Merge remote-tracking branch 'upstream-public/pr/1815' into mbedtls-2.1
diff --git a/.travis.yml b/.travis.yml
index f30a4e3..91a36c9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,6 +9,7 @@
- tests/scripts/check-generated-files.sh
- tests/scripts/check-doxy-blocks.pl
- tests/scripts/check-names.sh
+- tests/scripts/check-files.py
- cmake -D CMAKE_BUILD_TYPE:String="Check" .
- make
- make test
diff --git a/ChangeLog b/ChangeLog
index 34f08a8..3e144a7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,15 +3,83 @@
= mbed TLS x.x.x branch released xxxx-xx-xx
Bugfix
- * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
- Philippe Antoine.
- * Clarify documentation for mbedtls_ssl_write() to include 0 as a valid
- return value. Found by @davidwu2000. #839
+ * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
+ MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
+ * Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails.
+ Fix contributed by Espressif Systems.
* Add ecc extensions only if an ecc based ciphersuite is used.
This improves compliance to RFC 4492, and as a result, solves
interoperability issues with BouncyCastle. Raised by milenamil in #1157.
+= mbed TLS 2.1.14 branch released 2018-07-25
+
+Security
+ * Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
+ in (D)TLS 1.0 to 1.2, that allowed an active network attacker to
+ partially recover the plaintext of messages under some conditions by
+ exploiting timing measurements. With DTLS, the attacker could perform
+ this recovery by sending many messages in the same connection. With TLS
+ or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only
+ worked if the same secret (for example a HTTP Cookie) has been repeatedly
+ sent over connections manipulated by the attacker. Connections using GCM
+ or CCM instead of CBC, using hash sizes other than SHA-384, or using
+ Encrypt-then-Mac (RFC 7366) were not affected. The vulnerability was
+ caused by a miscalculation (for SHA-384) in a countermeasure to the
+ original Lucky 13 attack. Found by Kenny Paterson, Eyal Ronen and Adi
+ Shamir.
+ * Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to
+ 1.2, that allowed a local attacker, able to execute code on the local
+ machine as well as manipulate network packets, to partially recover the
+ plaintext of messages under some conditions by using a cache attack
+ targetting an internal MD/SHA buffer. With TLS or if
+ mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only worked if
+ the same secret (for example a HTTP Cookie) has been repeatedly sent over
+ connections manipulated by the attacker. Connections using GCM or CCM
+ instead of CBC or using Encrypt-then-Mac (RFC 7366) were not affected.
+ Found by Kenny Paterson, Eyal Ronen and Adi Shamir.
+ * Add a counter-measure against a vulnerability in TLS ciphersuites based
+ on CBC, in (D)TLS 1.0 to 1.2, that allowed a local attacker, able to
+ execute code on the local machine as well as manipulate network packets,
+ to partially recover the plaintext of messages under some conditions (see
+ previous entry) by using a cache attack targeting the SSL input record
+ buffer. Connections using GCM or CCM instead of CBC or using
+ Encrypt-then-Mac (RFC 7366) were not affected. Found by Kenny Paterson,
+ Eyal Ronen and Adi Shamir.
+
+Bugfix
+ * Fix compilation error on C++, because of a variable named new.
+ Found and fixed by Hirotaka Niisato in #1783.
+ * Fix the inline assembly for the MPI multiply helper function for i386 and
+ i386 with SSE2. Found by László Langó. Fixes #1550
+ * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
+ Philippe Antoine. Fixes #1623.
+ * Clarify documentation for mbedtls_ssl_write() to include 0 as a valid
+ return value. Found by @davidwu2000. #839
+ * Fix the key_app_writer example which was writing a leading zero byte which
+ was creating an invalid ASN.1 tag. Found by Aryeh R. Fixes #1257
+ * Remove unused headers included in x509.c. Found by Chris Hanson and fixed
+ by Brendan Shanks. Part of a fix for #992.
+ * Fix compilation error when MBEDTLS_ARC4_C is disabled and
+ MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719.
+ * Added length checks to some TLS parsing functions. Found and fixed by
+ Philippe Antoine from Catena cyber. #1663.
+ * Fix namespacing in header files. Remove the `mbedtls` namespacing in
+ the `#include` in the header files. Resolves #857
+ * Fix decryption for zero length messages (which contain all padding) when a
+ CBC based ciphersuite is used together with Encrypt-then-MAC. Previously,
+ such a message was wrongly reported as an invalid record and therefore lead
+ to the connection being terminated. Seen most often with OpenSSL using
+ TLS 1.0. Reported by @kFYatek and by Conor Murphy on the forum. Fix
+ contributed by Espressif Systems. Fixes #1632
+ * Fix ssl_client2 example to send application data with 0-length content
+ when the request_size argument is set to 0 as stated in the documentation.
+ Fixes #1833.
+ * Correct the documentation for `mbedtls_ssl_get_session()`. This API has
+ deep copy of the session, and the peer certificate is not lost. Fixes #926.
+
Changes
+ * Fail when receiving a TLS alert message with an invalid length, or invalid
+ zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
* Change the shebang line in Perl scripts to look up perl in the PATH.
Contributed by fbrosson in #1533.
@@ -1464,7 +1532,7 @@
issuer_key_identifier, etc)
* Optional blinding for RSA, DHM and EC
* Support for multiple active certificate / key pairs in SSL servers for
- the same host (Not to be confused with SNI!)
+ the same host (Not to be confused with SNI!)
Changes
* Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2
@@ -1695,7 +1763,7 @@
PKCS#8 private key formats
* Added mechanism to provide alternative implementations for all
symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in
- config.h)
+ config.h)
* PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
old PBKDF2 module
@@ -1707,7 +1775,7 @@
* x509parse_crt() now better handles PEM error situations
* ssl_parse_certificate() now calls x509parse_crt_der() directly
instead of the x509parse_crt() wrapper that can also parse PEM
- certificates
+ certificates
* x509parse_crtpath() is now reentrant and uses more portable stat()
* Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
* Fixed values for 2-key Triple DES in cipher layer
@@ -1865,7 +1933,7 @@
* mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
#52)
* Handle encryption with private key and decryption with public key as per
- RFC 2313
+ RFC 2313
* Handle empty certificate subject names
* Prevent reading over buffer boundaries on X509 certificate parsing
* mpi_add_abs() now correctly handles adding short numbers to long numbers
@@ -1896,7 +1964,7 @@
* x509parse_crt() now better handles PEM error situations
* ssl_parse_certificate() now calls x509parse_crt_der() directly
instead of the x509parse_crt() wrapper that can also parse PEM
- certificates
+ certificates
* Fixed values for 2-key Triple DES in cipher layer
* ssl_write_certificate_request() can handle empty ca_chain
@@ -1977,16 +2045,16 @@
Features
* Added ssl_session_reset() to allow better multi-connection pools of
SSL contexts without needing to set all non-connection-specific
- data and pointers again. Adapted ssl_server to use this functionality.
+ data and pointers again. Adapted ssl_server to use this functionality.
* Added ssl_set_max_version() to allow clients to offer a lower maximum
supported version to a server to help buggy server implementations.
- (Closes ticket #36)
+ (Closes ticket #36)
* Added cipher_get_cipher_mode() and cipher_get_cipher_operation()
introspection functions (Closes ticket #40)
* Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
* Added a generic entropy accumulator that provides support for adding
custom entropy sources and added some generic and platform dependent
- entropy sources
+ entropy sources
Changes
* Documentation for AES and Camellia in modes CTR and CFB128 clarified.
@@ -2119,7 +2187,7 @@
* Corrected parsing of UTCTime dates before 1990 and
after 1950
* Support more exotic OID's when parsing certificates
- (found by Mads Kiilerich)
+ (found by Mads Kiilerich)
* Support more exotic name representations when parsing
certificates (found by Mads Kiilerich)
* Replaced the expired test certificates
@@ -2149,7 +2217,7 @@
status, objects and configuration
+ Added verification callback on certificate chain
verification to allow external blacklisting
- + Additional example programs to show usage
+ + Additional example programs to show usage
* Added support for PKCS#11 through the use of the
libpkcs11-helper library
diff --git a/Makefile b/Makefile
index 0950e6b..0eece74 100644
--- a/Makefile
+++ b/Makefile
@@ -23,12 +23,12 @@
install: no_test
mkdir -p $(DESTDIR)/include/mbedtls
cp -r include/mbedtls $(DESTDIR)/include
-
+
mkdir -p $(DESTDIR)/lib
cp -RP library/libmbedtls.* $(DESTDIR)/lib
cp -RP library/libmbedx509.* $(DESTDIR)/lib
cp -RP library/libmbedcrypto.* $(DESTDIR)/lib
-
+
mkdir -p $(DESTDIR)/bin
for p in programs/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
@@ -43,7 +43,7 @@
rm -f $(DESTDIR)/lib/libmbedtls.*
rm -f $(DESTDIR)/lib/libmbedx509.*
rm -f $(DESTDIR)/lib/libmbedcrypto.*
-
+
for p in programs/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
then \
diff --git a/README.md b/README.md
index 38a7d9b..657220a 100644
--- a/README.md
+++ b/README.md
@@ -197,8 +197,8 @@
### Process
-1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
-2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
+1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://forums.mbed.com/c/mbed-tls) around a feature idea or a bug.
+2. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
3. Write a test which shows that the bug was fixed or that the feature works as expected.
4. Send a pull request and bug us until it gets merged and published. We will include your name in the ChangeLog :)
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 46abad7..4e5c754 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -21,7 +21,7 @@
*/
/**
- * @mainpage mbed TLS v2.1.13 source code documentation
+ * @mainpage mbed TLS v2.1.14 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index feffff3..57bc518 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.1.13"
+PROJECT_NAME = "mbed TLS v2.1.14"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index 7f8eb1a..bdd7acb 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -48,7 +48,14 @@
/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
#if defined(__GNUC__) && \
( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
-#if defined(__i386__)
+
+/*
+ * Disable use of the i386 assembly code below if option -O0, to disable all
+ * compiler optimisations, is passed, detected with __OPTIMIZE__
+ * This is done as the number of registers used in the assembly code doesn't
+ * work with the -O0 option.
+ */
+#if defined(__i386__) && defined(__OPTIMIZE__)
#define MULADDC_INIT \
asm( \
@@ -141,7 +148,7 @@
"movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
- : "eax", "ecx", "edx", "esi", "edi" \
+ : "eax", "ebx", "ecx", "edx", "esi", "edi" \
);
#else
@@ -153,7 +160,7 @@
"movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
- : "eax", "ecx", "edx", "esi", "edi" \
+ : "eax", "ebx", "ecx", "edx", "esi", "edi" \
);
#endif /* SSE2 */
#endif /* i386 */
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 464c4ad..e4ed36a 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -42,7 +42,7 @@
#define MBEDTLS_CIPHER_MODE_WITH_PADDING
#endif
-#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
#define MBEDTLS_CIPHER_MODE_STREAM
#endif
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 9689643..f9ae71e 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2528,7 +2528,7 @@
/* \} name SECTION: Module configuration options */
#if defined(TARGET_LIKE_MBED)
-#include "mbedtls/target_config.h"
+#include "target_config.h"
#endif
/*
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 059d3c5..f3e9d09 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -26,7 +26,7 @@
#include "aes.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#include "threading.h"
#endif
#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index e010558..e3e1942 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -26,7 +26,7 @@
#include "md.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#include "threading.h"
#endif
/*
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 8e34e62..9dd4e67 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -345,7 +345,7 @@
* as large as the size ctx->len of ctx->N (eg. 128 bytes
* if RSA-1024 is used) to be able to hold an arbitrary
* decrypted message. If it is not large enough to hold
- * the decryption of the particular ciphertext provided,
+ * the decryption of the particular ciphertext provided,
* the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \note The input buffer must be as large as the size
@@ -377,7 +377,7 @@
* as large as the size ctx->len of ctx->N (eg. 128 bytes
* if RSA-1024 is used) to be able to hold an arbitrary
* decrypted message. If it is not large enough to hold
- * the decryption of the particular ciphertext provided,
+ * the decryption of the particular ciphertext provided,
* the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \note The input buffer must be as large as the size
@@ -411,10 +411,10 @@
* as large as the size ctx->len of ctx->N (eg. 128 bytes
* if RSA-1024 is used) to be able to hold an arbitrary
* decrypted message. If it is not large enough to hold
- * the decryption of the particular ciphertext provided,
+ * the decryption of the particular ciphertext provided,
* the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
- * \note The input buffer must be as large as the size
+ * \note The input buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
old mode 100755
new mode 100644
index ac82567..d98e5ed
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1580,22 +1580,22 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
- * \brief Set or reset the hostname to check against the received
- * server certificate. It sets the ServerName TLS extension,
+ * \brief Set or reset the hostname to check against the received
+ * server certificate. It sets the ServerName TLS extension,
* too, if that extension is enabled. (client-side only)
*
*
* \param ssl SSL context
* \param hostname the server hostname, may be NULL to clear hostname
-
+ *
* \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
*
- * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
- * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
+ * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
+ * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
* too long input hostname.
*
* Hostname set to the one provided on success (cleared
- * when NULL). On allocation failure hostname is cleared.
+ * when NULL). On allocation failure hostname is cleared.
* On too long input failure, old hostname is unchanged.
*/
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
@@ -2081,7 +2081,6 @@
* \brief Save session in order to resume it later (client-side only)
* Session data is copied to presented session structure.
*
- * \warning Currently, peer certificate is lost in the operation.
*
* \param ssl SSL context
* \param session session context
@@ -2089,7 +2088,18 @@
* \return 0 if successful,
* MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
- * arguments are otherwise invalid
+ * arguments are otherwise invalid.
+ *
+ * \note Only the server certificate is copied, and not the full chain,
+ * so you should not attempt to validate the certificate again
+ * by calling \c mbedtls_x509_crt_verify() on it.
+ * Instead, you should use the results from the verification
+ * in the original handshake by calling \c mbedtls_ssl_get_verify_result()
+ * after loading the session again into a new SSL context
+ * using \c mbedtls_ssl_set_session().
+ *
+ * \note Once the session object is not needed anymore, you should
+ * free it by calling \c mbedtls_ssl_session_free().
*
* \sa mbedtls_ssl_set_session()
*/
@@ -2330,6 +2340,9 @@
* \brief Free referenced items in an SSL session including the
* peer certificate and clear memory
*
+ * \note A session object can be freed even if the SSL context
+ * that was used to retrieve the session is still in use.
+ *
* \param session SSL session
*/
void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 7404a1a..9ba56bc 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -39,16 +39,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 1
-#define MBEDTLS_VERSION_PATCH 13
+#define MBEDTLS_VERSION_PATCH 14
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02010D00
-#define MBEDTLS_VERSION_STRING "2.1.13"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.1.13"
+#define MBEDTLS_VERSION_NUMBER 0x02010E00
+#define MBEDTLS_VERSION_STRING "2.1.14"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.1.14"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 3f1ca6e..994d4bc 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -138,15 +138,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.1.13 SOVERSION 0)
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.1.14 SOVERSION 0)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.1.13 SOVERSION 0)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.1.14 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.1.13 SOVERSION 10)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.1.14 SOVERSION 10)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/library/asn1write.c b/library/asn1write.c
index 00ed73c..12e88b8 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -205,7 +205,6 @@
int ret;
size_t len = 0;
- // TODO negative values and values larger than 128
// DER format assumes 2s complement for numbers, so the leftmost bit
// should be 0 for positive numbers and 1 for negative numbers.
//
diff --git a/library/cipher.c b/library/cipher.c
index cf82a82..fe34929 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -45,10 +45,6 @@
#include "mbedtls/ccm.h"
#endif
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
diff --git a/library/ecp.c b/library/ecp.c
index 5787b9b..16cc45e 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1390,7 +1390,12 @@
cleanup:
- if( T != NULL && ! p_eq_g )
+ /* There are two cases where T is not stored in grp:
+ * - P != G
+ * - An intermediate operation failed before setting grp->T
+ * In either case, T must be freed.
+ */
+ if( T != NULL && T != grp->T )
{
for( i = 0; i < pre_len; i++ )
mbedtls_ecp_point_free( &T[i] );
diff --git a/library/md5.c b/library/md5.c
index 5d972dc..a05e2f0 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -275,36 +275,51 @@
}
}
-static const unsigned char md5_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
/*
* MD5 final digest
*/
void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
{
- uint32_t last, padn;
+ uint32_t used;
uint32_t high, low;
- unsigned char msglen[8];
+ /*
+ * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
+ */
+ used = ctx->total[0] & 0x3F;
+
+ ctx->buffer[used++] = 0x80;
+
+ if( used <= 56 )
+ {
+ /* Enough room for padding + length in current block */
+ memset( ctx->buffer + used, 0, 56 - used );
+ }
+ else
+ {
+ /* We'll need an extra block */
+ memset( ctx->buffer + used, 0, 64 - used );
+
+ mbedtls_md5_process( ctx, ctx->buffer );
+
+ memset( ctx->buffer, 0, 56 );
+ }
+
+ /*
+ * Add message length
+ */
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
- PUT_UINT32_LE( low, msglen, 0 );
- PUT_UINT32_LE( high, msglen, 4 );
+ PUT_UINT32_LE( low, ctx->buffer, 56 );
+ PUT_UINT32_LE( high, ctx->buffer, 60 );
- last = ctx->total[0] & 0x3F;
- padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+ mbedtls_md5_process( ctx, ctx->buffer );
- mbedtls_md5_update( ctx, md5_padding, padn );
- mbedtls_md5_update( ctx, msglen, 8 );
-
+ /*
+ * Output final state
+ */
PUT_UINT32_LE( ctx->state[0], output, 0 );
PUT_UINT32_LE( ctx->state[1], output, 4 );
PUT_UINT32_LE( ctx->state[2], output, 8 );
diff --git a/library/net.c b/library/net.c
index e8123cc..2898128 100644
--- a/library/net.c
+++ b/library/net.c
@@ -261,7 +261,7 @@
static int net_would_block( const mbedtls_net_context *ctx )
{
int err = errno;
-
+
/*
* Never return 'WOULD BLOCK' on a non-blocking socket
*/
diff --git a/library/sha1.c b/library/sha1.c
index 8c77cba..8caed8c 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -307,36 +307,51 @@
memcpy( (void *) (ctx->buffer + left), input, ilen );
}
-static const unsigned char sha1_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
/*
* SHA-1 final digest
*/
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
{
- uint32_t last, padn;
+ uint32_t used;
uint32_t high, low;
- unsigned char msglen[8];
+ /*
+ * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
+ */
+ used = ctx->total[0] & 0x3F;
+
+ ctx->buffer[used++] = 0x80;
+
+ if( used <= 56 )
+ {
+ /* Enough room for padding + length in current block */
+ memset( ctx->buffer + used, 0, 56 - used );
+ }
+ else
+ {
+ /* We'll need an extra block */
+ memset( ctx->buffer + used, 0, 64 - used );
+
+ mbedtls_sha1_process( ctx, ctx->buffer );
+
+ memset( ctx->buffer, 0, 56 );
+ }
+
+ /*
+ * Add message length
+ */
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
- PUT_UINT32_BE( high, msglen, 0 );
- PUT_UINT32_BE( low, msglen, 4 );
+ PUT_UINT32_BE( high, ctx->buffer, 56 );
+ PUT_UINT32_BE( low, ctx->buffer, 60 );
- last = ctx->total[0] & 0x3F;
- padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+ mbedtls_sha1_process( ctx, ctx->buffer );
- mbedtls_sha1_update( ctx, sha1_padding, padn );
- mbedtls_sha1_update( ctx, msglen, 8 );
-
+ /*
+ * Output final state
+ */
PUT_UINT32_BE( ctx->state[0], output, 0 );
PUT_UINT32_BE( ctx->state[1], output, 4 );
PUT_UINT32_BE( ctx->state[2], output, 8 );
diff --git a/library/sha256.c b/library/sha256.c
index 4e82c0b..0038cad 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -273,36 +273,51 @@
memcpy( (void *) (ctx->buffer + left), input, ilen );
}
-static const unsigned char sha256_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
/*
* SHA-256 final digest
*/
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
{
- uint32_t last, padn;
+ uint32_t used;
uint32_t high, low;
- unsigned char msglen[8];
+ /*
+ * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
+ */
+ used = ctx->total[0] & 0x3F;
+
+ ctx->buffer[used++] = 0x80;
+
+ if( used <= 56 )
+ {
+ /* Enough room for padding + length in current block */
+ memset( ctx->buffer + used, 0, 56 - used );
+ }
+ else
+ {
+ /* We'll need an extra block */
+ memset( ctx->buffer + used, 0, 64 - used );
+
+ mbedtls_sha256_process( ctx, ctx->buffer );
+
+ memset( ctx->buffer, 0, 56 );
+ }
+
+ /*
+ * Add message length
+ */
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
- PUT_UINT32_BE( high, msglen, 0 );
- PUT_UINT32_BE( low, msglen, 4 );
+ PUT_UINT32_BE( high, ctx->buffer, 56 );
+ PUT_UINT32_BE( low, ctx->buffer, 60 );
- last = ctx->total[0] & 0x3F;
- padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+ mbedtls_sha256_process( ctx, ctx->buffer );
- mbedtls_sha256_update( ctx, sha256_padding, padn );
- mbedtls_sha256_update( ctx, msglen, 8 );
-
+ /*
+ * Output final state
+ */
PUT_UINT32_BE( ctx->state[0], output, 0 );
PUT_UINT32_BE( ctx->state[1], output, 4 );
PUT_UINT32_BE( ctx->state[2], output, 8 );
diff --git a/library/sha512.c b/library/sha512.c
index af610bb..f62a58d 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -302,40 +302,51 @@
memcpy( (void *) (ctx->buffer + left), input, ilen );
}
-static const unsigned char sha512_padding[128] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
/*
* SHA-512 final digest
*/
void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] )
{
- size_t last, padn;
+ unsigned used;
uint64_t high, low;
- unsigned char msglen[16];
+ /*
+ * Add padding: 0x80 then 0x00 until 16 bytes remain for the length
+ */
+ used = ctx->total[0] & 0x7F;
+
+ ctx->buffer[used++] = 0x80;
+
+ if( used <= 112 )
+ {
+ /* Enough room for padding + length in current block */
+ memset( ctx->buffer + used, 0, 112 - used );
+ }
+ else
+ {
+ /* We'll need an extra block */
+ memset( ctx->buffer + used, 0, 128 - used );
+
+ mbedtls_sha512_process( ctx, ctx->buffer );
+
+ memset( ctx->buffer, 0, 112 );
+ }
+
+ /*
+ * Add message length
+ */
high = ( ctx->total[0] >> 61 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
- PUT_UINT64_BE( high, msglen, 0 );
- PUT_UINT64_BE( low, msglen, 8 );
+ PUT_UINT64_BE( high, ctx->buffer, 112 );
+ PUT_UINT64_BE( low, ctx->buffer, 120 );
- last = (size_t)( ctx->total[0] & 0x7F );
- padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
+ mbedtls_sha512_process( ctx, ctx->buffer );
- mbedtls_sha512_update( ctx, sha512_padding, padn );
- mbedtls_sha512_update( ctx, msglen, 16 );
-
+ /*
+ * Output final state
+ */
PUT_UINT64_BE( ctx->state[0], output, 0 );
PUT_UINT64_BE( ctx->state[1], output, 8 );
PUT_UINT64_BE( ctx->state[2], output, 16 );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 14b7a48..916a29c 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1151,12 +1151,12 @@
size_t list_size;
const unsigned char *p;
- list_size = buf[0];
- if( list_size + 1 != len )
+ if( len == 0 || (size_t)( buf[0] + 1 ) != len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
+ list_size = buf[0];
p = buf + 1;
while( list_size > 0 )
@@ -1900,8 +1900,6 @@
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
- // TODO: Retrieve PSK identity hint and callback to app
- //
*p += len;
ret = 0;
@@ -2474,9 +2472,6 @@
goto exit;
}
- // TODO: handshake_failure alert for an anonymous server to request
- // client authentication
-
/*
* struct {
* ClientCertificateType certificate_types<1..2^8-1>;
@@ -2509,7 +2504,7 @@
* therefore the buffer length at this point must be greater than that
* regardless of the actual code path.
*/
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
@@ -2548,7 +2543,6 @@
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
/* Ignored, see comments about hash in write_certificate_verify */
- // TODO: should check the signature part against our pk_key though
size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
#if defined(MBEDTLS_DEBUG_C)
@@ -2590,7 +2584,6 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* Ignore certificate_authorities, we only have one cert anyway */
- // TODO: should not send cert if no CA matches
dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 984b205..aea2f3e 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -97,6 +97,13 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
+ if( len < 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( servername_list_size + 2 != len )
{
@@ -105,7 +112,7 @@
}
p = buf + 2;
- while( servername_list_size > 0 )
+ while( servername_list_size > 2 )
{
hostname_len = ( ( p[1] << 8 ) | p[2] );
if( hostname_len + 3 > servername_list_size )
@@ -211,6 +218,12 @@
mbedtls_md_type_t md_cur;
mbedtls_pk_type_t sig_cur;
+ if ( len < 2 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( sig_alg_list_size + 2 != len ||
sig_alg_list_size % 2 != 0 )
@@ -247,7 +260,7 @@
" unknown hash alg encoding %d", p[0] ) );
continue;
}
-
+
if( mbedtls_ssl_check_sig_hash( ssl, md_cur ) == 0 )
{
mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
@@ -276,6 +289,12 @@
const unsigned char *p;
const mbedtls_ecp_curve_info *curve_info, **curves;
+ if ( len < 2 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( list_size + 2 != len ||
list_size % 2 != 0 )
@@ -327,12 +346,12 @@
size_t list_size;
const unsigned char *p;
- list_size = buf[0];
- if( list_size + 1 != len )
+ if( len == 0 || (size_t)( buf[0] + 1 ) != len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+ list_size = buf[0];
p = buf + 1;
while( list_size > 0 )
@@ -721,7 +740,7 @@
const mbedtls_ssl_ciphersuite_t *suite_info;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
mbedtls_pk_type_t sig_type;
#endif
@@ -1573,10 +1592,16 @@
while( ext_len != 0 )
{
- unsigned int ext_id = ( ( ext[0] << 8 )
- | ( ext[1] ) );
- unsigned int ext_size = ( ( ext[2] << 8 )
- | ( ext[3] ) );
+ unsigned int ext_id;
+ unsigned int ext_size;
+ if ( ext_len < 4 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) );
+ ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) );
if( ext_size + 4 > ext_len )
{
@@ -1743,7 +1768,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-
+
/*
* Try to fall back to default hash SHA1 if the client
* hasn't provided any preferred signature-hash combinations.
@@ -1751,13 +1776,13 @@
if( sig_hash_alg_ext_present == 0 )
{
mbedtls_md_type_t md_default = MBEDTLS_MD_SHA1;
-
+
if( mbedtls_ssl_check_sig_hash( ssl, md_default ) != 0 )
md_default = MBEDTLS_MD_NONE;
mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default );
}
-
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
@@ -2780,7 +2805,7 @@
return( ret );
}
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
dig_signed = p;
dig_signed_len = len;
#endif
@@ -2841,7 +2866,7 @@
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
return( ret );
}
-
+
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
dig_signed = p;
dig_signed_len = len;
@@ -2869,7 +2894,7 @@
/*
* 3.1: Choose hash algorithm:
- * A: For TLS 1.2, obey signature-hash-algorithm extension
+ * A: For TLS 1.2, obey signature-hash-algorithm extension
* to choose appropriate hash.
* B: For SSL3, TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1
* (RFC 4492, Sec. 5.4)
@@ -2877,7 +2902,7 @@
*/
mbedtls_md_type_t md_alg;
-
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_pk_type_t sig_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
@@ -2890,7 +2915,7 @@
sig_alg ) ) == MBEDTLS_MD_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- /* (... because we choose a cipher suite
+ /* (... because we choose a cipher suite
* only if there is a matching hash.) */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
@@ -2912,8 +2937,8 @@
md_alg = MBEDTLS_MD_NONE;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) );
-
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) );
+
/*
* 3.2: Compute the hash to be signed
*/
@@ -2940,7 +2965,7 @@
* SHA(ClientHello.random + ServerHello.random
* + ServerParams);
*/
-
+
mbedtls_md5_starts( &mbedtls_md5 );
mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes, 64 );
mbedtls_md5_update( &mbedtls_md5, dig_signed, dig_signed_len );
@@ -3028,7 +3053,7 @@
* } DigitallySigned;
*
*/
-
+
*(p++) = mbedtls_ssl_hash_from_md_alg( md_alg );
*(p++) = mbedtls_ssl_sig_from_pk_alg( sig_alg );
@@ -3170,6 +3195,10 @@
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
{
+ if ( p + 2 > end ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
if( *p++ != ( ( len >> 8 ) & 0xFF ) ||
*p++ != ( ( len ) & 0xFF ) )
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c022716..c7ccac4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1132,6 +1132,9 @@
* other_secret already set by the ClientKeyExchange message,
* and is 48 bytes long
*/
+ if( end - p < 2 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
*p++ = 0;
*p++ = 48;
p += 48;
@@ -1257,6 +1260,27 @@
#define SSL_SOME_MODES_USE_MAC
#endif
+/* The function below is only used in the Lucky 13 counter-measure in
+ * ssl_decrypt_buf(). These are the defines that guard the call site. */
+#if defined(SSL_SOME_MODES_USE_MAC) && \
+ ( defined(MBEDTLS_SSL_PROTO_TLS1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2) )
+/* This function makes sure every byte in the memory region is accessed
+ * (in ascending addresses order) */
+static void ssl_read_memory( unsigned char *p, size_t len )
+{
+ unsigned char acc = 0;
+ volatile unsigned char force;
+
+ for( ; len != 0; p++, len-- )
+ acc ^= *p;
+
+ force = acc;
+ (void) force;
+}
+#endif /* SSL_SOME_MODES_USE_MAC && ( TLS1 || TLS1_1 || TLS1_2 ) */
+
/*
* Encryption/decryption functions
*/
@@ -1881,27 +1905,27 @@
* and fake check up to 256 bytes of padding
*/
size_t pad_count = 0, real_count = 1;
- size_t padding_idx = ssl->in_msglen - padlen - 1;
+ size_t padding_idx = ssl->in_msglen - padlen;
/*
* Padding is guaranteed to be incorrect if:
- * 1. padlen >= ssl->in_msglen
+ * 1. padlen > ssl->in_msglen
*
- * 2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN +
+ * 2. padding_idx > MBEDTLS_SSL_MAX_CONTENT_LEN +
* ssl->transform_in->maclen
*
* In both cases we reset padding_idx to a safe value (0) to
* prevent out-of-buffer reads.
*/
- correct &= ( ssl->in_msglen >= padlen + 1 );
- correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN +
+ correct &= ( padlen <= ssl->in_msglen );
+ correct &= ( padding_idx <= MBEDTLS_SSL_MAX_CONTENT_LEN +
ssl->transform_in->maclen );
padding_idx *= correct;
- for( i = 1; i <= 256; i++ )
+ for( i = 0; i < 256; i++ )
{
- real_count &= ( i <= padlen );
+ real_count &= ( i < padlen );
pad_count += real_count *
( ssl->in_msg[padding_idx + i] == padlen - 1 );
}
@@ -1932,8 +1956,10 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
ssl->in_msg, ssl->in_msglen );
+#endif
/*
* Authenticate if not done yet.
@@ -1966,20 +1992,69 @@
{
/*
* Process MAC and always update for padlen afterwards to make
- * total time independent of padlen
- *
- * extra_run compensates MAC check for padlen
+ * total time independent of padlen.
*
* Known timing attacks:
* - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf)
*
- * We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values
- * correctly. (We round down instead of up, so -56 is the correct
- * value for our calculations instead of -55)
+ * To compensate for different timings for the MAC calculation
+ * depending on how much padding was removed (which is determined
+ * by padlen), process extra_run more blocks through the hash
+ * function.
+ *
+ * The formula in the paper is
+ * extra_run = ceil( (L1-55) / 64 ) - ceil( (L2-55) / 64 )
+ * where L1 is the size of the header plus the decrypted message
+ * plus CBC padding and L2 is the size of the header plus the
+ * decrypted message. This is for an underlying hash function
+ * with 64-byte blocks.
+ * We use ( (Lx+8) / 64 ) to handle 'negative Lx' values
+ * correctly. We round down instead of up, so -56 is the correct
+ * value for our calculations instead of -55.
+ *
+ * Repeat the formula rather than defining a block_size variable.
+ * This avoids requiring division by a variable at runtime
+ * (which would be marginally less efficient and would require
+ * linking an extra division function in some builds).
*/
size_t j, extra_run = 0;
- extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
- ( 13 + ssl->in_msglen + 8 ) / 64;
+
+ /*
+ * The next two sizes are the minimum and maximum values of
+ * in_msglen over all padlen values.
+ *
+ * They're independent of padlen, since we previously did
+ * in_msglen -= padlen.
+ *
+ * Note that max_len + maclen is never more than the buffer
+ * length, as we previously did in_msglen -= maclen too.
+ */
+ const size_t max_len = ssl->in_msglen + padlen;
+ const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
+
+ switch( ssl->transform_in->ciphersuite_info->mac )
+ {
+#if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \
+ defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_MD_MD5:
+ case MBEDTLS_MD_SHA1:
+ case MBEDTLS_MD_SHA256:
+ /* 8 bytes of message size, 64-byte compression blocks */
+ extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
+ ( 13 + ssl->in_msglen + 8 ) / 64;
+ break;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_MD_SHA384:
+ /* 16 bytes of message size, 128-byte compression blocks */
+ extra_run = ( 13 + ssl->in_msglen + padlen + 16 ) / 128 -
+ ( 13 + ssl->in_msglen + 16 ) / 128;
+ break;
+#endif
+ default:
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
extra_run &= correct * 0xFF;
@@ -1988,12 +2063,25 @@
mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 );
mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
ssl->in_msglen );
+ /* Make sure we access everything even when padlen > 0. This
+ * makes the synchronisation requirements for just-in-time
+ * Prime+Probe attacks much tighter and hopefully impractical. */
+ ssl_read_memory( ssl->in_msg + ssl->in_msglen, padlen );
mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect );
- /* Call mbedtls_md_process at least once due to cache attacks */
+
+ /* Call mbedtls_md_process at least once due to cache attacks
+ * that observe whether md_process() was called of not */
for( j = 0; j < extra_run + 1; j++ )
mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
+
+ /* Make sure we access all the memory that could contain the MAC,
+ * before we check it in the next code block. This makes the
+ * synchronisation requirements for just-in-time Prime+Probe
+ * attacks much tighter and hopefully impractical. */
+ ssl_read_memory( ssl->in_msg + min_len,
+ max_len - min_len + ssl->transform_in->maclen );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
@@ -2003,9 +2091,11 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen );
MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_msg + ssl->in_msglen,
ssl->transform_in->maclen );
+#endif
if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect,
ssl->transform_in->maclen ) != 0 )
@@ -2034,6 +2124,16 @@
if( ssl->in_msglen == 0 )
{
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
+ && ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+ {
+ /* TLS v1.2 explicitly disallows zero-length messages which are not application data */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
ssl->nb_zero++;
/*
@@ -3744,7 +3844,6 @@
return( ret );
}
- // TODO: what's the purpose of these lines? is in_len used?
ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
ssl->in_len[1] = (unsigned char)( ssl->in_msglen );
}
@@ -4062,6 +4161,16 @@
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
{
+ if( ssl->in_msglen != 2 )
+ {
+ /* Note: Standard allows for more than one 2 byte alert
+ to be packed in a single message, but Mbed TLS doesn't
+ currently support this. */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
+ ssl->in_msglen ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
ssl->in_msg[0], ssl->in_msg[1] ) );
@@ -4462,6 +4571,12 @@
while( i < ssl->in_hslen )
{
+ if ( i + 3 > ssl->in_hslen ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ }
if( ssl->in_msg[i] != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
@@ -5170,7 +5285,6 @@
ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
- // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -5845,27 +5959,27 @@
mbedtls_x509_crt *cert,
mbedtls_pk_context *key )
{
- mbedtls_ssl_key_cert *new;
+ mbedtls_ssl_key_cert *new_cert;
- new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
- if( new == NULL )
+ new_cert = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
+ if( new_cert == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- new->cert = cert;
- new->key = key;
- new->next = NULL;
+ new_cert->cert = cert;
+ new_cert->key = key;
+ new_cert->next = NULL;
/* Update head is the list was null, else add to the end */
if( *head == NULL )
{
- *head = new;
+ *head = new_cert;
}
else
{
mbedtls_ssl_key_cert *cur = *head;
while( cur->next != NULL )
cur = cur->next;
- cur->next = new;
+ cur->next = new_cert;
}
return( 0 );
diff --git a/library/x509.c b/library/x509.c
index 3cfa1d1..aaf7f7e 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -65,15 +65,6 @@
#include <time.h>
#endif
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#if !defined(_WIN32)
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <dirent.h>
-#endif
-#endif
-
#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
#define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); }
diff --git a/library/x509_crt.c b/library/x509_crt.c
index f567afc..3d0765a 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -522,9 +522,6 @@
/*
* X.509 v3 extensions
*
- * TODO: Perform all of the basic constraints tests required by the RFC
- * TODO: Set values for undetected extensions to a sane default?
- *
*/
static int x509_get_crt_ext( unsigned char **p,
const unsigned char *end,
@@ -1638,12 +1635,6 @@
if( ca == NULL )
return( flags );
- /*
- * TODO: What happens if no CRL is present?
- * Suggestion: Revocation state should be unknown if no CRL is present.
- * For backwards compatibility this is not yet implemented.
- */
-
while( crl_list != NULL )
{
if( crl_list->version == 0 ||
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 6bae124..22989a2 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -214,7 +214,6 @@
mbedtls_x509_csr_free( csr );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
}
- // TODO Parse Attributes / extension requests
p += len;
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index b6b8446..96c6b70 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -99,7 +99,7 @@
{
usage:
mbedtls_printf( USAGE );
- goto exit;
+ goto cleanup;
}
opt.mode = DFL_MODE;
@@ -149,13 +149,13 @@
if( ( f = fopen( opt.password_file, "rb" ) ) == NULL )
{
mbedtls_printf( " failed\n ! fopen returned NULL\n" );
- goto exit;
+ goto cleanup;
}
if( fgets( buf, sizeof(buf), f ) == NULL )
{
fclose( f );
mbedtls_printf( "Error: fgets() failed to retrieve password\n" );
- goto exit;
+ goto cleanup;
}
fclose( f );
@@ -176,7 +176,7 @@
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret );
- goto exit;
+ goto cleanup;
}
mbedtls_printf( " ok\n" );
@@ -189,14 +189,15 @@
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
- mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL );
- mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL );
- mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL );
- mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL );
- mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL );
- mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL );
- mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL );
- mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL );
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL ) );
}
else
#endif
@@ -204,16 +205,16 @@
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
- mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
- mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ) );
}
else
#endif
{
mbedtls_printf("Do not know how to print key information for this type\n" );
- goto exit;
+ goto cleanup;
}
}
else if( opt.mode == MODE_PUBLIC )
@@ -229,7 +230,7 @@
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
- goto exit;
+ goto cleanup;
}
mbedtls_printf( " ok\n" );
@@ -239,8 +240,8 @@
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
- mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL );
- mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ) );
}
else
#endif
@@ -248,25 +249,28 @@
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
- mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
}
else
#endif
{
mbedtls_printf("Do not know how to print key information for this type\n" );
- goto exit;
+ goto cleanup;
}
}
else
goto usage;
-exit:
+cleanup:
#if defined(MBEDTLS_ERROR_C)
- mbedtls_strerror( ret, buf, sizeof(buf) );
- mbedtls_printf( " ! Last error was: %s\n", buf );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, sizeof( buf ) );
+ mbedtls_printf( " ! Last error was: %s\n", buf );
+ }
#endif
mbedtls_pk_free( &pk );
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 9d12077..b273e7d 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -128,7 +128,7 @@
return( ret );
len = ret;
- c = output_buf + sizeof(output_buf) - len - 1;
+ c = output_buf + sizeof(output_buf) - len;
}
if( ( f = fopen( output_file, "w" ) ) == NULL )
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 390ebae..55a885b 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -235,7 +235,11 @@
" server_port=%%d default: 4433\n" \
" request_page=%%s default: \".\"\n" \
" request_size=%%d default: about 34 (basic request)\n" \
- " (minimum: 0, max: " MAX_REQUEST_SIZE_STR " )\n" \
+ " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \
+ " If 0, in the first exchange only an empty\n" \
+ " application data message is sent followed by\n" \
+ " a second non-empty message before attempting\n" \
+ " to read a response from the server\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
@@ -1499,10 +1503,13 @@
if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
{
- for( written = 0, frags = 0; written < len; written += ret, frags++ )
+ written = 0;
+ frags = 0;
+
+ do
{
- while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
- <= 0 )
+ while( ( ret = mbedtls_ssl_write( &ssl, buf + written,
+ len - written ) ) < 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
@@ -1511,7 +1518,11 @@
goto exit;
}
}
+
+ frags++;
+ written += ret;
}
+ while( written < len );
}
else /* Not stream, so datagram */
{
@@ -1538,6 +1549,13 @@
buf[written] = '\0';
mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
+ /* Send a non-empty request if request_size == 0 */
+ if ( len == 0 )
+ {
+ opt.request_size = DFL_REQUEST_SIZE;
+ goto send_request;
+ }
+
/*
* 7. Read the HTTP response
*/
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6ea0d17..53c5e37 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -193,7 +193,7 @@
check_tools()
{
for TOOL in "$@"; do
- if ! `hash "$TOOL" >/dev/null 2>&1`; then
+ if ! `type "$TOOL" >/dev/null 2>&1`; then
err_msg "$TOOL not found!"
exit 1
fi
@@ -308,6 +308,7 @@
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
echo "${start_red}FAILED: $failure_count${end_color}$failure_summary"
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+ exit 1
elif [ -z "${1-}" ]; then
echo "SUCCESS :)"
fi
@@ -391,6 +392,10 @@
msg "test: doxygen markup outside doxygen blocks" # < 1s
tests/scripts/check-doxy-blocks.pl
+msg "test: check-files.py" # < 1s
+cleanup
+tests/scripts/check-files.py
+
msg "test/build: declared and exported names" # < 3s
cleanup
tests/scripts/check-names.sh
@@ -593,15 +598,30 @@
fi
if uname -a | grep -F x86_64 >/dev/null; then
- msg "build: i386, make, gcc" # ~ 30s
+ # Build once with -O0, to compile out the i386 specific inline assembly
+ msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
cleanup
- make CC=gcc CFLAGS='-Werror -m32'
+ cp "$CONFIG_H" "$CONFIG_BAK"
+ scripts/config.pl full
+ make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address'
- msg "test: i386, make, gcc"
+ msg "test: i386, make, gcc -O0 (ASan build)"
+ make test
+
+ # Build again with -O1, to compile in the i386 specific inline assembly
+ msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
+ cleanup
+ cp "$CONFIG_H" "$CONFIG_BAK"
+ scripts/config.pl full
+ make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address'
+
+ msg "test: i386, make, gcc -O1 (ASan build)"
make test
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
cleanup
+ cp "$CONFIG_H" "$CONFIG_BAK"
+ scripts/config.pl full
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32'
msg "test: 64-bit ILP32, make, gcc"
diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py
new file mode 100755
index 0000000..f560d03
--- /dev/null
+++ b/tests/scripts/check-files.py
@@ -0,0 +1,223 @@
+#!/usr/bin/env python3
+"""
+This file is part of Mbed TLS (https://tls.mbed.org)
+
+Copyright (c) 2018, Arm Limited, All Rights Reserved
+
+Purpose
+
+This script checks the current state of the source code for minor issues,
+including incorrect file permissions, presence of tabs, non-Unix line endings,
+trailing whitespace, presence of UTF-8 BOM, and TODO comments.
+Note: requires python 3, must be run from Mbed TLS root.
+"""
+
+import os
+import argparse
+import logging
+import codecs
+import sys
+
+
+class IssueTracker(object):
+ """Base class for issue tracking. Issues should inherit from this and
+ overwrite either issue_with_line if they check the file line by line, or
+ overwrite check_file_for_issue if they check the file as a whole."""
+
+ def __init__(self):
+ self.heading = ""
+ self.files_exemptions = []
+ self.files_with_issues = {}
+
+ def should_check_file(self, filepath):
+ for files_exemption in self.files_exemptions:
+ if filepath.endswith(files_exemption):
+ return False
+ return True
+
+ def issue_with_line(self, line):
+ raise NotImplementedError
+
+ def check_file_for_issue(self, filepath):
+ with open(filepath, "rb") as f:
+ for i, line in enumerate(iter(f.readline, b"")):
+ self.check_file_line(filepath, line, i + 1)
+
+ def check_file_line(self, filepath, line, line_number):
+ if self.issue_with_line(line):
+ if filepath not in self.files_with_issues.keys():
+ self.files_with_issues[filepath] = []
+ self.files_with_issues[filepath].append(line_number)
+
+ def output_file_issues(self, logger):
+ if self.files_with_issues.values():
+ logger.info(self.heading)
+ for filename, lines in sorted(self.files_with_issues.items()):
+ if lines:
+ logger.info("{}: {}".format(
+ filename, ", ".join(str(x) for x in lines)
+ ))
+ else:
+ logger.info(filename)
+ logger.info("")
+
+
+class PermissionIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "Incorrect permissions:"
+
+ def check_file_for_issue(self, filepath):
+ if not (os.access(filepath, os.X_OK) ==
+ filepath.endswith((".sh", ".pl", ".py"))):
+ self.files_with_issues[filepath] = None
+
+
+class EndOfFileNewlineIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "Missing newline at end of file:"
+
+ def check_file_for_issue(self, filepath):
+ with open(filepath, "rb") as f:
+ if not f.read().endswith(b"\n"):
+ self.files_with_issues[filepath] = None
+
+
+class Utf8BomIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "UTF-8 BOM present:"
+
+ def check_file_for_issue(self, filepath):
+ with open(filepath, "rb") as f:
+ if f.read().startswith(codecs.BOM_UTF8):
+ self.files_with_issues[filepath] = None
+
+
+class LineEndingIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "Non Unix line endings:"
+
+ def issue_with_line(self, line):
+ return b"\r" in line
+
+
+class TrailingWhitespaceIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "Trailing whitespace:"
+ self.files_exemptions = [".md"]
+
+ def issue_with_line(self, line):
+ return line.rstrip(b"\r\n") != line.rstrip()
+
+
+class TabIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "Tabs present:"
+ self.files_exemptions = [
+ "Makefile", "generate_visualc_files.pl"
+ ]
+
+ def issue_with_line(self, line):
+ return b"\t" in line
+
+
+class TodoIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "TODO present:"
+ self.files_exemptions = [
+ __file__, "benchmark.c", "pull_request_template.md"
+ ]
+
+ def issue_with_line(self, line):
+ return b"todo" in line.lower()
+
+
+class IntegrityChecker(object):
+
+ def __init__(self, log_file):
+ self.check_repo_path()
+ self.logger = None
+ self.setup_logger(log_file)
+ self.files_to_check = (
+ ".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data",
+ "Makefile", "CMakeLists.txt", "ChangeLog"
+ )
+ self.issues_to_check = [
+ PermissionIssueTracker(),
+ EndOfFileNewlineIssueTracker(),
+ Utf8BomIssueTracker(),
+ LineEndingIssueTracker(),
+ TrailingWhitespaceIssueTracker(),
+ TabIssueTracker(),
+ TodoIssueTracker(),
+ ]
+
+ def check_repo_path(self):
+ if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
+ raise Exception("Must be run from Mbed TLS root")
+
+ def setup_logger(self, log_file, level=logging.INFO):
+ self.logger = logging.getLogger()
+ self.logger.setLevel(level)
+ if log_file:
+ handler = logging.FileHandler(log_file)
+ self.logger.addHandler(handler)
+ else:
+ console = logging.StreamHandler()
+ self.logger.addHandler(console)
+
+ def check_files(self):
+ for root, dirs, files in sorted(os.walk(".")):
+ for filename in sorted(files):
+ filepath = os.path.join(root, filename)
+ if (os.path.join("yotta", "module") in filepath or
+ not filepath.endswith(self.files_to_check)):
+ continue
+ for issue_to_check in self.issues_to_check:
+ if issue_to_check.should_check_file(filepath):
+ issue_to_check.check_file_for_issue(filepath)
+
+ def output_issues(self):
+ integrity_return_code = 0
+ for issue_to_check in self.issues_to_check:
+ if issue_to_check.files_with_issues:
+ integrity_return_code = 1
+ issue_to_check.output_file_issues(self.logger)
+ return integrity_return_code
+
+
+def run_main():
+ parser = argparse.ArgumentParser(
+ description=(
+ "This script checks the current state of the source code for "
+ "minor issues, including incorrect file permissions, "
+ "presence of tabs, non-Unix line endings, trailing whitespace, "
+ "presence of UTF-8 BOM, and TODO comments. "
+ "Note: requires python 3, must be run from Mbed TLS root."
+ )
+ )
+ parser.add_argument(
+ "-l", "--log_file", type=str, help="path to optional output log",
+ )
+ check_args = parser.parse_args()
+ integrity_check = IntegrityChecker(check_args.log_file)
+ integrity_check.check_files()
+ return_code = integrity_check.output_issues()
+ sys.exit(return_code)
+
+
+if __name__ == "__main__":
+ run_main()
diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl
index 08ca5df..3c074be 100755
--- a/tests/scripts/gen_ctr_drbg.pl
+++ b/tests/scripts/gen_ctr_drbg.pl
@@ -64,7 +64,7 @@
my $AdditionalInput2 = get_val("AdditionalInput");
my $EntropyInputPR2 = get_val("EntropyInputPR") if ($PredictionResistance == 1);
my $ReturnedBits = get_val("ReturnedBits");
-
+
if ($PredictionResistance == 1)
{
print("CTR_DRBG NIST Validation (AES-256 use df,$PredictionResistanceStr,$EntropyInputLen,$NonceLen,$PersonalizationStringLen,$AdditionalInputLen) #$Count\n");
diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
index 95c5235..110cb4b 100755
--- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl
+++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
@@ -18,10 +18,10 @@
next if($line !~ /^# $str/);
last;
}
-
+
while(my $line = <TEST_DATA>)
{
- last if($line eq "\r\n");
+ last if($line eq "\r\n");
$val .= $line;
}
@@ -66,7 +66,7 @@
print(":\"$val_salt\"");
print(":\"$val_sig\":0");
print("\n\n");
- }
+ }
$cnt++;
}
close(TEST_DATA);
diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
index 17824c7..548c68c 100755
--- a/tests/scripts/generate_code.pl
+++ b/tests/scripts/generate_code.pl
@@ -87,11 +87,37 @@
close(TEST_HELPERS);
open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!";
-my $test_main = <TEST_MAIN>;
+my @test_main_lines = split/^/, <TEST_MAIN>;
+my $test_main;
+my $index = 2;
+for my $line (@test_main_lines) {
+ $line =~ s/!LINE_NO!/$index/;
+ $test_main = $test_main.$line;
+ $index++;
+}
close(TEST_MAIN);
open(TEST_CASES, "$test_case_file") or die "Opening test cases '$test_case_file': $!";
-my $test_cases = <TEST_CASES>;
+my @test_cases_lines = split/^/, <TEST_CASES>;
+my $test_cases;
+my $index = 2;
+for my $line (@test_cases_lines) {
+ if ($line =~ /^\/\* BEGIN_SUITE_HELPERS .*\*\//)
+ {
+ $line = $line."#line $index \"$test_case_file\"\n";
+ }
+
+ if ($line =~ /^\/\* BEGIN_CASE .*\*\//)
+ {
+ $line = $line."#line $index \"$test_case_file\"\n";
+ }
+
+ $line =~ s/!LINE_NO!/$index/;
+
+ $test_cases = $test_cases.$line;
+ $index++;
+}
+
close(TEST_CASES);
open(TEST_DATA, "$test_case_data") or die "Opening test data '$test_case_data': $!";
@@ -178,16 +204,19 @@
my $function_decl = $2;
# Sanity checks of function
- if ($function_decl !~ /^void /)
+ if ($function_decl !~ /^#line\s*.*\nvoid /)
{
die "Test function does not have 'void' as return type\n";
+ "Function declaration:\n" .
+ $function_decl;
}
- if ($function_decl !~ /^void (\w+)\(\s*(.*?)\s*\)\s*{(.*)}/ms)
+ if ($function_decl !~ /^(#line\s*.*)\nvoid (\w+)\(\s*(.*?)\s*\)\s*{(.*)}/ms)
{
die "Function declaration not in expected format\n";
}
- my $function_name = $1;
- my $function_params = $2;
+ my $line_directive = $1;
+ my $function_name = $2;
+ my $function_params = $3;
my $function_pre_code;
my $function_post_code;
my $param_defs;
@@ -198,7 +227,7 @@
my $mapping_regex = "".$function_name;
my $mapping_count = 0;
- $function_decl =~ s/^void /void test_suite_/;
+ $function_decl =~ s/(^#line\s*.*)\nvoid /$1\nvoid test_suite_/;
# Add exit label if not present
if ($function_decl !~ /^exit:$/m)
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
old mode 100644
new mode 100755
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 3a8ec3c..9a432fb 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -254,7 +254,7 @@
done
}
else
- echo "Warning: lsof not available, wait_server_start = sleep $START_DELAY"
+ echo "Warning: lsof not available, wait_server_start = sleep"
wait_server_start() {
sleep "$START_DELAY"
}
@@ -1025,6 +1025,38 @@
-s "received FALLBACK_SCSV" \
-S "inapropriate fallback"
+# Test sending and receiving empty application data records
+
+run_test "Encrypt then MAC: empty application data record" \
+ "$P_SRV auth_mode=none debug_level=4 etm=1" \
+ "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
+ -s "dumping 'input payload after decrypt' (0 bytes)" \
+ -c "0 bytes written in 1 fragments"
+
+run_test "Default, no Encrypt then MAC: empty application data record" \
+ "$P_SRV auth_mode=none debug_level=4 etm=0" \
+ "$P_CLI auth_mode=none etm=0 request_size=0" \
+ 0 \
+ -s "dumping 'input payload after decrypt' (0 bytes)" \
+ -c "0 bytes written in 1 fragments"
+
+run_test "Encrypt then MAC, DTLS: empty application data record" \
+ "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
+ "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
+ 0 \
+ -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
+ -s "dumping 'input payload after decrypt' (0 bytes)" \
+ -c "0 bytes written in 1 fragments"
+
+run_test "Default, no Encrypt then MAC, DTLS: empty application data record" \
+ "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
+ "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
+ 0 \
+ -s "dumping 'input payload after decrypt' (0 bytes)" \
+ -c "0 bytes written in 1 fragments"
+
## ClientHello generated with
## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
## then manually twiddling the ciphersuite list.
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index cad7072..4c3a235 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -1,3 +1,4 @@
+#line 1 "helpers.function"
/*----------------------------------------------------------------------------*/
/* Headers */
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 7fee3d8..948f72e 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -1,4 +1,5 @@
SUITE_PRE_DEP
+#line !LINE_NO! "main_test.function"
#define TEST_SUITE_ACTIVE
int verify_string( char **str )
@@ -69,6 +70,7 @@
FUNCTION_CODE
SUITE_POST_DEP
+#line !LINE_NO! "main_test.function"
/*----------------------------------------------------------------------------*/
@@ -80,6 +82,7 @@
return( 1 );
DEP_CHECK_CODE
+#line !LINE_NO! "main_test.function"
return( 1 );
}
@@ -93,6 +96,7 @@
#if defined(TEST_SUITE_ACTIVE)
DISPATCH_FUNCTION
{
+#line !LINE_NO! "main_test.function"
mbedtls_fprintf( stdout, "FAILED\nSkipping unknown test function '%s'\n", params[0] );
fflush( stdout );
return( 1 );
diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index e351ebd..734fd97 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -19,10 +19,10 @@
Diffie-Hellman zero modulus
dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
-Diffie-Hallman load parameters from file
+Diffie-Hellman load parameters from file
dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128
-Diffie-Hallman load parameters from file
+Diffie-Hellman load parameters from file
dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256
Diffie-Hellman selftest
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 128c59e..0498f98 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -35,7 +35,7 @@
memset( tag_str, 0x00, sizeof( tag_str ) );
memset( output, 0x00, sizeof( output ) );
memset( tag_output, 0x00, sizeof( tag_output ) );
-
+
key_len = unhexify( key_str, hex_key_string );
pt_len = unhexify( src_str, hex_src_string );
iv_len = unhexify( iv_str, hex_iv_string );
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 18a9fa0..797505a 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -301,10 +301,10 @@
Base test mbedtls_mpi_add_mpi inplace #1
mbedtls_mpi_add_mpi_inplace:10:"12345678":10:"24691356"
-Test mbedtls_mpi_add_mpi inplace #2
+Test mbedtls_mpi_add_mpi inplace #2
mbedtls_mpi_add_mpi_inplace:10:"643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"1287616013607108878460259709922985398302772215068026865836146879048276529684741260122739430789478268181845874665180769440794266671939098512645241958073373266427807905932350214193538360035292323703146295192780306"
-Test mbedtls_mpi_add_mpi inplace #3
+Test mbedtls_mpi_add_mpi inplace #3
mbedtls_mpi_add_mpi_inplace:16:"ffffffffffffffffffffffffffffffff":16:"01fffffffffffffffffffffffffffffffe"
Test mbedtls_mpi_add_int #1
diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data
index db7a4cd..0309400 100644
--- a/tests/suites/test_suite_pkcs1_v15.data
+++ b/tests/suites/test_suite_pkcs1_v15.data
@@ -13,19 +13,19 @@
RSAES-V15 Encryption Test Vector Data too long 1
pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
-RSAES-V15 Decryption Test Vector Padding too short 7
+RSAES-V15 Decryption Test Vector Padding too short 7
pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_INVALID_PADDING
RSAES-V15 Encryption Test Vector Data too long 3
pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
-RSAES-V15 Decryption Test Vector Padding too short 5
+RSAES-V15 Decryption Test Vector Padding too short 5
pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_INVALID_PADDING
RSAES-V15 Encryption Test Vector Data too long 8
pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
-RSAES-V15 Decryption Test Vector Padding too short 0
+RSAES-V15 Decryption Test Vector Padding too short 0
pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_INVALID_PADDING
RSASSA-V15 Signing Test Vector Int
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index d715c8a..3c9740d 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -207,15 +207,15 @@
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #35 (PKCS#8 encrypted SHA1-RC4-128 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der":"PolarSSLTest":0
Parse RSA Key #36 (PKCS#8 encrypted SHA1-RC4-128 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der":"PolarSSLTest":0
Parse RSA Key #37 (PKCS#8 encrypted SHA1-RC4-128 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der":"PolarSSLTest":0
Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES)
@@ -1023,11 +1023,11 @@
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
Parse EC Key #6 (PKCS8 encrypted DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0
Parse EC Key #7 (PKCS8 encrypted PEM)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0
Parse EC Key #8 (SEC1 PEM, secp224r1)
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 60683af..1cd2ed5 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -52,4 +52,5 @@
mbedtls_ssl_free( &ssl );
}
-/* END_CASE */
\ No newline at end of file
+/* END_CASE */
+
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 28edf3c..bef766c 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.1.13"
+check_compiletime_version:"2.1.14"
Check runtime library version
-check_runtime_version:"2.1.13"
+check_runtime_version:"2.1.14"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/yotta/data/example-authcrypt/README.md b/yotta/data/example-authcrypt/README.md
index ae4b1ef..c77373d 100644
--- a/yotta/data/example-authcrypt/README.md
+++ b/yotta/data/example-authcrypt/README.md
@@ -38,11 +38,11 @@
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
- Use the following settings:
+ Use the following settings:
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
+ * 115200 baud (not 9600).
+ * 8N1.
+ * No flow control.
7. Press the Reset button on the board.
diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md
index 1a534a2..7997d30 100644
--- a/yotta/data/example-benchmark/README.md
+++ b/yotta/data/example-benchmark/README.md
@@ -38,11 +38,11 @@
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
- Use the following settings:
+ Use the following settings:
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
+ * 115200 baud (not 9600).
+ * 8N1.
+ * No flow control.
7. Press the Reset button on the board.
diff --git a/yotta/data/example-hashing/README.md b/yotta/data/example-hashing/README.md
index 553c3a6..b559678 100644
--- a/yotta/data/example-hashing/README.md
+++ b/yotta/data/example-hashing/README.md
@@ -38,11 +38,11 @@
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
- Use the following settings:
+ Use the following settings:
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
+ * 115200 baud (not 9600).
+ * 8N1.
+ * No flow control.
7. Press the Reset button on the board.
diff --git a/yotta/data/example-selftest/README.md b/yotta/data/example-selftest/README.md
index 5bc22a6..4d98c71 100644
--- a/yotta/data/example-selftest/README.md
+++ b/yotta/data/example-selftest/README.md
@@ -38,11 +38,11 @@
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
- Use the following settings:
+ Use the following settings:
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
+ * 115200 baud (not 9600).
+ * 8N1.
+ * No flow control.
7. Press the Reset button on the board.
diff --git a/yotta/data/example-tls-client/README.md b/yotta/data/example-tls-client/README.md
index 39452a5..55a94bc 100644
--- a/yotta/data/example-tls-client/README.md
+++ b/yotta/data/example-tls-client/README.md
@@ -44,11 +44,11 @@
7. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
- Use the following settings:
+ Use the following settings:
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
+ * 115200 baud (not 9600).
+ * 8N1.
+ * No flow control.
8. Press the Reset button on the board.
diff --git a/yotta/data/module.json b/yotta/data/module.json
index 515d0d3..c27faa3 100644
--- a/yotta/data/module.json
+++ b/yotta/data/module.json
@@ -1,6 +1,6 @@
{
"name": "mbedtls",
- "version": "2.1.13",
+ "version": "2.1.14",
"description": "The mbed TLS crypto/SSL/TLS library",
"licenses": [
{