Merge pull request #4326 from gilles-peskine-arm/openssl-dhparam-robustness-2.16
Backport 2.16: Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman
diff --git a/ChangeLog.d/add-missing-parenthesis.txt b/ChangeLog.d/add-missing-parenthesis.txt
new file mode 100644
index 0000000..9576ff3
--- /dev/null
+++ b/ChangeLog.d/add-missing-parenthesis.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
+ defined. Fixes #4217.
diff --git a/ChangeLog.d/aescrypt2.txt b/ChangeLog.d/aescrypt2.txt
new file mode 100644
index 0000000..7ffa49e
--- /dev/null
+++ b/ChangeLog.d/aescrypt2.txt
@@ -0,0 +1,3 @@
+Changes
+ * Remove the AES sample application programs/aes/aescrypt2 which shows
+ bad cryptographic practice. Fix #1906.
diff --git a/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt b/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt
new file mode 100644
index 0000000..d253f34
--- /dev/null
+++ b/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
+ when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
+ was disabled. Fix the dependency. Fixes #4472.
diff --git a/ChangeLog.d/dhm_min_bitlen.txt b/ChangeLog.d/dhm_min_bitlen.txt
new file mode 100644
index 0000000..e7ea827
--- /dev/null
+++ b/ChangeLog.d/dhm_min_bitlen.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * In a TLS client, enforce the Diffie-Hellman minimum parameter size
+ set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
+ minimum size was rounded down to the nearest multiple of 8.
diff --git a/ChangeLog.d/fix-pk-parse-key-error-code.txt b/ChangeLog.d/fix-pk-parse-key-error-code.txt
new file mode 100644
index 0000000..3aa330b
--- /dev/null
+++ b/ChangeLog.d/fix-pk-parse-key-error-code.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix an incorrect error code when parsing a PKCS#8 private key.
diff --git a/ChangeLog.d/make-generate-tests-python.txt b/ChangeLog.d/make-generate-tests-python.txt
new file mode 100644
index 0000000..0feeff8
--- /dev/null
+++ b/ChangeLog.d/make-generate-tests-python.txt
@@ -0,0 +1,4 @@
+Changes
+ * When building the test suites with GNU make, invoke python3 or python, not
+ python2. The build still works with either Python 2.7 or 3.5+, but we
+ recommend using a version of Python that is supported upstream.
diff --git a/ChangeLog.d/mpi_read_negative_zero.txt b/ChangeLog.d/mpi_read_negative_zero.txt
new file mode 100644
index 0000000..e338de7
--- /dev/null
+++ b/ChangeLog.d/mpi_read_negative_zero.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated
+ as equal to 0 in all cases. Fix it to produce the same object as "0".
diff --git a/ChangeLog.d/posix-define.txt b/ChangeLog.d/posix-define.txt
new file mode 100644
index 0000000..98cf2d0
--- /dev/null
+++ b/ChangeLog.d/posix-define.txt
@@ -0,0 +1,6 @@
+Bugfix
+ * In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are
+ defined to specific values. If the code is used in a context
+ where these are already defined, this can result in a compilation
+ error. Instead, assume that if they are defined, the values will
+ be adequate to build Mbed TLS.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index fff4240..b1d67f7 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -453,7 +453,7 @@
* be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
* must stay untouched.
*
- * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
+ * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
* tables.
*
diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h
index d8246e2..0e4a6bb 100644
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@@ -98,7 +98,7 @@
*
* \param feature The feature to detect
*
- * \return 1 if CPU has support for the feature, 0 otherwise
+ * \return non-zero if CPU has support for the feature, 0 otherwise
*/
int mbedtls_padlock_has_support( int feature );
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index a10a434..a83f5e6 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -124,7 +124,7 @@
* Recommended value: 86400 (one day).
*
* \note It is highly recommended to select a cipher that is at
- * least as strong as the the strongest ciphersuite
+ * least as strong as the strongest ciphersuite
* supported. Usually that means a 256-bit key.
*
* \note The lifetime of the keys is twice the lifetime of tickets.
diff --git a/library/bignum.c b/library/bignum.c
index f133f6c..bd352e1 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -500,6 +500,7 @@
{
int ret;
size_t i, j, slen, n;
+ int sign = 1;
mbedtls_mpi_uint d;
mbedtls_mpi T;
MPI_VALIDATE_RET( X != NULL );
@@ -510,6 +511,12 @@
mbedtls_mpi_init( &T );
+ if( s[0] == '-' )
+ {
+ ++s;
+ sign = -1;
+ }
+
slen = strlen( s );
if( radix == 16 )
@@ -524,12 +531,6 @@
for( i = slen, j = 0; i > 0; i--, j++ )
{
- if( i == 1 && s[i - 1] == '-' )
- {
- X->s = -1;
- break;
- }
-
MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
}
@@ -540,26 +541,15 @@
for( i = 0; i < slen; i++ )
{
- if( i == 0 && s[i] == '-' )
- {
- X->s = -1;
- continue;
- }
-
MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
-
- if( X->s == 1 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) );
- }
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
}
}
+ if( sign < 0 && mbedtls_mpi_bitlen( X ) != 0 )
+ X->s = -1;
+
cleanup:
mbedtls_mpi_free( &T );
diff --git a/library/ecp.c b/library/ecp.c
index fe41b41..2168981 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2505,7 +2505,7 @@
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng );
+ return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) );
#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
p_size = ( grp->pbits + 7 ) / 8;
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index b04596b..396734d 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -1048,13 +1048,13 @@
/*
* If the result is negative, we get it in the form
- * c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits'
+ * c * 2^bits + N, with c negative and N positive shorter than 'bits'
*/
static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits )
{
int ret;
- /* C = - c * 2^(bits + 32) */
+ /* C = - c * 2^bits */
#if !defined(MBEDTLS_HAVE_INT64)
((void) bits);
#else
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 671115f..3874783 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -47,11 +47,15 @@
/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must
* be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
+#ifndef _POSIX_C_SOURCE
#define _POSIX_C_SOURCE 200112L
+#endif
#if defined(__NetBSD__)
+#ifndef _XOPEN_SOURCE
#define _XOPEN_SOURCE 600 /* sockaddr_storage */
#endif
+#endif
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
diff --git a/library/pkparse.c b/library/pkparse.c
index e410f3a..2622351 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1070,7 +1070,7 @@
return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+ return( ret );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 090040e..01df17a 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -918,13 +918,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_SHA512_C)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index bd7f281..073311b 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2209,6 +2209,7 @@
unsigned char *end )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ size_t dhm_actual_bitlen;
/*
* Ephemeral DH parameters:
@@ -2226,10 +2227,11 @@
return( ret );
}
- if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
+ dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
+ if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
- ssl->handshake->dhm_ctx.len * 8,
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %u < %u",
+ (unsigned) dhm_actual_bitlen,
ssl->conf->dhm_min_bitlen ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c749a86..a00b439 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6364,8 +6364,6 @@
#if defined(MBEDTLS_SHA512_C)
-typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*);
-
static void ssl_calc_finished_tls_sha384(
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
{
@@ -6373,12 +6371,6 @@
const char *sender;
mbedtls_sha512_context sha512;
unsigned char padbuf[48];
- /*
- * For SHA-384, we can save 16 bytes by keeping padbuf 48 bytes long.
- * However, to avoid stringop-overflow warning in gcc, we have to cast
- * mbedtls_sha512_finish_ret().
- */
- finish_sha384_t finish_sha384 = (finish_sha384_t)mbedtls_sha512_finish_ret;
mbedtls_ssl_session *session = ssl->session_negotiate;
if( !session )
@@ -6404,8 +6396,19 @@
sender = ( from == MBEDTLS_SSL_IS_CLIENT )
? "client finished"
: "server finished";
-
- finish_sha384( &sha512, padbuf );
+ /* mbedtls_sha512_finish_ret's output parameter is declared as a
+ * 64-byte buffer, but sice we're using SHA-384, we know that the
+ * output fits in 48 bytes. This is correct C, but GCC 11.1 warns
+ * about it.
+ */
+#if defined(__GNUC__) && __GNUC__ >= 11
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wstringop-overflow"
+#endif
+ mbedtls_sha512_finish_ret( &sha512, padbuf );
+#if defined(__GNUC__) && __GNUC__ >= 11
+#pragma GCC diagnostic pop
+#endif
ssl->handshake->tls_prf( session->master, 48, sender,
padbuf, 48, buf, len );
diff --git a/programs/.gitignore b/programs/.gitignore
index 4d78930..d9ca31c 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -2,7 +2,6 @@
*.sln
*.vcxproj
-aes/aescrypt2
aes/crypt_and_hash
hash/generic_sum
hash/hello
diff --git a/programs/Makefile b/programs/Makefile
index d09949b..d5ebfd7 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -47,7 +47,7 @@
LOCAL_LDFLAGS += -lz
endif
-APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \
+APPS = aes/crypt_and_hash$(EXEXT) \
hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \
pkey/dh_client$(EXEXT) \
pkey/dh_genprime$(EXEXT) pkey/dh_server$(EXEXT) \
@@ -93,10 +93,6 @@
$(DEP):
$(MAKE) -C ../library
-aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP)
- echo " CC aes/aescrypt2.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP)
echo " CC aes/crypt_and_hash.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/programs/README.md b/programs/README.md
index d26349d..e9e9f57 100644
--- a/programs/README.md
+++ b/programs/README.md
@@ -5,9 +5,6 @@
## Symmetric cryptography (AES) examples
-* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC.
- Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the `pkcs5` module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module).
-
* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.
## Hash (digest) examples
diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
index f5a0caa..ac70de8 100644
--- a/programs/aes/CMakeLists.txt
+++ b/programs/aes/CMakeLists.txt
@@ -1,9 +1,6 @@
-add_executable(aescrypt2 aescrypt2.c)
-target_link_libraries(aescrypt2 mbedtls)
-
add_executable(crypt_and_hash crypt_and_hash.c)
target_link_libraries(crypt_and_hash mbedtls)
-install(TARGETS aescrypt2 crypt_and_hash
+install(TARGETS crypt_and_hash
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
deleted file mode 100644
index 8b44aad..0000000
--- a/programs/aes/aescrypt2.c
+++ /dev/null
@@ -1,495 +0,0 @@
-/*
- * AES-256 file encryption program
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- *
- * This file is provided under the Apache License 2.0, or the
- * GNU General Public License v2.0 or later.
- *
- * **********
- * Apache License 2.0:
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * **********
- *
- * **********
- * GNU General Public License v2.0 or later:
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * **********
- */
-
-/* Enable definition of fileno() even when compiling with -std=c99. Must be
- * set before config.h, which pulls in glibc's features.h indirectly.
- * Harmless on other platforms. */
-#define _POSIX_C_SOURCE 1
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#define mbedtls_exit exit
-#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#endif /* MBEDTLS_PLATFORM_C */
-
-#include "mbedtls/aes.h"
-#include "mbedtls/md.h"
-#include "mbedtls/platform_util.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#if defined(_WIN32)
-#include <windows.h>
-#if !defined(_WIN32_WCE)
-#include <io.h>
-#endif
-#else
-#include <sys/types.h>
-#include <unistd.h>
-#endif
-
-#define MODE_ENCRYPT 0
-#define MODE_DECRYPT 1
-
-#define USAGE \
- "\n aescrypt2 <mode> <input filename> <output filename> <key>\n" \
- "\n <mode>: 0 = encrypt, 1 = decrypt\n" \
- "\n example: aescrypt2 0 file file.aes hex:E76B2413958B00E193\n" \
- "\n"
-
-#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_SHA256_C) || \
- !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_MD_C)
-int main( void )
-{
- mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C "
- "and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C "
- "not defined.\n");
- mbedtls_exit( 0 );
-}
-#else
-
-
-int main( int argc, char *argv[] )
-{
- int ret = 0;
- int exit_code = MBEDTLS_EXIT_FAILURE;
-
- unsigned int i, n;
- int mode, lastn;
- size_t keylen;
- FILE *fkey, *fin = NULL, *fout = NULL;
-
- char *p;
-
- unsigned char IV[16];
- unsigned char tmp[16];
- unsigned char key[512];
- unsigned char digest[32];
- unsigned char buffer[1024];
- unsigned char diff;
-
- mbedtls_aes_context aes_ctx;
- mbedtls_md_context_t sha_ctx;
-
-#if defined(_WIN32_WCE)
- long filesize, offset;
-#elif defined(_WIN32)
- LARGE_INTEGER li_size;
- __int64 filesize, offset;
-#else
- off_t filesize, offset;
-#endif
-
- mbedtls_aes_init( &aes_ctx );
- mbedtls_md_init( &sha_ctx );
-
- ret = mbedtls_md_setup( &sha_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 1 );
- if( ret != 0 )
- {
- mbedtls_printf( " ! mbedtls_md_setup() returned -0x%04x\n", -ret );
- goto exit;
- }
-
- /*
- * Parse the command-line arguments.
- */
- if( argc != 5 )
- {
- mbedtls_printf( USAGE );
-
-#if defined(_WIN32)
- mbedtls_printf( "\n Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
- goto exit;
- }
-
- mode = atoi( argv[1] );
- memset( IV, 0, sizeof( IV ) );
- memset( key, 0, sizeof( key ) );
- memset( digest, 0, sizeof( digest ) );
- memset( buffer, 0, sizeof( buffer ) );
-
- if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
- {
- mbedtls_fprintf( stderr, "invalide operation mode\n" );
- goto exit;
- }
-
- if( strcmp( argv[2], argv[3] ) == 0 )
- {
- mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
- goto exit;
- }
-
- if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
- {
- mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
- goto exit;
- }
-
- if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
- {
- mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
- goto exit;
- }
-
- /*
- * Read the secret key from file or command line
- */
- if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
- {
- keylen = fread( key, 1, sizeof( key ), fkey );
- fclose( fkey );
- }
- else
- {
- if( memcmp( argv[4], "hex:", 4 ) == 0 )
- {
- p = &argv[4][4];
- keylen = 0;
-
- while( sscanf( p, "%02X", &n ) > 0 &&
- keylen < (int) sizeof( key ) )
- {
- key[keylen++] = (unsigned char) n;
- p += 2;
- }
- }
- else
- {
- keylen = strlen( argv[4] );
-
- if( keylen > (int) sizeof( key ) )
- keylen = (int) sizeof( key );
-
- memcpy( key, argv[4], keylen );
- }
- }
-
-#if defined(_WIN32_WCE)
- filesize = fseek( fin, 0L, SEEK_END );
-#else
-#if defined(_WIN32)
- /*
- * Support large files (> 2Gb) on Win32
- */
- li_size.QuadPart = 0;
- li_size.LowPart =
- SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
- li_size.LowPart, &li_size.HighPart, FILE_END );
-
- if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
- {
- mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
- goto exit;
- }
-
- filesize = li_size.QuadPart;
-#else
- if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
- {
- perror( "lseek" );
- goto exit;
- }
-#endif
-#endif
-
- if( fseek( fin, 0, SEEK_SET ) < 0 )
- {
- mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
- goto exit;
- }
-
- if( mode == MODE_ENCRYPT )
- {
- /*
- * Generate the initialization vector as:
- * IV = SHA-256( filesize || filename )[0..15]
- */
- for( i = 0; i < 8; i++ )
- buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
-
- p = argv[2];
-
- mbedtls_md_starts( &sha_ctx );
- mbedtls_md_update( &sha_ctx, buffer, 8 );
- mbedtls_md_update( &sha_ctx, (unsigned char *) p, strlen( p ) );
- mbedtls_md_finish( &sha_ctx, digest );
-
- memcpy( IV, digest, 16 );
-
- /*
- * The last four bits in the IV are actually used
- * to store the file size modulo the AES block size.
- */
- lastn = (int)( filesize & 0x0F );
-
- IV[15] = (unsigned char)
- ( ( IV[15] & 0xF0 ) | lastn );
-
- /*
- * Append the IV at the beginning of the output.
- */
- if( fwrite( IV, 1, 16, fout ) != 16 )
- {
- mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
- goto exit;
- }
-
- /*
- * Hash the IV and the secret key together 8192 times
- * using the result to setup the AES context and HMAC.
- */
- memset( digest, 0, 32 );
- memcpy( digest, IV, 16 );
-
- for( i = 0; i < 8192; i++ )
- {
- mbedtls_md_starts( &sha_ctx );
- mbedtls_md_update( &sha_ctx, digest, 32 );
- mbedtls_md_update( &sha_ctx, key, keylen );
- mbedtls_md_finish( &sha_ctx, digest );
- }
-
- mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 );
- mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
-
- /*
- * Encrypt and write the ciphertext.
- */
- for( offset = 0; offset < filesize; offset += 16 )
- {
- n = ( filesize - offset > 16 ) ? 16 : (int)
- ( filesize - offset );
-
- if( fread( buffer, 1, n, fin ) != (size_t) n )
- {
- mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", n );
- goto exit;
- }
-
- for( i = 0; i < 16; i++ )
- buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
-
- mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, buffer, buffer );
- mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
-
- if( fwrite( buffer, 1, 16, fout ) != 16 )
- {
- mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
- goto exit;
- }
-
- memcpy( IV, buffer, 16 );
- }
-
- /*
- * Finally write the HMAC.
- */
- mbedtls_md_hmac_finish( &sha_ctx, digest );
-
- if( fwrite( digest, 1, 32, fout ) != 32 )
- {
- mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
- goto exit;
- }
- }
-
- if( mode == MODE_DECRYPT )
- {
- /*
- * The encrypted file must be structured as follows:
- *
- * 00 .. 15 Initialization Vector
- * 16 .. 31 AES Encrypted Block #1
- * ..
- * N*16 .. (N+1)*16 - 1 AES Encrypted Block #N
- * (N+1)*16 .. (N+1)*16 + 32 HMAC-SHA-256(ciphertext)
- */
- if( filesize < 48 )
- {
- mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
- goto exit;
- }
-
- if( ( filesize & 0x0F ) != 0 )
- {
- mbedtls_fprintf( stderr, "File size not a multiple of 16.\n" );
- goto exit;
- }
-
- /*
- * Subtract the IV + HMAC length.
- */
- filesize -= ( 16 + 32 );
-
- /*
- * Read the IV and original filesize modulo 16.
- */
- if( fread( buffer, 1, 16, fin ) != 16 )
- {
- mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
- goto exit;
- }
-
- memcpy( IV, buffer, 16 );
- lastn = IV[15] & 0x0F;
-
- /*
- * Hash the IV and the secret key together 8192 times
- * using the result to setup the AES context and HMAC.
- */
- memset( digest, 0, 32 );
- memcpy( digest, IV, 16 );
-
- for( i = 0; i < 8192; i++ )
- {
- mbedtls_md_starts( &sha_ctx );
- mbedtls_md_update( &sha_ctx, digest, 32 );
- mbedtls_md_update( &sha_ctx, key, keylen );
- mbedtls_md_finish( &sha_ctx, digest );
- }
-
- mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 );
- mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
-
- /*
- * Decrypt and write the plaintext.
- */
- for( offset = 0; offset < filesize; offset += 16 )
- {
- if( fread( buffer, 1, 16, fin ) != 16 )
- {
- mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
- goto exit;
- }
-
- memcpy( tmp, buffer, 16 );
-
- mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
- mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_DECRYPT, buffer, buffer );
-
- for( i = 0; i < 16; i++ )
- buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
-
- memcpy( IV, tmp, 16 );
-
- n = ( lastn > 0 && offset == filesize - 16 )
- ? lastn : 16;
-
- if( fwrite( buffer, 1, n, fout ) != (size_t) n )
- {
- mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", n );
- goto exit;
- }
- }
-
- /*
- * Verify the message authentication code.
- */
- mbedtls_md_hmac_finish( &sha_ctx, digest );
-
- if( fread( buffer, 1, 32, fin ) != 32 )
- {
- mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 32 );
- goto exit;
- }
-
- /* Use constant-time buffer comparison */
- diff = 0;
- for( i = 0; i < 32; i++ )
- diff |= digest[i] ^ buffer[i];
-
- if( diff != 0 )
- {
- mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
- "or file corrupted.\n" );
- goto exit;
- }
- }
-
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
- if( fin )
- fclose( fin );
- if( fout )
- fclose( fout );
-
- /* Zeroize all command line arguments to also cover
- the case when the user has missed or reordered some,
- in which case the key might not be in argv[4]. */
- for( i = 0; i < (unsigned int) argc; i++ )
- mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
-
- mbedtls_platform_zeroize( IV, sizeof( IV ) );
- mbedtls_platform_zeroize( key, sizeof( key ) );
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
- mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
- mbedtls_platform_zeroize( digest, sizeof( digest ) );
-
- mbedtls_aes_free( &aes_ctx );
- mbedtls_md_free( &sha_ctx );
-
- mbedtls_exit( exit_code );
-}
-#endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 66ead4a..b77994e 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -991,8 +991,8 @@
for( delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++ )
{
- mbedtls_free( opt.delay_cli + delay_idx );
- mbedtls_free( opt.delay_srv + delay_idx );
+ mbedtls_free( opt.delay_cli[delay_idx] );
+ mbedtls_free( opt.delay_srv[delay_idx] );
}
mbedtls_net_free( &client_fd );
diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py
index 02bae25..b7dee47 100755
--- a/scripts/assemble_changelog.py
+++ b/scripts/assemble_changelog.py
@@ -101,6 +101,9 @@
b'Changes',
)
+# The maximum line length for an entry
+MAX_LINE_LENGTH = 80
+
CategoryContent = namedtuple('CategoryContent', [
'name', 'title_line', # Title text and line number of the title
'body', 'body_line', # Body text and starting line number of the body
@@ -225,6 +228,8 @@
# a version that is not yet released. Something like "3.1a" is accepted.
_version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+')
_incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]')
+ _only_url_re = re.compile(br'^\s*\w+://\S+\s*$')
+ _has_url_re = re.compile(br'.*://.*')
def add_categories_from_text(self, filename, line_offset,
text, allow_unknown_category):
@@ -241,6 +246,21 @@
line_offset + category.title_line,
'Unknown category: "{}"',
category.name.decode('utf8'))
+
+ body_split = category.body.splitlines()
+
+ for line_number, line in enumerate(body_split, 1):
+ if not self._only_url_re.match(line) and \
+ len(line) > MAX_LINE_LENGTH:
+ long_url_msg = '. URL exceeding length limit must be alone in its line.' \
+ if self._has_url_re.match(line) else ""
+ raise InputFormatError(filename,
+ category.body_line + line_number,
+ 'Line is longer than allowed: '
+ 'Length {} (Max {}){}',
+ len(line), MAX_LINE_LENGTH,
+ long_url_msg)
+
self.categories[category.name] += category.body
def __init__(self, input_stream, changelog_format):
diff --git a/scripts/config.pl b/scripts/config.pl
index e5cc697..35a0af2 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -66,8 +66,9 @@
#
# The baremetal configuration excludes options that require a library or
# operating system feature that is typically not present on bare metal
-# systems. Features that are excluded from "full" won't be in "baremetal"
-# either.
+# systems. It also excludes debugging features that increase the code size
+# of other modules.
+# Features that are excluded from "full" won't be in "baremetal" either.
use warnings;
use strict;
@@ -136,6 +137,7 @@
# Things that should be disabled in "baremetal"
my @excluded_baremetal = qw(
+MBEDTLS_DEBUG_C
MBEDTLS_ENTROPY_NV_SEED
MBEDTLS_FS_IO
MBEDTLS_HAVEGE_C
@@ -147,6 +149,7 @@
MBEDTLS_PLATFORM_FPRINTF_ALT
MBEDTLS_PLATFORM_NV_SEED_ALT
MBEDTLS_PLATFORM_TIME_ALT
+MBEDTLS_TEST_HOOKS
MBEDTLS_THREADING_C
MBEDTLS_THREADING_PTHREAD
MBEDTLS_TIMING_C
diff --git a/tests/Makefile b/tests/Makefile
index 1555b55..29f2fa1 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -44,8 +44,7 @@
DLEXT ?= so
EXEXT=
SHARED_SUFFIX=
-# python2 for POSIX since FreeBSD has only python2 as default.
-PYTHON ?= python2
+PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi)
endif
# Zlib shared library extensions:
@@ -63,7 +62,7 @@
.SILENT:
-.PHONY: all check test clean
+.PHONY: all c_files check test clean
all: $(BINARIES)
@@ -71,6 +70,7 @@
$(MAKE) -C ../library
C_FILES := $(addsuffix .c,$(APPS))
+c_files: $(C_FILES)
# Wildcard target for test code generation:
# A .c file is generated for each .data file in the suites/ directory. Each .c
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index db4ee3b..3ac237a 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1053,6 +1053,16 @@
all_final += cert_md5.crt
################################################################
+#### Diffie-Hellman parameters
+################################################################
+
+dh.998.pem:
+ $(OPENSSL) dhparam -out $@ -text 998
+
+dh.999.pem:
+ $(OPENSSL) dhparam -out $@ -text 999
+
+################################################################
#### Meta targets
################################################################
diff --git a/tests/data_files/dh.998.pem b/tests/data_files/dh.998.pem
new file mode 100644
index 0000000..96d6cf2
--- /dev/null
+++ b/tests/data_files/dh.998.pem
@@ -0,0 +1,17 @@
+ DH Parameters: (998 bit)
+ prime:
+ 39:5f:30:c0:7b:06:b7:6a:49:c6:c0:81:1f:39:77:
+ b3:35:e2:8d:66:fc:6a:6e:94:f3:df:97:f2:89:31:
+ 6c:75:39:08:16:d1:a4:b8:0c:68:c5:63:21:61:eb:
+ 48:2d:77:99:08:1d:67:38:37:0a:cd:cf:39:b6:3c:
+ 9d:8a:e5:85:3c:71:e3:4b:3e:1e:b9:80:e3:cc:7a:
+ fd:84:05:b0:df:36:15:29:4e:3e:23:3b:c3:ae:6b:
+ c7:11:b9:64:43:40:75:c7:4a:ef:a7:2d:00:e2:62:
+ 8f:93:78:96:8f:2c:25:8d:7d:1f:eb:5c:3c:bf:51:
+ de:f8:08:25:db
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIGCAn05XzDAewa3aknGwIEfOXezNeKNZvxqbpTz35fyiTFsdTkIFtGkuAxoxWMh
+YetILXeZCB1nODcKzc85tjydiuWFPHHjSz4euYDjzHr9hAWw3zYVKU4+IzvDrmvH
+EblkQ0B1x0rvpy0A4mKPk3iWjywljX0f61w8v1He+Agl2wIBAg==
+-----END DH PARAMETERS-----
diff --git a/tests/data_files/dh.999.pem b/tests/data_files/dh.999.pem
new file mode 100644
index 0000000..6e3ceb3
--- /dev/null
+++ b/tests/data_files/dh.999.pem
@@ -0,0 +1,17 @@
+ DH Parameters: (999 bit)
+ prime:
+ 4f:b8:d2:d8:3c:b3:02:c9:64:f5:99:fe:61:cc:b3:
+ 69:1c:ba:bb:a2:33:db:38:2f:85:87:b7:12:fb:69:
+ 6e:a5:32:3e:ff:24:df:c4:61:07:0c:e1:88:72:fa:
+ 14:d4:22:65:18:66:09:7e:43:35:c4:5a:62:f7:0a:
+ 69:be:45:71:6e:ac:c5:56:d8:22:9e:c4:9c:23:2b:
+ bd:6d:3b:b6:02:4f:5d:12:a7:ac:90:b8:9e:be:93:
+ 82:bc:09:7c:cd:e1:09:21:1e:3d:69:2a:76:41:00:
+ 68:6d:b7:e8:e8:df:d6:1b:82:93:d9:21:4a:ea:71:
+ f2:e6:c4:94:03
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIGCAn1PuNLYPLMCyWT1mf5hzLNpHLq7ojPbOC+Fh7cS+2lupTI+/yTfxGEHDOGI
+cvoU1CJlGGYJfkM1xFpi9wppvkVxbqzFVtginsScIyu9bTu2Ak9dEqeskLievpOC
+vAl8zeEJIR49aSp2QQBobbfo6N/WG4KT2SFK6nHy5sSUAwIBAg==
+-----END DH PARAMETERS-----
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1e56c3e..1a4de44 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -691,6 +691,18 @@
record_status tests/scripts/doxygen.sh
}
+component_check_python2 () {
+ # Check that what used to work with Python 2 still works with Python 2.
+ msg "check: python2 compatibility"
+ mkdir -p tests/with_python2 tests/with_python3
+ make -C tests PYTHON=python2 c_files
+ mv tests/test_suite_*.c tests/with_python2/
+ make -C tests PYTHON=python3 c_files
+ mv tests/test_suite_*.c tests/with_python3/
+ diff -r tests/with_python2 tests/with_python3
+ rm -rf tests/with_python2 tests/with_python3
+}
+
################################################################
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index f452b37..b74ed55 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -1,4 +1,7 @@
#!/usr/bin/env python3
+
+# This script should still be compatible with Python 2 in Mbed TLS 2.16.x.
+
# Test suites code generator.
#
# Copyright The Mbed TLS Contributors
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 79ae325..439e2c3 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -3960,6 +3960,20 @@
0 \
-C "DHM prime too short:"
+run_test "DHM size: server 999, client 999, OK" \
+ "$P_SRV dhm_file=data_files/dh.999.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=999" \
+ 0 \
+ -C "DHM prime too short:"
+
+run_test "DHM size: server 1000, client 1000, OK" \
+ "$P_SRV dhm_file=data_files/dh.1000.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1000" \
+ 0 \
+ -C "DHM prime too short:"
+
run_test "DHM size: server 1000, client default, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -3967,6 +3981,27 @@
1 \
-c "DHM prime too short:"
+run_test "DHM size: server 1000, client 1001, rejected" \
+ "$P_SRV dhm_file=data_files/dh.1000.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1001" \
+ 1 \
+ -c "DHM prime too short:"
+
+run_test "DHM size: server 999, client 1000, rejected" \
+ "$P_SRV dhm_file=data_files/dh.999.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1000" \
+ 1 \
+ -c "DHM prime too short:"
+
+run_test "DHM size: server 998, client 999, rejected" \
+ "$P_SRV dhm_file=data_files/dh.998.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=999" \
+ 1 \
+ -c "DHM prime too short:"
+
run_test "DHM size: server default, client 2049, rejected" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 2c25cd7..398ba59 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -344,6 +344,14 @@
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_test_mul_rng:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660"
+ECP point muladd secp256r1 #1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_muladd:MBEDTLS_ECP_DP_SECP256R1:"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579":"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1ffffffff20e120e1e1e1e13a4e135157317b79d4ecf329fed4f9eb00dc67dbddae33faca8b6d8a0255b5ce":"04fab65e09aa5dd948320f86246be1d3fc571e7f799d9005170ed5cc868b67598431a668f96aa9fd0b0eb15f0edf4c7fe1be2885eadcb57e3db4fdd093585d3fa6"
+
+ECP point muladd secp256r1 #2
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_muladd:MBEDTLS_ECP_DP_SECP256R1:"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1ffffffff20e120e1e1e1e13a4e135157317b79d4ecf329fed4f9eb00dc67dbddae33faca8b6d8a0255b5ce":"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579":"04fab65e09aa5dd948320f86246be1d3fc571e7f799d9005170ed5cc868b67598431a668f96aa9fd0b0eb15f0edf4c7fe1be2885eadcb57e3db4fdd093585d3fa6"
+
ECP test vectors secp192k1
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD"
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index e37a017..9c90e9c 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -699,6 +699,52 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
+void ecp_muladd( int id,
+ data_t *u1_bin, data_t *P1_bin,
+ data_t *u2_bin, data_t *P2_bin,
+ data_t *expected_result )
+{
+ /* Compute R = u1 * P1 + u2 * P2 */
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_point P1, P2, R;
+ mbedtls_mpi u1, u2;
+ uint8_t actual_result[MBEDTLS_ECP_MAX_PT_LEN];
+ size_t len;
+
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_point_init( &P1 );
+ mbedtls_ecp_point_init( &P2 );
+ mbedtls_ecp_point_init( &R );
+ mbedtls_mpi_init( &u1 );
+ mbedtls_mpi_init( &u2 );
+
+ TEST_EQUAL( 0, mbedtls_ecp_group_load( &grp, id ) );
+ TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u1, u1_bin->x, u1_bin->len ) );
+ TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u2, u2_bin->x, u2_bin->len ) );
+ TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P1,
+ P1_bin->x, P1_bin->len ) );
+ TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P2,
+ P2_bin->x, P2_bin->len ) );
+
+ TEST_EQUAL( 0, mbedtls_ecp_muladd( &grp, &R, &u1, &P1, &u2, &P2 ) );
+ TEST_EQUAL( 0, mbedtls_ecp_point_write_binary(
+ &grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, actual_result, sizeof( actual_result ) ) );
+
+ ASSERT_COMPARE( expected_result->x, expected_result->len,
+ actual_result, len );
+
+exit:
+ mbedtls_ecp_group_free( &grp );
+ mbedtls_ecp_point_free( &P1 );
+ mbedtls_ecp_point_free( &P2 );
+ mbedtls_ecp_point_free( &R );
+ mbedtls_mpi_free( &u1 );
+ mbedtls_mpi_free( &u2 );
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void ecp_fast_mod( int id, char * N_str )
{
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 5229253..b7f7ee5 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -10,21 +10,39 @@
Base test mpi_read_write_string #1
mpi_read_write_string:10:"128":10:"128":100:0:0
+Base test mpi_read_write_string #1 (Leading 0)
+mpi_read_write_string:10:"0128":10:"128":100:0:0
+
Base test mpi_read_write_string #2
mpi_read_write_string:10:"128":16:"80":100:0:0
-Base test mpi_read_write_string #3 (Read zero)
+Base test mpi_read_write_string #3 (Read zero decimal)
mpi_read_write_string:10:"0":10:"0":100:0:0
+Base test mpi_read_write_string #3 (Read zero hex)
+mpi_read_write_string:16:"0":16:"00":100:0:0
+
+Base test mpi_read_write_string #3 (Read minus zero decimal)
+mpi_read_write_string:10:"-0":10:"0":100:0:0
+
+Base test mpi_read_write_string #3 (Read minus zero hex)
+mpi_read_write_string:16:"-0":16:"00":100:0:0
+
Base test mpi_read_write_string #3 (Negative decimal)
mpi_read_write_string:10:"-23":10:"-23":100:0:0
-Base test mpi_read_write_string #3 (Negative hex)
+Base test mpi_read_write_string #3 (Negative decimal, leading 0)
+mpi_read_write_string:10:"-023":10:"-23":100:0:0
+
+Base test mpi_read_write_string #3 (Negative hex -> decimal)
mpi_read_write_string:16:"-20":10:"-32":100:0:0
-Base test mpi_read_write_string #3 (Negative decimal)
+Base test mpi_read_write_string #3 (Negative hex)
mpi_read_write_string:16:"-23":16:"-23":100:0:0
+Base test mpi_read_write_string #3 (Negative hex, leading 0)
+mpi_read_write_string:16:"-023":16:"-23":100:0:0
+
Base test mpi_read_write_string #4 (Buffer just fits)
mpi_read_write_string:16:"-4":4:"-10":4:0:0
@@ -49,12 +67,18 @@
Test mpi_read_write_string #7
mpi_read_write_string:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0:0
-Test mpi_read_write_string #8 (Empty MPI -> hex)
+Test mpi_read_write_string #8 (Empty MPI hex -> hex)
mpi_read_write_string:16:"":16:"00":4:0:0
-Test mpi_read_write_string #9 (Empty MPI -> dec)
+Test mpi_read_write_string #9 (Empty MPI hex -> dec)
mpi_read_write_string:16:"":10:"0":4:0:0
+Test mpi_read_write_string #8 (Empty MPI dec -> hex)
+mpi_read_write_string:10:"":16:"00":4:0:0
+
+Test mpi_read_write_string #9 (Empty MPI dec -> dec)
+mpi_read_write_string:10:"":10:"0":4:0:0
+
Test mpi_write_string #10 (Negative hex with odd number of digits)
mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj
deleted file mode 100644
index 1d608db..0000000
--- a/visualc/VS2010/aescrypt2.vcxproj
+++ /dev/null
@@ -1,173 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
- <ItemGroup Label="ProjectConfigurations">
- <ProjectConfiguration Include="Debug|Win32">
- <Configuration>Debug</Configuration>
- <Platform>Win32</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Debug|x64">
- <Configuration>Debug</Configuration>
- <Platform>x64</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Release|Win32">
- <Configuration>Release</Configuration>
- <Platform>Win32</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Release|x64">
- <Configuration>Release</Configuration>
- <Platform>x64</Platform>
- </ProjectConfiguration>
- </ItemGroup>
- <ItemGroup>
- <ClCompile Include="..\..\programs\aes\aescrypt2.c" />
- </ItemGroup>
- <ItemGroup>
- <ProjectReference Include="mbedTLS.vcxproj">
- <Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
- <LinkLibraryDependencies>true</LinkLibraryDependencies>
- </ProjectReference>
- </ItemGroup>
- <PropertyGroup Label="Globals">
- <ProjectGuid>{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}</ProjectGuid>
- <Keyword>Win32Proj</Keyword>
- <RootNamespace>aescrypt2</RootNamespace>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>true</UseDebugLibraries>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>true</UseDebugLibraries>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>false</UseDebugLibraries>
- <WholeProgramOptimization>true</WholeProgramOptimization>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>false</UseDebugLibraries>
- <WholeProgramOptimization>true</WholeProgramOptimization>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
- <ImportGroup Label="ExtensionSettings">
- </ImportGroup>
- <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <PropertyGroup Label="UserMacros" />
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <LinkIncremental>true</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
- <LinkIncremental>true</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <LinkIncremental>false</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
- <LinkIncremental>false</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <ClCompile>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
- <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
- </Link>
- <ProjectReference>
- <LinkLibraryDependencies>false</LinkLibraryDependencies>
- </ProjectReference>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
- <ClCompile>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
- <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
- </Link>
- <ProjectReference>
- <LinkLibraryDependencies>false</LinkLibraryDependencies>
- </ProjectReference>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <ClCompile>
- <WarningLevel>Level3</WarningLevel>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <Optimization>MaxSpeed</Optimization>
- <FunctionLevelLinking>true</FunctionLevelLinking>
- <IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <EnableCOMDATFolding>true</EnableCOMDATFolding>
- <OptimizeReferences>true</OptimizeReferences>
- <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
- </Link>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
- <ClCompile>
- <WarningLevel>Level3</WarningLevel>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <Optimization>MaxSpeed</Optimization>
- <FunctionLevelLinking>true</FunctionLevelLinking>
- <IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <EnableCOMDATFolding>true</EnableCOMDATFolding>
- <OptimizeReferences>true</OptimizeReferences>
- <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>
- </Link>
- </ItemDefinitionGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
- <ImportGroup Label="ExtensionTargets">
- </ImportGroup>
-</Project>
diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln
index 61f30bb..57a8d4d 100644
--- a/visualc/VS2010/mbedTLS.sln
+++ b/visualc/VS2010/mbedTLS.sln
@@ -3,11 +3,6 @@
# Visual C++ Express 2010
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}"
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "aescrypt2", "aescrypt2.vcxproj", "{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypt_and_hash", "crypt_and_hash.vcxproj", "{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -259,14 +254,6 @@
{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.Build.0 = Release|Win32
{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.ActiveCfg = Release|x64
{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.Build.0 = Release|x64
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.ActiveCfg = Debug|Win32
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.Build.0 = Debug|Win32
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.ActiveCfg = Debug|x64
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.Build.0 = Debug|x64
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.ActiveCfg = Release|Win32
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.Build.0 = Release|Win32
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.ActiveCfg = Release|x64
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.Build.0 = Release|x64
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.ActiveCfg = Debug|Win32
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.Build.0 = Debug|Win32
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|x64.ActiveCfg = Debug|x64