Merge remote-tracking branch 'public/pr/1837' into mbedtls-2.1
diff --git a/ChangeLog b/ChangeLog
index 24d2050..f8a8f33 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,12 +3,22 @@
= mbed TLS x.x.x branch released xxxx-xx-xx
Bugfix
+ * Fix compilation error on C++, because of a variable named new.
+ Found and fixed by Hirotaka Niisato in #1783.
+ * Fix the inline assembly for the MPI multiply helper function for i386 and
+ i386 with SSE2. Found by László Langó. Fixes #1550
* Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
Philippe Antoine. Fixes #1623.
* Clarify documentation for mbedtls_ssl_write() to include 0 as a valid
return value. Found by @davidwu2000. #839
* Fix the key_app_writer example which was writing a leading zero byte which
was creating an invalid ASN.1 tag. Found by Aryeh R. Fixes #1257
+ * Remove unused headers included in x509.c. Found by Chris Hanson and fixed
+ by Brendan Shanks. Part of a fix for #992.
+ * Fix compilation error when MBEDTLS_ARC4_C is disabled and
+ MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719.
+ * Added length checks to some TLS parsing functions. Found and fixed by
+ Philippe Antoine from Catena cyber. #1663.
Changes
* Change the shebang line in Perl scripts to look up perl in the PATH.
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index 7f8eb1a..8d799ec 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -48,7 +48,14 @@
/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
#if defined(__GNUC__) && \
( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
-#if defined(__i386__)
+
+/*
+ * Disable use of the i386 assembly code below if option -O0, to disable all
+ * compiler optimisations, is passed, detected with __OPTIMIZE__
+ * This is done as the number of registers used in the assembly code doesn't
+ * work with the -O0 option.
+ */
+#if defined(__i386__) && !defined(__OPTIMIZE__)
#define MULADDC_INIT \
asm( \
@@ -141,7 +148,7 @@
"movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
- : "eax", "ecx", "edx", "esi", "edi" \
+ : "eax", "ebx", "ecx", "edx", "esi", "edi" \
);
#else
@@ -153,7 +160,7 @@
"movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
- : "eax", "ecx", "edx", "esi", "edi" \
+ : "eax", "ebx", "ecx", "edx", "esi", "edi" \
);
#endif /* SSE2 */
#endif /* i386 */
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 464c4ad..e4ed36a 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -42,7 +42,7 @@
#define MBEDTLS_CIPHER_MODE_WITH_PADDING
#endif
-#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
#define MBEDTLS_CIPHER_MODE_STREAM
#endif
diff --git a/library/cipher.c b/library/cipher.c
index cf82a82..fe34929 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -45,10 +45,6 @@
#include "mbedtls/ccm.h"
#endif
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index d3a8ecf..344f248 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1141,12 +1141,12 @@
size_t list_size;
const unsigned char *p;
- list_size = buf[0];
- if( list_size + 1 != len )
+ if( len == 0 || (size_t)( buf[0] + 1 ) != len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
+ list_size = buf[0];
p = buf + 1;
while( list_size > 0 )
@@ -2494,7 +2494,7 @@
* therefore the buffer length at this point must be greater than that
* regardless of the actual code path.
*/
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 3ebf9d9..c04bb53 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -97,6 +97,13 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
+ if( len < 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( servername_list_size + 2 != len )
{
@@ -105,7 +112,7 @@
}
p = buf + 2;
- while( servername_list_size > 0 )
+ while( servername_list_size > 2 )
{
hostname_len = ( ( p[1] << 8 ) | p[2] );
if( hostname_len + 3 > servername_list_size )
@@ -211,6 +218,12 @@
mbedtls_md_type_t md_cur;
mbedtls_pk_type_t sig_cur;
+ if ( len < 2 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( sig_alg_list_size + 2 != len ||
sig_alg_list_size % 2 != 0 )
@@ -276,6 +289,12 @@
const unsigned char *p;
const mbedtls_ecp_curve_info *curve_info, **curves;
+ if ( len < 2 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( list_size + 2 != len ||
list_size % 2 != 0 )
@@ -327,12 +346,12 @@
size_t list_size;
const unsigned char *p;
- list_size = buf[0];
- if( list_size + 1 != len )
+ if( len == 0 || (size_t)( buf[0] + 1 ) != len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+ list_size = buf[0];
p = buf + 1;
while( list_size > 0 )
@@ -1573,10 +1592,16 @@
while( ext_len != 0 )
{
- unsigned int ext_id = ( ( ext[0] << 8 )
- | ( ext[1] ) );
- unsigned int ext_size = ( ( ext[2] << 8 )
- | ( ext[3] ) );
+ unsigned int ext_id;
+ unsigned int ext_size;
+ if ( ext_len < 4 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) );
+ ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) );
if( ext_size + 4 > ext_len )
{
@@ -3166,6 +3191,10 @@
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
{
+ if ( p + 2 > end ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
if( *p++ != ( ( len >> 8 ) & 0xFF ) ||
*p++ != ( ( len ) & 0xFF ) )
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e3c851e..cd8e4c9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1132,6 +1132,9 @@
* other_secret already set by the ClientKeyExchange message,
* and is 48 bytes long
*/
+ if( end - p < 2 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
*p++ = 0;
*p++ = 48;
p += 48;
@@ -4461,6 +4464,12 @@
while( i < ssl->in_hslen )
{
+ if ( i + 3 > ssl->in_hslen ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ }
if( ssl->in_msg[i] != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
@@ -5843,27 +5852,27 @@
mbedtls_x509_crt *cert,
mbedtls_pk_context *key )
{
- mbedtls_ssl_key_cert *new;
+ mbedtls_ssl_key_cert *new_cert;
- new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
- if( new == NULL )
+ new_cert = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
+ if( new_cert == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- new->cert = cert;
- new->key = key;
- new->next = NULL;
+ new_cert->cert = cert;
+ new_cert->key = key;
+ new_cert->next = NULL;
/* Update head is the list was null, else add to the end */
if( *head == NULL )
{
- *head = new;
+ *head = new_cert;
}
else
{
mbedtls_ssl_key_cert *cur = *head;
while( cur->next != NULL )
cur = cur->next;
- cur->next = new;
+ cur->next = new_cert;
}
return( 0 );
diff --git a/library/x509.c b/library/x509.c
index 3cfa1d1..aaf7f7e 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -65,15 +65,6 @@
#include <time.h>
#endif
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#if !defined(_WIN32)
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <dirent.h>
-#endif
-#endif
-
#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
#define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); }
diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
index 17824c7..548c68c 100755
--- a/tests/scripts/generate_code.pl
+++ b/tests/scripts/generate_code.pl
@@ -87,11 +87,37 @@
close(TEST_HELPERS);
open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!";
-my $test_main = <TEST_MAIN>;
+my @test_main_lines = split/^/, <TEST_MAIN>;
+my $test_main;
+my $index = 2;
+for my $line (@test_main_lines) {
+ $line =~ s/!LINE_NO!/$index/;
+ $test_main = $test_main.$line;
+ $index++;
+}
close(TEST_MAIN);
open(TEST_CASES, "$test_case_file") or die "Opening test cases '$test_case_file': $!";
-my $test_cases = <TEST_CASES>;
+my @test_cases_lines = split/^/, <TEST_CASES>;
+my $test_cases;
+my $index = 2;
+for my $line (@test_cases_lines) {
+ if ($line =~ /^\/\* BEGIN_SUITE_HELPERS .*\*\//)
+ {
+ $line = $line."#line $index \"$test_case_file\"\n";
+ }
+
+ if ($line =~ /^\/\* BEGIN_CASE .*\*\//)
+ {
+ $line = $line."#line $index \"$test_case_file\"\n";
+ }
+
+ $line =~ s/!LINE_NO!/$index/;
+
+ $test_cases = $test_cases.$line;
+ $index++;
+}
+
close(TEST_CASES);
open(TEST_DATA, "$test_case_data") or die "Opening test data '$test_case_data': $!";
@@ -178,16 +204,19 @@
my $function_decl = $2;
# Sanity checks of function
- if ($function_decl !~ /^void /)
+ if ($function_decl !~ /^#line\s*.*\nvoid /)
{
die "Test function does not have 'void' as return type\n";
+ "Function declaration:\n" .
+ $function_decl;
}
- if ($function_decl !~ /^void (\w+)\(\s*(.*?)\s*\)\s*{(.*)}/ms)
+ if ($function_decl !~ /^(#line\s*.*)\nvoid (\w+)\(\s*(.*?)\s*\)\s*{(.*)}/ms)
{
die "Function declaration not in expected format\n";
}
- my $function_name = $1;
- my $function_params = $2;
+ my $line_directive = $1;
+ my $function_name = $2;
+ my $function_params = $3;
my $function_pre_code;
my $function_post_code;
my $param_defs;
@@ -198,7 +227,7 @@
my $mapping_regex = "".$function_name;
my $mapping_count = 0;
- $function_decl =~ s/^void /void test_suite_/;
+ $function_decl =~ s/(^#line\s*.*)\nvoid /$1\nvoid test_suite_/;
# Add exit label if not present
if ($function_decl !~ /^exit:$/m)
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a8adf9b..6420e23 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -254,7 +254,7 @@
done
}
else
- echo "Warning: lsof not available, wait_server_start = sleep $START_DELAY"
+ echo "Warning: lsof not available, wait_server_start = sleep"
wait_server_start() {
sleep "$START_DELAY"
}
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index cad7072..4c3a235 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -1,3 +1,4 @@
+#line 1 "helpers.function"
/*----------------------------------------------------------------------------*/
/* Headers */
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 7fee3d8..948f72e 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -1,4 +1,5 @@
SUITE_PRE_DEP
+#line !LINE_NO! "main_test.function"
#define TEST_SUITE_ACTIVE
int verify_string( char **str )
@@ -69,6 +70,7 @@
FUNCTION_CODE
SUITE_POST_DEP
+#line !LINE_NO! "main_test.function"
/*----------------------------------------------------------------------------*/
@@ -80,6 +82,7 @@
return( 1 );
DEP_CHECK_CODE
+#line !LINE_NO! "main_test.function"
return( 1 );
}
@@ -93,6 +96,7 @@
#if defined(TEST_SUITE_ACTIVE)
DISPATCH_FUNCTION
{
+#line !LINE_NO! "main_test.function"
mbedtls_fprintf( stdout, "FAILED\nSkipping unknown test function '%s'\n", params[0] );
fflush( stdout );
return( 1 );