From 9060d4da082e3b4ae7eecb1cd22f612696e96cf5 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 2 Feb 2017 14:36:49 +0000 Subject: [PATCH 01/46] Fix generate_code.pl to handle escaped : --- tests/scripts/generate_code.pl | 2 +- tests/suites/test_suite_pem.data | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 49af2db7f..84e949dfa 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -256,7 +256,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// $param_defs .= " char *param$i = params[$i];\n"; $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n"; push @dispatch_params, "param$i"; - $mapping_regex .= ":[^:\n]+"; + $mapping_regex .= ":(?:\\\\.|[^:\n])+"; } else { diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 9a62db8ea..339b4d3f8 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -17,10 +17,10 @@ PEM write (exactly two lines + 1) mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" PEM read (DES-EDE3-CBC + invalid iv) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV PEM read (DES-CBC + invalid iv) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV PEM read (unknown encryption algorithm) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG From cef21e4cd97ba2bf1fd01f69a3f814583179a6bb Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 2 Feb 2017 17:01:10 +0000 Subject: [PATCH 02/46] Fix examples that failed to compile without PEM --- programs/ssl/dtls_client.c | 2 +- programs/ssl/ssl_mail_client.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 442a3fb7c..e18ee42a1 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -37,7 +37,7 @@ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_CERTS_C) + !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) int main( void ) { mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 4a22771d7..b49ffb478 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -494,13 +494,13 @@ int main( int argc, char *argv[] ) ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ); else #endif -#if defined(MBEDTLS_CERTS_C) +#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C) ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem, mbedtls_test_cas_pem_len ); #else { ret = 1; - mbedtls_printf("MBEDTLS_CERTS_C not defined."); + mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined."); } #endif if( ret < 0 ) From 7df03916e135a82c4f21c6ebcdcbc0f1a0bdfe8e Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 11:23:36 +0100 Subject: [PATCH 03/46] Fix buffer overreads in mbedtls_pem_read_buffer() --- ChangeLog | 3 +++ library/pem.c | 20 +++++++++++--------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index fbc24cf73..53e6f3d0a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ Bugfix in RFC 6347 Section 4.3.1. This could cause the execution of the renegotiation routines at unexpected times when the protocol is DTLS. Found by wariua. #687 + * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing + the input string in pem format to extract the different components. Found + by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/pem.c b/library/pem.c index b6ad53b7d..8dd86a4ac 100644 --- a/library/pem.c +++ b/library/pem.c @@ -249,7 +249,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const enc = 0; - if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) @@ -262,22 +262,22 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #if defined(MBEDTLS_DES_C) - if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) + if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; s1 += 23; - if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 16; } - else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) + else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_CBC; s1 += 18; - if( pem_get_iv( s1, pem_iv, 8) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 16; @@ -285,9 +285,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) + if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) { - if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if( s2 - s1 < 22 ) + return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); + else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) enc_alg = MBEDTLS_CIPHER_AES_128_CBC; else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) enc_alg = MBEDTLS_CIPHER_AES_192_CBC; @@ -297,7 +299,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); s1 += 22; - if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) + if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 32; @@ -316,7 +318,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } - if( s1 == s2 ) + if( s1 >= s2 ) return( MBEDTLS_ERR_PEM_INVALID_DATA ); ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); From bcb0c4c98c181eee05510aab7cc5b7db624a6507 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 25 Oct 2016 10:50:22 +0100 Subject: [PATCH 04/46] Prevent SLOTH attacks --- ChangeLog | 4 ++++ library/ssl_tls.c | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 53e6f3d0a..8a7d3f3e5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Removed MD5 from the allowed hash algorithms for CertificateRequest and + CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. + Bugfix * Fix the redefinition of macro ssl_set_bio to an undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index abad0b385..d9ab83291 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7653,8 +7653,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: - ssl->handshake->calc_verify = ssl_calc_verify_tls; - break; + return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_SSL_HASH_SHA1: From f53566289428f19f425f72a999b9f5118bba2d0a Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 14:31:54 +0100 Subject: [PATCH 05/46] Add tests for overreads in pem_read_buffer() --- ChangeLog | 2 +- tests/suites/test_suite_pem.data | 9 +++++++++ tests/suites/test_suite_pem.function | 24 ++++++++++++++++++------ 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8a7d3f3e5..4fe9f9ac2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,7 +19,7 @@ Bugfix renegotiation routines at unexpected times when the protocol is DTLS. Found by wariua. #687 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in pem format to extract the different components. Found + the input string in PEM format to extract the different components. Found by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 973c92325..9a62db8ea 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -15,3 +15,12 @@ mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102 PEM write (exactly two lines + 1) mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" + +PEM read (DES-EDE3-CBC + invalid iv) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 + +PEM read (DES-CBC + invalid iv) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 + +PEM read (unknown encryption algorithm) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index 6a62bfed9..5e022109c 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -3,12 +3,7 @@ #include "mbedtls/pem.h" /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PEM_WRITE_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ void mbedtls_pem_write_buffer( char *start, char *end, char *buf_str, char *result_str ) { unsigned char buf[5000]; @@ -38,3 +33,20 @@ exit: mbedtls_free( check_buf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_AES_C:MBEDTLS_DES_C:MBEDTLS_MD5_C:MBEDTLS_CIPHER_MODE_CBC */ +void mbedtls_pem_read_buffer( char *header, char *footer, char *data, int ret ) +{ + mbedtls_pem_context ctx; + size_t use_len = 0; + + mbedtls_pem_init( &ctx ); + + TEST_ASSERT( mbedtls_pem_read_buffer( &ctx, header, footer, + (const unsigned char *)data, NULL, 0, + &use_len ) == ret ); + +exit: + mbedtls_pem_free( &ctx ); +} +/* END_CASE */ From f7cf56fa45412035c9ada6994fedc7c1ab49e67e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Jan 2017 23:04:22 +0000 Subject: [PATCH 06/46] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- tests/suites/test_suite_ctr_drbg.function | 5 +++++ 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4fe9f9ac2..fd1bf9b9a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,12 @@ Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/cipher.c b/library/cipher.c index a88343869..e9e0b223e 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -326,9 +326,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && - ilen + ctx->unprocessed_len <= block_size ) || + ilen <= block_size - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && - ilen + ctx->unprocessed_len < block_size ) ) + ilen < block_size - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 386f8adb0..55612c7fc 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -290,7 +290,8 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT || + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 897670131..95cbcce65 100644 --- a/library/md2.c +++ b/library/md2.c @@ -158,7 +158,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 3acfb8bae..883cfe08e 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -39,6 +39,11 @@ void ctr_drbg_special_behaviours( ) TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1 ) == MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + + mbedtls_ctr_drbg_set_entropy_len( &ctx, ~0 ); + TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional, + MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) == + MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); exit: mbedtls_ctr_drbg_free( &ctx ); } From cde8035e570c757857e6ea5f291ad2c21b54ea3d Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 07/46] Fix integer overflow mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 2 ++ library/base64.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index fd1bf9b9a..57eaa5b65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_md2_update() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/base64.c b/library/base64.c index 5cb12cba7..305afc57b 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,7 +192,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || dlen < n ) From 410bc115ec4236936e2966a59079ea4facb89ace Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 08/46] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index 305afc57b..f06b57b31 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,6 +192,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From fe2d53f440a3b4b437fadbdfc0277795bbe3f505 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 5 Feb 2017 16:48:47 +0000 Subject: [PATCH 09/46] Add detail to ChangeLog for SLOTH fix --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 57eaa5b65..3a732a865 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Removed MD5 from the allowed hash algorithms for CertificateRequest and CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. + Introduced by interoperability fix for #513. Bugfix * Fix the redefinition of macro ssl_set_bio to an undefined symbol From b9d3db68c63040d94cdbd0bae6b01c41dfb5fcc8 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 12 Jul 2016 16:54:33 +0100 Subject: [PATCH 10/46] Use MAKEFLAGS to pass args to make in all.sh Modify the script at tests/scripts/all.sh to export the variable MAKEFLAGS with -j if it was not set before. This should decrease the total runtime of tests/scripts/all.sh by letting make run multiple jobs in parallel. Also, add a check at the top of the script to cause a failure if the environment is not Linux. --- tests/scripts/all.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6b3396059..d73c9262d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -22,8 +22,11 @@ # Abort on errors (and uninitialised variables) set -eu -if [ -d library -a -d include -a -d tests ]; then :; else - err_msg "Must be run from mbed TLS root" +if [ "$( uname )" != "Linux" ]; then + echo "This script only works in Linux" >&2 + exit 1 +elif [ -d library -a -d include -a -d tests ]; then :; else + echo "Must be run from mbed TLS root" >&2 exit 1 fi @@ -43,6 +46,11 @@ RELEASE=0 : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} +# if MAKEFLAGS is not set add the -j option to speed up invocations of make +if [ -n "${MAKEFLAGS+set}" ]; then + export MAKEFLAGS="-j" +fi + usage() { printf "Usage: $0\n" From e8bfbe2f5bc1680f658dd148849d84a91af5c492 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 4 Nov 2016 12:23:11 +0000 Subject: [PATCH 11/46] Fix multiple erroneously named source files in comments This fixes many incorrect references to filenames in the comments in config.h. --- include/mbedtls/config.h | 62 ++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6fc9c772a..0f7e29bcf 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1525,7 +1525,7 @@ * library/pkwrite.c * library/x509_create.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c */ #define MBEDTLS_ASN1_WRITE_C @@ -1886,7 +1886,7 @@ * * Enable the generic message digest layer. * - * Module: library/mbedtls_md.c + * Module: library/md.c * Caller: * * Uncomment to enable generic message digest wrappers. @@ -1898,7 +1898,7 @@ * * Enable the MD2 hash algorithm. * - * Module: library/mbedtls_md2.c + * Module: library/md2.c * Caller: * * Uncomment to enable support for (rare) MD2-signed X.509 certs. @@ -1910,7 +1910,7 @@ * * Enable the MD4 hash algorithm. * - * Module: library/mbedtls_md4.c + * Module: library/md4.c * Caller: * * Uncomment to enable support for (rare) MD4-signed X.509 certs. @@ -1922,8 +1922,8 @@ * * Enable the MD5 hash algorithm. * - * Module: library/mbedtls_md5.c - * Caller: library/mbedtls_md.c + * Module: library/md5.c + * Caller: library/md.c * library/pem.c * library/ssl_tls.c * @@ -1980,11 +1980,11 @@ * library/rsa.c * library/x509.c * library/x509_create.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c * * This modules translates between OIDs and internal values. */ @@ -2012,9 +2012,9 @@ * Module: library/pem.c * Caller: library/dhm.c * library/pkparse.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -2030,7 +2030,7 @@ * Module: library/pem.c * Caller: library/pkwrite.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -2060,8 +2060,8 @@ * Enable the generic public (asymetric) key parser. * * Module: library/pkparse.c - * Caller: library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * Caller: library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_PK_C * @@ -2152,8 +2152,8 @@ * * Enable the RIPEMD-160 hash algorithm. * - * Module: library/mbedtls_ripemd160.c - * Caller: library/mbedtls_md.c + * Module: library/ripemd160.c + * Caller: library/md.c * */ #define MBEDTLS_RIPEMD160_C @@ -2181,8 +2181,8 @@ * * Enable the SHA1 cryptographic hash algorithm. * - * Module: library/mbedtls_sha1.c - * Caller: library/mbedtls_md.c + * Module: library/sha1.c + * Caller: library/md.c * library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2197,9 +2197,9 @@ * * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. * - * Module: library/mbedtls_sha256.c + * Module: library/sha256.c * Caller: library/entropy.c - * library/mbedtls_md.c + * library/md.c * library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2214,9 +2214,9 @@ * * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. * - * Module: library/mbedtls_sha512.c + * Module: library/sha512.c * Caller: library/entropy.c - * library/mbedtls_md.c + * library/md.c * library/ssl_cli.c * library/ssl_srv.c * @@ -2364,9 +2364,9 @@ * Enable X.509 core for using certificates. * * Module: library/x509.c - * Caller: library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * Caller: library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, * MBEDTLS_PK_PARSE_C @@ -2380,7 +2380,7 @@ * * Enable X.509 certificate parsing. * - * Module: library/mbedtls_x509_crt.c + * Module: library/x509_crt.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2396,8 +2396,8 @@ * * Enable X.509 CRL parsing. * - * Module: library/mbedtls_x509_crl.c - * Caller: library/mbedtls_x509_crt.c + * Module: library/x509_crl.c + * Caller: library/x509_crt.c * * Requires: MBEDTLS_X509_USE_C * @@ -2410,7 +2410,7 @@ * * Enable X.509 Certificate Signing Request (CSR) parsing. * - * Module: library/mbedtls_x509_csr.c + * Module: library/x509_csr.c * Caller: library/x509_crt_write.c * * Requires: MBEDTLS_X509_USE_C From 1903fb312f41ca18be5b7bc458c9ff37163e3fb1 Mon Sep 17 00:00:00 2001 From: Brian J Murray Date: Sun, 6 Nov 2016 04:45:15 -0800 Subject: [PATCH 12/46] Clarify Comments and Fix Typos (#651) Fixes many typos, and errors in comments. * Clarifies many comments * Grammar correction in config.pl help text * Removed comment about MBEDTLS_X509_EXT_NS_CERT_TYPE. * Comment typo fix (Dont => Don't) * Comment typo fix (assure => ensure) * Comment typo fix (byes => bytes) * Added citation for quoted standard * Comment typo fix (one complement => 1's complement) The is some debate about whether to prefer "one's complement", "ones' complement", or "1's complement". The more recent RFCs related to TLS (RFC 6347, RFC 4347, etc) use " 1's complement", so I followed that convention. * Added missing ")" in comment * Comment alignment * Incorrect comment after #endif --- include/mbedtls/rsa.h | 2 +- include/mbedtls/x509.h | 2 +- library/cmac.c | 4 ++-- library/net_sockets.c | 2 +- library/pkparse.c | 12 ++++++------ library/ssl_tls.c | 9 +++++---- library/x509.c | 2 +- scripts/config.pl | 2 +- 8 files changed, 18 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 35185dfda..54653dfdc 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -206,7 +206,7 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rs * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note This function does NOT take care of message - * padding. Also, be sure to set input[0] = 0 or assure that + * padding. Also, be sure to set input[0] = 0 or ensure that * input is smaller than N. * * \note The input and output buffers must be large diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 54dac166b..f219bf128 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -157,7 +157,7 @@ #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) #define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14) -#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */ +#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* * Storage format identifiers diff --git a/library/cmac.c b/library/cmac.c index ee2fe056c..04aca7ce1 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -62,7 +62,7 @@ #if defined(MBEDTLS_SELF_TEST) #include #define mbedtls_printf printf -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C || MBEDTLS_DES_C */ +#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_PLATFORM_C */ /* Implementation that should never be optimized out by the compiler */ @@ -80,7 +80,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { * with R_64 = 0x1B and R_128 = 0x87 * * Input and output MUST NOT point to the same buffer - * Block size must be 8 byes or 16 bytes - the block sizes for DES and AES. + * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES. */ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, diff --git a/library/net_sockets.c b/library/net_sockets.c index cc06cbfad..6a013e979 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -238,7 +238,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char } } - /* I we ever get there, it's a success */ + /* Bind was successful */ ret = 0; break; } diff --git a/library/pkparse.c b/library/pkparse.c index 275429e60..efdf43746 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1187,12 +1187,12 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, #endif /* MBEDTLS_PEM_PARSE_C */ /* - * At this point we only know it's not a PEM formatted key. Could be any - * of the known DER encoded private key formats - * - * We try the different DER format parsers to see if one passes without - * error - */ + * At this point we only know it's not a PEM formatted key. Could be any + * of the known DER encoded private key formats + * + * We try the different DER format parsers to see if one passes without + * error + */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, pwd, pwdlen ) ) == 0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 84a04ae53..121c13526 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3428,7 +3428,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) { - /* Dont check write errors as we can't do anything here. + /* Don't check write errors as we can't do anything here. * If the error is permanent we'll catch it later, * if it's not, then hopefully it'll work next time. */ (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); @@ -6006,8 +6006,9 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot const char **p; /* - * "Empty strings MUST NOT be included and byte strings MUST NOT be - * truncated". Check lengths now rather than later. + * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings + * MUST NOT be truncated." + * We check lengths now rather than later. */ tot_len = 0; for( p = protos; *p != NULL; p++ ) @@ -7585,7 +7586,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, * and, for DTLS, to/from TLS equivalent. * * For TLS this is the identity. - * For DTLS, use one complement (v -> 255 - v, and then map as follows: + * For DTLS, use 1's complement (v -> 255 - v, and then map as follows: * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) */ diff --git a/library/x509.c b/library/x509.c index fad390d85..4df542e42 100644 --- a/library/x509.c +++ b/library/x509.c @@ -661,7 +661,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50 /* * X.509 Extensions (No parsing of extensions, pointer should - * be either manually updated or extensions should be parsed! + * be either manually updated or extensions should be parsed!) */ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag ) diff --git a/scripts/config.pl b/scripts/config.pl index 8921a874a..2757f17fe 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -70,7 +70,7 @@ Options used: $config_file -o | --force - If the symbol isn't present in the configuration - file when setting it's value, a #define is + file when setting its value, a #define is appended to the end of the file. EOU From 3c6b18df3a01f105e875450f858cfa5e573523c0 Mon Sep 17 00:00:00 2001 From: Simon B Date: Thu, 3 Nov 2016 01:11:37 +0000 Subject: [PATCH 13/46] Fix various compiler warnings with MSVC Fixes various compiler warnings found with Microsoft Visual Studio 2015 (and earlier versions). --- library/cmac.c | 13 +++++++------ library/platform.c | 4 ++-- library/x509_crt.c | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 04aca7ce1..0fa5b58f5 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -105,7 +105,7 @@ static int cmac_multiply_by_u( unsigned char *output, return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } - for( i = blocksize - 1; i >= 0; i-- ) + for( i = (int)blocksize - 1; i >= 0; i-- ) { output[i] = input[i] << 1 | overflow; overflow = input[i] >> 7; @@ -209,7 +209,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - if( ( retval = mbedtls_cipher_setkey( ctx, key, keybits, + if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits, MBEDTLS_ENCRYPT ) ) != 0 ) return( retval ); @@ -244,8 +244,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, { mbedtls_cmac_context_t* cmac_ctx; unsigned char *state; - int n, j, ret = 0; - size_t olen, block_size; + int ret = 0; + size_t n, j, olen, block_size; if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || ctx->cmac_ctx == NULL ) @@ -280,8 +280,9 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, /* n is the number of blocks including any final partial block */ n = ( ilen + block_size - 1 ) / block_size; - /* Iterate across the input data in block sized chunks */ - for( j = 0; j < n - 1; j++ ) + /* Iterate across the input data in block sized chunks, excluding any + * final partial or complete block */ + for( j = 1; j < n; j++ ) { cmac_xor_block( state, input, state, block_size ); diff --git a/library/platform.c b/library/platform.c index 2591c45d7..8b336c38e 100644 --- a/library/platform.c +++ b/library/platform.c @@ -237,7 +237,7 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ) } fclose( file ); - return( n ); + return( (int)n ); } int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) @@ -255,7 +255,7 @@ int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) } fclose( file ); - return( n ); + return( (int)n ); } #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 60e14f90e..80af7259c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1122,7 +1122,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) p = filename + len; filename[len++] = '*'; - w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir, + w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, MAX_PATH - 3 ); if( w_ret == 0 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); From 24d9a4cf8dbd25c1b272a5211dcb15a16e6f021e Mon Sep 17 00:00:00 2001 From: Simon B Date: Thu, 3 Nov 2016 01:12:50 +0000 Subject: [PATCH 14/46] Fix config of compiler warning flags with MSVC Compiler warnings were being configured twice and not suppressed on the test suites with Microsoft Visual Studio. --- CMakeLists.txt | 4 +++- tests/CMakeLists.txt | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a7ebfc155..3e47224ea 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -92,7 +92,9 @@ if(CMAKE_COMPILER_IS_CLANG) endif(CMAKE_COMPILER_IS_CLANG) if(MSVC) - set(CMAKE_C_FLAGS_CHECK "/WX") + # Strictest warnings, and treat as errors + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") endif(MSVC) if(CMAKE_BUILD_TYPE STREQUAL "Coverage") diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 21583c40a..bedf21b2e 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -39,7 +39,9 @@ if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) endif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) if(MSVC) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /w") # no warnings here + # If a warning level has been defined, suppress all warnings for test code + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W0") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") endif(MSVC) add_test_suite(aes aes.ecb) From 342889fdbede33769d913933019d399e628ba030 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 2 Nov 2016 10:17:00 +0000 Subject: [PATCH 15/46] Remove unused var warnings in windows unittests --- tests/suites/main_test.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index afff5a482..a7bb41de3 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -261,7 +261,9 @@ int main(int argc, const char *argv[]) char buf[5000]; char *params[50]; void *pointer; +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) int stdout_fd = -1; +#endif /* __unix__ || __APPLE__ __MACH__ */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) From 244d243742260b12a82f0127142d46989bdb7390 Mon Sep 17 00:00:00 2001 From: Jaakko Korhonen Date: Wed, 16 Nov 2016 10:56:30 +0200 Subject: [PATCH 16/46] Fixed typo in README.md Removed an extra e from agreement. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3bae47d6f..f069d9871 100644 --- a/README.md +++ b/README.md @@ -165,7 +165,7 @@ We gratefully accept bug reports and contributions from the community. There are - We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission. - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. -To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreeement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. +To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. ### Making a Contribution From 9510cc1a184ae16700511a91dbbabd5327086c62 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Nov 2016 17:25:58 +0000 Subject: [PATCH 17/46] Make the test builds much stricter for warnings Tighten up the test options in all.sh, test-ref-configs.pl and curves.pl to ensure the builds are strict for all warnings, warnings are treated as errors, and that wherever possible builds are strict to the C99 standard. (Note that builds that use the Unix sockets API cannot be). --- tests/scripts/all.sh | 53 ++++++++++++++++++------------- tests/scripts/curves.pl | 3 +- tests/scripts/test-ref-configs.pl | 16 +++++++--- 3 files changed, 44 insertions(+), 28 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d73c9262d..390ee6118 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -293,16 +293,16 @@ OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min tests/ssl-opt.sh -msg "build: cmake, full config, clang" # ~ 50s +msg "build: cmake, full config, clang, C99" # ~ 50s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check . -make +CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . +CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic' make msg "test: main suites (full config)" # ~ 5s -make test +CFLAGS='-Werror -Wall -Wextra' make test msg "test: ssl-opt.sh default (full config)" # ~ 1s tests/ssl-opt.sh -f Default @@ -322,15 +322,17 @@ tests/scripts/key-exchanges.pl msg "build: Unix make, -Os (gcc)" # ~ 30s cleanup -CC=gcc CFLAGS='-Werror -Os' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' make -# this is meant to cath missing #define mbedtls_printf etc -# disable fsio to catch some more missing #include -msg "build: full config except platform/fsio, make, gcc" # ~ 30s +# Full configuration build, without platform support, file IO and net sockets. +# This should catch missing mbedtls_printf definitions, and by disabling file +# IO, it should catch missing '#include ' +msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_PLATFORM_C +scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT @@ -340,7 +342,8 @@ scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_FS_IO -CC=gcc CFLAGS='-Werror -O0' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0' make lib programs +CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make test # catch compile bugs in _uninit functions msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s @@ -349,29 +352,31 @@ cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -CC=gcc CFLAGS='-Werror -O0' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_SRV_C -CC=gcc CFLAGS='-Werror -O0' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C -CC=gcc CFLAGS='-Werror -O0' make +CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make +# Note, C99 compliance can also be tested with the sockets support disabled, +# as that requires a POSIX platform (which isn't the same as C99). msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux -CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib +CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' make lib msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" cleanup @@ -397,7 +402,7 @@ fi if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup -CC=gcc CFLAGS='-Werror -m32' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s @@ -415,7 +420,7 @@ scripts/config.pl unset MBEDTLS_THREADING_PTHREAD scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS=-Werror make lib +CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib msg "build: armcc, make" cleanup @@ -436,15 +441,19 @@ scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME -CC=armcc AR=armar WARNING_CFLAGS= make lib +CC=armcc AR=armar WARNING_CFLAGS='--strict --c99' make lib if which i686-w64-mingw32-gcc >/dev/null; then -msg "build: cross-mingw64, make" # ~ 30s -cleanup -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS=-Werror WINDOWS_BUILD=1 make -WINDOWS_BUILD=1 make clean -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS=-Werror WINDOWS_BUILD=1 SHARED=1 make -WINDOWS_BUILD=1 make clean + msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s + cleanup + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make test + WINDOWS_BUILD=1 make clean + + msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS'=-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS'=-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make test + WINDOWS_BUILD=1 make clean fi # MemSan currently only available on Linux 64 bits diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index 85eb7e651..bd13f52cc 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -49,7 +49,8 @@ for my $curve (@curves) { system( "scripts/config.pl unset $curve" ) and abort "Failed to disable $curve\n"; - system( "make lib" ) and abort "Failed to build lib: $curve\n"; + system( "CFLAGS='-Werror -Wall -Wextra' make lib" ) + and abort "Failed to build lib: $curve\n"; system( "cd tests && make" ) and abort "Failed to build tests: $curve\n"; system( "make test" ) and abort "Failed test suite: $curve\n"; diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 8f4738cb4..a9a89f1ce 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -1,9 +1,15 @@ #!/usr/bin/perl -# test standard configurations: -# - build -# - run test suite -# - run compat.sh +# test-ref-configs.pl +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2013-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# For each reference configuration file in the configs directory, build the +# configuration, run the test suites and compat.sh # # Usage: tests/scripts/test-ref-configs.pl [config-name [...]] @@ -63,7 +69,7 @@ while( my ($conf, $data) = each %configs ) { system( "cp configs/$conf $config_h" ) and abort "Failed to activate $conf\n"; - system( "make CFLAGS='-Os -Werror'" ) and abort "Failed to build: $conf\n"; + system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n"; system( "make test" ) and abort "Failed test suite: $conf\n"; my $compat = $data->{'compat'}; From 36540ff741b12206654862a4242cb835a4b7190f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Nov 2016 17:28:55 +0000 Subject: [PATCH 18/46] Fix compiler warning in debug.c --- library/debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/debug.c b/library/debug.c index a9cd814be..f9229b360 100644 --- a/library/debug.c +++ b/library/debug.c @@ -71,7 +71,7 @@ static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level, */ #if defined(MBEDTLS_THREADING_C) char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */ - mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", ssl, str ); + mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str ); ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr ); #else ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str ); From e4ac5428f34493b2ef7b5b773469a664f45217fd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Nov 2016 17:30:18 +0000 Subject: [PATCH 19/46] Fix formatting issues in net_sockets.c --- library/net_sockets.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 6a013e979..80be6ec6a 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -133,7 +133,8 @@ void mbedtls_net_init( mbedtls_net_context *ctx ) /* * Initiate a TCP connection with host:port and the given protocol */ -int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ) +int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, + const char *port, int proto ) { int ret; struct addrinfo hints, *addr_list, *cur; @@ -322,7 +323,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, { /* TCP: actual accept() */ ret = client_ctx->fd = (int) accept( bind_ctx->fd, - (struct sockaddr *) &client_addr, &n ); + (struct sockaddr *) &client_addr, &n ); } else { From 4ae4fdcd99b698872fd9b0f47f04027a80d7eff4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 17 Nov 2016 09:20:50 +0000 Subject: [PATCH 20/46] Fix mingw test build to avoid executing the tests Changed the mingw build target to avoid building mingw test suites and then attempting to run them which was failing on Linux. --- tests/scripts/all.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 390ee6118..2113a2740 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -447,12 +447,14 @@ if which i686-w64-mingw32-gcc >/dev/null; then msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make test + + # note Make tests only builds the tests, but doesn't run them + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make tests WINDOWS_BUILD=1 make clean msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS'=-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS'=-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make test + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make tests WINDOWS_BUILD=1 make clean fi From 1e6f5ac127a42ac20d0c8bc3e197f9b15b1589dc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 17 Nov 2016 09:27:45 +0000 Subject: [PATCH 21/46] Make mingw test build a requirement of all.sh Changed the mingw test build to be a required test of the all.sh script. --- tests/scripts/all.sh | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2113a2740..2d5afc9dc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -217,7 +217,7 @@ export GNUTLS_SERV="$GNUTLS_SERV" # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "armcc" + "arm-none-eabi-gcc" "armcc" "i686-w64-mingw32-gcc" # # Test Suites to be executed @@ -443,20 +443,18 @@ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC=armcc AR=armar WARNING_CFLAGS='--strict --c99' make lib -if which i686-w64-mingw32-gcc >/dev/null; then - msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s - cleanup - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs +msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s +cleanup +CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs - # note Make tests only builds the tests, but doesn't run them - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make tests - WINDOWS_BUILD=1 make clean +# note Make tests only builds the tests, but doesn't run them +CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make tests +WINDOWS_BUILD=1 make clean - msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make tests - WINDOWS_BUILD=1 make clean -fi +msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s +CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs +CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make tests +WINDOWS_BUILD=1 make clean # MemSan currently only available on Linux 64 bits if uname -a | grep 'Linux.*x86_64' >/dev/null; then From d49a142c6fbb4e22bbb968f75e8616e3f4e7c60a Mon Sep 17 00:00:00 2001 From: DSiekmeier Date: Thu, 13 Oct 2016 08:08:13 +0200 Subject: [PATCH 22/46] removed outdated comment --- include/mbedtls/ssl.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ba499d2bd..2c021900b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2513,7 +2513,6 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ); * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS * \param preset a MBEDTLS_SSL_PRESET_XXX value - * (currently unused). * * \note See \c mbedtls_ssl_conf_transport() for notes on DTLS. * From 8477d37ee62a3fc700f61624200a493d81efe057 Mon Sep 17 00:00:00 2001 From: Simon B Date: Sat, 12 Nov 2016 22:34:10 +0000 Subject: [PATCH 23/46] Remove need for elevated command line in Windows Changes use of mklink in Windows test builds, to create junctions instead of directory symbolic links. This removes the need for an elevated command prompt when running cmake to create the Visual Studio project files. --- tests/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index bedf21b2e..dc2797968 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -115,7 +115,7 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) if (CMAKE_HOST_UNIX) set(command ln -s ${target} ${link}) else() - set(command cmd.exe /c mklink /d ${link} ${target}) + set(command cmd.exe /c mklink /j ${link} ${target}) endif() execute_process(COMMAND ${command} From d15423446bcea9d1f92e7a365d776b4eb02bfa51 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 7 Dec 2016 10:25:19 +0000 Subject: [PATCH 24/46] Fix redefinition of macro ssl_set_bio Fix redefinition of macro ssl_set_bio to undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h. --- ChangeLog | 2 ++ include/mbedtls/compat-1.3.h | 1 - scripts/data_files/rename-1.3-2.0.txt | 1 - 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index e0c74e677..5c580b00d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx Bugfix + * Fix redefinition of macro ssl_set_bio to undefined symbol + mbedtls_ssl_set_bio_timeout in compat-1.3.h. #673 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h index 27abbd972..af51b5f82 100644 --- a/include/mbedtls/compat-1.3.h +++ b/include/mbedtls/compat-1.3.h @@ -2453,7 +2453,6 @@ #define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support #define ssl_set_authmode mbedtls_ssl_conf_authmode #define ssl_set_bio mbedtls_ssl_set_bio -#define ssl_set_bio mbedtls_ssl_set_bio_timeout #define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain #define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting #define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites diff --git a/scripts/data_files/rename-1.3-2.0.txt b/scripts/data_files/rename-1.3-2.0.txt index 397f6beae..cb3381ab8 100644 --- a/scripts/data_files/rename-1.3-2.0.txt +++ b/scripts/data_files/rename-1.3-2.0.txt @@ -1996,7 +1996,6 @@ ssl_set_alpn_protocols mbedtls_ssl_conf_alpn_protocols ssl_set_arc4_support mbedtls_ssl_conf_arc4_support ssl_set_authmode mbedtls_ssl_conf_authmode ssl_set_bio mbedtls_ssl_set_bio -ssl_set_bio_timeout mbedtls_ssl_set_bio_timeout ssl_set_ca_chain mbedtls_ssl_conf_ca_chain ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites From c0db511820b3ea936fa431eb100ecd7605b95f83 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 7 Dec 2016 15:05:53 +0000 Subject: [PATCH 25/46] Fix unused variable/function compilation warnings This PR fixes a number of unused variable/function compilation warnings that arise when using a config.h that does not define the macro MBEDTLS_PEM_PARSE_C. --- ChangeLog | 3 +++ library/pem.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5c580b00d..e7abf556a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fix redefinition of macro ssl_set_bio to undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h. #673 + * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and + x509_csr.c that are reported when building mbed TLS with a config.h that + does not define MBEDTLS_PEM_PARSE_C. #562 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. diff --git a/library/pem.c b/library/pem.c index d1c660412..8dd86a4ac 100644 --- a/library/pem.c +++ b/library/pem.c @@ -44,12 +44,12 @@ #define mbedtls_free free #endif +#if defined(MBEDTLS_PEM_PARSE_C) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if defined(MBEDTLS_PEM_PARSE_C) void mbedtls_pem_init( mbedtls_pem_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_pem_context ) ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 80af7259c..056dc16fe 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -969,8 +969,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu */ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { - int success = 0, first_error = 0, total_failed = 0; #if defined(MBEDTLS_PEM_PARSE_C) + int success = 0, first_error = 0, total_failed = 0; int buf_format = MBEDTLS_X509_FORMAT_DER; #endif diff --git a/library/x509_csr.c b/library/x509_csr.c index 603d06b64..f92b66c58 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -265,8 +265,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, */ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) { - int ret; #if defined(MBEDTLS_PEM_PARSE_C) + int ret; size_t use_len; mbedtls_pem_context pem; #endif From 5da3a6f92f10b9ea91a9e428687aef253f44effb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 13 Dec 2016 11:51:04 +0000 Subject: [PATCH 26/46] Update CMAC test vectors. --- ChangeLog | 7 ++ library/cmac.c | 224 +++++++++++++++++++++++++++++-------------------- 2 files changed, 139 insertions(+), 92 deletions(-) diff --git a/ChangeLog b/ChangeLog index e7abf556a..f77cbba3b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,13 @@ Bugfix the input string in PEM format to extract the different components. Found by Eyal Itkin. += mbed TLS 2.4.x branch released 2016-xx-xx + +Changes + * Update to CMAC test data, taken from - NIST Special Publication 800-38B - + Recommendation for Block Cipher Modes of Operation: The CMAC Mode for + Authentication – October 2016 + = mbed TLS 2.4.0 branch released 2016-10-17 Security diff --git a/library/cmac.c b/library/cmac.c index 0fa5b58f5..b2fe713a0 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -26,7 +26,7 @@ * * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The * CMAC Mode for Authentication - * http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf + * http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf * * - RFC 4493 - The AES-CMAC Algorithm * https://tools.ietf.org/html/rfc4493 @@ -470,8 +470,9 @@ exit: #if defined(MBEDTLS_SELF_TEST) /* - * CMAC test data from SP800-38B Appendix D.1 (corrected) - * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf + * CMAC test data for SP800-38B + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CMAC.pdf + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/TDES_CMAC.pdf * * AES-CMAC-PRF-128 test data from RFC 4615 * https://tools.ietf.org/html/rfc4615#page-4 @@ -483,128 +484,148 @@ exit: #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) /* All CMAC test inputs are truncated from the same 64 byte buffer. */ static const unsigned char test_message[] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, - 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, - 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 + /* PT */ + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; #endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) /* Truncation point of message for AES CMAC tests */ static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { + /* Mlen */ 0, 16, - 40, + 20, 64 }; -/* AES 128 CMAC Test Data */ +/* CMAC-AES128 Test Data */ static const unsigned char aes_128_key[16] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, - 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde + /* K1 */ + 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, + 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde }, { - 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, - 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b + /* K2 */ + 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, + 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b } }; static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, - 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 + /* Example #1 */ + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }, { - 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, - 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + /* Example #2 */ + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }, { - 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, - 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 + /* Example #3 */ + 0x7d, 0x85, 0x44, 0x9e, 0xa6, 0xea, 0x19, 0xc8, + 0x23, 0xa7, 0xbf, 0x78, 0x83, 0x7d, 0xfa, 0xde }, { - 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, - 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe + /* Example #4 */ + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } }; -/* AES 192 CMAC Test Data */ +/* CMAC-AES192 Test Data */ static const unsigned char aes_192_key[24] = { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b }; static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { - 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, - 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 + /* K1 */ + 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, + 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 }, { - 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, - 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c + /* K2 */ + 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, + 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c } }; static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, - 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 + /* Example #1 */ + 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, + 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 }, { - 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, - 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 + /* Example #2 */ + 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, + 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 }, { - 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, - 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e + /* Example #3 */ + 0x3d, 0x75, 0xc1, 0x94, 0xed, 0x96, 0x07, 0x04, + 0x44, 0xa9, 0xfa, 0x7e, 0xc7, 0x40, 0xec, 0xf8 }, { - 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, - 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 + /* Example #4 */ + 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, + 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 } }; -/* AES 256 CMAC Test Data */ +/* CMAC-AES256 Test Data */ static const unsigned char aes_256_key[32] = { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 }; static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, - 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f + /* K1 */ + 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, + 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f }, { - 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, - 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 + /* K2 */ + 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, + 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 } }; static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { - 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, - 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 + /* Example #1 */ + 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, + 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 }, { - 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, - 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c + /* Example #2 */ + 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, + 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c }, { - 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, - 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6 + /* Example #3 */ + 0x15, 0x67, 0x27, 0xdc, 0x08, 0x78, 0x94, 0x4a, + 0x02, 0x3c, 0x1f, 0xe0, 0x3b, 0xad, 0x6d, 0x93 }, { - 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, - 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 + /* Example #4 */ + 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, + 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 } }; #endif /* MBEDTLS_AES_C */ @@ -613,66 +634,84 @@ static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTL /* Truncation point of message for 3DES CMAC tests */ static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { 0, - 8, + 16, 20, 32 }; -/* 3DES 2 Key CMAC Test Data */ +/* CMAC-TDES (Generation) - 2 Key Test Data */ static const unsigned char des3_2key_key[24] = { - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, - 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 + /* Key1 */ + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + /* Key2 */ + 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xEF, 0x01, + /* Key3 */ + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static const unsigned char des3_2key_subkeys[2][8] = { { - 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef + /* K1 */ + 0x0d, 0xd2, 0xcb, 0x7a, 0x3d, 0x88, 0x88, 0xd9 }, { - 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 + /* K2 */ + 0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2 } }; static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { { - 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 + /* Sample #1 */ + 0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60 }, { - 0x4f, 0xf2, 0xab, 0x81, 0x3c, 0x53, 0xce, 0x83 + /* Sample #2 */ + 0xcc, 0x18, 0xa0, 0xb7, 0x9a, 0xf2, 0x41, 0x3b }, { - 0x62, 0xdd, 0x1b, 0x47, 0x19, 0x02, 0xbd, 0x4e + /* Sample #3 */ + 0xc0, 0x6d, 0x37, 0x7e, 0xcd, 0x10, 0x19, 0x69 }, { - 0x31, 0xb1, 0xe4, 0x31, 0xda, 0xbc, 0x4e, 0xb8 + /* Sample #4 */ + 0x9c, 0xd3, 0x35, 0x80, 0xf9, 0xb6, 0x4d, 0xfb } }; -/* 3DES 3 Key CMAC Test Data */ +/* CMAC-TDES (Generation) - 3 Key Test Data */ static const unsigned char des3_3key_key[24] = { - 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, - 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, - 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 + /* Key1 */ + 0x01, 0x23, 0x45, 0x67, 0x89, 0xaa, 0xcd, 0xef, + /* Key2 */ + 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, + /* Key3 */ + 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23 }; static const unsigned char des3_3key_subkeys[2][8] = { { - 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f + /* K1 */ + 0x9d, 0x74, 0xe7, 0x39, 0x33, 0x17, 0x96, 0xc0 }, { - 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 + /* K2 */ + 0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b } }; static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { { - 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 + /* Sample #1 */ + 0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50 }, { - 0x8e, 0x8f, 0x29, 0x31, 0x36, 0x28, 0x37, 0x97 + /* Sample #2 */ + 0x30, 0x23, 0x9c, 0xf1, 0xf5, 0x2e, 0x66, 0x09 }, { - 0x74, 0x3d, 0xdb, 0xe0, 0xce, 0x2d, 0xc2, 0xed + /* Sample #3 */ + 0x6c, 0x9f, 0x3e, 0xe4, 0x92, 0x3f, 0x6b, 0xe2 }, { - 0x33, 0xe6, 0xb1, 0x09, 0x24, 0x00, 0xea, 0xe5 + /* Sample #4 */ + 0x99, 0x42, 0x9b, 0xd0, 0xbF, 0x79, 0x04, 0xe5 } }; @@ -681,8 +720,9 @@ static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBED #if defined(MBEDTLS_AES_C) /* AES AES-CMAC-PRF-128 Test Data */ static const unsigned char PRFK[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + /* Key */ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xed, 0xcb }; @@ -693,25 +733,25 @@ static const size_t PRFKlen[NB_PRF_TESTS] = { 10 }; -/* PRF M */ +/* Message */ static const unsigned char PRFM[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 }; static const unsigned char PRFT[NB_PRF_TESTS][16] = { { - 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, - 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a + 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, + 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a }, { - 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, - 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d + 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, + 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d }, { - 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, - 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d + 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, + 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d } }; #endif /* MBEDTLS_AES_C */ From 4c006cdb1c97cf1d560756e4d3f29b70650c474b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 13 Dec 2016 14:14:03 +0000 Subject: [PATCH 27/46] Update library version number to 2.4.1 --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index f77cbba3b..eb729a3a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,7 +12,7 @@ Bugfix the input string in PEM format to extract the different components. Found by Eyal Itkin. -= mbed TLS 2.4.x branch released 2016-xx-xx += mbed TLS 2.4.1 branch released 2016-12-13 Changes * Update to CMAC test data, taken from - NIST Special Publication 800-38B - diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index f2fcc8b04..079416712 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -21,7 +21,7 @@ */ /** - * @mainpage mbed TLS v2.4.0 source code documentation + * @mainpage mbed TLS v2.4.1 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 344be8c79..e58794e0f 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.4.0" +PROJECT_NAME = "mbed TLS v2.4.1" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 6c0cc9b08..327034630 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,16 +39,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 4 -#define MBEDTLS_VERSION_PATCH 0 +#define MBEDTLS_VERSION_PATCH 1 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02040000 -#define MBEDTLS_VERSION_STRING "2.4.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.0" +#define MBEDTLS_VERSION_NUMBER 0x02040100 +#define MBEDTLS_VERSION_STRING "2.4.1" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.1" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 6eb11f203..8882ddf6a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -140,15 +140,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.4.0 SOVERSION 0) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.4.1 SOVERSION 0) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.4.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.4.1 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.4.0 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.4.1 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 52f09edae..22e608f80 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.4.0" +check_compiletime_version:"2.4.1" Check runtime library version -check_runtime_version:"2.4.0" +check_runtime_version:"2.4.1" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 880420adf0868d92cf16f4a5c4fb8cbe3465e7bd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 14 Dec 2016 15:27:22 +0000 Subject: [PATCH 28/46] Clarify CMAC API Added additional text to cmac.h to make the API clearer. --- include/mbedtls/cmac.h | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 75e0b97c4..9a2b96bc9 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -58,9 +58,13 @@ struct mbedtls_cmac_context_t /** * \brief Set the CMAC key and prepare to authenticate the input * data. - * Should be called with an initialised cipher context. + * Should be called with an initialized cipher context. * - * \param ctx Cipher context + * \param ctx Cipher context. This should be a cipher context, + * initialized to be one of the following types: + * MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB, + * MBEDTLS_CIPHER_AES_256_ECB or + * MBEDTLS_CIPHER_DES_EDE3_ECB. * \param key CMAC key * \param keybits length of the CMAC key in bits * (must be acceptable by the cipher) @@ -115,7 +119,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); /** - * \brief Output = Generic_CMAC( hmac key, input buffer ) + * \brief Output = Generic_CMAC( cmac key, input buffer ) * * \param cipher_info message digest info * \param key CMAC key From 9e3fba09fdcc209b79438a52c6731b3c897dc042 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 27 Sep 2016 15:05:15 +0100 Subject: [PATCH 29/46] Add ARM Compiler 6 build tests to all.sh --- scripts/output_env.sh | 27 +++++++++++++++++++++++---- tests/scripts/all.sh | 41 +++++++++++++++++++++++++++++++++++++---- 2 files changed, 60 insertions(+), 8 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 441fe18fb..fc3f66645 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -22,11 +22,30 @@ echo "* Operating system and architecture:" uname -a echo -if `hash armcc > /dev/null 2>&1`; then - echo "* armcc:" - armcc --vsn | head -n 2 +if [ -n "${ARMC5_CC+set}" ]; then + if `hash "$ARMC5_CC" > /dev/null 2>&1`; then + echo "* $ARMC5_CC at environment variable 'ARMC5_CC':" + $ARMC5_CC --vsn | head -n 2 + else + echo "* $ARMC5_CC at environment variable 'ARMC5_CC' not found!" + fi else - echo "* armcc not found!" + if `hash armcc > /dev/null 2>&1`; then + echo "* armcc:" + armcc --vsn | head -n 2 + else + echo "* armcc not found!" + fi +fi + +if [ -n "${ARMC6_CC+set}" ]; then + echo + if `hash "$ARMC6_CC" > /dev/null 2>&1`; then + echo "* $ARMC6_CC at environment variable 'ARMC6_CC':" + $ARMC6_CC --vsn | head -n 2 + else + echo "* $ARMC6_CC at environment variable 'ARMC6_CC' not found!" + fi fi echo diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2d5afc9dc..bd8d6d34f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -45,6 +45,8 @@ RELEASE=0 : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} +: ${ARMC5_BIN_DIR:=/usr/bin} +: ${ARMC6_BIN_DIR:=/usr/bin} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -n "${MAKEFLAGS+set}" ]; then @@ -66,6 +68,8 @@ usage() printf " --gnutls-serv=\t\tPath to GnuTLS server executable to use for most tests.\n" printf " --gnutls-legacy-cli=\t\tPath to GnuTLS client executable to use for legacy tests.\n" printf " --gnutls-legacy-serv=\t\tPath to GnuTLS server executable to use for legacy tests.\n" + printf " --armc5-bin-dir=\t\tPath to the ARM Compiler 5 bin directory.\n" + printf " --armc6-bin-dir=\t\tPath to the ARM Compiler 6 bin directory.\n" } # remove built files as well as the cmake cache/config @@ -152,6 +156,14 @@ while [ $# -gt 0 ]; do shift GNUTLS_LEGACY_SERV="$1" ;; + --armc5-bin-dir) + shift + ARMC5_BIN_DIR="$1" + ;; + --armc6-bin-dir) + shift + ARMC6_BIN_DIR="$1" + ;; --help|-h|*) usage exit 1 @@ -204,6 +216,13 @@ echo "GNUTLS_CLI: $GNUTLS_CLI" echo "GNUTLS_SERV: $GNUTLS_SERV" echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" +echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" +echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" + +ARMC5_CC="$ARMC5_BIN_DIR/armcc" +ARMC5_AR="$ARMC5_BIN_DIR/armar" +ARMC6_CC="$ARMC6_BIN_DIR/armclang" +ARMC6_AR="$ARMC6_BIN_DIR/armar" # To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh # we just export the variables they require @@ -217,7 +236,8 @@ export GNUTLS_SERV="$GNUTLS_SERV" # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "armcc" "i686-w64-mingw32-gcc" + "arm-none-eabi-gcc" "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" \ + "i686-w64-mingw32-gcc" # # Test Suites to be executed @@ -233,7 +253,8 @@ check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ msg "info: output_env.sh" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ - GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" scripts/output_env.sh + GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \ + ARMC6_CC="$ARMC6_CC" scripts/output_env.sh msg "test: recursion.pl" # < 1s tests/scripts/recursion.pl library/*.c @@ -422,7 +443,7 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib -msg "build: armcc, make" +msg "build: ARM Compiler 5, make" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full @@ -441,7 +462,19 @@ scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME -CC=armcc AR=armar WARNING_CFLAGS='--strict --c99' make lib + +CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib +make clean + +msg "build: ARM Compiler 6 (arm-arm-none-eabi), make" +ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" \ + CFLAGS="--target=arm-arm-none-eabi" WARNING_CFLAGS= make lib +make clean + +msg "build: ARM Compiler 6 (aarch64-arm-none-eabi), make" +ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" \ + CFLAGS="--target=aarch64-arm-none-eabi" WARNING_CFLAGS= make lib +make clean msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup From 7f08d7a35a1eca0a929b1badb39b251e47694271 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 4 Oct 2016 17:14:38 +0100 Subject: [PATCH 30/46] Modify output_env.sh to make it extensible --- scripts/output_env.sh | 183 +++++++++++++----------------------------- tests/scripts/all.sh | 2 +- 2 files changed, 56 insertions(+), 129 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index fc3f66645..1afaac33e 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -1,5 +1,5 @@ -#!/bin/sh -# +#! /usr/bin/env sh + # output_env.sh # # This file is part of mbed TLS (https://tls.mbed.org) @@ -17,163 +17,92 @@ # - version of libc, clang, asan and valgrind if installed # - version of gnuTLS and OpenSSL -echo -echo "* Operating system and architecture:" -uname -a +print_version() +{ + BIN="$1" + shift + ARGS="$1" + shift + FAIL_MSG="$1" + shift -echo -if [ -n "${ARMC5_CC+set}" ]; then - if `hash "$ARMC5_CC" > /dev/null 2>&1`; then - echo "* $ARMC5_CC at environment variable 'ARMC5_CC':" - $ARMC5_CC --vsn | head -n 2 - else - echo "* $ARMC5_CC at environment variable 'ARMC5_CC' not found!" + if ! `type "$BIN" > /dev/null 2>&1`; then + echo "* $FAIL_MSG" + return 0 fi -else - if `hash armcc > /dev/null 2>&1`; then - echo "* armcc:" - armcc --vsn | head -n 2 - else - echo "* armcc not found!" - fi -fi -if [ -n "${ARMC6_CC+set}" ]; then - echo - if `hash "$ARMC6_CC" > /dev/null 2>&1`; then - echo "* $ARMC6_CC at environment variable 'ARMC6_CC':" - $ARMC6_CC --vsn | head -n 2 - else - echo "* $ARMC6_CC at environment variable 'ARMC6_CC' not found!" - fi -fi + BIN=`which "$BIN"` + VERSION_STR=`$BIN $ARGS 2>&1` + # Apply all filters + while [ $# -gt 0 ]; do + FILTER="$1" + shift + VERSION_STR=`echo "$VERSION_STR" | $FILTER` + done + + echo "* ${BIN##*/}: $BIN: $VERSION_STR" +} + +print_version "uname" "-a" "" echo -if `hash arm-none-eabi-gcc > /dev/null 2>&1`; then - echo "* gcc-arm:" - arm-none-eabi-gcc --version | head -n 1 -else - echo "* gcc-arm not found!" -fi +: ${ARMC5_CC:=armcc} +print_version "$ARMC5_CC" "--vsn" "armcc not found!" "head -n 2" echo -if `hash gcc > /dev/null 2>&1`; then - echo "* gcc:" - gcc --version | head -n 1 -else - echo "* gcc not found!" -fi +: ${ARMC6_CC:=armclang} +print_version "$ARMC6_CC" "--vsn" "armclang not found!" "head -n 2" echo -if `hash clang > /dev/null 2>&1`; then - echo "* clang:" - clang --version | head -n 2 - clang -v 2>&1 | grep Selected -else - echo "* clang not found!" -fi +print_version "arm-none-eabi-gcc" "--version" "gcc-arm not found!" "head -n 1" echo -if `hash ldd > /dev/null 2>&1`; then - echo "* libc:" - ldd --version | head -n 1 -else - echo "* No ldd present: can't determine libc version!" -fi +print_version "gcc" "--version" "gcc not found!" "head -n 1" echo -if `hash valgrind > /dev/null 2>&1`; then - echo "* valgrind:" - valgrind --version -else - echo "* valgrind not found!" -fi +print_version "clang" "--version" "clang not found" "head -n 2" echo -if `hash openssl > /dev/null 2>&1`; then - echo "* openssl:" - openssl version -else - echo "* openssl not found!" -fi -if [ -n "${OPENSSL+set}" ]; then - echo - if `hash "$OPENSSL" > /dev/null 2>&1`; then - echo "* $OPENSSL at environment variable 'OPENSSL':" - $OPENSSL version - else - echo "* $OPENSSL at environment variable 'OPENSSL' not found!" - fi -fi +print_version "ldd" "--version" \ + "No ldd present: can't determine libc version!" \ + "head -n 1" +echo + +print_version "valgrind" "--version" "valgrind not found!" +echo + +: ${OPENSSL:=openssl} +print_version "$OPENSSL" "version" "openssl not found!" +echo if [ -n "${OPENSSL_LEGACY+set}" ]; then + print_version "$OPENSSL_LEGACY" "version" "openssl legacy version not found!" echo - if `hash "$OPENSSL_LEGACY" > /dev/null 2>&1`; then - echo "* $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY':" - $OPENSSL_LEGACY version - else - echo "* $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY' not found!" - fi fi +: ${GNUTLS_CLI:=gnutls-cli} +print_version "$GNUTLS_CLI" "--version" "gnuTLS client not found!" "head -n 1" echo -if `hash gnutls-cli > /dev/null 2>&1`; then - echo "* gnuTLS client:" - gnutls-cli --version | head -n 1 -else - echo "* gnuTLS client not found!" -fi +: ${GNUTLS_SERV:=gnutls-serv} +print_version "$GNUTLS_SERV" "--version" "gnuTLS server not found!" "head -n 1" echo -if `hash gnutls-serv > /dev/null 2>&1`; then - echo "* gnuTLS server:" - gnutls-serv --version | head -n 1 -else - echo "* gnuTLS server not found!" -fi - -if [ -n "${GNUTLS_CLI+set}" ]; then - echo - if `hash "$GNUTLS_CLI" > /dev/null 2>&1`; then - echo "* $GNUTLS_CLI at environment variable 'GNUTLS_CLI':" - $GNUTLS_CLI --version | head -n 1 - else - echo "* $GNUTLS_CLI at environment variable 'GNUTLS_CLI' not found!" - fi -fi - -if [ -n "${GNUTLS_SERV+set}" ]; then - echo - if `hash "$GNUTLS_SERV" > /dev/null 2>&1`; then - echo "* $GNUTLS_SERV at environment variable 'GNUTLS_SERV':" - $GNUTLS_SERV --version | head -n 1 - else - echo "* $GNUTLS_SERV at environment variable 'GNUTLS_SERV' not found!" - fi -fi if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then + print_version "$GNUTLS_LEGACY_CLI" "--version" \ + "gnuTLS client legacy version not found!" \ + "head -n 1" echo - if `hash "$GNUTLS_LEGACY_CLI" > /dev/null 2>&1`; then - echo "* $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI':" - $GNUTLS_LEGACY_CLI --version | head -n 1 - else - echo "* $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI' not found!" - fi fi if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then + print_version "$GNUTLS_LEGACY_SERV" "--version" \ + "gnuTLS server legacy version not found!" \ + "head -n 1" echo - if `hash "$GNUTLS_LEGACY_SERV" > /dev/null 2>&1`; then - echo "* $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV':" - $GNUTLS_LEGACY_SERV --version | head -n 1 - else - echo "* $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV' not found!" - fi fi -echo if `hash dpkg > /dev/null 2>&1`; then echo "* asan:" dpkg -s libasan2 2> /dev/null | grep -i version @@ -182,6 +111,4 @@ if `hash dpkg > /dev/null 2>&1`; then else echo "* No dpkg present: can't determine asan version!" fi - echo - diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bd8d6d34f..e16c1b5f9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#! /usr/bin/env sh # all.sh # From 0911f0880c2e70dda3ad8700ffb29d82f7e3b2e1 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 17 Oct 2016 15:23:10 +0100 Subject: [PATCH 31/46] Add -march argument to armc6 build tests --- tests/scripts/all.sh | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e16c1b5f9..769cbd2ea 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -98,6 +98,16 @@ msg() echo "******************************************************************" } +armc6_build_test() +{ + FLAGS="$1" + + msg "build: ARM Compiler 6 ($FLAGS), make" + ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ + WARNING_CFLAGS= make lib + make clean +} + err_msg() { echo "$1" >&2 @@ -466,15 +476,11 @@ scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib make clean -msg "build: ARM Compiler 6 (arm-arm-none-eabi), make" -ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" \ - CFLAGS="--target=arm-arm-none-eabi" WARNING_CFLAGS= make lib -make clean - -msg "build: ARM Compiler 6 (aarch64-arm-none-eabi), make" -ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" \ - CFLAGS="--target=aarch64-arm-none-eabi" WARNING_CFLAGS= make lib -make clean +armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" +armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" +armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" +armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" +armc6_build_test "--target=aarch64-arm-none-eabi" msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup From 53716395b279c51f51114de7f736e3ce06264437 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 5 Jan 2017 16:20:56 +0000 Subject: [PATCH 32/46] Clarify use of armcc in all.sh --- tests/scripts/all.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 769cbd2ea..70c2897ba 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -283,6 +283,8 @@ msg "test: doxygen warnings" # ~ 3s cleanup tests/scripts/doxygen.sh +# Note - use of yotta is deprecated, and yotta also requires armcc to be on the +# path, and uses whatever version of armcc it finds there. msg "build: create and build yotta module" # ~ 30s cleanup tests/scripts/yotta-build.sh From ba6aa63578521634f4687044ddedb64d528de0fd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 6 Jan 2017 16:14:44 +0000 Subject: [PATCH 33/46] Fix all.sh test builds with recent glibc and clang Fixes strict C99 builds in all.sh with glibc version >2.19 where platform support wasn't being compiled in automatically. Also fixes C99 syntax with armclang. --- tests/scripts/all.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 70c2897ba..9e201ad0a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -104,7 +104,7 @@ armc6_build_test() msg "build: ARM Compiler 6 ($FLAGS), make" ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ - WARNING_CFLAGS= make lib + WARNING_CFLAGS='-xc -std=c99' make lib make clean } @@ -375,7 +375,9 @@ scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_FS_IO -CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0' make lib programs +# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, +# to re-enable platform integration features otherwise disabled in C99 builds +CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' make lib programs CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make test # catch compile bugs in _uninit functions From 747fceb78536d0e205085e04e5f4aa5158e702b5 Mon Sep 17 00:00:00 2001 From: Jaakko Korhonen Date: Mon, 9 Jan 2017 11:07:46 +0200 Subject: [PATCH 34/46] Fixed typo in ssl.h --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2c021900b..1a6c9cc60 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1146,7 +1146,7 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) * * \note See the documentation of \c mbedtls_ssl_set_timer_t and * \c mbedtls_ssl_get_timer_t for the conventions this pair of - * callbacks must fallow. + * callbacks must follow. * * \note On some platforms, timing.c provides * \c mbedtls_timing_set_delay() and From 2196c7f81cf9b7903def3c7d34d0bcfc11cf286e Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 15 Dec 2016 17:01:16 +0000 Subject: [PATCH 35/46] Fix renegotiation at incorrect times in DTLS Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared 64 bits of record counter instead of 48 bits as described in RFC 6347 Section 4.3.1. This would cause the function's return value to be occasionally incorrect and the renegotiation routines to be triggered at unexpected times. --- ChangeLog | 5 +++++ include/mbedtls/ssl.h | 6 ++++-- library/ssl_tls.c | 16 ++++++++++++---- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index eb729a3a0..9fcebc7d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,11 @@ Bugfix * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define MBEDTLS_PEM_PARSE_C. #562 + * Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that + would compare 64 bits of the record counter instead of 48 bits as indicated + in RFC 6347 Section 4.3.1. This could cause the execution of the + renegotiation routines at unexpected times when the protocol is DTLS. Found + by wariua. #687 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1a6c9cc60..8042693d0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2183,7 +2183,7 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ /** * \brief Set record counter threshold for periodic renegotiation. - * (Default: 2^64 - 256.) + * (Default: 2^48 - 1) * * Renegotiation is automatically triggered when a record * counter (outgoing or ingoing) crosses the defined @@ -2194,9 +2194,11 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ * Lower values can be used to enforce policies such as "keys * must be refreshed every N packets with cipher X". * + * \note When the transport is set to MBEDTLS_SSL_TRANSPORT_DATAGRAM, + * the maximum renegotiation period is 2^48 - 1. + * * \param conf SSL configuration * \param period The threshold value: a big-endian 64-bit number. - * Set to 2^64 - 1 to disable periodic renegotiation */ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, const unsigned char period[8] ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 121c13526..abad0b385 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6482,6 +6482,10 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) */ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) { + size_t ep_len = ssl_ep_len( ssl ); + int in_ctr_cmp; + int out_ctr_cmp; + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) @@ -6489,8 +6493,12 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) return( 0 ); } - if( memcmp( ssl->in_ctr, ssl->conf->renego_period, 8 ) <= 0 && - memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 ) + in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len ); + out_ctr_cmp = memcmp( ssl->out_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len ); + + if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) { return( 0 ); } @@ -7231,8 +7239,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_RENEGOTIATION) conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; - memset( conf->renego_period, 0xFF, 7 ); - conf->renego_period[7] = 0x00; + memset( conf->renego_period, 0x00, 2 ); + memset( conf->renego_period + 2, 0xFF, 6 ); #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) From 13fb6e72712060270f1162790c1c169b6328e150 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 19 Jan 2017 16:30:57 +0000 Subject: [PATCH 36/46] Add DTLS test to check 6 byte record ctr is cmp Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in the TLS case. Because currently there are no testing facilities to check that renegotiation routines are triggered after X number of input/output messages, the test consists on setting a renegotiation period that cannot be represented in 6 bytes, but whose least-significant byte is 2. If the library behaves correctly, the renegotiation routines will be executed after two exchanged. --- programs/ssl/ssl_server2.c | 27 +++++++++++++++++++++------ tests/ssl-opt.sh | 13 +++++++++++++ 2 files changed, 34 insertions(+), 6 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 18bda599f..d98b669b5 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -63,6 +63,8 @@ int main( void ) #include #include #include +#include +#include #if !defined(_WIN32) #include @@ -113,7 +115,7 @@ int main( void ) #define DFL_ALLOW_LEGACY -2 #define DFL_RENEGOTIATE 0 #define DFL_RENEGO_DELAY -2 -#define DFL_RENEGO_PERIOD -1 +#define DFL_RENEGO_PERIOD ( (uint64_t)-1 ) #define DFL_EXCHANGES 1 #define DFL_MIN_VERSION -1 #define DFL_MAX_VERSION -1 @@ -292,7 +294,7 @@ int main( void ) " renegotiation=%%d default: 0 (disabled)\n" \ " renegotiate=%%d default: 0 (disabled)\n" \ " renego_delay=%%d default: -2 (library default)\n" \ - " renego_period=%%d default: (library default)\n" + " renego_period=%%d default: (2^64 - 1 for TLS, 2^48 - 1 for DTLS)\n" #else #define USAGE_RENEGO "" #endif @@ -351,6 +353,19 @@ int main( void ) " force_ciphersuite= default: all enabled\n" \ " acceptable ciphersuite names:\n" + +#define PUT_UINT64_BE(out_be,in_le,i) \ +{ \ + (out_be)[(i) + 0] = (unsigned char)( ( (in_le) >> 56 ) & 0xFF ); \ + (out_be)[(i) + 1] = (unsigned char)( ( (in_le) >> 48 ) & 0xFF ); \ + (out_be)[(i) + 2] = (unsigned char)( ( (in_le) >> 40 ) & 0xFF ); \ + (out_be)[(i) + 3] = (unsigned char)( ( (in_le) >> 32 ) & 0xFF ); \ + (out_be)[(i) + 4] = (unsigned char)( ( (in_le) >> 24 ) & 0xFF ); \ + (out_be)[(i) + 5] = (unsigned char)( ( (in_le) >> 16 ) & 0xFF ); \ + (out_be)[(i) + 6] = (unsigned char)( ( (in_le) >> 8 ) & 0xFF ); \ + (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \ +} + /* * global options */ @@ -377,7 +392,7 @@ struct options int allow_legacy; /* allow legacy renegotiation */ int renegotiate; /* attempt renegotiation? */ int renego_delay; /* delay before enforcing renegotiation */ - int renego_period; /* period for automatic renegotiation */ + uint64_t renego_period; /* period for automatic renegotiation */ int exchanges; /* number of data exchanges */ int min_version; /* minimum protocol version accepted */ int max_version; /* maximum protocol version accepted */ @@ -1041,8 +1056,8 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "renego_period" ) == 0 ) { - opt.renego_period = atoi( q ); - if( opt.renego_period < 2 || opt.renego_period > 255 ) + if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 || + opt.renego_period < 2 ) goto usage; } else if( strcmp( p, "exchanges" ) == 0 ) @@ -1757,7 +1772,7 @@ int main( int argc, char *argv[] ) if( opt.renego_period != DFL_RENEGO_PERIOD ) { - renego_period[7] = opt.renego_period; + PUT_UINT64_BE( renego_period, opt.renego_period, 0 ); mbedtls_ssl_conf_renegotiation_period( &conf, renego_period ); } #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 57155b89d..41fbc3d29 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1601,6 +1601,19 @@ run_test "Renegotiation: DTLS, server-initiated" \ -s "=> renegotiate" \ -s "write hello request" +run_test "Renegotiation: DTLS, renego_period overflow" \ + "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ + "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ + 0 \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -s "record counter limit reached: renegotiate" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -s "write hello request" \ + requires_gnutls run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ "$G_SRV -u --mtu 4096" \ From d57c8f0048a913c7059e571dd6d526f9ebe24e5e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 13:08:37 +0000 Subject: [PATCH 37/46] Clarify fix for #673 in Changelog Clarified fix, and added credit. --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9fcebc7d3..23b759938 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx Bugfix - * Fix redefinition of macro ssl_set_bio to undefined symbol - mbedtls_ssl_set_bio_timeout in compat-1.3.h. #673 + * Fix the redefinition of macro ssl_set_bio to an undefined symbol + mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. + Found by omlib-lin. #673 * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define MBEDTLS_PEM_PARSE_C. #562 From a333b3c194a338462bcfde896d3311421e2fadca Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 16:17:37 +0000 Subject: [PATCH 38/46] Add credit to Changelog for #562 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 23b759938..b604ed4f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,7 +8,7 @@ Bugfix Found by omlib-lin. #673 * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and x509_csr.c that are reported when building mbed TLS with a config.h that - does not define MBEDTLS_PEM_PARSE_C. #562 + does not define MBEDTLS_PEM_PARSE_C. Found by omnium21. #562 * Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that would compare 64 bits of the record counter instead of 48 bits as indicated in RFC 6347 Section 4.3.1. This could cause the execution of the From 2537f37faf0a3c2a0bda15ae1d9f78b2f3f6a43d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 3 Feb 2017 00:21:28 +0000 Subject: [PATCH 39/46] Add clarification to the TLS renegotiation period Expanded details on use of mbedtls_ssl_conf_renegotiation_period() --- include/mbedtls/ssl.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8042693d0..42c9779c6 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2194,8 +2194,14 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ * Lower values can be used to enforce policies such as "keys * must be refreshed every N packets with cipher X". * - * \note When the transport is set to MBEDTLS_SSL_TRANSPORT_DATAGRAM, - * the maximum renegotiation period is 2^48 - 1. + * The renegotiation period can be disabled by setting + * conf->disable_renegotiation to + * MBEDTLS_SSL_RENEGOTIATION_DISABLED. + * + * \note When the configured transport is + * MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation + * period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM, + * the maximum renegotiation period is 2^64 - 1. * * \param conf SSL configuration * \param period The threshold value: a big-endian 64-bit number. From 0eced5aae5b0e6af98135c2b315a7bee776c757c Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 2 Feb 2017 17:01:10 +0000 Subject: [PATCH 40/46] Fix examples that failed to compile without PEM --- programs/ssl/dtls_client.c | 2 +- programs/ssl/ssl_mail_client.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 442a3fb7c..e18ee42a1 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -37,7 +37,7 @@ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_CERTS_C) + !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) int main( void ) { mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 4a22771d7..b49ffb478 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -494,13 +494,13 @@ int main( int argc, char *argv[] ) ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ); else #endif -#if defined(MBEDTLS_CERTS_C) +#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C) ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem, mbedtls_test_cas_pem_len ); #else { ret = 1; - mbedtls_printf("MBEDTLS_CERTS_C not defined."); + mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined."); } #endif if( ret < 0 ) From 182013faf46b8a33e884da9712355c11b9831c8d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 25 Oct 2016 10:50:22 +0100 Subject: [PATCH 41/46] Prevent SLOTH attacks --- ChangeLog | 4 ++++ library/ssl_tls.c | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b604ed4f6..f24186b36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx +Security + * Removed MD5 from the allowed hash algorithms for CertificateRequest and + CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. + Bugfix * Fix the redefinition of macro ssl_set_bio to an undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index abad0b385..d9ab83291 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7653,8 +7653,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: - ssl->handshake->calc_verify = ssl_calc_verify_tls; - break; + return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_SSL_HASH_SHA1: From 49d29337facd93e5d1039b7073ded21ec6dde54d Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 14:31:54 +0100 Subject: [PATCH 42/46] Add tests for overreads in pem_read_buffer() --- tests/suites/test_suite_pem.data | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 339b4d3f8..065e4a2b5 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -24,3 +24,4 @@ mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC, PEM read (unknown encryption algorithm) mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG + From 6a54336897e5150b95c64bf1eea122cdd9556a9c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Jan 2017 23:04:22 +0000 Subject: [PATCH 43/46] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- tests/suites/test_suite_ctr_drbg.function | 5 +++++ 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f24186b36..fc240c305 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,12 @@ Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/cipher.c b/library/cipher.c index a88343869..e9e0b223e 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -326,9 +326,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && - ilen + ctx->unprocessed_len <= block_size ) || + ilen <= block_size - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && - ilen + ctx->unprocessed_len < block_size ) ) + ilen < block_size - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 386f8adb0..55612c7fc 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -290,7 +290,8 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT || + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 897670131..95cbcce65 100644 --- a/library/md2.c +++ b/library/md2.c @@ -158,7 +158,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 3acfb8bae..883cfe08e 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -39,6 +39,11 @@ void ctr_drbg_special_behaviours( ) TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1 ) == MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + + mbedtls_ctr_drbg_set_entropy_len( &ctx, ~0 ); + TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional, + MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) == + MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); exit: mbedtls_ctr_drbg_free( &ctx ); } From 4623d83c6f5549031f72bc25b085af6eb79b28f4 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 44/46] Fix integer overflow mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 2 ++ library/base64.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index fc240c305..76cd298e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_md2_update() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/base64.c b/library/base64.c index 5cb12cba7..305afc57b 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,7 +192,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || dlen < n ) From a29c5e9e66c1ba2b7d6b292430898e9ae7598e68 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 45/46] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index 305afc57b..f06b57b31 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,6 +192,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From 0621b1fbb00210552a70e78697fcc511d192dd27 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 5 Feb 2017 16:48:47 +0000 Subject: [PATCH 46/46] Add detail to ChangeLog for SLOTH fix --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 76cd298e2..558cf9e22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Removed MD5 from the allowed hash algorithms for CertificateRequest and CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. + Introduced by interoperability fix for #513. Bugfix * Fix the redefinition of macro ssl_set_bio to an undefined symbol