Merge remote-tracking branch 'upstream-public/pr/1290' into mbedtls-2.1
diff --git a/ChangeLog b/ChangeLog
index ed7818e..27c3d13 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -62,6 +62,9 @@
* Fix issue in RSA key generation program programs/x509/rsa_genkey
where the failure of CTR DRBG initialization lead to freeing an
RSA context without proper initialization beforehand.
+ * Fix bug in cipher decryption with MBEDTLS_PADDING_ONE_AND_ZEROS that
+ sometimes accepted invalid padding. (Not used in TLS.) Found and fixed
+ by Micha Kraus.
Changes
* Extend cert_write example program by options to set the CRT version
diff --git a/library/cipher.c b/library/cipher.c
index 1523b07..b0e0d87 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -485,14 +485,14 @@
if( NULL == input || NULL == data_len )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- bad = 0xFF;
+ bad = 0x80;
*data_len = 0;
for( i = input_len; i > 0; i-- )
{
prev_done = done;
- done |= ( input[i-1] != 0 );
+ done |= ( input[i - 1] != 0 );
*data_len |= ( i - 1 ) * ( done != prev_done );
- bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
+ bad ^= input[i - 1] * ( done != prev_done );
}
return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 1002adf..9d1904c 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1941,7 +1941,7 @@
const mbedtls_ssl_ciphersuite_t *suite = NULL;
const mbedtls_cipher_info_t *cipher = NULL;
- if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+ if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
*olen = 0;
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 8ab32f6..0782993 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -129,15 +129,6 @@
( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \
} while( 0 )
-#if defined(MBEDTLS_ERROR_C)
-#define PRINT_ERROR \
- mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
- mbedtls_printf( "FAILED: %s\n", tmp );
-#else
-#define PRINT_ERROR \
- mbedtls_printf( "FAILED: -0x%04x\n", -ret );
-#endif
-
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
#define MEMORY_MEASURE_INIT \
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 96ce7f9..97dc3cf 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -31,7 +31,7 @@
include_directories(${CMAKE_CURRENT_SOURCE_DIR})
add_executable(test_suite_${data_name} test_suite_${data_name}.c)
target_link_libraries(test_suite_${data_name} ${libs})
- add_test(${data_name}-suite test_suite_${data_name})
+ add_test(${data_name}-suite test_suite_${data_name} --verbose)
endfunction(add_test_suite)
if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
diff --git a/tests/compat.sh b/tests/compat.sh
index 8f864ad..27d712b 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -878,8 +878,9 @@
done
}
else
+ echo "Warning: lsof not available, wait_server_start = sleep"
wait_server_start() {
- sleep 1
+ sleep 2
}
fi
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9dc75e1..0c4639c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -254,6 +254,7 @@
done
}
else
+ echo "Warning: lsof not available, wait_server_start = sleep $START_DELAY"
wait_server_start() {
sleep "$START_DELAY"
}
@@ -539,14 +540,28 @@
# used by watchdog
MAIN_PID="$$"
-# be more patient with valgrind
+# We use somewhat arbitrary delays for tests:
+# - how long do we wait for the server to start (when lsof not available)?
+# - how long do we allow for the client to finish?
+# (not to check performance, just to avoid waiting indefinitely)
+# Things are slower with valgrind, so give extra time here.
+#
+# Note: without lsof, there is a trade-off between the running time of this
+# script and the risk of spurious errors because we didn't wait long enough.
+# The watchdog delay on the other hand doesn't affect normal running time of
+# the script, only the case where a client or server gets stuck.
if [ "$MEMCHECK" -gt 0 ]; then
- START_DELAY=3
- DOG_DELAY=30
+ START_DELAY=6
+ DOG_DELAY=60
else
- START_DELAY=1
- DOG_DELAY=10
+ START_DELAY=2
+ DOG_DELAY=20
fi
+
+# some particular tests need more time:
+# - for the client, we multiply the usual watchdog limit by a factor
+# - for the server, we sleep for a number of seconds after the client exits
+# see client_need_more_time() and server_needs_more_time()
CLI_DELAY_FACTOR=1
# Pick a "unique" server port in the range 10000-19999, and a proxy port
diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data
index d6fc266..1c0ba09 100644
--- a/tests/suites/test_suite_cipher.padding.data
+++ b/tests/suites/test_suite_cipher.padding.data
@@ -184,6 +184,10 @@
depends_on:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
check_padding:MBEDTLS_PADDING_ONE_AND_ZEROS:"0000000000":MBEDTLS_ERR_CIPHER_INVALID_PADDING:4
+Check one and zeros padding #8 (last byte 0x80 | x)
+depends_on:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+check_padding:MBEDTLS_PADDING_ONE_AND_ZEROS:"0000000082":MBEDTLS_ERR_CIPHER_INVALID_PADDING:4
+
Check zeros and len padding #1 (correct)
depends_on:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
check_padding:MBEDTLS_PADDING_ZEROS_AND_LEN:"DABBAD0001":0:4