Import mbedtls-2.16.0
Imports mbedTLS 2.16.0 from https://github.com/ARMmbed/mbedtls.git
commit fb1972db23da ("Merge pull request #544 from ARMmbed/version-2.16")
(tag mbedtls-2.16.0).
Certain files will never be needed and are thus removed (reducing number
of lines to almost 50%):
rm -f circle.yml CMakeLists.txt DartConfiguration.tcl Makefile
rm -f .gitignore .travis.yml .pylint
rm -f include/.gitignore include/CMakeLists.txt library/.gitignore
rm -f library/CMakeLists.txt library/Makefile
rm -rf .git .github doxygen configs programs scripts tests visualc yotta
This is a complete overwrite of previous code so earlier changes in the
branch import/mbedtls-2.6.1 will be added on top of this commit to bring
the changes forward.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
diff --git a/lib/libmbedtls/mbedtls/library/dhm.c b/lib/libmbedtls/mbedtls/library/dhm.c
index 397e1ad..fb6937e 100644
--- a/lib/libmbedtls/mbedtls/library/dhm.c
+++ b/lib/libmbedtls/mbedtls/library/dhm.c
@@ -1,8 +1,8 @@
-// SPDX-License-Identifier: Apache-2.0
/*
* Diffie-Hellman-Merkle key exchange
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -36,6 +36,7 @@
#if defined(MBEDTLS_DHM_C)
#include "mbedtls/dhm.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -57,10 +58,12 @@
#define mbedtls_free free
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
+#if !defined(MBEDTLS_DHM_ALT)
+
+#define DHM_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA )
+#define DHM_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
/*
* helper to validate the mbedtls_mpi size and import it
@@ -93,6 +96,9 @@
*
* Parameter should be: 2 <= public_param <= P - 2
*
+ * This means that we need to return an error if
+ * public_param < 2 or public_param > P-2
+ *
* For more information on the attack, see:
* http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
@@ -100,17 +106,17 @@
static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
{
mbedtls_mpi L, U;
- int ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+ int ret = 0;
mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
- if( mbedtls_mpi_cmp_mpi( param, &L ) >= 0 &&
- mbedtls_mpi_cmp_mpi( param, &U ) <= 0 )
+ if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 ||
+ mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
{
- ret = 0;
+ ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
cleanup:
@@ -120,6 +126,7 @@
void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
{
+ DHM_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
}
@@ -131,6 +138,9 @@
const unsigned char *end )
{
int ret;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( p != NULL && *p != NULL );
+ DHM_VALIDATE_RET( end != NULL );
if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 ||
( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 ||
@@ -156,6 +166,10 @@
int ret, count = 0;
size_t n1, n2, n3;
unsigned char *p;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( output != NULL );
+ DHM_VALIDATE_RET( olen != NULL );
+ DHM_VALIDATE_RET( f_rng != NULL );
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
@@ -187,10 +201,15 @@
/*
* export P, G, GX
*/
-#define DHM_MPI_EXPORT(X,n) \
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, p + 2, n ) ); \
- *p++ = (unsigned char)( n >> 8 ); \
- *p++ = (unsigned char)( n ); p += n;
+#define DHM_MPI_EXPORT( X, n ) \
+ do { \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \
+ p + 2, \
+ ( n ) ) ); \
+ *p++ = (unsigned char)( ( n ) >> 8 ); \
+ *p++ = (unsigned char)( ( n ) ); \
+ p += ( n ); \
+ } while( 0 )
n1 = mbedtls_mpi_size( &ctx->P );
n2 = mbedtls_mpi_size( &ctx->G );
@@ -201,7 +220,7 @@
DHM_MPI_EXPORT( &ctx->G , n2 );
DHM_MPI_EXPORT( &ctx->GX, n3 );
- *olen = p - output;
+ *olen = p - output;
ctx->len = n1;
@@ -214,14 +233,38 @@
}
/*
+ * Set prime modulus and generator
+ */
+int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
+ const mbedtls_mpi *P,
+ const mbedtls_mpi *G )
+{
+ int ret;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( P != NULL );
+ DHM_VALIDATE_RET( G != NULL );
+
+ if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
+ ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
+ {
+ return( MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret );
+ }
+
+ ctx->len = mbedtls_mpi_size( &ctx->P );
+ return( 0 );
+}
+
+/*
* Import the peer's public value G^Y
*/
int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
const unsigned char *input, size_t ilen )
{
int ret;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( input != NULL );
- if( ctx == NULL || ilen < 1 || ilen > ctx->len )
+ if( ilen < 1 || ilen > ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
@@ -239,8 +282,11 @@
void *p_rng )
{
int ret, count = 0;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( output != NULL );
+ DHM_VALIDATE_RET( f_rng != NULL );
- if( ctx == NULL || olen < 1 || olen > ctx->len )
+ if( olen < 1 || olen > ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
@@ -352,8 +398,11 @@
{
int ret;
mbedtls_mpi GYb;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( output != NULL );
+ DHM_VALIDATE_RET( olen != NULL );
- if( ctx == NULL || output_size < ctx->len )
+ if( output_size < ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
@@ -400,12 +449,21 @@
*/
void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
{
- mbedtls_mpi_free( &ctx->pX); mbedtls_mpi_free( &ctx->Vf ); mbedtls_mpi_free( &ctx->Vi );
- mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY );
- mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->G );
- mbedtls_mpi_free( &ctx->P );
+ if( ctx == NULL )
+ return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
+ mbedtls_mpi_free( &ctx->pX );
+ mbedtls_mpi_free( &ctx->Vf );
+ mbedtls_mpi_free( &ctx->Vi );
+ mbedtls_mpi_free( &ctx->RP );
+ mbedtls_mpi_free( &ctx->K );
+ mbedtls_mpi_free( &ctx->GY );
+ mbedtls_mpi_free( &ctx->GX );
+ mbedtls_mpi_free( &ctx->X );
+ mbedtls_mpi_free( &ctx->G );
+ mbedtls_mpi_free( &ctx->P );
+
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
}
#if defined(MBEDTLS_ASN1_PARSE_C)
@@ -420,7 +478,12 @@
unsigned char *p, *end;
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_context pem;
+#endif /* MBEDTLS_PEM_PARSE_C */
+ DHM_VALIDATE_RET( dhm != NULL );
+ DHM_VALIDATE_RET( dhmin != NULL );
+
+#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem );
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
@@ -542,7 +605,10 @@
if( fread( *buf, 1, *n, f ) != *n )
{
fclose( f );
+
+ mbedtls_platform_zeroize( *buf, *n + 1 );
mbedtls_free( *buf );
+
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
}
@@ -564,19 +630,22 @@
int ret;
size_t n;
unsigned char *buf;
+ DHM_VALIDATE_RET( dhm != NULL );
+ DHM_VALIDATE_RET( path != NULL );
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
return( ret );
ret = mbedtls_dhm_parse_dhm( dhm, buf, n );
- mbedtls_zeroize( buf, n );
+ mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
}
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ASN1_PARSE_C */
+#endif /* MBEDTLS_DHM_ALT */
#if defined(MBEDTLS_SELF_TEST)