From 703990b83938302d81cdeb8cf382964e45c3beaf Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 11:23:36 +0100 Subject: [PATCH 01/70] Fix buffer overreads in mbedtls_pem_read_buffer() --- ChangeLog | 7 +++++++ library/pem.c | 20 +++++++++++--------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index f96786d72..cae68a638 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Bugfix + * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing + the input string in pem format to extract the different components. Found + by Eyal Itkin. + = mbed TLS 2.4.0 branch released 2016-10-17 Security diff --git a/library/pem.c b/library/pem.c index 1ee3966e1..d1c660412 100644 --- a/library/pem.c +++ b/library/pem.c @@ -249,7 +249,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const enc = 0; - if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) @@ -262,22 +262,22 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #if defined(MBEDTLS_DES_C) - if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) + if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; s1 += 23; - if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 16; } - else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) + else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_CBC; s1 += 18; - if( pem_get_iv( s1, pem_iv, 8) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 16; @@ -285,9 +285,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) + if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) { - if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if( s2 - s1 < 22 ) + return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); + else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) enc_alg = MBEDTLS_CIPHER_AES_128_CBC; else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) enc_alg = MBEDTLS_CIPHER_AES_192_CBC; @@ -297,7 +299,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); s1 += 22; - if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) + if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 32; @@ -316,7 +318,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } - if( s1 == s2 ) + if( s1 >= s2 ) return( MBEDTLS_ERR_PEM_INVALID_DATA ); ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); From 9c94b6951cdd483eeee191b8dab7a0230d3fb4e8 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 14:31:54 +0100 Subject: [PATCH 02/70] Add tests for overreads in pem_read_buffer() --- ChangeLog | 2 +- tests/suites/test_suite_pem.data | 9 +++++++++ tests/suites/test_suite_pem.function | 24 ++++++++++++++++++------ 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index cae68a638..e0c74e677 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in pem format to extract the different components. Found + the input string in PEM format to extract the different components. Found by Eyal Itkin. = mbed TLS 2.4.0 branch released 2016-10-17 diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 973c92325..9a62db8ea 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -15,3 +15,12 @@ mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102 PEM write (exactly two lines + 1) mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" + +PEM read (DES-EDE3-CBC + invalid iv) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 + +PEM read (DES-CBC + invalid iv) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 + +PEM read (unknown encryption algorithm) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index 6a62bfed9..5e022109c 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -3,12 +3,7 @@ #include "mbedtls/pem.h" /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PEM_WRITE_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ void mbedtls_pem_write_buffer( char *start, char *end, char *buf_str, char *result_str ) { unsigned char buf[5000]; @@ -38,3 +33,20 @@ exit: mbedtls_free( check_buf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_AES_C:MBEDTLS_DES_C:MBEDTLS_MD5_C:MBEDTLS_CIPHER_MODE_CBC */ +void mbedtls_pem_read_buffer( char *header, char *footer, char *data, int ret ) +{ + mbedtls_pem_context ctx; + size_t use_len = 0; + + mbedtls_pem_init( &ctx ); + + TEST_ASSERT( mbedtls_pem_read_buffer( &ctx, header, footer, + (const unsigned char *)data, NULL, 0, + &use_len ) == ret ); + +exit: + mbedtls_pem_free( &ctx ); +} +/* END_CASE */ From 939954c0b0bece68b3e0664fbbc305237e78d6b4 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 8 Dec 2016 17:08:44 +0000 Subject: [PATCH 03/70] Fix CRL parsing to avoid infinite loop This patch modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM format with trailing characters after the footer does not result in the execution of an infinite loop. --- ChangeLog | 9 +++++++++ library/x509_crl.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0a857ba76..1d1306420 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Fixed potential livelock during the parsing of a CRL in PEM format in + mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing + characters after the footer could result in the execution of an infinite + loop. The issue can be triggered remotely. Found by Greg Zaverucha, + Microsoft. + = mbed TLS 2.4.1 branch released 2016-12-13 Changes diff --git a/library/x509_crl.c b/library/x509_crl.c index 7b2b4733b..5b0adeffc 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -530,7 +530,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s mbedtls_pem_free( &pem ); } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + else if( is_pem ) { mbedtls_pem_free( &pem ); return( ret ); From a39db394db526398b186c094cd4bf989b92b3706 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 8 Dec 2016 17:10:38 +0000 Subject: [PATCH 04/70] Add test for infinite loop in CRL parse --- .../crl-malformed-trailing-spaces.pem | 20 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 4 ++++ tests/suites/test_suite_x509parse.function | 16 +++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 tests/data_files/crl-malformed-trailing-spaces.pem diff --git a/tests/data_files/crl-malformed-trailing-spaces.pem b/tests/data_files/crl-malformed-trailing-spaces.pem new file mode 100644 index 000000000..9eae3da19 --- /dev/null +++ b/tests/data_files/crl-malformed-trailing-spaces.pem @@ -0,0 +1,20 @@ +-----BEGIN X509 CRL----- +MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ +b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz +MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G +A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO +TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW +svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm +56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U= +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwQDaQAwZgIxAL/VFrDIYUECsS0rVpAy +6zt/CqeAZ1sa/l5LTaG1XW286n2Kibipr6EpkYZNYIQILgIxAI0wb3Py1DHPWpYf +/BFBH7C3KYq+nWTrLeEnhrjU1LzG/CiQ8lnuskya6lw/P3lJ/A== +-----END X509 CRL----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index c8298231a..9170438b7 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -198,6 +198,10 @@ X509 CRL Information EC, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" +X509 CRL Malformed Input (trailing spaces at end of file) +depends_on:MBEDTLS_PEM_PARSE_C +mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT + X509 CSR Information RSA with MD4 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index be85869e7..156a25fcf 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -163,6 +163,22 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */ +void mbedtls_x509_crl_parse( char *crl_file, int result ) +{ + mbedtls_x509_crl crl; + char buf[2000]; + + mbedtls_x509_crl_init( &crl ); + memset( buf, 0, 2000 ); + + TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result ); + +exit: + mbedtls_x509_crl_free( &crl ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */ void mbedtls_x509_csr_info( char *csr_file, char *result_str ) { From d16506624a74a574b2d3fb33d16cc346a9bab08d Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 9 Dec 2016 17:26:23 +0000 Subject: [PATCH 05/70] Fix verify out flags from x509_crt_verify_top() This change fixes a regression introduced by an earlier commit that modified x509_crt_verify_top() to ensure that valid certificates that are after past or future valid in the chain are processed. However the change introduced a change in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the verification regardless of the cause. The fix maintains both behaviours: * Ensure that valid certificates after future and past are verified * Ensure that the correct verification flags are set. To do so, a temporary pointer to the first future or past valid certificate is maintained while traversing the chain. If a truly valid certificate is found then that one is used, otherwise if no valid certificate is found and the end of the chain is reached, the program reverts back to using the future or past valid certificate. --- ChangeLog | 9 +++++++++ library/x509_crt.c | 33 +++++++++++++++++++++------------ 2 files changed, 30 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0a857ba76..f8dcf2457 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix output certificate verification flags set by x509_crt_verify_top() when + traversing a chain of trusted CA. The issue would cause both flags, + MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be + set when the verification conditions are not met regardless of the cause. + Found by Harm Verhagen and inestlerode. #665 #561 + = mbed TLS 2.4.1 branch released 2016-12-13 Changes diff --git a/library/x509_crt.c b/library/x509_crt.c index 80af7259c..f90a84a4e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1904,6 +1904,7 @@ static int x509_crt_verify_top( int check_path_cnt; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md_info; + mbedtls_x509_crt *future_past_ca = NULL; if( mbedtls_x509_time_is_past( &child->valid_to ) ) *flags |= MBEDTLS_X509_BADCERT_EXPIRED; @@ -1958,16 +1959,6 @@ static int x509_crt_verify_top( continue; } - if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) - { - continue; - } - - if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) - { - continue; - } - if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, child->sig_md, hash, mbedtls_md_get_size( md_info ), child->sig.p, child->sig.len ) != 0 ) @@ -1975,6 +1966,20 @@ static int x509_crt_verify_top( continue; } + if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) || + mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) + { + if ( future_past_ca == NULL ) + future_past_ca = trust_ca; + + continue; + } + + break; + } + + if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL ) + { /* * Top of chain is signed by a trusted CA */ @@ -1982,8 +1987,6 @@ static int x509_crt_verify_top( if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - - break; } /* @@ -2003,6 +2006,12 @@ static int x509_crt_verify_top( ((void) ca_crl); #endif + if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) + ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED; + + if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) + ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; + if( NULL != f_vrfy ) { if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, From 9f430c15d8e13d240d58bec836aa68d68859b043 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 13 Dec 2016 09:59:07 +0000 Subject: [PATCH 06/70] Add tests for out flags from x509_crt_verify_top() The tests load certificate chains from files. The CA chains contain a past or future certificate and an invalid certificate. The test then checks that the flags set are MBEDTLS_X509_BADCERT_EXPIRED or MBEDTLS_X509_BADCERT_FUTURE. --- .../test-ca2_cat-future-invalid.crt | 27 +++++++++++++++++++ .../data_files/test-ca2_cat-past-invalid.crt | 27 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++ 3 files changed, 62 insertions(+) create mode 100644 tests/data_files/test-ca2_cat-future-invalid.crt create mode 100644 tests/data_files/test-ca2_cat-past-invalid.crt diff --git a/tests/data_files/test-ca2_cat-future-invalid.crt b/tests/data_files/test-ca2_cat-future-invalid.crt new file mode 100644 index 000000000..b1cfbf054 --- /dev/null +++ b/tests/data_files/test-ca2_cat-future-invalid.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ +H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd +BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh +clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 +AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ +Xj09kLboxuemP40IIqhQnpYptMg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-past-invalid.crt b/tests/data_files/test-ca2_cat-past-invalid.crt new file mode 100644 index 000000000..febad7408 --- /dev/null +++ b/tests/data_files/test-ca2_cat-past-invalid.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ +H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd +BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh +clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 +AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ +Xj09kLboxuemP40IIqhQnpYptMg= +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index c8298231a..73ec28fcb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -715,6 +715,14 @@ X509 Certificate verification #85 (Not yet valid CA and valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" +X509 Certificate verification #86 (Not yet valid CA and invalid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"NULL" + +X509 Certificate verification #87 (Expired CA and invalid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" From 9060d4da082e3b4ae7eecb1cd22f612696e96cf5 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 2 Feb 2017 14:36:49 +0000 Subject: [PATCH 07/70] Fix generate_code.pl to handle escaped : --- tests/scripts/generate_code.pl | 2 +- tests/suites/test_suite_pem.data | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 49af2db7f..84e949dfa 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -256,7 +256,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// $param_defs .= " char *param$i = params[$i];\n"; $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n"; push @dispatch_params, "param$i"; - $mapping_regex .= ":[^:\n]+"; + $mapping_regex .= ":(?:\\\\.|[^:\n])+"; } else { diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 9a62db8ea..339b4d3f8 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -17,10 +17,10 @@ PEM write (exactly two lines + 1) mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" PEM read (DES-EDE3-CBC + invalid iv) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV PEM read (DES-CBC + invalid iv) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV PEM read (unknown encryption algorithm) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG From 1a6e9c30f1dfaad343d619206025836c2a312ea8 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 28 Dec 2016 15:38:05 +0000 Subject: [PATCH 08/70] Add porting information to the main README --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index f069d9871..11b4ebf6a 100644 --- a/README.md +++ b/README.md @@ -156,6 +156,15 @@ Configurations We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt` +Porting mbed TLS +---------------- + +mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful: + +- [Porting mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS) +- [What external dependencies does mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on) +- [How do I configure mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls) + Contributing ------------ From 7df03916e135a82c4f21c6ebcdcbc0f1a0bdfe8e Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 11:23:36 +0100 Subject: [PATCH 09/70] Fix buffer overreads in mbedtls_pem_read_buffer() --- ChangeLog | 3 +++ library/pem.c | 20 +++++++++++--------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index fbc24cf73..53e6f3d0a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ Bugfix in RFC 6347 Section 4.3.1. This could cause the execution of the renegotiation routines at unexpected times when the protocol is DTLS. Found by wariua. #687 + * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing + the input string in pem format to extract the different components. Found + by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/pem.c b/library/pem.c index b6ad53b7d..8dd86a4ac 100644 --- a/library/pem.c +++ b/library/pem.c @@ -249,7 +249,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const enc = 0; - if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) @@ -262,22 +262,22 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #if defined(MBEDTLS_DES_C) - if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) + if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; s1 += 23; - if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 16; } - else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) + else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_CBC; s1 += 18; - if( pem_get_iv( s1, pem_iv, 8) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 16; @@ -285,9 +285,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) + if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) { - if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if( s2 - s1 < 22 ) + return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); + else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) enc_alg = MBEDTLS_CIPHER_AES_128_CBC; else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) enc_alg = MBEDTLS_CIPHER_AES_192_CBC; @@ -297,7 +299,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); s1 += 22; - if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) + if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 32; @@ -316,7 +318,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } - if( s1 == s2 ) + if( s1 >= s2 ) return( MBEDTLS_ERR_PEM_INVALID_DATA ); ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); From bcb0c4c98c181eee05510aab7cc5b7db624a6507 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 25 Oct 2016 10:50:22 +0100 Subject: [PATCH 10/70] Prevent SLOTH attacks --- ChangeLog | 4 ++++ library/ssl_tls.c | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 53e6f3d0a..8a7d3f3e5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Removed MD5 from the allowed hash algorithms for CertificateRequest and + CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. + Bugfix * Fix the redefinition of macro ssl_set_bio to an undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index abad0b385..d9ab83291 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7653,8 +7653,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: - ssl->handshake->calc_verify = ssl_calc_verify_tls; - break; + return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_SSL_HASH_SHA1: From f53566289428f19f425f72a999b9f5118bba2d0a Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 14:31:54 +0100 Subject: [PATCH 11/70] Add tests for overreads in pem_read_buffer() --- ChangeLog | 2 +- tests/suites/test_suite_pem.data | 9 +++++++++ tests/suites/test_suite_pem.function | 24 ++++++++++++++++++------ 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8a7d3f3e5..4fe9f9ac2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,7 +19,7 @@ Bugfix renegotiation routines at unexpected times when the protocol is DTLS. Found by wariua. #687 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in pem format to extract the different components. Found + the input string in PEM format to extract the different components. Found by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 973c92325..9a62db8ea 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -15,3 +15,12 @@ mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102 PEM write (exactly two lines + 1) mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" + +PEM read (DES-EDE3-CBC + invalid iv) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 + +PEM read (DES-CBC + invalid iv) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 + +PEM read (unknown encryption algorithm) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index 6a62bfed9..5e022109c 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -3,12 +3,7 @@ #include "mbedtls/pem.h" /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PEM_WRITE_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ void mbedtls_pem_write_buffer( char *start, char *end, char *buf_str, char *result_str ) { unsigned char buf[5000]; @@ -38,3 +33,20 @@ exit: mbedtls_free( check_buf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_AES_C:MBEDTLS_DES_C:MBEDTLS_MD5_C:MBEDTLS_CIPHER_MODE_CBC */ +void mbedtls_pem_read_buffer( char *header, char *footer, char *data, int ret ) +{ + mbedtls_pem_context ctx; + size_t use_len = 0; + + mbedtls_pem_init( &ctx ); + + TEST_ASSERT( mbedtls_pem_read_buffer( &ctx, header, footer, + (const unsigned char *)data, NULL, 0, + &use_len ) == ret ); + +exit: + mbedtls_pem_free( &ctx ); +} +/* END_CASE */ From f7cf56fa45412035c9ada6994fedc7c1ab49e67e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Jan 2017 23:04:22 +0000 Subject: [PATCH 12/70] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- tests/suites/test_suite_ctr_drbg.function | 5 +++++ 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4fe9f9ac2..fd1bf9b9a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,12 @@ Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/cipher.c b/library/cipher.c index a88343869..e9e0b223e 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -326,9 +326,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && - ilen + ctx->unprocessed_len <= block_size ) || + ilen <= block_size - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && - ilen + ctx->unprocessed_len < block_size ) ) + ilen < block_size - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 386f8adb0..55612c7fc 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -290,7 +290,8 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT || + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 897670131..95cbcce65 100644 --- a/library/md2.c +++ b/library/md2.c @@ -158,7 +158,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 3acfb8bae..883cfe08e 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -39,6 +39,11 @@ void ctr_drbg_special_behaviours( ) TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1 ) == MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + + mbedtls_ctr_drbg_set_entropy_len( &ctx, ~0 ); + TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional, + MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) == + MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); exit: mbedtls_ctr_drbg_free( &ctx ); } From cde8035e570c757857e6ea5f291ad2c21b54ea3d Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 13/70] Fix integer overflow mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 2 ++ library/base64.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index fd1bf9b9a..57eaa5b65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_md2_update() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/base64.c b/library/base64.c index 5cb12cba7..305afc57b 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,7 +192,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || dlen < n ) From 410bc115ec4236936e2966a59079ea4facb89ace Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 14/70] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index 305afc57b..f06b57b31 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,6 +192,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From fe2d53f440a3b4b437fadbdfc0277795bbe3f505 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 5 Feb 2017 16:48:47 +0000 Subject: [PATCH 15/70] Add detail to ChangeLog for SLOTH fix --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 57eaa5b65..3a732a865 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Removed MD5 from the allowed hash algorithms for CertificateRequest and CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. + Introduced by interoperability fix for #513. Bugfix * Fix the redefinition of macro ssl_set_bio to an undefined symbol From b9d3db68c63040d94cdbd0bae6b01c41dfb5fcc8 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 12 Jul 2016 16:54:33 +0100 Subject: [PATCH 16/70] Use MAKEFLAGS to pass args to make in all.sh Modify the script at tests/scripts/all.sh to export the variable MAKEFLAGS with -j if it was not set before. This should decrease the total runtime of tests/scripts/all.sh by letting make run multiple jobs in parallel. Also, add a check at the top of the script to cause a failure if the environment is not Linux. --- tests/scripts/all.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6b3396059..d73c9262d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -22,8 +22,11 @@ # Abort on errors (and uninitialised variables) set -eu -if [ -d library -a -d include -a -d tests ]; then :; else - err_msg "Must be run from mbed TLS root" +if [ "$( uname )" != "Linux" ]; then + echo "This script only works in Linux" >&2 + exit 1 +elif [ -d library -a -d include -a -d tests ]; then :; else + echo "Must be run from mbed TLS root" >&2 exit 1 fi @@ -43,6 +46,11 @@ RELEASE=0 : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} +# if MAKEFLAGS is not set add the -j option to speed up invocations of make +if [ -n "${MAKEFLAGS+set}" ]; then + export MAKEFLAGS="-j" +fi + usage() { printf "Usage: $0\n" From e8bfbe2f5bc1680f658dd148849d84a91af5c492 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 4 Nov 2016 12:23:11 +0000 Subject: [PATCH 17/70] Fix multiple erroneously named source files in comments This fixes many incorrect references to filenames in the comments in config.h. --- include/mbedtls/config.h | 62 ++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6fc9c772a..0f7e29bcf 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1525,7 +1525,7 @@ * library/pkwrite.c * library/x509_create.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c */ #define MBEDTLS_ASN1_WRITE_C @@ -1886,7 +1886,7 @@ * * Enable the generic message digest layer. * - * Module: library/mbedtls_md.c + * Module: library/md.c * Caller: * * Uncomment to enable generic message digest wrappers. @@ -1898,7 +1898,7 @@ * * Enable the MD2 hash algorithm. * - * Module: library/mbedtls_md2.c + * Module: library/md2.c * Caller: * * Uncomment to enable support for (rare) MD2-signed X.509 certs. @@ -1910,7 +1910,7 @@ * * Enable the MD4 hash algorithm. * - * Module: library/mbedtls_md4.c + * Module: library/md4.c * Caller: * * Uncomment to enable support for (rare) MD4-signed X.509 certs. @@ -1922,8 +1922,8 @@ * * Enable the MD5 hash algorithm. * - * Module: library/mbedtls_md5.c - * Caller: library/mbedtls_md.c + * Module: library/md5.c + * Caller: library/md.c * library/pem.c * library/ssl_tls.c * @@ -1980,11 +1980,11 @@ * library/rsa.c * library/x509.c * library/x509_create.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c * * This modules translates between OIDs and internal values. */ @@ -2012,9 +2012,9 @@ * Module: library/pem.c * Caller: library/dhm.c * library/pkparse.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -2030,7 +2030,7 @@ * Module: library/pem.c * Caller: library/pkwrite.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -2060,8 +2060,8 @@ * Enable the generic public (asymetric) key parser. * * Module: library/pkparse.c - * Caller: library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * Caller: library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_PK_C * @@ -2152,8 +2152,8 @@ * * Enable the RIPEMD-160 hash algorithm. * - * Module: library/mbedtls_ripemd160.c - * Caller: library/mbedtls_md.c + * Module: library/ripemd160.c + * Caller: library/md.c * */ #define MBEDTLS_RIPEMD160_C @@ -2181,8 +2181,8 @@ * * Enable the SHA1 cryptographic hash algorithm. * - * Module: library/mbedtls_sha1.c - * Caller: library/mbedtls_md.c + * Module: library/sha1.c + * Caller: library/md.c * library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2197,9 +2197,9 @@ * * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. * - * Module: library/mbedtls_sha256.c + * Module: library/sha256.c * Caller: library/entropy.c - * library/mbedtls_md.c + * library/md.c * library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2214,9 +2214,9 @@ * * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. * - * Module: library/mbedtls_sha512.c + * Module: library/sha512.c * Caller: library/entropy.c - * library/mbedtls_md.c + * library/md.c * library/ssl_cli.c * library/ssl_srv.c * @@ -2364,9 +2364,9 @@ * Enable X.509 core for using certificates. * * Module: library/x509.c - * Caller: library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * Caller: library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, * MBEDTLS_PK_PARSE_C @@ -2380,7 +2380,7 @@ * * Enable X.509 certificate parsing. * - * Module: library/mbedtls_x509_crt.c + * Module: library/x509_crt.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2396,8 +2396,8 @@ * * Enable X.509 CRL parsing. * - * Module: library/mbedtls_x509_crl.c - * Caller: library/mbedtls_x509_crt.c + * Module: library/x509_crl.c + * Caller: library/x509_crt.c * * Requires: MBEDTLS_X509_USE_C * @@ -2410,7 +2410,7 @@ * * Enable X.509 Certificate Signing Request (CSR) parsing. * - * Module: library/mbedtls_x509_csr.c + * Module: library/x509_csr.c * Caller: library/x509_crt_write.c * * Requires: MBEDTLS_X509_USE_C From 1903fb312f41ca18be5b7bc458c9ff37163e3fb1 Mon Sep 17 00:00:00 2001 From: Brian J Murray Date: Sun, 6 Nov 2016 04:45:15 -0800 Subject: [PATCH 18/70] Clarify Comments and Fix Typos (#651) Fixes many typos, and errors in comments. * Clarifies many comments * Grammar correction in config.pl help text * Removed comment about MBEDTLS_X509_EXT_NS_CERT_TYPE. * Comment typo fix (Dont => Don't) * Comment typo fix (assure => ensure) * Comment typo fix (byes => bytes) * Added citation for quoted standard * Comment typo fix (one complement => 1's complement) The is some debate about whether to prefer "one's complement", "ones' complement", or "1's complement". The more recent RFCs related to TLS (RFC 6347, RFC 4347, etc) use " 1's complement", so I followed that convention. * Added missing ")" in comment * Comment alignment * Incorrect comment after #endif --- include/mbedtls/rsa.h | 2 +- include/mbedtls/x509.h | 2 +- library/cmac.c | 4 ++-- library/net_sockets.c | 2 +- library/pkparse.c | 12 ++++++------ library/ssl_tls.c | 9 +++++---- library/x509.c | 2 +- scripts/config.pl | 2 +- 8 files changed, 18 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 35185dfda..54653dfdc 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -206,7 +206,7 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rs * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note This function does NOT take care of message - * padding. Also, be sure to set input[0] = 0 or assure that + * padding. Also, be sure to set input[0] = 0 or ensure that * input is smaller than N. * * \note The input and output buffers must be large diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 54dac166b..f219bf128 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -157,7 +157,7 @@ #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) #define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14) -#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */ +#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* * Storage format identifiers diff --git a/library/cmac.c b/library/cmac.c index ee2fe056c..04aca7ce1 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -62,7 +62,7 @@ #if defined(MBEDTLS_SELF_TEST) #include #define mbedtls_printf printf -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C || MBEDTLS_DES_C */ +#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_PLATFORM_C */ /* Implementation that should never be optimized out by the compiler */ @@ -80,7 +80,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { * with R_64 = 0x1B and R_128 = 0x87 * * Input and output MUST NOT point to the same buffer - * Block size must be 8 byes or 16 bytes - the block sizes for DES and AES. + * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES. */ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, diff --git a/library/net_sockets.c b/library/net_sockets.c index cc06cbfad..6a013e979 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -238,7 +238,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char } } - /* I we ever get there, it's a success */ + /* Bind was successful */ ret = 0; break; } diff --git a/library/pkparse.c b/library/pkparse.c index 275429e60..efdf43746 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1187,12 +1187,12 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, #endif /* MBEDTLS_PEM_PARSE_C */ /* - * At this point we only know it's not a PEM formatted key. Could be any - * of the known DER encoded private key formats - * - * We try the different DER format parsers to see if one passes without - * error - */ + * At this point we only know it's not a PEM formatted key. Could be any + * of the known DER encoded private key formats + * + * We try the different DER format parsers to see if one passes without + * error + */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, pwd, pwdlen ) ) == 0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 84a04ae53..121c13526 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3428,7 +3428,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) { - /* Dont check write errors as we can't do anything here. + /* Don't check write errors as we can't do anything here. * If the error is permanent we'll catch it later, * if it's not, then hopefully it'll work next time. */ (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); @@ -6006,8 +6006,9 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot const char **p; /* - * "Empty strings MUST NOT be included and byte strings MUST NOT be - * truncated". Check lengths now rather than later. + * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings + * MUST NOT be truncated." + * We check lengths now rather than later. */ tot_len = 0; for( p = protos; *p != NULL; p++ ) @@ -7585,7 +7586,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, * and, for DTLS, to/from TLS equivalent. * * For TLS this is the identity. - * For DTLS, use one complement (v -> 255 - v, and then map as follows: + * For DTLS, use 1's complement (v -> 255 - v, and then map as follows: * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) */ diff --git a/library/x509.c b/library/x509.c index fad390d85..4df542e42 100644 --- a/library/x509.c +++ b/library/x509.c @@ -661,7 +661,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50 /* * X.509 Extensions (No parsing of extensions, pointer should - * be either manually updated or extensions should be parsed! + * be either manually updated or extensions should be parsed!) */ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag ) diff --git a/scripts/config.pl b/scripts/config.pl index 8921a874a..2757f17fe 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -70,7 +70,7 @@ Options used: $config_file -o | --force - If the symbol isn't present in the configuration - file when setting it's value, a #define is + file when setting its value, a #define is appended to the end of the file. EOU From 3c6b18df3a01f105e875450f858cfa5e573523c0 Mon Sep 17 00:00:00 2001 From: Simon B Date: Thu, 3 Nov 2016 01:11:37 +0000 Subject: [PATCH 19/70] Fix various compiler warnings with MSVC Fixes various compiler warnings found with Microsoft Visual Studio 2015 (and earlier versions). --- library/cmac.c | 13 +++++++------ library/platform.c | 4 ++-- library/x509_crt.c | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 04aca7ce1..0fa5b58f5 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -105,7 +105,7 @@ static int cmac_multiply_by_u( unsigned char *output, return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } - for( i = blocksize - 1; i >= 0; i-- ) + for( i = (int)blocksize - 1; i >= 0; i-- ) { output[i] = input[i] << 1 | overflow; overflow = input[i] >> 7; @@ -209,7 +209,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - if( ( retval = mbedtls_cipher_setkey( ctx, key, keybits, + if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits, MBEDTLS_ENCRYPT ) ) != 0 ) return( retval ); @@ -244,8 +244,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, { mbedtls_cmac_context_t* cmac_ctx; unsigned char *state; - int n, j, ret = 0; - size_t olen, block_size; + int ret = 0; + size_t n, j, olen, block_size; if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || ctx->cmac_ctx == NULL ) @@ -280,8 +280,9 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, /* n is the number of blocks including any final partial block */ n = ( ilen + block_size - 1 ) / block_size; - /* Iterate across the input data in block sized chunks */ - for( j = 0; j < n - 1; j++ ) + /* Iterate across the input data in block sized chunks, excluding any + * final partial or complete block */ + for( j = 1; j < n; j++ ) { cmac_xor_block( state, input, state, block_size ); diff --git a/library/platform.c b/library/platform.c index 2591c45d7..8b336c38e 100644 --- a/library/platform.c +++ b/library/platform.c @@ -237,7 +237,7 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ) } fclose( file ); - return( n ); + return( (int)n ); } int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) @@ -255,7 +255,7 @@ int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) } fclose( file ); - return( n ); + return( (int)n ); } #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 60e14f90e..80af7259c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1122,7 +1122,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) p = filename + len; filename[len++] = '*'; - w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir, + w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, MAX_PATH - 3 ); if( w_ret == 0 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); From 24d9a4cf8dbd25c1b272a5211dcb15a16e6f021e Mon Sep 17 00:00:00 2001 From: Simon B Date: Thu, 3 Nov 2016 01:12:50 +0000 Subject: [PATCH 20/70] Fix config of compiler warning flags with MSVC Compiler warnings were being configured twice and not suppressed on the test suites with Microsoft Visual Studio. --- CMakeLists.txt | 4 +++- tests/CMakeLists.txt | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a7ebfc155..3e47224ea 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -92,7 +92,9 @@ if(CMAKE_COMPILER_IS_CLANG) endif(CMAKE_COMPILER_IS_CLANG) if(MSVC) - set(CMAKE_C_FLAGS_CHECK "/WX") + # Strictest warnings, and treat as errors + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") endif(MSVC) if(CMAKE_BUILD_TYPE STREQUAL "Coverage") diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 21583c40a..bedf21b2e 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -39,7 +39,9 @@ if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) endif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) if(MSVC) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /w") # no warnings here + # If a warning level has been defined, suppress all warnings for test code + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W0") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") endif(MSVC) add_test_suite(aes aes.ecb) From 342889fdbede33769d913933019d399e628ba030 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 2 Nov 2016 10:17:00 +0000 Subject: [PATCH 21/70] Remove unused var warnings in windows unittests --- tests/suites/main_test.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index afff5a482..a7bb41de3 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -261,7 +261,9 @@ int main(int argc, const char *argv[]) char buf[5000]; char *params[50]; void *pointer; +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) int stdout_fd = -1; +#endif /* __unix__ || __APPLE__ __MACH__ */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) From 244d243742260b12a82f0127142d46989bdb7390 Mon Sep 17 00:00:00 2001 From: Jaakko Korhonen Date: Wed, 16 Nov 2016 10:56:30 +0200 Subject: [PATCH 22/70] Fixed typo in README.md Removed an extra e from agreement. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3bae47d6f..f069d9871 100644 --- a/README.md +++ b/README.md @@ -165,7 +165,7 @@ We gratefully accept bug reports and contributions from the community. There are - We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission. - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. -To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreeement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. +To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. ### Making a Contribution From 9510cc1a184ae16700511a91dbbabd5327086c62 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Nov 2016 17:25:58 +0000 Subject: [PATCH 23/70] Make the test builds much stricter for warnings Tighten up the test options in all.sh, test-ref-configs.pl and curves.pl to ensure the builds are strict for all warnings, warnings are treated as errors, and that wherever possible builds are strict to the C99 standard. (Note that builds that use the Unix sockets API cannot be). --- tests/scripts/all.sh | 53 ++++++++++++++++++------------- tests/scripts/curves.pl | 3 +- tests/scripts/test-ref-configs.pl | 16 +++++++--- 3 files changed, 44 insertions(+), 28 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d73c9262d..390ee6118 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -293,16 +293,16 @@ OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min tests/ssl-opt.sh -msg "build: cmake, full config, clang" # ~ 50s +msg "build: cmake, full config, clang, C99" # ~ 50s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check . -make +CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . +CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic' make msg "test: main suites (full config)" # ~ 5s -make test +CFLAGS='-Werror -Wall -Wextra' make test msg "test: ssl-opt.sh default (full config)" # ~ 1s tests/ssl-opt.sh -f Default @@ -322,15 +322,17 @@ tests/scripts/key-exchanges.pl msg "build: Unix make, -Os (gcc)" # ~ 30s cleanup -CC=gcc CFLAGS='-Werror -Os' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' make -# this is meant to cath missing #define mbedtls_printf etc -# disable fsio to catch some more missing #include -msg "build: full config except platform/fsio, make, gcc" # ~ 30s +# Full configuration build, without platform support, file IO and net sockets. +# This should catch missing mbedtls_printf definitions, and by disabling file +# IO, it should catch missing '#include ' +msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_PLATFORM_C +scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT @@ -340,7 +342,8 @@ scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_FS_IO -CC=gcc CFLAGS='-Werror -O0' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0' make lib programs +CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make test # catch compile bugs in _uninit functions msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s @@ -349,29 +352,31 @@ cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -CC=gcc CFLAGS='-Werror -O0' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_SRV_C -CC=gcc CFLAGS='-Werror -O0' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C -CC=gcc CFLAGS='-Werror -O0' make +CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make +# Note, C99 compliance can also be tested with the sockets support disabled, +# as that requires a POSIX platform (which isn't the same as C99). msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux -CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib +CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' make lib msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" cleanup @@ -397,7 +402,7 @@ fi if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup -CC=gcc CFLAGS='-Werror -m32' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s @@ -415,7 +420,7 @@ scripts/config.pl unset MBEDTLS_THREADING_PTHREAD scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS=-Werror make lib +CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib msg "build: armcc, make" cleanup @@ -436,15 +441,19 @@ scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME -CC=armcc AR=armar WARNING_CFLAGS= make lib +CC=armcc AR=armar WARNING_CFLAGS='--strict --c99' make lib if which i686-w64-mingw32-gcc >/dev/null; then -msg "build: cross-mingw64, make" # ~ 30s -cleanup -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS=-Werror WINDOWS_BUILD=1 make -WINDOWS_BUILD=1 make clean -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS=-Werror WINDOWS_BUILD=1 SHARED=1 make -WINDOWS_BUILD=1 make clean + msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s + cleanup + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make test + WINDOWS_BUILD=1 make clean + + msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS'=-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS'=-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make test + WINDOWS_BUILD=1 make clean fi # MemSan currently only available on Linux 64 bits diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index 85eb7e651..bd13f52cc 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -49,7 +49,8 @@ for my $curve (@curves) { system( "scripts/config.pl unset $curve" ) and abort "Failed to disable $curve\n"; - system( "make lib" ) and abort "Failed to build lib: $curve\n"; + system( "CFLAGS='-Werror -Wall -Wextra' make lib" ) + and abort "Failed to build lib: $curve\n"; system( "cd tests && make" ) and abort "Failed to build tests: $curve\n"; system( "make test" ) and abort "Failed test suite: $curve\n"; diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 8f4738cb4..a9a89f1ce 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -1,9 +1,15 @@ #!/usr/bin/perl -# test standard configurations: -# - build -# - run test suite -# - run compat.sh +# test-ref-configs.pl +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2013-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# For each reference configuration file in the configs directory, build the +# configuration, run the test suites and compat.sh # # Usage: tests/scripts/test-ref-configs.pl [config-name [...]] @@ -63,7 +69,7 @@ while( my ($conf, $data) = each %configs ) { system( "cp configs/$conf $config_h" ) and abort "Failed to activate $conf\n"; - system( "make CFLAGS='-Os -Werror'" ) and abort "Failed to build: $conf\n"; + system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n"; system( "make test" ) and abort "Failed test suite: $conf\n"; my $compat = $data->{'compat'}; From 36540ff741b12206654862a4242cb835a4b7190f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Nov 2016 17:28:55 +0000 Subject: [PATCH 24/70] Fix compiler warning in debug.c --- library/debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/debug.c b/library/debug.c index a9cd814be..f9229b360 100644 --- a/library/debug.c +++ b/library/debug.c @@ -71,7 +71,7 @@ static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level, */ #if defined(MBEDTLS_THREADING_C) char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */ - mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", ssl, str ); + mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str ); ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr ); #else ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str ); From e4ac5428f34493b2ef7b5b773469a664f45217fd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Nov 2016 17:30:18 +0000 Subject: [PATCH 25/70] Fix formatting issues in net_sockets.c --- library/net_sockets.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 6a013e979..80be6ec6a 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -133,7 +133,8 @@ void mbedtls_net_init( mbedtls_net_context *ctx ) /* * Initiate a TCP connection with host:port and the given protocol */ -int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ) +int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, + const char *port, int proto ) { int ret; struct addrinfo hints, *addr_list, *cur; @@ -322,7 +323,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, { /* TCP: actual accept() */ ret = client_ctx->fd = (int) accept( bind_ctx->fd, - (struct sockaddr *) &client_addr, &n ); + (struct sockaddr *) &client_addr, &n ); } else { From 4ae4fdcd99b698872fd9b0f47f04027a80d7eff4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 17 Nov 2016 09:20:50 +0000 Subject: [PATCH 26/70] Fix mingw test build to avoid executing the tests Changed the mingw build target to avoid building mingw test suites and then attempting to run them which was failing on Linux. --- tests/scripts/all.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 390ee6118..2113a2740 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -447,12 +447,14 @@ if which i686-w64-mingw32-gcc >/dev/null; then msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make test + + # note Make tests only builds the tests, but doesn't run them + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make tests WINDOWS_BUILD=1 make clean msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS'=-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS'=-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make test + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make tests WINDOWS_BUILD=1 make clean fi From 1e6f5ac127a42ac20d0c8bc3e197f9b15b1589dc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 17 Nov 2016 09:27:45 +0000 Subject: [PATCH 27/70] Make mingw test build a requirement of all.sh Changed the mingw test build to be a required test of the all.sh script. --- tests/scripts/all.sh | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2113a2740..2d5afc9dc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -217,7 +217,7 @@ export GNUTLS_SERV="$GNUTLS_SERV" # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "armcc" + "arm-none-eabi-gcc" "armcc" "i686-w64-mingw32-gcc" # # Test Suites to be executed @@ -443,20 +443,18 @@ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC=armcc AR=armar WARNING_CFLAGS='--strict --c99' make lib -if which i686-w64-mingw32-gcc >/dev/null; then - msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s - cleanup - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs +msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s +cleanup +CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs - # note Make tests only builds the tests, but doesn't run them - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make tests - WINDOWS_BUILD=1 make clean +# note Make tests only builds the tests, but doesn't run them +CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make tests +WINDOWS_BUILD=1 make clean - msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make tests - WINDOWS_BUILD=1 make clean -fi +msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s +CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs +CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make tests +WINDOWS_BUILD=1 make clean # MemSan currently only available on Linux 64 bits if uname -a | grep 'Linux.*x86_64' >/dev/null; then From d49a142c6fbb4e22bbb968f75e8616e3f4e7c60a Mon Sep 17 00:00:00 2001 From: DSiekmeier Date: Thu, 13 Oct 2016 08:08:13 +0200 Subject: [PATCH 28/70] removed outdated comment --- include/mbedtls/ssl.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ba499d2bd..2c021900b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2513,7 +2513,6 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ); * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS * \param preset a MBEDTLS_SSL_PRESET_XXX value - * (currently unused). * * \note See \c mbedtls_ssl_conf_transport() for notes on DTLS. * From 8477d37ee62a3fc700f61624200a493d81efe057 Mon Sep 17 00:00:00 2001 From: Simon B Date: Sat, 12 Nov 2016 22:34:10 +0000 Subject: [PATCH 29/70] Remove need for elevated command line in Windows Changes use of mklink in Windows test builds, to create junctions instead of directory symbolic links. This removes the need for an elevated command prompt when running cmake to create the Visual Studio project files. --- tests/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index bedf21b2e..dc2797968 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -115,7 +115,7 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) if (CMAKE_HOST_UNIX) set(command ln -s ${target} ${link}) else() - set(command cmd.exe /c mklink /d ${link} ${target}) + set(command cmd.exe /c mklink /j ${link} ${target}) endif() execute_process(COMMAND ${command} From d15423446bcea9d1f92e7a365d776b4eb02bfa51 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 7 Dec 2016 10:25:19 +0000 Subject: [PATCH 30/70] Fix redefinition of macro ssl_set_bio Fix redefinition of macro ssl_set_bio to undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h. --- ChangeLog | 2 ++ include/mbedtls/compat-1.3.h | 1 - scripts/data_files/rename-1.3-2.0.txt | 1 - 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index e0c74e677..5c580b00d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx Bugfix + * Fix redefinition of macro ssl_set_bio to undefined symbol + mbedtls_ssl_set_bio_timeout in compat-1.3.h. #673 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h index 27abbd972..af51b5f82 100644 --- a/include/mbedtls/compat-1.3.h +++ b/include/mbedtls/compat-1.3.h @@ -2453,7 +2453,6 @@ #define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support #define ssl_set_authmode mbedtls_ssl_conf_authmode #define ssl_set_bio mbedtls_ssl_set_bio -#define ssl_set_bio mbedtls_ssl_set_bio_timeout #define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain #define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting #define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites diff --git a/scripts/data_files/rename-1.3-2.0.txt b/scripts/data_files/rename-1.3-2.0.txt index 397f6beae..cb3381ab8 100644 --- a/scripts/data_files/rename-1.3-2.0.txt +++ b/scripts/data_files/rename-1.3-2.0.txt @@ -1996,7 +1996,6 @@ ssl_set_alpn_protocols mbedtls_ssl_conf_alpn_protocols ssl_set_arc4_support mbedtls_ssl_conf_arc4_support ssl_set_authmode mbedtls_ssl_conf_authmode ssl_set_bio mbedtls_ssl_set_bio -ssl_set_bio_timeout mbedtls_ssl_set_bio_timeout ssl_set_ca_chain mbedtls_ssl_conf_ca_chain ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites From c0db511820b3ea936fa431eb100ecd7605b95f83 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 7 Dec 2016 15:05:53 +0000 Subject: [PATCH 31/70] Fix unused variable/function compilation warnings This PR fixes a number of unused variable/function compilation warnings that arise when using a config.h that does not define the macro MBEDTLS_PEM_PARSE_C. --- ChangeLog | 3 +++ library/pem.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5c580b00d..e7abf556a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fix redefinition of macro ssl_set_bio to undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h. #673 + * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and + x509_csr.c that are reported when building mbed TLS with a config.h that + does not define MBEDTLS_PEM_PARSE_C. #562 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. diff --git a/library/pem.c b/library/pem.c index d1c660412..8dd86a4ac 100644 --- a/library/pem.c +++ b/library/pem.c @@ -44,12 +44,12 @@ #define mbedtls_free free #endif +#if defined(MBEDTLS_PEM_PARSE_C) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if defined(MBEDTLS_PEM_PARSE_C) void mbedtls_pem_init( mbedtls_pem_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_pem_context ) ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 80af7259c..056dc16fe 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -969,8 +969,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu */ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { - int success = 0, first_error = 0, total_failed = 0; #if defined(MBEDTLS_PEM_PARSE_C) + int success = 0, first_error = 0, total_failed = 0; int buf_format = MBEDTLS_X509_FORMAT_DER; #endif diff --git a/library/x509_csr.c b/library/x509_csr.c index 603d06b64..f92b66c58 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -265,8 +265,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, */ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) { - int ret; #if defined(MBEDTLS_PEM_PARSE_C) + int ret; size_t use_len; mbedtls_pem_context pem; #endif From 5da3a6f92f10b9ea91a9e428687aef253f44effb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 13 Dec 2016 11:51:04 +0000 Subject: [PATCH 32/70] Update CMAC test vectors. --- ChangeLog | 7 ++ library/cmac.c | 224 +++++++++++++++++++++++++++++-------------------- 2 files changed, 139 insertions(+), 92 deletions(-) diff --git a/ChangeLog b/ChangeLog index e7abf556a..f77cbba3b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,13 @@ Bugfix the input string in PEM format to extract the different components. Found by Eyal Itkin. += mbed TLS 2.4.x branch released 2016-xx-xx + +Changes + * Update to CMAC test data, taken from - NIST Special Publication 800-38B - + Recommendation for Block Cipher Modes of Operation: The CMAC Mode for + Authentication – October 2016 + = mbed TLS 2.4.0 branch released 2016-10-17 Security diff --git a/library/cmac.c b/library/cmac.c index 0fa5b58f5..b2fe713a0 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -26,7 +26,7 @@ * * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The * CMAC Mode for Authentication - * http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf + * http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf * * - RFC 4493 - The AES-CMAC Algorithm * https://tools.ietf.org/html/rfc4493 @@ -470,8 +470,9 @@ exit: #if defined(MBEDTLS_SELF_TEST) /* - * CMAC test data from SP800-38B Appendix D.1 (corrected) - * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf + * CMAC test data for SP800-38B + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CMAC.pdf + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/TDES_CMAC.pdf * * AES-CMAC-PRF-128 test data from RFC 4615 * https://tools.ietf.org/html/rfc4615#page-4 @@ -483,128 +484,148 @@ exit: #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) /* All CMAC test inputs are truncated from the same 64 byte buffer. */ static const unsigned char test_message[] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, - 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, - 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 + /* PT */ + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; #endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) /* Truncation point of message for AES CMAC tests */ static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { + /* Mlen */ 0, 16, - 40, + 20, 64 }; -/* AES 128 CMAC Test Data */ +/* CMAC-AES128 Test Data */ static const unsigned char aes_128_key[16] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, - 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde + /* K1 */ + 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, + 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde }, { - 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, - 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b + /* K2 */ + 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, + 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b } }; static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, - 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 + /* Example #1 */ + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }, { - 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, - 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + /* Example #2 */ + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }, { - 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, - 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 + /* Example #3 */ + 0x7d, 0x85, 0x44, 0x9e, 0xa6, 0xea, 0x19, 0xc8, + 0x23, 0xa7, 0xbf, 0x78, 0x83, 0x7d, 0xfa, 0xde }, { - 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, - 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe + /* Example #4 */ + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } }; -/* AES 192 CMAC Test Data */ +/* CMAC-AES192 Test Data */ static const unsigned char aes_192_key[24] = { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b }; static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { - 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, - 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 + /* K1 */ + 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, + 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 }, { - 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, - 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c + /* K2 */ + 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, + 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c } }; static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, - 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 + /* Example #1 */ + 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, + 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 }, { - 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, - 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 + /* Example #2 */ + 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, + 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 }, { - 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, - 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e + /* Example #3 */ + 0x3d, 0x75, 0xc1, 0x94, 0xed, 0x96, 0x07, 0x04, + 0x44, 0xa9, 0xfa, 0x7e, 0xc7, 0x40, 0xec, 0xf8 }, { - 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, - 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 + /* Example #4 */ + 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, + 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 } }; -/* AES 256 CMAC Test Data */ +/* CMAC-AES256 Test Data */ static const unsigned char aes_256_key[32] = { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 }; static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, - 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f + /* K1 */ + 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, + 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f }, { - 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, - 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 + /* K2 */ + 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, + 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 } }; static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { - 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, - 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 + /* Example #1 */ + 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, + 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 }, { - 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, - 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c + /* Example #2 */ + 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, + 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c }, { - 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, - 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6 + /* Example #3 */ + 0x15, 0x67, 0x27, 0xdc, 0x08, 0x78, 0x94, 0x4a, + 0x02, 0x3c, 0x1f, 0xe0, 0x3b, 0xad, 0x6d, 0x93 }, { - 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, - 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 + /* Example #4 */ + 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, + 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 } }; #endif /* MBEDTLS_AES_C */ @@ -613,66 +634,84 @@ static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTL /* Truncation point of message for 3DES CMAC tests */ static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { 0, - 8, + 16, 20, 32 }; -/* 3DES 2 Key CMAC Test Data */ +/* CMAC-TDES (Generation) - 2 Key Test Data */ static const unsigned char des3_2key_key[24] = { - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, - 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 + /* Key1 */ + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + /* Key2 */ + 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xEF, 0x01, + /* Key3 */ + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static const unsigned char des3_2key_subkeys[2][8] = { { - 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef + /* K1 */ + 0x0d, 0xd2, 0xcb, 0x7a, 0x3d, 0x88, 0x88, 0xd9 }, { - 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 + /* K2 */ + 0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2 } }; static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { { - 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 + /* Sample #1 */ + 0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60 }, { - 0x4f, 0xf2, 0xab, 0x81, 0x3c, 0x53, 0xce, 0x83 + /* Sample #2 */ + 0xcc, 0x18, 0xa0, 0xb7, 0x9a, 0xf2, 0x41, 0x3b }, { - 0x62, 0xdd, 0x1b, 0x47, 0x19, 0x02, 0xbd, 0x4e + /* Sample #3 */ + 0xc0, 0x6d, 0x37, 0x7e, 0xcd, 0x10, 0x19, 0x69 }, { - 0x31, 0xb1, 0xe4, 0x31, 0xda, 0xbc, 0x4e, 0xb8 + /* Sample #4 */ + 0x9c, 0xd3, 0x35, 0x80, 0xf9, 0xb6, 0x4d, 0xfb } }; -/* 3DES 3 Key CMAC Test Data */ +/* CMAC-TDES (Generation) - 3 Key Test Data */ static const unsigned char des3_3key_key[24] = { - 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, - 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, - 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 + /* Key1 */ + 0x01, 0x23, 0x45, 0x67, 0x89, 0xaa, 0xcd, 0xef, + /* Key2 */ + 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, + /* Key3 */ + 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23 }; static const unsigned char des3_3key_subkeys[2][8] = { { - 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f + /* K1 */ + 0x9d, 0x74, 0xe7, 0x39, 0x33, 0x17, 0x96, 0xc0 }, { - 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 + /* K2 */ + 0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b } }; static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { { - 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 + /* Sample #1 */ + 0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50 }, { - 0x8e, 0x8f, 0x29, 0x31, 0x36, 0x28, 0x37, 0x97 + /* Sample #2 */ + 0x30, 0x23, 0x9c, 0xf1, 0xf5, 0x2e, 0x66, 0x09 }, { - 0x74, 0x3d, 0xdb, 0xe0, 0xce, 0x2d, 0xc2, 0xed + /* Sample #3 */ + 0x6c, 0x9f, 0x3e, 0xe4, 0x92, 0x3f, 0x6b, 0xe2 }, { - 0x33, 0xe6, 0xb1, 0x09, 0x24, 0x00, 0xea, 0xe5 + /* Sample #4 */ + 0x99, 0x42, 0x9b, 0xd0, 0xbF, 0x79, 0x04, 0xe5 } }; @@ -681,8 +720,9 @@ static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBED #if defined(MBEDTLS_AES_C) /* AES AES-CMAC-PRF-128 Test Data */ static const unsigned char PRFK[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + /* Key */ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xed, 0xcb }; @@ -693,25 +733,25 @@ static const size_t PRFKlen[NB_PRF_TESTS] = { 10 }; -/* PRF M */ +/* Message */ static const unsigned char PRFM[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 }; static const unsigned char PRFT[NB_PRF_TESTS][16] = { { - 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, - 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a + 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, + 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a }, { - 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, - 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d + 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, + 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d }, { - 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, - 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d + 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, + 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d } }; #endif /* MBEDTLS_AES_C */ From 4c006cdb1c97cf1d560756e4d3f29b70650c474b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 13 Dec 2016 14:14:03 +0000 Subject: [PATCH 33/70] Update library version number to 2.4.1 --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index f77cbba3b..eb729a3a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,7 +12,7 @@ Bugfix the input string in PEM format to extract the different components. Found by Eyal Itkin. -= mbed TLS 2.4.x branch released 2016-xx-xx += mbed TLS 2.4.1 branch released 2016-12-13 Changes * Update to CMAC test data, taken from - NIST Special Publication 800-38B - diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index f2fcc8b04..079416712 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -21,7 +21,7 @@ */ /** - * @mainpage mbed TLS v2.4.0 source code documentation + * @mainpage mbed TLS v2.4.1 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 344be8c79..e58794e0f 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.4.0" +PROJECT_NAME = "mbed TLS v2.4.1" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 6c0cc9b08..327034630 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,16 +39,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 4 -#define MBEDTLS_VERSION_PATCH 0 +#define MBEDTLS_VERSION_PATCH 1 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02040000 -#define MBEDTLS_VERSION_STRING "2.4.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.0" +#define MBEDTLS_VERSION_NUMBER 0x02040100 +#define MBEDTLS_VERSION_STRING "2.4.1" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.1" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 6eb11f203..8882ddf6a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -140,15 +140,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.4.0 SOVERSION 0) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.4.1 SOVERSION 0) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.4.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.4.1 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.4.0 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.4.1 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 52f09edae..22e608f80 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.4.0" +check_compiletime_version:"2.4.1" Check runtime library version -check_runtime_version:"2.4.0" +check_runtime_version:"2.4.1" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 880420adf0868d92cf16f4a5c4fb8cbe3465e7bd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 14 Dec 2016 15:27:22 +0000 Subject: [PATCH 34/70] Clarify CMAC API Added additional text to cmac.h to make the API clearer. --- include/mbedtls/cmac.h | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 75e0b97c4..9a2b96bc9 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -58,9 +58,13 @@ struct mbedtls_cmac_context_t /** * \brief Set the CMAC key and prepare to authenticate the input * data. - * Should be called with an initialised cipher context. + * Should be called with an initialized cipher context. * - * \param ctx Cipher context + * \param ctx Cipher context. This should be a cipher context, + * initialized to be one of the following types: + * MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB, + * MBEDTLS_CIPHER_AES_256_ECB or + * MBEDTLS_CIPHER_DES_EDE3_ECB. * \param key CMAC key * \param keybits length of the CMAC key in bits * (must be acceptable by the cipher) @@ -115,7 +119,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); /** - * \brief Output = Generic_CMAC( hmac key, input buffer ) + * \brief Output = Generic_CMAC( cmac key, input buffer ) * * \param cipher_info message digest info * \param key CMAC key From 9e3fba09fdcc209b79438a52c6731b3c897dc042 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 27 Sep 2016 15:05:15 +0100 Subject: [PATCH 35/70] Add ARM Compiler 6 build tests to all.sh --- scripts/output_env.sh | 27 +++++++++++++++++++++++---- tests/scripts/all.sh | 41 +++++++++++++++++++++++++++++++++++++---- 2 files changed, 60 insertions(+), 8 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 441fe18fb..fc3f66645 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -22,11 +22,30 @@ echo "* Operating system and architecture:" uname -a echo -if `hash armcc > /dev/null 2>&1`; then - echo "* armcc:" - armcc --vsn | head -n 2 +if [ -n "${ARMC5_CC+set}" ]; then + if `hash "$ARMC5_CC" > /dev/null 2>&1`; then + echo "* $ARMC5_CC at environment variable 'ARMC5_CC':" + $ARMC5_CC --vsn | head -n 2 + else + echo "* $ARMC5_CC at environment variable 'ARMC5_CC' not found!" + fi else - echo "* armcc not found!" + if `hash armcc > /dev/null 2>&1`; then + echo "* armcc:" + armcc --vsn | head -n 2 + else + echo "* armcc not found!" + fi +fi + +if [ -n "${ARMC6_CC+set}" ]; then + echo + if `hash "$ARMC6_CC" > /dev/null 2>&1`; then + echo "* $ARMC6_CC at environment variable 'ARMC6_CC':" + $ARMC6_CC --vsn | head -n 2 + else + echo "* $ARMC6_CC at environment variable 'ARMC6_CC' not found!" + fi fi echo diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2d5afc9dc..bd8d6d34f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -45,6 +45,8 @@ RELEASE=0 : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} +: ${ARMC5_BIN_DIR:=/usr/bin} +: ${ARMC6_BIN_DIR:=/usr/bin} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -n "${MAKEFLAGS+set}" ]; then @@ -66,6 +68,8 @@ usage() printf " --gnutls-serv=\t\tPath to GnuTLS server executable to use for most tests.\n" printf " --gnutls-legacy-cli=\t\tPath to GnuTLS client executable to use for legacy tests.\n" printf " --gnutls-legacy-serv=\t\tPath to GnuTLS server executable to use for legacy tests.\n" + printf " --armc5-bin-dir=\t\tPath to the ARM Compiler 5 bin directory.\n" + printf " --armc6-bin-dir=\t\tPath to the ARM Compiler 6 bin directory.\n" } # remove built files as well as the cmake cache/config @@ -152,6 +156,14 @@ while [ $# -gt 0 ]; do shift GNUTLS_LEGACY_SERV="$1" ;; + --armc5-bin-dir) + shift + ARMC5_BIN_DIR="$1" + ;; + --armc6-bin-dir) + shift + ARMC6_BIN_DIR="$1" + ;; --help|-h|*) usage exit 1 @@ -204,6 +216,13 @@ echo "GNUTLS_CLI: $GNUTLS_CLI" echo "GNUTLS_SERV: $GNUTLS_SERV" echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" +echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" +echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" + +ARMC5_CC="$ARMC5_BIN_DIR/armcc" +ARMC5_AR="$ARMC5_BIN_DIR/armar" +ARMC6_CC="$ARMC6_BIN_DIR/armclang" +ARMC6_AR="$ARMC6_BIN_DIR/armar" # To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh # we just export the variables they require @@ -217,7 +236,8 @@ export GNUTLS_SERV="$GNUTLS_SERV" # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "armcc" "i686-w64-mingw32-gcc" + "arm-none-eabi-gcc" "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" \ + "i686-w64-mingw32-gcc" # # Test Suites to be executed @@ -233,7 +253,8 @@ check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ msg "info: output_env.sh" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ - GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" scripts/output_env.sh + GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \ + ARMC6_CC="$ARMC6_CC" scripts/output_env.sh msg "test: recursion.pl" # < 1s tests/scripts/recursion.pl library/*.c @@ -422,7 +443,7 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib -msg "build: armcc, make" +msg "build: ARM Compiler 5, make" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full @@ -441,7 +462,19 @@ scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME -CC=armcc AR=armar WARNING_CFLAGS='--strict --c99' make lib + +CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib +make clean + +msg "build: ARM Compiler 6 (arm-arm-none-eabi), make" +ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" \ + CFLAGS="--target=arm-arm-none-eabi" WARNING_CFLAGS= make lib +make clean + +msg "build: ARM Compiler 6 (aarch64-arm-none-eabi), make" +ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" \ + CFLAGS="--target=aarch64-arm-none-eabi" WARNING_CFLAGS= make lib +make clean msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup From 7f08d7a35a1eca0a929b1badb39b251e47694271 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 4 Oct 2016 17:14:38 +0100 Subject: [PATCH 36/70] Modify output_env.sh to make it extensible --- scripts/output_env.sh | 183 +++++++++++++----------------------------- tests/scripts/all.sh | 2 +- 2 files changed, 56 insertions(+), 129 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index fc3f66645..1afaac33e 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -1,5 +1,5 @@ -#!/bin/sh -# +#! /usr/bin/env sh + # output_env.sh # # This file is part of mbed TLS (https://tls.mbed.org) @@ -17,163 +17,92 @@ # - version of libc, clang, asan and valgrind if installed # - version of gnuTLS and OpenSSL -echo -echo "* Operating system and architecture:" -uname -a +print_version() +{ + BIN="$1" + shift + ARGS="$1" + shift + FAIL_MSG="$1" + shift -echo -if [ -n "${ARMC5_CC+set}" ]; then - if `hash "$ARMC5_CC" > /dev/null 2>&1`; then - echo "* $ARMC5_CC at environment variable 'ARMC5_CC':" - $ARMC5_CC --vsn | head -n 2 - else - echo "* $ARMC5_CC at environment variable 'ARMC5_CC' not found!" + if ! `type "$BIN" > /dev/null 2>&1`; then + echo "* $FAIL_MSG" + return 0 fi -else - if `hash armcc > /dev/null 2>&1`; then - echo "* armcc:" - armcc --vsn | head -n 2 - else - echo "* armcc not found!" - fi -fi -if [ -n "${ARMC6_CC+set}" ]; then - echo - if `hash "$ARMC6_CC" > /dev/null 2>&1`; then - echo "* $ARMC6_CC at environment variable 'ARMC6_CC':" - $ARMC6_CC --vsn | head -n 2 - else - echo "* $ARMC6_CC at environment variable 'ARMC6_CC' not found!" - fi -fi + BIN=`which "$BIN"` + VERSION_STR=`$BIN $ARGS 2>&1` + # Apply all filters + while [ $# -gt 0 ]; do + FILTER="$1" + shift + VERSION_STR=`echo "$VERSION_STR" | $FILTER` + done + + echo "* ${BIN##*/}: $BIN: $VERSION_STR" +} + +print_version "uname" "-a" "" echo -if `hash arm-none-eabi-gcc > /dev/null 2>&1`; then - echo "* gcc-arm:" - arm-none-eabi-gcc --version | head -n 1 -else - echo "* gcc-arm not found!" -fi +: ${ARMC5_CC:=armcc} +print_version "$ARMC5_CC" "--vsn" "armcc not found!" "head -n 2" echo -if `hash gcc > /dev/null 2>&1`; then - echo "* gcc:" - gcc --version | head -n 1 -else - echo "* gcc not found!" -fi +: ${ARMC6_CC:=armclang} +print_version "$ARMC6_CC" "--vsn" "armclang not found!" "head -n 2" echo -if `hash clang > /dev/null 2>&1`; then - echo "* clang:" - clang --version | head -n 2 - clang -v 2>&1 | grep Selected -else - echo "* clang not found!" -fi +print_version "arm-none-eabi-gcc" "--version" "gcc-arm not found!" "head -n 1" echo -if `hash ldd > /dev/null 2>&1`; then - echo "* libc:" - ldd --version | head -n 1 -else - echo "* No ldd present: can't determine libc version!" -fi +print_version "gcc" "--version" "gcc not found!" "head -n 1" echo -if `hash valgrind > /dev/null 2>&1`; then - echo "* valgrind:" - valgrind --version -else - echo "* valgrind not found!" -fi +print_version "clang" "--version" "clang not found" "head -n 2" echo -if `hash openssl > /dev/null 2>&1`; then - echo "* openssl:" - openssl version -else - echo "* openssl not found!" -fi -if [ -n "${OPENSSL+set}" ]; then - echo - if `hash "$OPENSSL" > /dev/null 2>&1`; then - echo "* $OPENSSL at environment variable 'OPENSSL':" - $OPENSSL version - else - echo "* $OPENSSL at environment variable 'OPENSSL' not found!" - fi -fi +print_version "ldd" "--version" \ + "No ldd present: can't determine libc version!" \ + "head -n 1" +echo + +print_version "valgrind" "--version" "valgrind not found!" +echo + +: ${OPENSSL:=openssl} +print_version "$OPENSSL" "version" "openssl not found!" +echo if [ -n "${OPENSSL_LEGACY+set}" ]; then + print_version "$OPENSSL_LEGACY" "version" "openssl legacy version not found!" echo - if `hash "$OPENSSL_LEGACY" > /dev/null 2>&1`; then - echo "* $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY':" - $OPENSSL_LEGACY version - else - echo "* $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY' not found!" - fi fi +: ${GNUTLS_CLI:=gnutls-cli} +print_version "$GNUTLS_CLI" "--version" "gnuTLS client not found!" "head -n 1" echo -if `hash gnutls-cli > /dev/null 2>&1`; then - echo "* gnuTLS client:" - gnutls-cli --version | head -n 1 -else - echo "* gnuTLS client not found!" -fi +: ${GNUTLS_SERV:=gnutls-serv} +print_version "$GNUTLS_SERV" "--version" "gnuTLS server not found!" "head -n 1" echo -if `hash gnutls-serv > /dev/null 2>&1`; then - echo "* gnuTLS server:" - gnutls-serv --version | head -n 1 -else - echo "* gnuTLS server not found!" -fi - -if [ -n "${GNUTLS_CLI+set}" ]; then - echo - if `hash "$GNUTLS_CLI" > /dev/null 2>&1`; then - echo "* $GNUTLS_CLI at environment variable 'GNUTLS_CLI':" - $GNUTLS_CLI --version | head -n 1 - else - echo "* $GNUTLS_CLI at environment variable 'GNUTLS_CLI' not found!" - fi -fi - -if [ -n "${GNUTLS_SERV+set}" ]; then - echo - if `hash "$GNUTLS_SERV" > /dev/null 2>&1`; then - echo "* $GNUTLS_SERV at environment variable 'GNUTLS_SERV':" - $GNUTLS_SERV --version | head -n 1 - else - echo "* $GNUTLS_SERV at environment variable 'GNUTLS_SERV' not found!" - fi -fi if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then + print_version "$GNUTLS_LEGACY_CLI" "--version" \ + "gnuTLS client legacy version not found!" \ + "head -n 1" echo - if `hash "$GNUTLS_LEGACY_CLI" > /dev/null 2>&1`; then - echo "* $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI':" - $GNUTLS_LEGACY_CLI --version | head -n 1 - else - echo "* $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI' not found!" - fi fi if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then + print_version "$GNUTLS_LEGACY_SERV" "--version" \ + "gnuTLS server legacy version not found!" \ + "head -n 1" echo - if `hash "$GNUTLS_LEGACY_SERV" > /dev/null 2>&1`; then - echo "* $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV':" - $GNUTLS_LEGACY_SERV --version | head -n 1 - else - echo "* $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV' not found!" - fi fi -echo if `hash dpkg > /dev/null 2>&1`; then echo "* asan:" dpkg -s libasan2 2> /dev/null | grep -i version @@ -182,6 +111,4 @@ if `hash dpkg > /dev/null 2>&1`; then else echo "* No dpkg present: can't determine asan version!" fi - echo - diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bd8d6d34f..e16c1b5f9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#! /usr/bin/env sh # all.sh # From 0911f0880c2e70dda3ad8700ffb29d82f7e3b2e1 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 17 Oct 2016 15:23:10 +0100 Subject: [PATCH 37/70] Add -march argument to armc6 build tests --- tests/scripts/all.sh | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e16c1b5f9..769cbd2ea 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -98,6 +98,16 @@ msg() echo "******************************************************************" } +armc6_build_test() +{ + FLAGS="$1" + + msg "build: ARM Compiler 6 ($FLAGS), make" + ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ + WARNING_CFLAGS= make lib + make clean +} + err_msg() { echo "$1" >&2 @@ -466,15 +476,11 @@ scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib make clean -msg "build: ARM Compiler 6 (arm-arm-none-eabi), make" -ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" \ - CFLAGS="--target=arm-arm-none-eabi" WARNING_CFLAGS= make lib -make clean - -msg "build: ARM Compiler 6 (aarch64-arm-none-eabi), make" -ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" \ - CFLAGS="--target=aarch64-arm-none-eabi" WARNING_CFLAGS= make lib -make clean +armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" +armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" +armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" +armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" +armc6_build_test "--target=aarch64-arm-none-eabi" msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup From 53716395b279c51f51114de7f736e3ce06264437 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 5 Jan 2017 16:20:56 +0000 Subject: [PATCH 38/70] Clarify use of armcc in all.sh --- tests/scripts/all.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 769cbd2ea..70c2897ba 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -283,6 +283,8 @@ msg "test: doxygen warnings" # ~ 3s cleanup tests/scripts/doxygen.sh +# Note - use of yotta is deprecated, and yotta also requires armcc to be on the +# path, and uses whatever version of armcc it finds there. msg "build: create and build yotta module" # ~ 30s cleanup tests/scripts/yotta-build.sh From ba6aa63578521634f4687044ddedb64d528de0fd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 6 Jan 2017 16:14:44 +0000 Subject: [PATCH 39/70] Fix all.sh test builds with recent glibc and clang Fixes strict C99 builds in all.sh with glibc version >2.19 where platform support wasn't being compiled in automatically. Also fixes C99 syntax with armclang. --- tests/scripts/all.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 70c2897ba..9e201ad0a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -104,7 +104,7 @@ armc6_build_test() msg "build: ARM Compiler 6 ($FLAGS), make" ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ - WARNING_CFLAGS= make lib + WARNING_CFLAGS='-xc -std=c99' make lib make clean } @@ -375,7 +375,9 @@ scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_FS_IO -CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0' make lib programs +# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, +# to re-enable platform integration features otherwise disabled in C99 builds +CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' make lib programs CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make test # catch compile bugs in _uninit functions From 747fceb78536d0e205085e04e5f4aa5158e702b5 Mon Sep 17 00:00:00 2001 From: Jaakko Korhonen Date: Mon, 9 Jan 2017 11:07:46 +0200 Subject: [PATCH 40/70] Fixed typo in ssl.h --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2c021900b..1a6c9cc60 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1146,7 +1146,7 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) * * \note See the documentation of \c mbedtls_ssl_set_timer_t and * \c mbedtls_ssl_get_timer_t for the conventions this pair of - * callbacks must fallow. + * callbacks must follow. * * \note On some platforms, timing.c provides * \c mbedtls_timing_set_delay() and From 2196c7f81cf9b7903def3c7d34d0bcfc11cf286e Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 15 Dec 2016 17:01:16 +0000 Subject: [PATCH 41/70] Fix renegotiation at incorrect times in DTLS Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared 64 bits of record counter instead of 48 bits as described in RFC 6347 Section 4.3.1. This would cause the function's return value to be occasionally incorrect and the renegotiation routines to be triggered at unexpected times. --- ChangeLog | 5 +++++ include/mbedtls/ssl.h | 6 ++++-- library/ssl_tls.c | 16 ++++++++++++---- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index eb729a3a0..9fcebc7d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,11 @@ Bugfix * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define MBEDTLS_PEM_PARSE_C. #562 + * Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that + would compare 64 bits of the record counter instead of 48 bits as indicated + in RFC 6347 Section 4.3.1. This could cause the execution of the + renegotiation routines at unexpected times when the protocol is DTLS. Found + by wariua. #687 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1a6c9cc60..8042693d0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2183,7 +2183,7 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ /** * \brief Set record counter threshold for periodic renegotiation. - * (Default: 2^64 - 256.) + * (Default: 2^48 - 1) * * Renegotiation is automatically triggered when a record * counter (outgoing or ingoing) crosses the defined @@ -2194,9 +2194,11 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ * Lower values can be used to enforce policies such as "keys * must be refreshed every N packets with cipher X". * + * \note When the transport is set to MBEDTLS_SSL_TRANSPORT_DATAGRAM, + * the maximum renegotiation period is 2^48 - 1. + * * \param conf SSL configuration * \param period The threshold value: a big-endian 64-bit number. - * Set to 2^64 - 1 to disable periodic renegotiation */ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, const unsigned char period[8] ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 121c13526..abad0b385 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6482,6 +6482,10 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) */ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) { + size_t ep_len = ssl_ep_len( ssl ); + int in_ctr_cmp; + int out_ctr_cmp; + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) @@ -6489,8 +6493,12 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) return( 0 ); } - if( memcmp( ssl->in_ctr, ssl->conf->renego_period, 8 ) <= 0 && - memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 ) + in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len ); + out_ctr_cmp = memcmp( ssl->out_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len ); + + if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) { return( 0 ); } @@ -7231,8 +7239,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_RENEGOTIATION) conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; - memset( conf->renego_period, 0xFF, 7 ); - conf->renego_period[7] = 0x00; + memset( conf->renego_period, 0x00, 2 ); + memset( conf->renego_period + 2, 0xFF, 6 ); #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) From 13fb6e72712060270f1162790c1c169b6328e150 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 19 Jan 2017 16:30:57 +0000 Subject: [PATCH 42/70] Add DTLS test to check 6 byte record ctr is cmp Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in the TLS case. Because currently there are no testing facilities to check that renegotiation routines are triggered after X number of input/output messages, the test consists on setting a renegotiation period that cannot be represented in 6 bytes, but whose least-significant byte is 2. If the library behaves correctly, the renegotiation routines will be executed after two exchanged. --- programs/ssl/ssl_server2.c | 27 +++++++++++++++++++++------ tests/ssl-opt.sh | 13 +++++++++++++ 2 files changed, 34 insertions(+), 6 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 18bda599f..d98b669b5 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -63,6 +63,8 @@ int main( void ) #include #include #include +#include +#include #if !defined(_WIN32) #include @@ -113,7 +115,7 @@ int main( void ) #define DFL_ALLOW_LEGACY -2 #define DFL_RENEGOTIATE 0 #define DFL_RENEGO_DELAY -2 -#define DFL_RENEGO_PERIOD -1 +#define DFL_RENEGO_PERIOD ( (uint64_t)-1 ) #define DFL_EXCHANGES 1 #define DFL_MIN_VERSION -1 #define DFL_MAX_VERSION -1 @@ -292,7 +294,7 @@ int main( void ) " renegotiation=%%d default: 0 (disabled)\n" \ " renegotiate=%%d default: 0 (disabled)\n" \ " renego_delay=%%d default: -2 (library default)\n" \ - " renego_period=%%d default: (library default)\n" + " renego_period=%%d default: (2^64 - 1 for TLS, 2^48 - 1 for DTLS)\n" #else #define USAGE_RENEGO "" #endif @@ -351,6 +353,19 @@ int main( void ) " force_ciphersuite= default: all enabled\n" \ " acceptable ciphersuite names:\n" + +#define PUT_UINT64_BE(out_be,in_le,i) \ +{ \ + (out_be)[(i) + 0] = (unsigned char)( ( (in_le) >> 56 ) & 0xFF ); \ + (out_be)[(i) + 1] = (unsigned char)( ( (in_le) >> 48 ) & 0xFF ); \ + (out_be)[(i) + 2] = (unsigned char)( ( (in_le) >> 40 ) & 0xFF ); \ + (out_be)[(i) + 3] = (unsigned char)( ( (in_le) >> 32 ) & 0xFF ); \ + (out_be)[(i) + 4] = (unsigned char)( ( (in_le) >> 24 ) & 0xFF ); \ + (out_be)[(i) + 5] = (unsigned char)( ( (in_le) >> 16 ) & 0xFF ); \ + (out_be)[(i) + 6] = (unsigned char)( ( (in_le) >> 8 ) & 0xFF ); \ + (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \ +} + /* * global options */ @@ -377,7 +392,7 @@ struct options int allow_legacy; /* allow legacy renegotiation */ int renegotiate; /* attempt renegotiation? */ int renego_delay; /* delay before enforcing renegotiation */ - int renego_period; /* period for automatic renegotiation */ + uint64_t renego_period; /* period for automatic renegotiation */ int exchanges; /* number of data exchanges */ int min_version; /* minimum protocol version accepted */ int max_version; /* maximum protocol version accepted */ @@ -1041,8 +1056,8 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "renego_period" ) == 0 ) { - opt.renego_period = atoi( q ); - if( opt.renego_period < 2 || opt.renego_period > 255 ) + if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 || + opt.renego_period < 2 ) goto usage; } else if( strcmp( p, "exchanges" ) == 0 ) @@ -1757,7 +1772,7 @@ int main( int argc, char *argv[] ) if( opt.renego_period != DFL_RENEGO_PERIOD ) { - renego_period[7] = opt.renego_period; + PUT_UINT64_BE( renego_period, opt.renego_period, 0 ); mbedtls_ssl_conf_renegotiation_period( &conf, renego_period ); } #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 57155b89d..41fbc3d29 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1601,6 +1601,19 @@ run_test "Renegotiation: DTLS, server-initiated" \ -s "=> renegotiate" \ -s "write hello request" +run_test "Renegotiation: DTLS, renego_period overflow" \ + "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ + "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ + 0 \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -s "record counter limit reached: renegotiate" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -s "write hello request" \ + requires_gnutls run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ "$G_SRV -u --mtu 4096" \ From d57c8f0048a913c7059e571dd6d526f9ebe24e5e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 13:08:37 +0000 Subject: [PATCH 43/70] Clarify fix for #673 in Changelog Clarified fix, and added credit. --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9fcebc7d3..23b759938 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx Bugfix - * Fix redefinition of macro ssl_set_bio to undefined symbol - mbedtls_ssl_set_bio_timeout in compat-1.3.h. #673 + * Fix the redefinition of macro ssl_set_bio to an undefined symbol + mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. + Found by omlib-lin. #673 * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define MBEDTLS_PEM_PARSE_C. #562 From a333b3c194a338462bcfde896d3311421e2fadca Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 16:17:37 +0000 Subject: [PATCH 44/70] Add credit to Changelog for #562 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 23b759938..b604ed4f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,7 +8,7 @@ Bugfix Found by omlib-lin. #673 * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and x509_csr.c that are reported when building mbed TLS with a config.h that - does not define MBEDTLS_PEM_PARSE_C. #562 + does not define MBEDTLS_PEM_PARSE_C. Found by omnium21. #562 * Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that would compare 64 bits of the record counter instead of 48 bits as indicated in RFC 6347 Section 4.3.1. This could cause the execution of the From 2537f37faf0a3c2a0bda15ae1d9f78b2f3f6a43d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 3 Feb 2017 00:21:28 +0000 Subject: [PATCH 45/70] Add clarification to the TLS renegotiation period Expanded details on use of mbedtls_ssl_conf_renegotiation_period() --- include/mbedtls/ssl.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8042693d0..42c9779c6 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2194,8 +2194,14 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ * Lower values can be used to enforce policies such as "keys * must be refreshed every N packets with cipher X". * - * \note When the transport is set to MBEDTLS_SSL_TRANSPORT_DATAGRAM, - * the maximum renegotiation period is 2^48 - 1. + * The renegotiation period can be disabled by setting + * conf->disable_renegotiation to + * MBEDTLS_SSL_RENEGOTIATION_DISABLED. + * + * \note When the configured transport is + * MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation + * period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM, + * the maximum renegotiation period is 2^64 - 1. * * \param conf SSL configuration * \param period The threshold value: a big-endian 64-bit number. From 0eced5aae5b0e6af98135c2b315a7bee776c757c Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 2 Feb 2017 17:01:10 +0000 Subject: [PATCH 46/70] Fix examples that failed to compile without PEM --- programs/ssl/dtls_client.c | 2 +- programs/ssl/ssl_mail_client.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 442a3fb7c..e18ee42a1 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -37,7 +37,7 @@ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_CERTS_C) + !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) int main( void ) { mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 4a22771d7..b49ffb478 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -494,13 +494,13 @@ int main( int argc, char *argv[] ) ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ); else #endif -#if defined(MBEDTLS_CERTS_C) +#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C) ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem, mbedtls_test_cas_pem_len ); #else { ret = 1; - mbedtls_printf("MBEDTLS_CERTS_C not defined."); + mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined."); } #endif if( ret < 0 ) From 182013faf46b8a33e884da9712355c11b9831c8d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 25 Oct 2016 10:50:22 +0100 Subject: [PATCH 47/70] Prevent SLOTH attacks --- ChangeLog | 4 ++++ library/ssl_tls.c | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b604ed4f6..f24186b36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx +Security + * Removed MD5 from the allowed hash algorithms for CertificateRequest and + CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. + Bugfix * Fix the redefinition of macro ssl_set_bio to an undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index abad0b385..d9ab83291 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7653,8 +7653,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: - ssl->handshake->calc_verify = ssl_calc_verify_tls; - break; + return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_SSL_HASH_SHA1: From 49d29337facd93e5d1039b7073ded21ec6dde54d Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 14:31:54 +0100 Subject: [PATCH 48/70] Add tests for overreads in pem_read_buffer() --- tests/suites/test_suite_pem.data | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 339b4d3f8..065e4a2b5 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -24,3 +24,4 @@ mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC, PEM read (unknown encryption algorithm) mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG + From 6a54336897e5150b95c64bf1eea122cdd9556a9c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Jan 2017 23:04:22 +0000 Subject: [PATCH 49/70] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- tests/suites/test_suite_ctr_drbg.function | 5 +++++ 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f24186b36..fc240c305 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,12 @@ Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/cipher.c b/library/cipher.c index a88343869..e9e0b223e 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -326,9 +326,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && - ilen + ctx->unprocessed_len <= block_size ) || + ilen <= block_size - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && - ilen + ctx->unprocessed_len < block_size ) ) + ilen < block_size - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 386f8adb0..55612c7fc 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -290,7 +290,8 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT || + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 897670131..95cbcce65 100644 --- a/library/md2.c +++ b/library/md2.c @@ -158,7 +158,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 3acfb8bae..883cfe08e 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -39,6 +39,11 @@ void ctr_drbg_special_behaviours( ) TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1 ) == MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + + mbedtls_ctr_drbg_set_entropy_len( &ctx, ~0 ); + TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional, + MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) == + MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); exit: mbedtls_ctr_drbg_free( &ctx ); } From 4623d83c6f5549031f72bc25b085af6eb79b28f4 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 50/70] Fix integer overflow mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 2 ++ library/base64.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index fc240c305..76cd298e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_md2_update() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/base64.c b/library/base64.c index 5cb12cba7..305afc57b 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,7 +192,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || dlen < n ) From a29c5e9e66c1ba2b7d6b292430898e9ae7598e68 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 51/70] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index 305afc57b..f06b57b31 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,6 +192,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From 0621b1fbb00210552a70e78697fcc511d192dd27 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 5 Feb 2017 16:48:47 +0000 Subject: [PATCH 52/70] Add detail to ChangeLog for SLOTH fix --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 76cd298e2..558cf9e22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Removed MD5 from the allowed hash algorithms for CertificateRequest and CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. + Introduced by interoperability fix for #513. Bugfix * Fix the redefinition of macro ssl_set_bio to an undefined symbol From ea7054a00c9a84ef684fdf801dcf880f2d403869 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 8 Feb 2017 14:13:02 +0000 Subject: [PATCH 53/70] Add unit tests for X509 certificate date parsing --- tests/suites/test_suite_x509parse.data | 61 ++++++++++++++++++++++ tests/suites/test_suite_x509parse.function | 8 ++- 2 files changed, 64 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 1031bd9c0..11605aba6 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1574,3 +1574,64 @@ x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130236012Z":MBEDTLS_ERR_X509_INVALID_DAT X509 Get time (UTC invalid sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130235960Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC without time zone) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212":0:2000:2:29:12:12:12 + +X509 Get time (UTC with invalid time zone #1) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC with invalid time zone #2) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (Date with invalid tag) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_CONTEXT_SPECIFIC:"000229121212":MBEDTLS_ERR_X509_INVALID_DATE+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:0:0:0:0:0:0 + +X509 Get time (UTC, truncated) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (Generalized Time, truncated) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC without seconds) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212":MBEDTLS_ERR_X509_INVALID_DATE:2000:2:29:12:12:0 + +X509 Get time (UTC without seconds and with invalid time zone #1) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC without second and with invalid time zone #2) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in year) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0\1130231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in month) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001%30231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in day) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011`0231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in hour) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302h1212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in min) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"00113023u012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in sec) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 156a25fcf..5eec72a8d 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -613,16 +613,14 @@ void x509_get_time( int tag, char *time_str, int ret, int hour, int min, int sec ) { mbedtls_x509_time time; - unsigned char buf[17]; + unsigned char buf[21]; unsigned char* start = buf; unsigned char* end = buf; memset( &time, 0x00, sizeof( time ) ); *end = (unsigned char)tag; end++; - if( tag == MBEDTLS_ASN1_UTC_TIME ) - *end = 13; - else - *end = 15; + *end = strlen( time_str ); + TEST_ASSERT( *end < 20 ); end++; memcpy( end, time_str, (size_t)*(end - 1) ); end += *(end - 1); From 87c980749df93058a4a19119192bdd76132c93e9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 3 Feb 2017 12:36:59 +0000 Subject: [PATCH 54/70] Fix buffer overread in mbedtls_x509_get_time() A heap overread might happen when parsing malformed certificates. Reported by Peng Li and Yueh-Hsun Lin. Refactoring the parsing fixes the problem. This commit applies the relevant part of the OpenVPN contribution applied to mbed TLS 1.3 in commit 17da9dd82931abdf054a01c466bce45e7d12b742. --- ChangeLog | 2 + library/x509.c | 137 +++++++++++++++++++++++++++++++------------------ 2 files changed, 88 insertions(+), 51 deletions(-) diff --git a/ChangeLog b/ChangeLog index a299b806c..1443bcb6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng + Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/x509.c b/library/x509.c index 4df542e42..e4387707d 100644 --- a/library/x509.c +++ b/library/x509.c @@ -480,14 +480,20 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, } } -static int x509_parse_int(unsigned char **p, unsigned n, int *res){ +static int x509_parse_int( unsigned char **p, size_t n, int *res ) +{ *res = 0; - for( ; n > 0; --n ){ - if( ( **p < '0') || ( **p > '9' ) ) return MBEDTLS_ERR_X509_INVALID_DATE; + + for( ; n > 0; --n ) + { + if( ( **p < '0') || ( **p > '9' ) ) + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + *res *= 10; - *res += (*(*p)++ - '0'); + *res += ( *(*p)++ - '0' ); } - return 0; + + return( 0 ); } static int x509_date_is_valid(const mbedtls_x509_time *time) @@ -517,6 +523,70 @@ static int x509_date_is_valid(const mbedtls_x509_time *time) return( 0 ); } +/* + * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) + * field. + */ +static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, + mbedtls_x509_time *time ) +{ + int ret; + + /* + * Minimum length is 10 or 12 depending on yearlen + */ + if ( len < yearlen + 8 ) + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + len -= yearlen + 8; + + /* + * Parse year, month, day, hour, minute + */ + CHECK( x509_parse_int( p, yearlen, &time->year ) ); + if ( 2 == yearlen ) + { + if ( time->year < 50 ) + time->year += 100; + + time->year += 1900; + } + + CHECK( x509_parse_int( p, 2, &time->mon ) ); + CHECK( x509_parse_int( p, 2, &time->day ) ); + CHECK( x509_parse_int( p, 2, &time->hour ) ); + CHECK( x509_parse_int( p, 2, &time->min ) ); + + /* + * Parse seconds if present + */ + if ( len >= 2 ) + { + CHECK( x509_parse_int( p, 2, &time->sec ) ); + len -= 2; + } + else + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + + /* + * Parse trailing 'Z' if present + */ + if ( 1 == len && 'Z' == **p ) + { + (*p)++; + len--; + } + + /* + * We should have parsed all characters at this point + */ + if ( 0 != len ) + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + + CHECK( x509_date_is_valid( time ) ); + + return ( 0 ); +} + /* * Time ::= CHOICE { * utcTime UTCTime, @@ -526,7 +596,7 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, mbedtls_x509_time *time ) { int ret; - size_t len; + size_t len, year_len; unsigned char tag; if( ( end - *p ) < 1 ) @@ -536,55 +606,20 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, tag = **p; if( tag == MBEDTLS_ASN1_UTC_TIME ) - { - (*p)++; - ret = mbedtls_asn1_get_len( p, end, &len ); - - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); - - CHECK( x509_parse_int( p, 2, &time->year ) ); - CHECK( x509_parse_int( p, 2, &time->mon ) ); - CHECK( x509_parse_int( p, 2, &time->day ) ); - CHECK( x509_parse_int( p, 2, &time->hour ) ); - CHECK( x509_parse_int( p, 2, &time->min ) ); - if( len > 10 ) - CHECK( x509_parse_int( p, 2, &time->sec ) ); - if( len > 12 && *(*p)++ != 'Z' ) - return( MBEDTLS_ERR_X509_INVALID_DATE ); - - time->year += 100 * ( time->year < 50 ); - time->year += 1900; - - CHECK( x509_date_is_valid( time ) ); - - return( 0 ); - } + year_len = 2; else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME ) - { - (*p)++; - ret = mbedtls_asn1_get_len( p, end, &len ); - - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); - - CHECK( x509_parse_int( p, 4, &time->year ) ); - CHECK( x509_parse_int( p, 2, &time->mon ) ); - CHECK( x509_parse_int( p, 2, &time->day ) ); - CHECK( x509_parse_int( p, 2, &time->hour ) ); - CHECK( x509_parse_int( p, 2, &time->min ) ); - if( len > 12 ) - CHECK( x509_parse_int( p, 2, &time->sec ) ); - if( len > 14 && *(*p)++ != 'Z' ) - return( MBEDTLS_ERR_X509_INVALID_DATE ); - - CHECK( x509_date_is_valid( time ) ); - - return( 0 ); - } + year_len = 4; else return( MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + + (*p)++; + ret = mbedtls_asn1_get_len( p, end, &len ); + + if( ret != 0 ) + return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); + + return x509_parse_time( p, len, year_len, time ); } int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ) From 5708dcb36882a1e91f1f8f657e3355bc42b18988 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 8 Dec 2016 17:19:21 +0000 Subject: [PATCH 55/70] Fix memory leak in mbedtls_x509_crl_parse() The memory leak call was caused by missing calls to mbedtls_pem_free() when a MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. --- ChangeLog | 3 +++ library/x509_crl.c | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1443bcb6e..e77053150 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,9 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America. + * Fix potential memory leak in mbedtls_x509_crl_parse(). The leak was caused + by missing calls to mbedtls_pem_free() in cases when a + MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/x509_crl.c b/library/x509_crl.c index 5b0adeffc..76c49f135 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -525,16 +525,17 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s if( ( ret = mbedtls_x509_crl_parse_der( chain, pem.buf, pem.buflen ) ) != 0 ) { + mbedtls_pem_free( &pem ); return( ret ); } - - mbedtls_pem_free( &pem ); } else if( is_pem ) { mbedtls_pem_free( &pem ); return( ret ); } + + mbedtls_pem_free( &pem ); } /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte. * And a valid CRL cannot be less than 1 byte anyway. */ From d02dc14c94cea28b4eecac7ea9cdd70e107d7d39 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 28 Feb 2017 16:36:22 +0000 Subject: [PATCH 56/70] Fix credit in ChangeLog for #722 --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e77053150..51c5e2075 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,7 +44,8 @@ Bugfix Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America. * Fix potential memory leak in mbedtls_x509_crl_parse(). The leak was caused by missing calls to mbedtls_pem_free() in cases when a - MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. + MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and + fix proposed by Guido Vranken. #722 = mbed TLS 2.4.1 branch released 2016-12-13 From 28fff141133314308994738fbe4f24f4a1e3c64d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 27 Jan 2017 15:51:14 +0000 Subject: [PATCH 57/70] Add invalid key tests for curve SECP224K1 This curve has special arithmetic on 64 bit platforms and an untested path lead to trying to free a buffer on the stack. For the sake of completeness, a test case for a point with non-affine coordinates has been added as well. --- tests/suites/test_suite_ecp.data | 12 ++++++++++-- tests/suites/test_suite_ecp.function | 7 ++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 1c858b5f7..a43e7d75d 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -32,11 +32,19 @@ mbedtls_ecp_curve_info:MBEDTLS_ECP_DP_SECP192R1:19:192:"secp192r1" ECP check pubkey Montgomery #1 (too big) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_check_pub_mx:MBEDTLS_ECP_DP_CURVE25519:"010000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ECP_INVALID_KEY +ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"010000000000000000000000000000000000000000000000000000000000000000":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY ECP check pubkey Montgomery #2 (biggest) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_check_pub_mx:MBEDTLS_ECP_DP_CURVE25519:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":0 +ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0 + +ECP check pubkey Koblitz #1 (point not on curve) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_check_pub:MBEDTLS_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"1":MBEDTLS_ERR_ECP_INVALID_KEY + +ECP check pubkey Koblitz #2 (coordinate not affine) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_check_pub:MBEDTLS_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"101":MBEDTLS_ERR_ECP_INVALID_KEY ECP write binary #0 (zero, bad format) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index afe61ec61..99780c0de 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -29,7 +29,7 @@ void mbedtls_ecp_curve_info( int id, int tls_id, int size, char *name ) /* END_CASE */ /* BEGIN_CASE */ -void ecp_check_pub_mx( int grp_id, char *key_hex, int ret ) +void ecp_check_pub( int grp_id, char *x_hex, char *y_hex, char *z_hex, int ret ) { mbedtls_ecp_group grp; mbedtls_ecp_point P; @@ -39,8 +39,9 @@ void ecp_check_pub_mx( int grp_id, char *key_hex, int ret ) TEST_ASSERT( mbedtls_ecp_group_load( &grp, grp_id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, key_hex ) == 0 ); - TEST_ASSERT( mbedtls_mpi_lset( &P.Z, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x_hex ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y_hex ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z_hex ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &P ) == ret ); From 7dadc2f25990e852f4766a0d3a94bc0b99d02631 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 27 Jan 2017 16:05:20 +0000 Subject: [PATCH 58/70] ECP: Prevent freeing a buffer on stack The function ecp_mod_koblitz computed the space for the result of a multiplication optimally for that specific case, but unfortunately the function mbedtls_mpi_mul_mpi performs a generic, suboptimal calculation and needs one more limb for the result. Since the result's buffer is on the stack, the best case scenario is that the program stops. This only happened on 64 bit platforms. Fixes #569 --- ChangeLog | 8 ++++++++ library/ecp_curves.c | 6 +++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 51c5e2075..99df526ed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,14 @@ Security CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. Introduced by interoperability fix for #513. +Security + * Fixed a bug that caused freeing a buffer that was allocated on the stack, + when verifying the validity of a key on secp224k1. This could be + triggered remotely for example with a maliciously constructed certificate + and might have led to remote code execution on some exotic embedded + platforms. Reported independently by rongsaws and Regina Wilson. + CVE-2017-2784 + Bugfix * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 9a6e8eb18..a2a5495a9 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -1213,7 +1213,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t int ret; size_t i; mbedtls_mpi M, R; - mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R]; + mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; if( N->n < p_limbs ) return( 0 ); @@ -1235,7 +1235,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); if( shift != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) @@ -1257,7 +1257,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); if( shift != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) From 71e9d58dc27c72ff1c402226f18494e760e098b0 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 28 Feb 2017 18:47:27 +0000 Subject: [PATCH 59/70] Clarify ChangeLog for #569 --- ChangeLog | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 99df526ed..f81687bb9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,14 +11,11 @@ Security * Removed MD5 from the allowed hash algorithms for CertificateRequest and CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. Introduced by interoperability fix for #513. - -Security * Fixed a bug that caused freeing a buffer that was allocated on the stack, when verifying the validity of a key on secp224k1. This could be triggered remotely for example with a maliciously constructed certificate - and might have led to remote code execution on some exotic embedded - platforms. Reported independently by rongsaws and Regina Wilson. - CVE-2017-2784 + and potentially could lead to remote code execution on some platforms. + Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784 Bugfix * Fix output certificate verification flags set by x509_crt_verify_top() when From 719aa8bb37891f9c87f7fe8b2a758b8696a30bd0 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 22 Jul 2016 11:54:30 +0100 Subject: [PATCH 60/70] Fix default hostname for verification used in ssl_client1 --- programs/ssl/ssl_client1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 591f737ae..fa7043173 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -180,7 +180,7 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_ssl_set_hostname( &ssl, "mbed TLS Server 1" ) ) != 0 ) + if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); goto exit; From f3870f72b6db8a30c6f039a2c2a667e54eca7234 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 17:23:36 +0200 Subject: [PATCH 61/70] fix for issue 1101: missing rsa context initialization added mbedtls_rsa_init in rsa_decrypt sample application --- programs/pkey/rsa_decrypt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 1cc013dbd..b64e1564a 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -88,6 +88,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); From cde009101bcb1383f04793cee31302c1d01bf8ac Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 1 Mar 2017 22:17:49 +0000 Subject: [PATCH 62/70] Fix Visual Studio template files Adds interim directories to the Visual Studio project files to avoid warning MSB8028 in Visual Studio 2015, where shared directories of intermediate files between project files generate the warning. --- .../data_files/vs2010-app-template.vcxproj | 28 +++++++++++-------- .../data_files/vs2010-main-template.vcxproj | 4 +++ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index 593c22df9..806130a10 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj index 6e30ffe15..773b58a33 100644 --- a/scripts/data_files/vs2010-main-template.vcxproj +++ b/scripts/data_files/vs2010-main-template.vcxproj @@ -65,15 +65,19 @@ true + $(Configuration)\$(TargetName)\ true + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ From 24ce844530f98a8c8c15fb3949fbda88243291d2 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 1 Mar 2017 22:25:12 +0000 Subject: [PATCH 63/70] Update of the Visual Studio files Contains additional project file, ecdh_curve25519.vcxproj, as well as fix for intermediate files causing the warning MSB8028 with Visual Studio 2015. --- visualc/VS2010/aescrypt2.vcxproj | 28 ++-- visualc/VS2010/benchmark.vcxproj | 28 ++-- visualc/VS2010/cert_app.vcxproj | 28 ++-- visualc/VS2010/cert_req.vcxproj | 28 ++-- visualc/VS2010/cert_write.vcxproj | 28 ++-- visualc/VS2010/crl_app.vcxproj | 28 ++-- visualc/VS2010/crypt_and_hash.vcxproj | 28 ++-- visualc/VS2010/dh_client.vcxproj | 28 ++-- visualc/VS2010/dh_genprime.vcxproj | 28 ++-- visualc/VS2010/dh_server.vcxproj | 28 ++-- visualc/VS2010/dtls_client.vcxproj | 28 ++-- visualc/VS2010/dtls_server.vcxproj | 28 ++-- visualc/VS2010/ecdh_curve25519.vcxproj | 173 +++++++++++++++++++++ visualc/VS2010/ecdsa.vcxproj | 28 ++-- visualc/VS2010/gen_entropy.vcxproj | 28 ++-- visualc/VS2010/gen_key.vcxproj | 28 ++-- visualc/VS2010/gen_random_ctr_drbg.vcxproj | 28 ++-- visualc/VS2010/gen_random_havege.vcxproj | 28 ++-- visualc/VS2010/generic_sum.vcxproj | 28 ++-- visualc/VS2010/hello.vcxproj | 28 ++-- visualc/VS2010/key_app.vcxproj | 28 ++-- visualc/VS2010/key_app_writer.vcxproj | 28 ++-- visualc/VS2010/mbedTLS.vcxproj | 4 + visualc/VS2010/mini_client.vcxproj | 28 ++-- visualc/VS2010/mpi_demo.vcxproj | 28 ++-- visualc/VS2010/pem2der.vcxproj | 28 ++-- visualc/VS2010/pk_decrypt.vcxproj | 28 ++-- visualc/VS2010/pk_encrypt.vcxproj | 28 ++-- visualc/VS2010/pk_sign.vcxproj | 28 ++-- visualc/VS2010/pk_verify.vcxproj | 28 ++-- visualc/VS2010/req_app.vcxproj | 28 ++-- visualc/VS2010/rsa_decrypt.vcxproj | 28 ++-- visualc/VS2010/rsa_encrypt.vcxproj | 28 ++-- visualc/VS2010/rsa_genkey.vcxproj | 28 ++-- visualc/VS2010/rsa_sign.vcxproj | 28 ++-- visualc/VS2010/rsa_sign_pss.vcxproj | 28 ++-- visualc/VS2010/rsa_verify.vcxproj | 28 ++-- visualc/VS2010/rsa_verify_pss.vcxproj | 28 ++-- visualc/VS2010/selftest.vcxproj | 28 ++-- visualc/VS2010/ssl_cert_test.vcxproj | 28 ++-- visualc/VS2010/ssl_client1.vcxproj | 28 ++-- visualc/VS2010/ssl_client2.vcxproj | 28 ++-- visualc/VS2010/ssl_fork_server.vcxproj | 28 ++-- visualc/VS2010/ssl_mail_client.vcxproj | 28 ++-- visualc/VS2010/ssl_server.vcxproj | 28 ++-- visualc/VS2010/ssl_server2.vcxproj | 28 ++-- visualc/VS2010/strerror.vcxproj | 28 ++-- visualc/VS2010/udp_proxy.vcxproj | 28 ++-- 48 files changed, 913 insertions(+), 552 deletions(-) create mode 100644 visualc/VS2010/ecdh_curve25519.vcxproj diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj index afbfe48c7..644ef751b 100644 --- a/visualc/VS2010/aescrypt2.vcxproj +++ b/visualc/VS2010/aescrypt2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index ee3ada3be..2655c657c 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj index 0988a298a..e73b5eb2a 100644 --- a/visualc/VS2010/cert_app.vcxproj +++ b/visualc/VS2010/cert_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj index ef3ed2ea2..d378271df 100644 --- a/visualc/VS2010/cert_req.vcxproj +++ b/visualc/VS2010/cert_req.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj index 43c009325..39a3239fc 100644 --- a/visualc/VS2010/cert_write.vcxproj +++ b/visualc/VS2010/cert_write.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj index d7599990d..d4055982e 100644 --- a/visualc/VS2010/crl_app.vcxproj +++ b/visualc/VS2010/crl_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index d9d70ea39..35d4a7b9b 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj index c211badd0..4774caed8 100644 --- a/visualc/VS2010/dh_client.vcxproj +++ b/visualc/VS2010/dh_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index 4e2ee2049..ae8754c0b 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj index 025c54874..ee219971d 100644 --- a/visualc/VS2010/dh_server.vcxproj +++ b/visualc/VS2010/dh_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dtls_client.vcxproj b/visualc/VS2010/dtls_client.vcxproj index 0f51e0470..4b55587f2 100644 --- a/visualc/VS2010/dtls_client.vcxproj +++ b/visualc/VS2010/dtls_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dtls_server.vcxproj b/visualc/VS2010/dtls_server.vcxproj index e643d92a9..114412d37 100644 --- a/visualc/VS2010/dtls_server.vcxproj +++ b/visualc/VS2010/dtls_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj new file mode 100644 index 000000000..092be1714 --- /dev/null +++ b/visualc/VS2010/ecdh_curve25519.vcxproj @@ -0,0 +1,173 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + + + + + {46cf2d25-6a36-4189-b59c-e4815388e554} + + + + {82EE497E-12CC-7C5B-A072-665678ACB43E} + Win32Proj + ecdh_curve25519 + + + + Application + true + Unicode + + + Application + true + Unicode + + + Application + false + true + Unicode + + + Application + false + true + Unicode + Windows7.1SDK + + + + + + + + + + + + + + + + + + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + + + + Level3 + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + NotSet + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + Debug + + + false + + + + + + + Level3 + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + NotSet + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + Debug + + + false + + + + + Level3 + + + MaxSpeed + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + true + true + Release + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + + + + + Level3 + + + MaxSpeed + true + true + WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + true + true + Release + %(AdditionalDependencies); + + + + + + diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index 5d83e1f40..786b838d5 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index d3eee21cb..00905666d 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index e72d47521..c7ee53f57 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index cffbc434c..78da2dfcb 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 729f8fe60..7e638e3c5 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index 3ff156304..b6438610a 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index 1d368951e..e0692d9e2 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index ecd1154ab..47e1b2936 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index 6443005dc..c434baeb6 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 85dc3d809..0d2464444 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -65,15 +65,19 @@ true + $(Configuration)\$(TargetName)\ true + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj index e3007d75b..4dbeb9d62 100644 --- a/visualc/VS2010/mini_client.vcxproj +++ b/visualc/VS2010/mini_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index 881ea2350..dfb68eb9c 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index 50f877d90..3823107e8 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 17f0ffe90..9b689bf8f 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index 2e49348da..c58c1d954 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index 1549dfdc5..4b22d3e21 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index 1aee7aeb7..6d9654c6a 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj index 1d3809527..5c6870ce1 100644 --- a/visualc/VS2010/req_app.vcxproj +++ b/visualc/VS2010/req_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index 67404ef20..fb3f4441c 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index 8fab1d5ef..779c020cd 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index 87e67f47c..756b597b4 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index b24d3a1e3..cf15c7045 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index d4b605c38..67246d12f 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index daaa29da6..8aa85cb3f 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index f8b8c807e..a046fe212 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index 44268d21b..ae85181b0 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_cert_test.vcxproj b/visualc/VS2010/ssl_cert_test.vcxproj index 187c2ec4c..158f2366a 100644 --- a/visualc/VS2010/ssl_cert_test.vcxproj +++ b/visualc/VS2010/ssl_cert_test.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj index 479ca94cc..390593085 100644 --- a/visualc/VS2010/ssl_client1.vcxproj +++ b/visualc/VS2010/ssl_client1.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj index a956922d5..4fcb6adb7 100644 --- a/visualc/VS2010/ssl_client2.vcxproj +++ b/visualc/VS2010/ssl_client2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj index 18c916557..389097684 100644 --- a/visualc/VS2010/ssl_fork_server.vcxproj +++ b/visualc/VS2010/ssl_fork_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj index c1856175c..e85cfcbf8 100644 --- a/visualc/VS2010/ssl_mail_client.vcxproj +++ b/visualc/VS2010/ssl_mail_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj index 09888b750..cf2b258aa 100644 --- a/visualc/VS2010/ssl_server.vcxproj +++ b/visualc/VS2010/ssl_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj index b39ce5dce..5cac05ef9 100644 --- a/visualc/VS2010/ssl_server2.vcxproj +++ b/visualc/VS2010/ssl_server2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index 58feabceb..927942ffe 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/udp_proxy.vcxproj b/visualc/VS2010/udp_proxy.vcxproj index 1ca3e6af9..e1135b9c7 100644 --- a/visualc/VS2010/udp_proxy.vcxproj +++ b/visualc/VS2010/udp_proxy.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + From 429aaee6718bfae61b4b8ae235634c0fdc56c3df Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 8 Feb 2017 14:05:57 +0000 Subject: [PATCH 64/70] Remove use of inttypes.h in MSVC from ssl_server2 The sample application programs/ssl/ssl_server2.c was previously modifies to use inttypes.h to parse a string to a 64-bit integer. However, MSVC does not support C99, so compilation fails. This patch modifies the sample app to use the MSVC specific parsing functions instead of inttypes.h. --- programs/ssl/ssl_server2.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d98b669b5..96bd35f67 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -64,7 +64,10 @@ int main( void ) #include #include #include + +#if !defined(_MSC_VER) #include +#endif #if !defined(_WIN32) #include @@ -1056,8 +1059,13 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "renego_period" ) == 0 ) { - if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 || - opt.renego_period < 2 ) +#if defined(_MSC_VER) + opt.renego_period = _strtoui64( q, NULL, 10 ); +#else + if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 ) + goto usage; +#endif /* _MSC_VER */ + if( opt.renego_period < 2 ) goto usage; } else if( strcmp( p, "exchanges" ) == 0 ) From 956c58ffa9b6b1e776548314790d9ffca46e6737 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Mar 2017 09:18:09 +0000 Subject: [PATCH 65/70] Add fix and credit for #742 to the ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index f81687bb9..7399cad70 100644 --- a/ChangeLog +++ b/ChangeLog @@ -51,6 +51,9 @@ Bugfix by missing calls to mbedtls_pem_free() in cases when a MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and fix proposed by Guido Vranken. #722 + * Fixed the templates used to generate project and solution files for Visual + Studio 2015 as well as the files themselves, to remove a build warning + generated in Visual Studio 2015. Reported by Steve Valliere. #742 = mbed TLS 2.4.1 branch released 2016-12-13 From 12e0b800da41d1478f279f898c77ef01191d194d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 29 Jan 2017 18:51:35 +0200 Subject: [PATCH 66/70] Fix resource leak when using mutex and ssl_cookie When using ssl_cookie with MBEDTLS_THREADING_C, fix a resource leak caused by initiating a mutex in mbedtls_ssl_cookie_free instead of freeing it. Raised and fix suggested by lan Gillingham in the mbed TLS forum Tracked in #771 --- ChangeLog | 2 ++ library/ssl_cookie.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7399cad70..e22fdeea2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,8 @@ Bugfix * Fixed the templates used to generate project and solution files for Visual Studio 2015 as well as the files themselves, to remove a build warning generated in Visual Studio 2015. Reported by Steve Valliere. #742 + * Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C. + Raised and fix suggested by Alan Gillingham in the mbed TLS forum. #771 = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 9fb32de7a..caf119990 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -98,7 +98,7 @@ void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ) mbedtls_md_free( &ctx->hmac_ctx ); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_free( &ctx->mutex ); #endif mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); From 99acfc45213f60957236c2db7671311f033b49c8 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 1 Mar 2017 13:13:15 +0000 Subject: [PATCH 67/70] Fix failing pkparse test case The first three test cases from test_suites_pkparse.data failed because the key file they read requires DES to be read. However, MBEDTLS_DES_C was missing from the dependency list. --- tests/suites/test_suite_pkparse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 5ab3968e2..9c0edbb51 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1,13 +1,13 @@ Parse RSA Key #1 (No password when required) -depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"NULL":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #2 (Correct password) -depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 Parse RSA Key #3 (Wrong password) -depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #4 (DES Encrypted) From d1cc7f6f346a4401dfc05ea8a8575259d7f271bc Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 6 Jan 2017 13:17:35 +0000 Subject: [PATCH 68/70] Fix buffer overflow in mbedtls_mpi_write_string() Fix a buffer overflow when writting a string representation of an MPI number to a buffer in hexadecimal. The problem occurs because hex digits are written in pairs and this is not accounted for in the calculation of the required buffer size when the number of digits is odd. --- ChangeLog | 3 +++ library/bignum.c | 7 ++++++- tests/suites/test_suite_mpi.data | 3 +++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e22fdeea2..0407b6ac7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,6 +56,9 @@ Bugfix generated in Visual Studio 2015. Reported by Steve Valliere. #742 * Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C. Raised and fix suggested by Alan Gillingham in the mbed TLS forum. #771 + * Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI + number to write in hexadecimal is negative and requires an odd number of + digits. Found and fixed by Guido Vranken. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/bignum.c b/library/bignum.c index 4c99e04d6..8b9082cdc 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -534,7 +534,12 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, n = mbedtls_mpi_bitlen( X ); if( radix >= 4 ) n >>= 1; if( radix >= 16 ) n >>= 1; - n += 3; + /* + * Round up the buffer length to an even value to ensure that there is + * enough room for hexadecimal values that can be represented in an odd + * number of digits. + */ + n += 3 + ( ( n + 1 ) & 1 ); if( buflen < n ) { diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index fa65b5f2a..da830feb8 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -46,6 +46,9 @@ mpi_read_write_string:16:"":16:"00":4:0:0 Test mpi_read_write_string #9 (Empty MPI -> dec) mpi_read_write_string:16:"":10:"0":4:0:0 +Test mpi_write_string #10 (Negative hex with odd number of digits) +mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + Base test mbedtls_mpi_read_binary #1 mbedtls_mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924" From 8b987500f232f3fa33ea7c4bee1782a5e0ee94ee Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 7 Mar 2017 12:37:14 +0000 Subject: [PATCH 69/70] Corrected attibution in Changelog --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0407b6ac7..511e0df57 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,7 +15,8 @@ Security when verifying the validity of a key on secp224k1. This could be triggered remotely for example with a maliciously constructed certificate and potentially could lead to remote code execution on some platforms. - Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784 + Reported independently by rongsaws and Aleksandar Nikolic, Cisco Talos + team. #569 CVE-2017-2784 Bugfix * Fix output certificate verification flags set by x509_crt_verify_top() when From 81cf88f6d7de06a766c1e7ee6025d16300c2e9c1 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 7 Mar 2017 19:35:49 +0000 Subject: [PATCH 70/70] Added missing credit to ChangeLog for #555 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 511e0df57..ed66ce98a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -60,6 +60,8 @@ Bugfix * Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI number to write in hexadecimal is negative and requires an odd number of digits. Found and fixed by Guido Vranken. + * Fix unlisted DES configuration dependency in some pkparse test cases. Found + by inestlerode. #555 = mbed TLS 2.4.1 branch released 2016-12-13