22a54f21de8cb60b74808ac7b22ea7a15945371e18b77c9571aad631aa080c60c1e472019fa85625fc80ed32a51d05e397a8987c8fece197a566689d24d05361b6f3a75616c89db6123bf5902960b21a18bc03a":32:"bd4265a8":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_de.data b/tests/suites/test_suite_gcm.aes192_de.data index 841c6fa367..9e7bad00f7 100644 --- a/tests/suites/test_suite_gcm.aes192_de.data +++ b/tests/suites/test_suite_gcm.aes192_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_en.data b/tests/suites/test_suite_gcm.aes192_en.data index 18e56e79c0..5ea1101869 100644 --- a/tests/suites/test_suite_gcm.aes192_en.data +++ b/tests/suites/test_suite_gcm.aes192_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"713358e746dd84ab27b8adb3b17ea59cd75fa6cb0c13d1a8":"35b8b655efdf2d09f5ed0233c9eeb0b6f85e513834848cd594dba3c6e64f78e7af4a7a6d53bba7b43764334d6373360ae3b73b1e765978dffa7dbd805fda7825b8e317e8d3f1314aa97f877be815439c5da845028d1686283735aefac79cdb9e02ec3590091cb507089b9174cd9a6111f446feead91f19b80fd222fc6299fd1c":"26ed909f5851961dd57fa950b437e17c":"c9469ad408764cb7d417f800d3d84f03080cee9bbd53f652763accde5fba13a53a12d990094d587345da2cdc99357b9afd63945ca07b760a2c2d4948dbadb1312670ccde87655a6a68edb5982d2fcf733bb4101d38cdb1a4942a5d410f4c45f5ddf00889bc1fe5ec69b40ae8aaee60ee97bea096eeef0ea71736efdb0d8a5ec9":"cc3f9983e1d673ec2c86ae4c1e1b04e30f9f395f67c36838e15ce825b05d37e9cd40041470224da345aa2da5dfb3e0c561dd05ba7984a1332541d58e8f9160e7e8457e717bab203de3161a72b7aedfa53616b16ca77fd28d566fbf7431be559caa1a129b2f29b9c5bbf3eaba594d6650c62907eb28e176f27c3be7a3aa24cef6":32:"5be7611b":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_de.data b/tests/suites/test_suite_gcm.aes256_de.data index 0fe8489788..9696a62be3 100644 --- a/tests/suites/test_suite_gcm.aes256_de.data +++ b/tests/suites/test_suite_gcm.aes256_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_en.data b/tests/suites/test_suite_gcm.aes256_en.data index 23d1689cc7..0ff716d5dc 100644 --- a/tests/suites/test_suite_gcm.aes256_en.data +++ b/tests/suites/test_suite_gcm.aes256_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1477e189fb3546efac5cc144f25e132ffd0081be76e912e25cbce7ad63f1c2c4":"7bd3ea956f4b938ebe83ef9a75ddbda16717e924dd4e45202560bf5f0cffbffcdd23be3ae08ff30503d698ed08568ff6b3f6b9fdc9ea79c8e53a838cc8566a8b52ce7c21b2b067e778925a066c970a6c37b8a6cfc53145f24bf698c352078a7f0409b53196e00c619237454c190b970842bb6629c0def7f166d19565127cbce0":"c109f35893aff139db8ed51c85fee237":"8f7f9f71a4b2bb0aaf55fced4eb43c57415526162070919b5f8c08904942181820d5847dfd54d9ba707c5e893a888d5a38d0130f7f52c1f638b0119cf7bc5f2b68f51ff5168802e561dff2cf9c5310011c809eba002b2fa348718e8a5cb732056273cc7d01cce5f5837ab0b09b6c4c5321a7f30a3a3cd21f29da79fce3f3728b":"7841e3d78746f07e5614233df7175931e3c257e09ebd7b78545fae484d835ffe3db3825d3aa1e5cc1541fe6cac90769dc5aaeded0c148b5b4f397990eb34b39ee7881804e5a66ccc8d4afe907948780c4e646cc26479e1da874394cb3537a8f303e0aa13bd3cc36f6cc40438bcd41ef8b6a1cdee425175dcd17ee62611d09b02":32:"cb13ce59":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 56c7e1899a..308e14bb49 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -7,6 +7,49 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void gcm_bad_parameters( int cipher_id, int direction, + char *hex_key_string, char *hex_src_string, + char *hex_iv_string, char *hex_add_string, + int tag_len_bits, int gcm_result ) +{ + unsigned char key_str[128]; + unsigned char src_str[128]; + unsigned char dst_str[257]; + unsigned char iv_str[128]; + unsigned char add_str[128]; + unsigned char tag_str[128]; + unsigned char output[128]; + unsigned char tag_output[16]; + mbedtls_gcm_context ctx; + unsigned int key_len; + size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8; + + mbedtls_gcm_init( &ctx ); + + memset( key_str, 0x00, sizeof( key_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( add_str, 0x00, sizeof( add_str ) ); + memset( tag_str, 0x00, sizeof( tag_str ) ); + memset( output, 0x00, sizeof( output ) ); + memset( tag_output, 0x00, sizeof( tag_output ) ); + + key_len = unhexify( key_str, hex_key_string ); + pt_len = unhexify( src_str, hex_src_string ); + iv_len = unhexify( iv_str, hex_iv_string ); + add_len = unhexify( add_str, hex_add_string ); + + TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, pt_len, iv_str, iv_len, + add_str, add_len, src_str, output, tag_len, tag_output ) == gcm_result ); + +exit: + mbedtls_gcm_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void gcm_encrypt_and_tag( int cipher_id, char *hex_key_string, char *hex_src_string, From 85bdcf8c16f280d76c4cd9f12f74a223a46e4419 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 07/64] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ library/x509_crt.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 491b18bd2c..84ca3684a8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/x509_crt.c b/library/x509_crt.c index d86857de80..915a7f63ed 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1171,13 +1171,13 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( dir == NULL ) return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) { closedir( dir ); return( ret ); } -#endif +#endif /* MBEDTLS_THREADING_C */ while( ( entry = readdir( dir ) ) != NULL ) { @@ -1210,10 +1210,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) cleanup: closedir( dir ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; -#endif +#endif /* MBEDTLS_THREADING_C */ #endif /* _WIN32 */ From eba5dabc61240aeded9cffd20b840f0d184d2e2c Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 08/64] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 84ca3684a8..05892db801 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/x509_crt.c b/library/x509_crt.c index 915a7f63ed..a6dce95ba2 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1146,7 +1146,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) p, (int) len - 1, NULL, NULL ); if( w_ret == 0 ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + { + ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; + goto cleanup; + } w_ret = mbedtls_x509_crt_parse_file( chain, filename ); if( w_ret < 0 ) @@ -1159,6 +1162,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( GetLastError() != ERROR_NO_MORE_FILES ) ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; +cleanup: FindClose( hFind ); #else /* _WIN32 */ int t_ret; From 7875b2428794a32b0b60a9c04f3bd07a86ad2460 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 09/64] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ library/dhm.c | 6 +++--- library/ecp.c | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 05892db801..c88239dfd1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/dhm.c b/library/dhm.c index a4715d1703..bec52a11df 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -165,7 +165,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -251,7 +251,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -324,7 +324,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, count = 0; do { - mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) ); diff --git a/library/ecp.c b/library/ecp.c index 1cfd4b10f6..5ad6863987 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1128,7 +1128,7 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); @@ -1527,7 +1527,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); From 544039ac598e0d90f7ad73944bf052978f6a86d2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 20 Jun 2017 14:31:29 +0100 Subject: [PATCH 10/64] Undo API change The previous commit b3e6872c9381ed4ce020d631dda1e0126c42b64f changed to public functions from ssl_ciphersuite.h to static inline. This commit reverts this change. --- include/mbedtls/ssl_ciphersuites.h | 36 ++---------------------------- library/ssl_ciphersuites.c | 36 ++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 931c1b3c38..9101d9cc7c 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -359,23 +359,8 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciph mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) -static inline int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) @@ -429,23 +414,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersui } #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ - static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) { switch( info->key_exchange ) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index c1a92d67db..95e6163ccc 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1834,6 +1834,42 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers return( MBEDTLS_PK_NONE ); } } + #endif /* MBEDTLS_PK_C */ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_PSK: + case MBEDTLS_KEY_EXCHANGE_RSA_PSK: + case MBEDTLS_KEY_EXCHANGE_DHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ From 0a38f1ac28aaf3de7631d3da0863b94167aad9b6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 11:25:37 +0100 Subject: [PATCH 11/64] Undo API change from SHA1 deprecation The previous commit bd5ceee484f201b90a384636ba12de86bd330cba removed the definition of the global constants - mbedtls_test_ca_crt_rsa_len, - mbedtls_test_cli_crt_rsa_len, - mbedtls_test_ca_crt_rsa, and - mbedtls_test_cli_crt_rsa. This commit restores these to maintain ABI compatibility. Further, it was noticed that without SHA256_C being enabled the previous code failed to compile because because the SHA1 resp. SHA256 certificates were only defined when the respective SHAXXX_C options were set, but the emission of the global variable mbedtls_test_ca_crt was unconditionally defined through the SHA256 certificate. Previously, the RSA SHA1 certificate was unconditionally defined and used for that. As a remedy, this commit makes sure some RSA certificate is defined and exported through the following rule: 1. If SHA256_C is active, define an RSA SHA256 certificate and export it as mbedtls_test_ca_crt. Also, define SHA1 certificates only if SHA1_C is set. 2. If SHA256_C is not set, always define SHA1 certificate and export it as mbedtls_test_ca_crt. --- library/certs.c | 75 +++++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/library/certs.c b/library/certs.c index 5c0199891c..f1379b8cb1 100644 --- a/library/certs.c +++ b/library/certs.c @@ -116,31 +116,6 @@ const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec ); #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA1_C) -#define TEST_CA_CRT_RSA_SHA1 \ -"-----BEGIN CERTIFICATE-----\r\n" \ -"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ -"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ -"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ -"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ -"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ -"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ -"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ -"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ -"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ -"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ -"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ -"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ -"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ -"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ -"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ -"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ -"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ -"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ -"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ -"-----END CERTIFICATE-----\r\n" -static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; -#endif #if defined(MBEDTLS_SHA256_C) #define TEST_CA_CRT_RSA_SHA256 \ @@ -165,7 +140,46 @@ static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; "ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY\r\n" \ "n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n" \ "-----END CERTIFICATE-----\r\n" + +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA256; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#define TEST_CA_CRT_RSA_SOME + static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; + +#endif + +#if !defined(TEST_CA_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C) +#define TEST_CA_CRT_RSA_SHA1 \ +"-----BEGIN CERTIFICATE-----\r\n" \ +"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ +"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ +"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ +"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ +"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ +"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ +"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ +"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ +"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ +"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ +"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ +"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ +"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ +"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ +"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ +"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ +"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ +"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ +"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ +"-----END CERTIFICATE-----\r\n" + +#if !defined (TEST_CA_CRT_RSA_SOME) +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA1; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#endif + +static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; + #endif const char mbedtls_test_ca_key_rsa[] = @@ -257,7 +271,7 @@ const char mbedtls_test_srv_key_rsa[] = "-----END RSA PRIVATE KEY-----\r\n"; const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa ); -static const char mbedtls_test_cli_crt_rsa_sha256[] = +const char mbedtls_test_cli_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" @@ -279,6 +293,7 @@ static const char mbedtls_test_cli_crt_rsa_sha256[] = "ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n" "c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n" "-----END CERTIFICATE-----\r\n"; +const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa ); const char mbedtls_test_cli_key_rsa[] = "-----BEGIN RSA PRIVATE KEY-----\r\n" @@ -354,19 +369,19 @@ const size_t mbedtls_test_cas_len[] = { }; #if defined(MBEDTLS_RSA_C) -const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa_sha256; +const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa; /* SHA1 or SHA256 */ const char *mbedtls_test_ca_key = mbedtls_test_ca_key_rsa; const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_rsa; const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa; const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa; -const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa_sha256; +const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa; const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa; -const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa_sha256 ); +const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa ); const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_rsa ); const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1; const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa ); const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa ); -const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa_sha256 ); +const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa ); const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa ); #else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */ const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_ec; From 649dcab1759588aa8bcccb2a6c40c3d4ce5821d4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:19 +0100 Subject: [PATCH 12/64] Clarify documentation for alternative AES implementations The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been superseded by mbedtls_aes_internal_decrypt and mbedtls_aes_internal_encrypt, respectively. Alternative implementations should now only replace the latter, and leave the maintenance wrapper definitions of the former untouched. This commit clarifies this in the documentation of the respective configuration options MBEDTLS_AES_DECRYPT_ALT and MBEDTLS_AES_ENCRYPT_ALT. --- include/mbedtls/aes.h | 8 ++------ include/mbedtls/config.h | 12 +++++++++--- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index b5560cc813..6044a51aaf 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,9 +287,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_ENCRYPT_ALT) + * \brief Old AES block encryption function without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -306,9 +304,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( } /** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_DECRYPT_ALT) + * \brief Old AES block decryption function without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c14..2a2209a35b 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -273,9 +273,15 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. + * \note Because of a signature change, the core AES encryption and decryption routines are + * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, + * respectively. When setting up alternative implementations, these functions should + * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt + * have to stay untouched. + * + * \note If you use the AES_xxx_ALT macros, then is is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. * * Uncomment a macro to enable alternate implementation of the corresponding * function. From 489b985fae447c89d65e56fe7be79a1968d18813 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:56 +0100 Subject: [PATCH 13/64] Export mbedtls_aes_(en/de)crypt to retain for API compatibility The commit f5bf7189d303e602992c750c09e429e23c7b2abf made the AES functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing the library's API. This commit reverts this. --- include/mbedtls/aes.h | 20 ++++++-------------- library/aes.c | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 6044a51aaf..4a546acc91 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -295,13 +295,9 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \param input Plaintext block * \param output Output (ciphertext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_encrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); /** * \brief Old AES block decryption function without return value. @@ -312,13 +308,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( * \param input Ciphertext block * \param output Output (plaintext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_decrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_decrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/aes.c b/library/aes.c index 5e01c4f2b4..58603849cc 100644 --- a/library/aes.c +++ b/library/aes.c @@ -765,6 +765,13 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ +void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_encrypt( ctx, input, output ); +} + /* * AES-ECB block decryption */ @@ -824,6 +831,13 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ +void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_decrypt( ctx, input, output ); +} + /* * AES-ECB block encryption/decryption */ From 1a28b01b5e500cf0f53df797a4a23aa0e328bb6b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Jul 2017 09:50:59 +0100 Subject: [PATCH 14/64] Make minor changes to documentation --- include/mbedtls/aes.h | 6 ++++-- include/mbedtls/config.h | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 4a546acc91..1829f72402 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,7 +287,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Old AES block encryption function without return value. + * \brief Deprecated internal AES block encryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -300,7 +301,8 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, unsigned char output[16] ); /** - * \brief Old AES block decryption function without return value. + * \brief Deprecated internal AES block decryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2a2209a35b..b10d873750 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -277,7 +277,7 @@ * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, * respectively. When setting up alternative implementations, these functions should * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * have to stay untouched. + * must stay untouched. * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES From 75c0c814e4bf9cf753d20c04f5eaebb04c7ab6c6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 20 Jul 2017 12:33:41 +0200 Subject: [PATCH 15/64] Update Changelog for API/ABI fixes to revert interface --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index c88239dfd1..0209cfe9e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +API Changes + * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the + API consistent with mbed TLS 2.5.0. Specifically removed the inline + qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 From 122d89929617e9735773eb4dbb4cf0bf6e66724c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:03:23 +0100 Subject: [PATCH 16/64] Add library setup and teardown APIs Add the following two functions to allow platform setup and teardown operations for the full library to be hooked in: * mbedtls_platform_setup() * mbedtls_platform_teardown() An mbedtls_platform_context C structure is also added and two internal functions that are called by the corresponding setup and teardown functions above: * mbedtls_internal_platform_setup() * mbedtls_internal_plartform_teardown() Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow mbedtls_platform_context and internal function to be overriden by the user as needed for a platform. --- include/mbedtls/config.h | 1 + include/mbedtls/platform.h | 45 ++++++++++++++++++++++++++++++++++++++ library/platform.c | 30 +++++++++++++++++++++++++ 3 files changed, 76 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b10d873750..ffeeb34af9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,6 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT +//#define MBEDTLS_PLATFORM_SETUP_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index b1b019e55e..a9ff7e421d 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,6 +288,51 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +typedef struct mbedtls_platform_context mbedtls_platform_context; +#else +#include "platform_alt.h" +#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ + +/** + * \brief Perform any platform initialisation operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be called before any other library function + */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Perform any platform teardown operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be after every other mbed TLS module has been + * correctly freed using the appropriate free function. + */ +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); + +/** + * \brief Internal function to perform any platform initialisation operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + * + * \return 0 if successful + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Internal function to perform any platform teardown operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); + #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 8b336c38ec..2ac67cbe92 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,4 +304,34 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) +{ + return( mbedtls_internal_platform_setup( ctx ) ); +} + +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) +{ + mbedtls_internal_platform_teardown( ctx ); +} + +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +/* + * Placeholder internal platform setup that does nothing by default + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +{ + (void)ctx; + + return( 0 ); +} + +/* + * Placeholder internal platform teardown that does nothing by default + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +{ + (void)ctx; +} +#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ + #endif /* MBEDTLS_PLATFORM_C */ From ab8b624fd5f0b1d4752a34bb247204a5702ad379 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:19:13 +0100 Subject: [PATCH 17/64] Add ChangeLog entry for platform setup and teardown --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0209cfe9e3..937991afcd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Features + * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() + to perform platform-specific setup and teardown operations. Furthermore, + the internal functions mbedtls_internal_platform_setup() and + mbedtls_internal_platform_teardown() to allow platform-specific hooks to + be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT + allows the internal functions to be overridden. This new APIs are + specially useful in some embedded environments that have hardware + acceleration support. + API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline From 82d7314c434338ff34b8dc43f0981ae1fb6f07e9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:25:17 +0100 Subject: [PATCH 18/64] Remove internal functions from setup API --- include/mbedtls/platform.h | 21 ++++----------------- library/platform.c | 18 ++++-------------- 2 files changed, 8 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a9ff7e421d..29b80cd3e2 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,6 +289,10 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +struct mbedtls_platform_context { + char dummy; /**< Placeholder member as empty structs are not portable */ +}; + typedef struct mbedtls_platform_context mbedtls_platform_context; #else #include "platform_alt.h" @@ -316,23 +320,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform initialisation operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - * - * \return 0 if successful - */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform teardown operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); - #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 2ac67cbe92..f739f2f0f1 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,21 +304,11 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ) -{ - return( mbedtls_internal_platform_setup( ctx ) ); -} - -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) -{ - mbedtls_internal_platform_teardown( ctx ); -} - #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) /* - * Placeholder internal platform setup that does nothing by default + * Placeholder platform setup that does nothing by default */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) { (void)ctx; @@ -326,9 +316,9 @@ int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) } /* - * Placeholder internal platform teardown that does nothing by default + * Placeholder platform teardown that does nothing by default */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } From 849811c9ccda98bdd135c4f92369462d5e145d7d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:27:05 +0100 Subject: [PATCH 19/64] Modify ChangeLog according to API changes --- ChangeLog | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 937991afcd..ae2d59ac5c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,13 +4,11 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() - to perform platform-specific setup and teardown operations. Furthermore, - the internal functions mbedtls_internal_platform_setup() and - mbedtls_internal_platform_teardown() to allow platform-specific hooks to - be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT - allows the internal functions to be overridden. This new APIs are - specially useful in some embedded environments that have hardware - acceleration support. + and the context struct mbedtls_platform_context to perform + platform-specific setup and teardown operations. The macro + MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the + user in a platform_alt.h file. This new APIs are specially useful in some + embedded environments that have hardware acceleration support. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the From 9d80a363363dfff1c90754470528ed1c68a3611f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:32:40 +0100 Subject: [PATCH 20/64] Improve documentation for mbedtls_platform_context --- include/mbedtls/platform.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 29b80cd3e2..88a0bdf33c 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,11 +289,18 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) -struct mbedtls_platform_context { - char dummy; /**< Placeholder member as empty structs are not portable */ -}; -typedef struct mbedtls_platform_context mbedtls_platform_context; +/** + * \brief Platform context structure + * + * \note This structure may be used to assist platform-specific + * setup/teardown operations. + */ +typedef struct { + char dummy; /**< Placeholder member as empty structs are not portable */ +} +mbedtls_platform_context; + #else #include "platform_alt.h" #endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ From 9da69514ecbc69b9e1b4ad2ad85a82e18e8c68b8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:23:04 +0100 Subject: [PATCH 21/64] Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive as this macro enables/disables both functions. --- include/mbedtls/config.h | 2 +- include/mbedtls/platform.h | 4 ++-- library/platform.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ffeeb34af9..de99938485 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,7 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_ALT +//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 88a0bdf33c..712bbe937c 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,7 +288,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /** * \brief Platform context structure @@ -303,7 +303,7 @@ mbedtls_platform_context; #else #include "platform_alt.h" -#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** * \brief Perform any platform initialisation operations diff --git a/library/platform.c b/library/platform.c index f739f2f0f1..af3b2f15ec 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,7 +304,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /* * Placeholder platform setup that does nothing by default */ @@ -322,6 +322,6 @@ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } -#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #endif /* MBEDTLS_PLATFORM_C */ From f92e5d5dbc6a52a14342997693f0cc5c9b6dd040 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:24:26 +0100 Subject: [PATCH 22/64] Fix typo in ChangeLog and update macro name --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae2d59ac5c..d9682a5eac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,8 +6,8 @@ Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform platform-specific setup and teardown operations. The macro - MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the - user in a platform_alt.h file. This new APIs are specially useful in some + MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden + by the user in a platform_alt.h file. This new APIs are required in some embedded environments that have hardware acceleration support. API Changes From 1d74c41a4913d1e49f11d22474f2a7f723d59138 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 23/64] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d9682a5eac..cf29b0a65f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 49406c89788d582a1445216fe7cfb1c360ee4e40 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 24/64] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index cf29b0a65f..ed0220f85a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8c50e72a0afe745be37e23f03ee98cd3597a3365 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 25/64] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index ed0220f85a..9fee9c43ed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 45778acf85b7d19506478c777cdb0fe5e74a4669 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 26/64] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9fee9c43ed..4181281c73 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From e1b2f6bd33af2c5f1a542759a71267bcb46b1087 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 27/64] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4181281c73..0bb5d88c16 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8d65f95901b46e02e0284516be6af94b6005320b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 01:48:17 +0200 Subject: [PATCH 28/64] Correct order of sections in the ChangeLog --- ChangeLog | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0bb5d88c16..d9682a5eac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,18 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform From be4f75c12f9ee37eea8d836909fe04841567210b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 02:08:00 +0200 Subject: [PATCH 29/64] Add additional comments to platform setup/teardown functions --- include/mbedtls/platform.h | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 712bbe937c..25b5d21293 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -312,7 +312,13 @@ mbedtls_platform_context; * * \return 0 if successful * - * \note This function should be called before any other library function + * \note This function is intended to allow platform specific initialisation, + * and should be called before any other library functions. Its + * implementation is platform specific, and by default, unless platform + * specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); /** @@ -322,8 +328,13 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \return 0 if successful * - * \note This function should be after every other mbed TLS module has been - * correctly freed using the appropriate free function. + * \note This function should be called after every other mbed TLS module has + * been correctly freed using the appropriate free function. + * Its implementation is platform specific, and by default, unless + * platform specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From c0da47dd1ea251c200f1971593a13def3d9e2084 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 23:48:55 +0100 Subject: [PATCH 30/64] Fix platform setup/teardown feature and comments Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it as a feature in 'version_features.c'. --- include/mbedtls/platform.h | 2 -- library/version_features.c | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 25b5d21293..35010f8852 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -326,8 +326,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \param ctx mbed TLS context * - * \return 0 if successful - * * \note This function should be called after every other mbed TLS module has * been correctly freed using the appropriate free function. * Its implementation is platform specific, and by default, unless diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3e..bb172f2980 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -69,6 +69,9 @@ static const char *features[] = { #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) "MBEDTLS_PLATFORM_NV_SEED_ALT", #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) + "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #if defined(MBEDTLS_DEPRECATED_WARNING) "MBEDTLS_DEPRECATED_WARNING", #endif /* MBEDTLS_DEPRECATED_WARNING */ From 05d9535c9016d0ea709fa396bfc8c1ed6b73913c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:05:55 +0100 Subject: [PATCH 31/64] Enable 64-bit compilation with ARM Compiler 6 This patch fixes the conditional preprocessor directives in include/mbedtls/bignum.h to enable 64-bit compilation with ARM Compiler 6. --- ChangeLog | 2 ++ include/mbedtls/bignum.h | 68 ++++++++++++++++++++++++---------------- 2 files changed, 43 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index d9682a5eac..6c2f783cdc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix conditional preprocessor directives in bignum.h to enable 64-bit + compilation when using ARM Compiler 6. Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 1a5b4b6752..ac89069dc2 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -106,33 +106,47 @@ * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM */ -#if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(_MSC_VER) && defined(_M_AMD64) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; -#else - #if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(__GNUC__) && ( \ - defined(__amd64__) || defined(__x86_64__) || \ - defined(__ppc64__) || defined(__powerpc64__) || \ - defined(__ia64__) || defined(__alpha__) || \ - (defined(__sparc__) && defined(__arch64__)) || \ - defined(__s390x__) || defined(__mips64) ) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL - #else - #define MBEDTLS_HAVE_INT32 - typedef int32_t mbedtls_mpi_sint; - typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */ -#endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */ +#if !defined(MBEDTLS_HAVE_INT32) + #if defined(_MSC_VER) && defined(_M_AMD64) + /* Always choose 64-bit when using MSC */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #elif defined(__GNUC__) && ( \ + defined(__amd64__) || defined(__x86_64__) || \ + defined(__ppc64__) || defined(__powerpc64__) || \ + defined(__ia64__) || defined(__alpha__) || \ + ( defined(__sparc__) && defined(__arch64__) ) || \ + defined(__s390x__) || defined(__mips64) ) + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #elif defined(__ARMCC_VERSION) && defined(__aarch64__) + /* __ARMCC_VERSION is defined for both armcc and armclang and + * __aarch64__ is only defined by armclang when compiling 64-bit code + */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif +#endif /* !MBEDTLS_HAVE_INT32 */ + +#if !defined(MBEDTLS_HAVE_INT64) + /* Default to 32-bit compilation */ + #if !defined(MBEDTLS_HAVE_INT32) + #define MBEDTLS_HAVE_INT32 + #endif /* !MBEDTLS_HAVE_INT32 */ + typedef int32_t mbedtls_mpi_sint; + typedef uint32_t mbedtls_mpi_uint; + typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL +#endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus extern "C" { From dd29c2f2c3da25f3d379d07bd68d4056407870ba Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:35:51 +0100 Subject: [PATCH 32/64] Add all.sh test to force 32-bit compilation --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c33c5c2cc..743735e39b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -438,6 +438,17 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make + +msg "build: gcc, force 32-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make + +msg "test: gcc, force 32-bit compilation" +make test fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s From 6ee7dad8961a089f0c405c5bdc2fc58efc2bff08 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 11:49:32 +0100 Subject: [PATCH 33/64] Allow forcing 64-bit integer type Allow forcing 64-bit integer type for bignum operations. Also introduce the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length integer in unknown compilers. --- include/mbedtls/bignum.h | 61 ++++++++++++++++++++++++++-------- include/mbedtls/check_config.h | 10 ++++++ 2 files changed, 57 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index ac89069dc2..3b76c1cac4 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -103,13 +103,28 @@ /* * Define the base integer type, architecture-wise. * - * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) - * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM + * 32 or 64-bit integer types can be forced regardless of the underlying + * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 + * respectively and undefining MBEDTLS_HAVE_ASM. + * + * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * disabled by defining MBEDTLS_NO_UDBL_DIVISION. + * + * The double length integer types can be configured by defining + * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the + * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL + * must be a complete statement of the form: + * typedef mbedtls_t_udbl + * for example: + * #define MBEDTLS_TYPE_UDBL \ + * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) /* Always choose 64-bit when using MSC */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; #elif defined(__GNUC__) && ( \ @@ -118,22 +133,39 @@ defined(__ia64__) || defined(__alpha__) || \ ( defined(__sparc__) && defined(__arch64__) ) || \ defined(__s390x__) || defined(__mips64) ) - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #elif defined(__ARMCC_VERSION) && defined(__aarch64__) - /* __ARMCC_VERSION is defined for both armcc and armclang and + /* + * __ARMCC_VERSION is defined for both armcc and armclang and * __aarch64__ is only defined by armclang when compiling 64-bit code */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef __uint128_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ + #elif defined(MBEDTLS_HAVE_INT64) + /* Force 64-bit integers with unknown compiler */ + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) + MBEDTLS_TYPE_UDBL; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -144,8 +176,9 @@ #endif /* !MBEDTLS_HAVE_INT32 */ typedef int32_t mbedtls_mpi_sint; typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + typedef uint64_t mbedtls_t_udbl; + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index dab1113d8b..7261e7da9d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -650,6 +650,16 @@ #error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64) +#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" +#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ + +#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ + defined(MBEDTLS_HAVE_ASM +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" + "defined simultaneously" +#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the From 9a9adcd6aab77abe97ed77ae200516f2fe1d20ed Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Jun 2017 15:19:20 +0200 Subject: [PATCH 34/64] MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION Changed the option to disable the use of 64-bit division, to an option to disable the use of double-width division, whether that's 64 or 128-bit. --- ChangeLog | 7 +++++++ include/mbedtls/config.h | 25 +++++++++++++++++++++++++ tests/scripts/all.sh | 7 +++++++ 3 files changed, 39 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6c2f783cdc..c3ec3c3cd0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,13 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. +Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. + * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the + double-width integer type used in the bignum module when the compiler is + unknown. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index de99938485..a921f47874 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -55,6 +55,31 @@ */ #define MBEDTLS_HAVE_ASM +/** + * \def MBEDTLS_NO_UDBL_DIVISION + * + * The platform lacks support for double-width integer division (64-bit + * division on a 32-bit platform, 128-bit division on a 64-bit platform). + * + * Used in: + * include/mbedtls/bignum.h + * library/bignum.c + * + * The bignum code uses double-width division to speed up some operations. + * Double-width division is often implemented in software that needs to + * be linked with the program. The presence of a double-width integer + * type is usually detected automatically through preprocessor macros, + * but the automatic detection cannot know whether the code needs to + * and can be linked with an implementation of division for that type. + * By default division is assumed to be usable if the type is present. + * Uncomment this option to prevent the use of double-width division. + * + * Note that division for the native integer type is always required. + * Furthermore, a 64-bit type is always required even on a 32-bit + * platform, but it need not support multiplication or division. + */ +//#define MBEDTLS_NO_UDBL_DIVISION + /** * \def MBEDTLS_HAVE_SSE2 * diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 743735e39b..630ddfb366 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -468,6 +468,13 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s +cleanup +scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION +CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +echo "Checking that software 64-bit division is not required" +! grep __aeabi_uldiv library/*.o + msg "build: ARM Compiler 5, make" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 710f54182f09b419a15de67c9ae10ebb6d48a002 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Jun 2017 18:01:54 +0200 Subject: [PATCH 35/64] Checked names --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index bb172f2980..5cbe8aca37 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -36,6 +36,9 @@ static const char *features[] = { #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", #endif /* MBEDTLS_HAVE_ASM */ +#if defined(MBEDTLS_NO_UDBL_DIVISION) + "MBEDTLS_NO_UDBL_DIVISION", +#endif /* MBEDTLS_NO_UDBL_DIVISION */ #if defined(MBEDTLS_HAVE_SSE2) "MBEDTLS_HAVE_SSE2", #endif /* MBEDTLS_HAVE_SSE2 */ From bebc5f69f8d21ff6feec49de96fffb2949e215f9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 12:11:19 +0100 Subject: [PATCH 36/64] Fix typo in check_config.h --- include/mbedtls/bignum.h | 4 ++-- include/mbedtls/check_config.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 3b76c1cac4..c8d94c920a 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -107,10 +107,10 @@ * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 * respectively and undefining MBEDTLS_HAVE_ASM. * - * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. * - * The double length integer types can be configured by defining + * The double-width integer types can be configured by defining * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL * must be a complete statement of the form: diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7261e7da9d..e846b429ab 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -654,8 +654,8 @@ #error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" #endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ -#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ - defined(MBEDTLS_HAVE_ASM +#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ + defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" "defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ From 713c6fdd4e7ec2170c474c73d4302d5d9e4eca1f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:15 +0100 Subject: [PATCH 37/64] Fix check_config.h #error directive --- include/mbedtls/check_config.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e846b429ab..fa72454e53 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -656,8 +656,7 @@ #if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" - "defined simultaneously" +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ /* From 33264d7a96c8a66c76b36e81854e9b9da8e1dba3 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:34 +0100 Subject: [PATCH 38/64] Add tests for 64 and 32-bit int types compilation --- tests/scripts/all.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 630ddfb366..7466b5403f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -447,10 +447,31 @@ scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make -msg "test: gcc, force 32-bit compilation" +msg "build: gcc, force 64-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + +msg "test: gcc, force 64-bit compilation" make test + +msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make fi # x86_64 +msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make + msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 6fb65864a20c0ebb0ad571bd6a755a0c279d3f73 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:27:35 +0100 Subject: [PATCH 39/64] Fix no 64-bit division test in all.sh --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7466b5403f..1f5bad44b3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -491,6 +491,18 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +scripts/config.pl full +scripts/config.pl unset MBEDTLS_NET_C +scripts/config.pl unset MBEDTLS_TIMING_C +scripts/config.pl unset MBEDTLS_FS_IO +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED +scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY +# following things are not in the default config +scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c +scripts/config.pl unset MBEDTLS_THREADING_PTHREAD +scripts/config.pl unset MBEDTLS_THREADING_C +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h +scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib echo "Checking that software 64-bit division is not required" From de2e70431f01341291be75a778f4c3c43cfbd471 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 17:33:09 +0100 Subject: [PATCH 40/64] Remove MBEDTLS_TYPE_UDBL option --- ChangeLog | 3 --- include/mbedtls/bignum.h | 14 +------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index c3ec3c3cd0..008db7ace3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,9 +19,6 @@ API Changes Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of 64-bit division. - * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the - double-width integer type used in the bignum module when the compiler is - unknown. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index c8d94c920a..456a804204 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -109,15 +109,6 @@ * * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. - * - * The double-width integer types can be configured by defining - * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the - * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL - * must be a complete statement of the form: - * typedef mbedtls_t_udbl - * for example: - * #define MBEDTLS_TYPE_UDBL \ - * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) @@ -162,10 +153,6 @@ /* Force 64-bit integers with unknown compiler */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) - MBEDTLS_TYPE_UDBL; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -178,6 +165,7 @@ typedef uint32_t mbedtls_mpi_uint; #if !defined(MBEDTLS_NO_UDBL_DIVISION) typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ From c327aa1542315a79cc9451973631c81217be52bd Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:50:25 +0100 Subject: [PATCH 41/64] Remove MBEDTLS_TYPE_UDBL tests from all.sh --- tests/scripts/all.sh | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1f5bad44b3..65dc471759 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -458,20 +458,15 @@ CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make msg "test: gcc, force 64-bit compilation" make test -msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +msg "build: gcc, force 64-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make fi # x86_64 -msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make - msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From fdd11b253125253b6abb76da3e8f42f3c91a3076 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:56:22 +0100 Subject: [PATCH 42/64] Improve MBEDTLS_NO_UDBL_DIVISION description --- include/mbedtls/config.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a921f47874..47c7196402 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -76,7 +76,10 @@ * * Note that division for the native integer type is always required. * Furthermore, a 64-bit type is always required even on a 32-bit - * platform, but it need not support multiplication or division. + * platform, but it need not support multiplication or division. In some + * cases it is also desirable to disable some double-width operations. For + * example, if double-width division is implemented in software, disabling + * it can reduce code size in some embedded targets. */ //#define MBEDTLS_NO_UDBL_DIVISION From 3422ddfa4c8e5f21c5339f692eb3318d7163c607 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 43/64] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 008db7ace3..539fff1025 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() @@ -16,10 +16,6 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. -Changes - * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. - Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 @@ -35,6 +31,8 @@ Bugfix compilation when using ARM Compiler 6. Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From 537e2e9bb3098377febf51a20b1befdd99d5746b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 44/64] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 539fff1025..292d5f3808 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 237ab35b4aa7d2a9b480da5f447647fa07c41c6a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 45/64] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 292d5f3808..240bff40a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8a26de6d99b3eb7800156a197a66180b82e39f16 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 46/64] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 240bff40a4..1271231176 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From e6ec1d2d44b0272744106e533cd756e3c0747263 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 47/64] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1271231176..562fa6a785 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From de1586799d9f2794e28fb94a382bac59d36a15a8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 22 Jul 2017 11:49:55 +0200 Subject: [PATCH 48/64] Added missing credit to Changelog and format fixes --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 562fa6a785..40b4fae44d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,7 +26,8 @@ API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 + Found by James Cowgill. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported @@ -44,7 +45,7 @@ Bugfix Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. + 64-bit division. #708 * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From 51aaa99473aa3e5f62440b1d683f4858ea4e188c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 23 Jul 2017 13:42:36 +0200 Subject: [PATCH 49/64] Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them. --- tests/scripts/all.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 65dc471759..d9c5bbfa4a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -486,6 +486,7 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -526,11 +527,20 @@ scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib make clean +# ARM Compiler 6 - Target ARMv7-A armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + +# ARM Compiler 6 - Target ARMv7-M armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + +# ARM Compiler 6 - Target ARMv8-A - AArch32 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + +# ARM Compiler 6 - Target ARMv8-M armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" -armc6_build_test "--target=aarch64-arm-none-eabi" + +# ARM Compiler 6 - Target ARMv8-A - AArch64 +armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" msg "build: allow SHA1 in certificates by default" cleanup From b3136be542b4a5b4aa02ab72e3a40ac5e3b4fb15 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 21 Jun 2017 14:57:25 +0300 Subject: [PATCH 50/64] github templates Add templates for github, for templates to be used in new issues and new PRs --- .github/issue_template.md | 40 ++++++++++++++++++++++++++++++++ .github/pull_request_template.md | 39 +++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 .github/issue_template.md create mode 100644 .github/pull_request_template.md diff --git a/.github/issue_template.md b/.github/issue_template.md new file mode 100644 index 0000000000..3398f49e6b --- /dev/null +++ b/.github/issue_template.md @@ -0,0 +1,40 @@ +Note: This is just a template, so feel free to use/remove the unnecessary things + +### Description +- Type: Bug | Enhancement\Feature Request | Question +- Priority: Blocker | Major | Minor + +--------------------------------------------------------------- +## Bug + +**OS** +linux|windows|?? + +**mbed TLS build:** +Version: x.x.x or git commit id +Configuration: please attach config.h file +Compiler and options (if you used a pre-built binary, please indicate how you obtained it): +Additional environment information: + +**peer device TLS stack and version** +openSSL | GnuTls | other +version: + +**Expected behavior** + +**Actual behavior** + +**Steps to reproduce** + +---------------------------------------------------------------- +## Enhancement\Feature Request + +**Incentive for change** + +**Suggested enhancement** + +----------------------------------------------------------------- + +## Question + +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000000..dac8bde2a4 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,39 @@ +Notes: +* Pull requests will not be accepted until: +- The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) + or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) +- The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) +* This is just a template, so feel free to use/remove the unnecessary things +## Description +A few sentences describing the overall goals of the pull request's commits. + + +## Status +**READY/IN DEVELOPMENT/HOLD** + +## Requires Backporting +When there is a bug fix, it should be backported to legacy supported branches. +legacy supported branches will not be backported if: +- This PR is a new feature\enhancement +- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch + +Yes | NO +What branch? + +## Migrations +If there is any API change, what's the incentive and logic for it. + +YES | NO + +## Additional comments +Any additional information that could be of interest + +## Todos +- [ ] Tests +- [ ] Documentation +- [ ] Changelog updated +- [ ] Backported + + +## Steps to test or reproduce +Outline the steps to test or reproduce the PR here. \ No newline at end of file From 779d9f6886b94dd6f5366ab29348830e0eea64ec Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 13:28:48 +0300 Subject: [PATCH 51/64] Update after Simon's comment Update the comment with Simon's comments --- .github/issue_template.md | 11 ++++++----- .github/pull_request_template.md | 8 ++++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 3398f49e6b..772d98b337 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -8,16 +8,17 @@ Note: This is just a template, so feel free to use/remove the unnecessary things ## Bug **OS** -linux|windows|?? +mbed-OS|linux|windows| **mbed TLS build:** Version: x.x.x or git commit id -Configuration: please attach config.h file +OS version: x.x.x +Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: **peer device TLS stack and version** -openSSL | GnuTls | other +openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other version: **Expected behavior** @@ -29,7 +30,7 @@ version: ---------------------------------------------------------------- ## Enhancement\Feature Request -**Incentive for change** +**Justification - why does the library need this feature?** **Suggested enhancement** @@ -37,4 +38,4 @@ version: ## Question -**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index dac8bde2a4..fa0c7e9647 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,7 +1,7 @@ Notes: -* Pull requests will not be accepted until: +* Pull requests cannot be accepted until: - The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) - or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) + or for companies or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) - The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) * This is just a template, so feel free to use/remove the unnecessary things ## Description @@ -18,7 +18,7 @@ legacy supported branches will not be backported if: - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch Yes | NO -What branch? +Which branch? ## Migrations If there is any API change, what's the incentive and logic for it. @@ -36,4 +36,4 @@ Any additional information that could be of interest ## Steps to test or reproduce -Outline the steps to test or reproduce the PR here. \ No newline at end of file +Outline the steps to test or reproduce the PR here. From 3aa712dff78b10f8fd1b6c4ca58187f80b152560 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 24 Jul 2017 14:19:02 +0200 Subject: [PATCH 52/64] Minor typo fixes in the github template files --- .github/issue_template.md | 6 +++--- .github/pull_request_template.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 772d98b337..33f68fba19 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -17,9 +17,9 @@ Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: -**peer device TLS stack and version** -openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other -version: +**Peer device TLS stack and version** +OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other +Version: **Expected behavior** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fa0c7e9647..485b541952 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -12,8 +12,8 @@ A few sentences describing the overall goals of the pull request's commits. **READY/IN DEVELOPMENT/HOLD** ## Requires Backporting -When there is a bug fix, it should be backported to legacy supported branches. -legacy supported branches will not be backported if: +When there is a bug fix, it should be backported to all maintained and supported branches. +Changes do not have to be backported if: - This PR is a new feature\enhancement - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch From fcb7491a49f3a1617b8e8a42cbf78bb432e2c579 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 15 Dec 2016 14:42:37 +0200 Subject: [PATCH 53/64] Pre push hook script Add git_hook folder, and pre-push script, to be soft linked from .git/hooks/pre-push --- git_hooks/README.md | 16 +++++++++++++++ git_hooks/pre-push | 38 ++++++++++++++++++++++++++++++++++++ tests/scripts/check-names.sh | 2 +- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 git_hooks/README.md create mode 100755 git_hooks/pre-push diff --git a/git_hooks/README.md b/git_hooks/README.md new file mode 100644 index 0000000000..d0ed4a38f9 --- /dev/null +++ b/git_hooks/README.md @@ -0,0 +1,16 @@ +README for git hooks script +=========================== +git has a way to run scripts, which are invoked by specific git commands. +The git hooks are located in `/.git/hooks`, and as such are not under version control +for more information, see the [git documentation](https://git-scm.com/docs/githooks). + +The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. + +Example: + +Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +`ln -s ../../git_hooks/pre-push pre-push` + +Similarly, on Windows while running as administrator: +`mklink pre-push ..\..\git_hooks\pre-push` + diff --git a/git_hooks/pre-push b/git_hooks/pre-push new file mode 100755 index 0000000000..6b2da10ed1 --- /dev/null +++ b/git_hooks/pre-push @@ -0,0 +1,38 @@ +#!/bin/sh + +# Called by "git push" after it has checked the remote status, but before anything has been +# pushed. If this script exits with a non-zero status nothing will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# +# +set -eu + +REMOTE="$1" +URL="$2" + +echo "REMOTE is $REMOTE" +echo "URL is $URL" + +run_test() +{ + TEST=$1 + echo "running '$TEST'" + if ! `$TEST > /dev/null 2>&1`; then + echo "test '$TEST' failed" + return 1 + fi +} + +run_test ./tests/scripts/check-doxy-blocks.pl +run_test ./tests/scripts/check-names.sh +run_test ./tests/scripts/check-generated-files.sh diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 191594ce0c..4c66440e25 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -12,7 +12,7 @@ set -eu if grep --version|head -n1|grep GNU >/dev/null; then :; else - echo "This script requires GNU grep." + echo "This script requires GNU grep.">&2 exit 1 fi From 84f986c0e0c1258d8a87e3edbdfb945af0b72690 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 11:25:14 +0300 Subject: [PATCH 54/64] Add note for the git_hoos README file Add a note to the git_hooks README.md file, to state that currently they only work on GNU platforms --- git_hooks/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index d0ed4a38f9..f78df991d5 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -11,6 +11,4 @@ Example: Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` -Similarly, on Windows while running as administrator: -`mklink pre-push ..\..\git_hooks\pre-push` - +**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From 9508923e9a949ce52e0c133cb0f2a5c2b185cb19 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 18:24:43 +0300 Subject: [PATCH 55/64] Fix slash direction for linux path Update direction of the slash, for linux path, after @hanno-arm comments --- git_hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index f78df991d5..400d63ee55 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -8,7 +8,7 @@ The mbed TLS git hooks are located in `/git_hooks` directory, and Example: -Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From ee16553d8e7054739310da2cb7c1705b0dcef2aa Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 23 Jul 2017 15:25:32 +0300 Subject: [PATCH 56/64] Update after @sbutcher-arm comments 1. Move the scripts to test/git-scripts folder 2. Support the script to run independant, not only with git 3. modify Readme accordingly --- {git_hooks => test/git-scripts}/README.md | 6 ++++-- git_hooks/pre-push => test/git-scripts/pre-push.sh | 13 +++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) rename {git_hooks => test/git-scripts}/README.md (62%) rename git_hooks/pre-push => test/git-scripts/pre-push.sh (82%) diff --git a/git_hooks/README.md b/test/git-scripts/README.md similarity index 62% rename from git_hooks/README.md rename to test/git-scripts/README.md index 400d63ee55..6bd9110c51 100644 --- a/git_hooks/README.md +++ b/test/git-scripts/README.md @@ -4,11 +4,13 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../git_hooks/pre-push pre-push` +`ln -s ../../test/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** + +These scripts can also be used independently. diff --git a/git_hooks/pre-push b/test/git-scripts/pre-push.sh similarity index 82% rename from git_hooks/pre-push rename to test/git-scripts/pre-push.sh index 6b2da10ed1..ee54a6cffe 100755 --- a/git_hooks/pre-push +++ b/test/git-scripts/pre-push.sh @@ -1,7 +1,15 @@ #!/bin/sh - +# pre-push.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# # Called by "git push" after it has checked the remote status, but before anything has been # pushed. If this script exits with a non-zero status nothing will be pushed. +# This script can also be used independently, not using git. # # This hook is called with the following parameters: # @@ -15,7 +23,6 @@ # # # -set -eu REMOTE="$1" URL="$2" @@ -23,6 +30,8 @@ URL="$2" echo "REMOTE is $REMOTE" echo "URL is $URL" +set -eu + run_test() { TEST=$1 From 4d90d56dfe3beb2b1da61b8518f609dcba05011a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 15:52:18 +0300 Subject: [PATCH 57/64] Move the git scripts to correct path The git scripts were accidently put in `test` folder instead of `tests`. Moved them to `tests` folder --- {test => tests}/git-scripts/README.md | 4 ++-- {test => tests}/git-scripts/pre-push.sh | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename {test => tests}/git-scripts/README.md (67%) rename {test => tests}/git-scripts/pre-push.sh (100%) diff --git a/test/git-scripts/README.md b/tests/git-scripts/README.md similarity index 67% rename from test/git-scripts/README.md rename to tests/git-scripts/README.md index 6bd9110c51..29d7501b33 100644 --- a/test/git-scripts/README.md +++ b/tests/git-scripts/README.md @@ -4,12 +4,12 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/tests/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/tesst/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../test/git-scripts/pre-push.sh pre-push` +`ln -s ../../tests/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** diff --git a/test/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh similarity index 100% rename from test/git-scripts/pre-push.sh rename to tests/git-scripts/pre-push.sh From 853c46c8d3f621233e1a2f8d618ae1fbbba6ac60 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 10 Feb 2017 14:39:58 +0000 Subject: [PATCH 58/64] Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks. --- ChangeLog | 4 ++++ library/x509_crl.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 40b4fae44d..5c8f377c14 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() diff --git a/library/x509_crl.c b/library/x509_crl.c index 76c49f1353..55d12acd03 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -352,14 +352,14 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, return( ret ); } - crl->version++; - - if( crl->version > 2 ) + if( crl->version < 0 || crl->version > 1 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crl->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, &crl->sig_md, &crl->sig_pk, &crl->sig_opts ) ) != 0 ) From ae7b1c4aed5301cf17db0b1f382cccf07f7acddc Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 10:57:34 +0000 Subject: [PATCH 59/64] Add CSR DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 08f332441b..428be111f9 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1531,6 +1531,9 @@ X509 CSR ASN.1 (extra data after signature) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CSR ASN.1 (invalid version overflow) +mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 File parse (no issues) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509parse_crt_file:"data_files/server7_int-ca.crt":0 From 2a9fd0e5c766a93c2a862bc647b219d5230c74c4 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 11:11:12 +0000 Subject: [PATCH 60/64] Add CRL DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 428be111f9..2e84f7858b 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1182,6 +1182,12 @@ X509 CRL ASN1 (TBSCertList, no entries) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 +X509 CRL ASN1 (invalid version 2) +x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 CRL ASN1 (invalid version overflow) +x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRT parse path #2 (one cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"data_files/dir1":0:1 From eacc616a9cc6a40a28132bb3e7ae7267654e6656 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 15:29:07 +0000 Subject: [PATCH 61/64] Add CRT DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2e84f7858b..dfa1f71e7b 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1118,6 +1118,12 @@ X509 Certificate ASN1 (RSA signature, EC key) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +X509 Certificate ASN1 (invalid version 3) +x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 Certificate ASN1 (invalid version overflow) +x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT From 487b7a9efc0bfad52816d2dd8dddfb3ff5790148 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 16:16:11 +0000 Subject: [PATCH 62/64] Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5c8f377c14..8e9d174e92 100644 --- a/ChangeLog +++ b/ChangeLog @@ -212,6 +212,9 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/x509_crt.c b/library/x509_crt.c index a6dce95ba2..2cab63c86d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -748,14 +748,14 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * return( ret ); } - crt->version++; - - if( crt->version > 3 ) + if( crt->version < 0 || crt->version > 2 ) { mbedtls_x509_crt_free( crt ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crt->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, &crt->sig_md, &crt->sig_pk, &crt->sig_opts ) ) != 0 ) From 642ea1f399ad9b3a2bd0358547ff4e966c66b908 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 17 Feb 2017 13:54:43 +0000 Subject: [PATCH 63/64] Prevent signed integer overflow in CSR parsing Modify the function mbedtls_x509_csr_parse_der() so that it checks the parsed CSR version integer before it increments the value. This prevents a potential signed integer overflow, as these have undefined behaviour in the C standard. --- ChangeLog | 4 ++++ library/x509_csr.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8e9d174e92..42a74e126d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,10 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix potential integer overflow in the version verification for DER + encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of diff --git a/library/x509_csr.c b/library/x509_csr.c index f92b66c58f..26a06db4f6 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -168,14 +168,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, return( ret ); } - csr->version++; - - if( csr->version != 1 ) + if( csr->version != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + csr->version++; + /* * subject Name */ From ab0a8042f44b2ceb5b515da538334eed488c6518 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 26 Jul 2017 17:25:55 +0100 Subject: [PATCH 64/64] Fix merge errors in ChangeLog --- ChangeLog | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index 42a74e126d..e8d1da5c98 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,22 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform @@ -46,10 +30,17 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America * Fix potential integer overflow in the version verification for DER encoded X509 CSRs. The overflow would enable maliciously constructed CSRs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of @@ -216,9 +207,6 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 - * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously - constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13