Commit Graph

5025 Commits

Author SHA1 Message Date
jiblime
92af9a9792 Fixes definition error when the deprecated MBEDTLS_ZLIB_SUPPORT and ENABLE_ZLIB_SUPPORT macro are defined/enabled for zlib support in mbedtls
100% tests passed, 0 tests failed out of 85

https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1842

https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1862
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
Arto Kinnunen
17540ab74c Fix usage of randomized number in AES
-Fix usage of randomized bits (do not reuse the bits)
-Update comments
2020-01-21 12:01:42 +02:00
Arto Kinnunen
311ab594d7 Flag SCA_CM encrypt/decrypt functions
There is a 50% performance drop in the SCA_CM enabled encrypt and
decrypt functions. Therefore use the older version of encrypt/decypt
functions when SCA_CM is disabled.
2020-01-21 12:01:42 +02:00
Arto Kinnunen
2b24f4280f AES review corrections
-Do not reuse any part of randomized number, use separate byte for
 each purpose.
-Combine some separate loops together to get rid of gap between them
-Extend usage of flow_control
2020-01-21 12:01:42 +02:00
Arto Kinnunen
98c93af1ef Randomize number of AES dummy calculation rounds
Use either 4 or 5 dummy rounds in AES encryption/decryption.
2020-01-21 12:01:42 +02:00
Arto Kinnunen
2eb678f5e8 Update AES SCA countermeasures
-Add dummy rounds to the start and/or end of the AES calculation
 rounds.
2020-01-21 12:01:42 +02:00
Arto Kinnunen
28ecfb002f Merge remote-tracking branch 'upstream/pr/2983' into baremetal
* upstream/pr/2983:
  Fix mbedtls_strerror to work with all wanted codes
2020-01-17 11:21:53 +02:00
Arto Kinnunen
ca1978b7d5 Merge remote-tracking branch 'upstream/pr/2982' into baremetal
* upstream/pr/2982:
  Use mbedtls_platform_memset in data_randomize
  Protect get/put on secret data on AES-module
2020-01-17 11:21:41 +02:00
Arto Kinnunen
d1340e455c Merge remote-tracking branch 'upstream/pr/2980' into baremetal
* upstream/pr/2980:
  Protect get/put on secret data on sha256-module
2020-01-17 11:21:32 +02:00
Arto Kinnunen
10a2ffde5d Merge remote-tracking branch 'upstream/pr/2945' into baremetal
* upstream/pr/2945:
  Rename macro MBEDTLS_MAX_RAND_DELAY
  Update signature of mbedtls_platform_random_delay
  Replace mbedtls_platform_enforce_volatile_reads 2
  Replace mbedtls_platform_enforce_volatile_reads
  Add more variation to random delay countermeasure
  Add random  delay to enforce_volatile_reads
  Update comments of mbedtls_platform_random_delay
  Follow Mbed TLS coding style
  Add random delay function to platform_utils
2020-01-17 11:21:16 +02:00
Jarno Lamsa
8f8c0bdfc7 Use mbedtls_platform_memset in data_randomize
More secure memset should be used here instead
of standard memset.
2020-01-10 08:19:37 +02:00
Jarno Lamsa
282db8e3f8 Protect get/put on secret data on AES-module
When reading the input, buffer will be initialised with random data
and the reading will start from a random offset. When writing the data,
the output will be initialised with random data and the writing will start
from a random offset.
2020-01-10 08:19:37 +02:00
Teppo Järvelin
5bc072f737 Fix mbedtls_strerror to work with all wanted codes 2020-01-09 14:22:32 +02:00
Arto Kinnunen
b148651e49 Rename macro MBEDTLS_MAX_RAND_DELAY
MBEDTLS_MAX_RAND_DELAY renamed to MAX_RAND_DELAY to get CI passing.
2020-01-09 11:11:23 +02:00
Arto Kinnunen
ac6d226939 Update signature of mbedtls_platform_random_delay
Skip parameter and return value from mbedtls_platform_random_delay
to make it more resistant for FI attacks.
2020-01-09 10:19:07 +02:00
Simon Butcher
05ca9d46c1 Merge remote-tracking branch 'public/pr/2979' into baremetal 2020-01-08 18:15:52 +00:00
Simon Butcher
01d78fcefe Merge remote-tracking branch 'public/pr/2971' into baremetal 2020-01-08 18:10:44 +00:00
Simon Butcher
2d9c0eb215 Merge remote-tracking branch 'public/pr/2948' into baremetal 2020-01-08 18:08:28 +00:00
Simon Butcher
4b3b8c208e Merge remote-tracking branch 'public/pr/2886' into baremetal 2020-01-08 17:53:43 +00:00
Jarno Lamsa
bb86c52430 Protect get/put on secret data on sha256-module
When reading the input, the buffer will be initialised with random data
and the reading will start from a random offset. When writing the data,
the output will be initialised with random data and the writing will
start from a random offset.
2020-01-08 10:45:51 +02:00
Teppo Järvelin
cafb6c91b0 Clear internal decrypted buffer after read 2020-01-08 10:25:16 +02:00
Arto Kinnunen
7195571681 Replace mbedtls_platform_enforce_volatile_reads 2
Replace remaining mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
2020-01-07 10:47:58 +02:00
Arto Kinnunen
e91f0dc905 Replace mbedtls_platform_enforce_volatile_reads
Replace function mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
2020-01-07 10:47:58 +02:00
Arto Kinnunen
dbf2b43ceb Add more variation to random delay countermeasure
Add more variation to the random delay function by xor:ing two
variables. It is not enough to increment just a counter to create a
delay as it will be visible as uniform delay that can be easily
removed from the trace by analysis.
2020-01-07 10:47:58 +02:00
Arto Kinnunen
0490485be5 Add random delay to enforce_volatile_reads
Add a random delay to mbedtls_platform_enforce_volatile_reads() as a
countermeasure to fault injection attacks.
2020-01-07 10:47:58 +02:00
Arto Kinnunen
b47b105838 Follow Mbed TLS coding style 2020-01-07 10:47:58 +02:00
Arto Kinnunen
4c63b98e94 Add random delay function to platform_utils
Add delay function to platform_utils. The function will delay
program execution by incrementing local variable randomised number of
times.
2020-01-07 10:47:58 +02:00
Teppo Järvelin
8f7e36fc98 Coverity fixes, check hmac return values 2020-01-05 12:02:37 +02:00
Jarno Lamsa
5aa4c07b85 Minor review fixes 2019-12-20 13:09:27 +02:00
Jarno Lamsa
015aa44b93 Make authmode volatile
This is to enforce reading it from memory for the double
check to prevent compiler from optimising it away.
2019-12-20 12:09:37 +02:00
Jarno Lamsa
af60cd7698 Protect the peer_authenticated flag more
Add more protection to the flag preventing attacker
possibly to glitch using faulty certificate.
2019-12-20 10:50:33 +02:00
Jarno Lamsa
8d09e5744c Increase hamming distance for session resume flag
This is to prevent glitching a single bit for the resume flag.
2019-12-19 17:07:35 +02:00
Jarno Lamsa
489dccd158 Adress review comments 2019-12-19 17:07:35 +02:00
Jarno Lamsa
88db2ae9a0 Use Platform fault when double check fails 2019-12-19 17:07:35 +02:00
Jarno Lamsa
f5b6af01d3 Fix double check in entropy_gather_internal
The double check was wrong way, glitching either check
could have compromised the flow there.
2019-12-19 17:07:29 +02:00
Jarno Lamsa
06164057b3 Check that we have all the proper keys
The proper keys should be set at the end of
the handshake, if not, fail the handshake.
2019-12-19 14:40:36 +02:00
Jarno Lamsa
e1621d4700 Check that the peer_authenticated flag
Check that the peer has been authenticated in the end
of the handshake.
2019-12-19 14:29:24 +02:00
Jarno Lamsa
ba4730fe4c Protect setting of peer_authenticated flag
Use flow counting and double checks when setting the flag.
Also protect the flow to prevent causing a glitch.
2019-12-19 09:43:25 +02:00
Jarno Lamsa
4031a45019 Protect key_derivation_done flag
The flag is used to track that the key derivation
has been done.
2019-12-19 09:43:25 +02:00
Jarno Lamsa
67f0a1e833 Protect setting of premaster_generated flag
The flag is used for tracking if the premaster has
been succesfully generated. Note that when resuming
a session, the flag should not be used when trying to
notice if all the key generation/derivation has been done.
2019-12-19 09:43:19 +02:00
Jarno Lamsa
98801af26b Protect setting of hello_random flag
The handshake flag tells when the handshake hello.random
is set and can be used later to decide if we have the correct
keys.
2019-12-19 09:02:02 +02:00
Jarno Lamsa
6122b59042 Address review comments 2019-12-19 07:56:10 +02:00
Jarno Lamsa
46afd5d8fa Fix CI issues
Default flow assumes failure causes multiple issues with
compatibility tests when the return value is initialised
with error value in ssl_in_server_key_exchange_parse.
The function would need a significant change in structure for this.
2019-12-19 07:56:10 +02:00
Jarno Lamsa
91dbb79ae4 Fix error return code 2019-12-19 07:56:10 +02:00
Jarno Lamsa
b83a2136d6 Protect the return value from mbedtls_pk_verify
Add double checks to the return value and default flow assumes
failure.
2019-12-19 07:56:10 +02:00
Jarno Lamsa
47aab8da8a Protect return value from mbedtls_pk_verify
Use double checks and default flow assumes failure.
2019-12-19 07:56:10 +02:00
Jarno Lamsa
83a56a630a Double check mbedtls_pk_verify
The verification could be skipped in server, changed the default flow
so that the handshake status is ever updated if the verify
succeeds, and that is checked twice.
2019-12-19 07:56:10 +02:00
Jarno Lamsa
acb5eb00ca Add a double check to protect from glitch
Check that the encryption has been done for the outbut buffer.
This is to ensure that glitching out the encryption doesn't
result as a unecrypted buffer to be sent.
2019-12-19 07:56:10 +02:00
Jarno Lamsa
d05da1fa45 Add double check for checking if source is strong
To prevent glitching past a strong source.
2019-12-19 07:56:10 +02:00
Jarno Lamsa
552e8f2d6a Add double check to entropy-loop
To prevent glitching and going through without strong source
2019-12-19 07:56:10 +02:00
Jarno Lamsa
b01800974f Use invalid state
If mismatch in the state has been noticed, use
the invalid state.
2019-12-19 07:56:10 +02:00
Jarno Lamsa
70abd7aadc Add enumeration for invalid state
The invalid state can be used when state-mismatch is noticed.
The invalid state should report a FI-alert upwards.
2019-12-19 07:56:10 +02:00
Jarno Lamsa
2b20516b60 Make TLS state changes explicit
This is to enable hardening the security when changing
states in state machine so that the state cannot be changed by bit flipping.
The later commit changes the enumerations so that the states have large
hamming distance in between them to prevent this kind of attack.
2019-12-19 07:56:10 +02:00
Simon Butcher
171f422109 Merge remote-tracking branch 'public/pr/2952' into baremetal 2019-12-13 14:51:40 +00:00
Simon Butcher
e76c638d6f Merge remote-tracking branch 'public/pr/2925' into baremetal 2019-12-13 14:51:29 +00:00
Arto Kinnunen
6ce4988768 AES FI resistance
Add FI countermeasures to AES.
2019-12-10 15:00:37 +02:00
Arto Kinnunen
76deef9fca Update AES SCA random number function
-Replace usage of rand() with mbedtls_platform_random_in_range()
-Prevent for-ever loop by hardcoding SCA countermeasure position in
 case of used random function is always returning constant number.
2019-12-10 14:54:43 +02:00
Arto Kinnunen
f44f7d465a AES CM review corrections
-Use separate control bytes for start and final round to get them
 randomized separately.
-Remove struct name.
-Fix comments and follow Mbed TLS coding style.
2019-12-10 14:54:43 +02:00
Arto Kinnunen
34139ba9fc Updates to AES countermeasures
-Update comments regarding flag MBEDTLS_AES_SCA_COUNTERMEASURES
-Remove MBEDTLS_AES_SCA_COUNTERMEASURES dependency check
-More comments and coding style changes
2019-12-10 14:54:43 +02:00
Arto Kinnunen
7543901b6a Follow Mbed TLS coding style
Fix remaining if-clauses.
2019-12-10 14:54:43 +02:00
Arto Kinnunen
425137a0fa Follow Mbed TLS coding style
-Fix multiple for clauses
-Remove redundant check
2019-12-10 14:54:43 +02:00
Arto Kinnunen
c3532c2339 Improve SCA CM AES performance
SCA CM implementation caused AES performance drop. For example
AES-CCM-128 calculation speed was dropped from 240 KB/s to 111 KB/s.
(-54%), Similarily AES-CBC-128 calculation speed was dropped from
536 KB/s to 237 KB/s (-56%).

Use functions instead of macros to reduce code indirections and
therefore increase performance. Now the performance is 163 KB/s for
AES-CCM-128 (-32%) and 348 KB/s for AES-CBC-128 (-35%).

When SCA countermeasures are activated the performance is as follows:
122 KB/s for AES-CCM-128 (-49%) and 258 KB/s for AES-CBC-128 (-52%)
compared to the original AES implementation.
2019-12-10 14:54:43 +02:00
Arto Kinnunen
172836a281 Rework AES countermeasures implementation
Use control bytes to instruct AES calculation rounds. Each
calculation round has a control byte that indicates what data
(real/fake) is used and if any offset is required for AES data
positions.

First and last AES calculation round are calculated with SCA CM data
included. The calculation order is randomized by the control bytes.

Calculations between the first and last rounds contains 3 SCA CMs
in randomized positions.
2019-12-10 14:54:43 +02:00
Arto Kinnunen
b2be92e2c7 Update AES SCA flag to version_features.c 2019-12-10 14:54:43 +02:00
Arto Kinnunen
45a475f293 Follow Mbed TLS coding style 2019-12-10 14:54:43 +02:00
Arto Kinnunen
430ac13112 Add config and test for AES SCA countermeasures
- Add configuration for AES_SCA_COUNTERMEASURES to config.h. By
  default the feature is disabled.
- Add AES_SCA_COUNTERMEASURES configuration check to check_config.h
- Add AES_SCA_COUNTERMEASURES test to all.sh
2019-12-10 14:54:43 +02:00
Arto Kinnunen
f93d55e3ce Add SCA countermeasures to AES calculation
- 3 additional dummy AES rounds calculated with random data for each
  AES encryption/decryption
- additional rounds can be occur in any point in sequence of rounds
2019-12-10 14:54:43 +02:00
Simon Butcher
501c466d01 Merge remote-tracking branch 'public/pr/2934' into baremetal 2019-12-05 14:32:44 +00:00
Simon Butcher
5b45c6e1b3 Merge remote-tracking branch 'public/pr/2932' into baremetal 2019-12-05 14:32:31 +00:00
Simon Butcher
7c5de360da Merge remote-tracking branch 'public/pr/2922' into baremetal 2019-12-05 14:31:03 +00:00
Arto Kinnunen
de657fca6b Revert "Disable use of HRNG in SCA-hardened mem-functions"
This reverts commit 1e96b46b03.
2019-12-04 16:30:54 +02:00
Manuel Pégourié-Gonnard
766c9e9781 Improve description of ERR_PLATFORM_FAULT_DETECTED 2019-11-29 09:40:08 +01:00
Arto Kinnunen
ec37a89bf3 Save ROM by using int instead of char
Save 20 bytes of ROM by changing variable type from char to int.
2019-11-28 13:43:02 +02:00
Manuel Pégourié-Gonnard
9ca11fc892 Fix issues found by the CI
- MSVC doesn't like -1u
- We need to include platform.h for MBEDTLS_ERR_PLATFORM_FAULT_DETECTED - in
  some configurations it was already included indirectly, but not in all
configurations, so better include it directly.
2019-11-28 12:07:01 +01:00
Manuel Pégourié-Gonnard
6bdc6809da Initialise variables to failing values 2019-11-28 10:40:03 +01:00
Manuel Pégourié-Gonnard
9d6a535ba1 Return and propagate UECC_FAULT_DETECTED
This commit first changes the return convention of EccPoint_mult_safer() so
that it properly reports when faults are detected. Then all functions that
call it need to be changed to (1) follow the same return convention and (2)
properly propagate UECC_FAULT_DETECTED when it occurs.

Here's the reverse call graph from EccPoint_mult_safer() to the rest of the
library (where return values are translated to the MBEDTLS_ERR_ space) and test
functions (where expected return values are asserted explicitly).

EccPoint_mult_safer()
    EccPoint_compute_public_key()
        uECC_compute_public_key()
            pkparse.c
            tests/suites/test_suite_pkparse.function
        uECC_make_key_with_d()
        uECC_make_key()
            ssl_cli.c
            ssl_srv.c
            tests/suites/test_suite_pk.function
            tests/suites/test_suite_tinycrypt.function
    uECC_shared_secret()
        ssl_tls.c
        tests/suites/test_suite_tinycrypt.function
    uECC_sign_with_k()
        uECC_sign()
            pk.c
            tests/suites/test_suite_tinycrypt.function

Note: in uECC_sign_with_k() a test for uECC_vli_isZero(p) is suppressed
because it is redundant with a more thorough test (point validity) done at the
end of EccPoint_mult_safer(). This redundancy was introduced in a previous
commit but not noticed earlier.
2019-11-26 12:54:06 +01:00
Manuel Pégourié-Gonnard
4d6186beb0 Rename ATTACK_DETECTED to FAULT_DETECTED
We don't know for sure it's an attack, it could be the hardware failing
randomly as well.
2019-11-26 12:54:06 +01:00
Manuel Pégourié-Gonnard
1a5337179f Remove curve parameter from public functions 2019-11-26 12:54:06 +01:00
Manuel Pégourié-Gonnard
677b7f6c42 Fix direct use of struct instead of abstract type 2019-11-26 12:54:06 +01:00
Arto Kinnunen
c5bbdd411c Include platform.h in hmac_drbg.c and md.c
Include platform.h to find MBEDTLS_ERR_PLATFORM_FAULT_DETECTED.
2019-11-25 17:32:28 +02:00
Arto Kinnunen
5299a42f25 Update HMAC and MD FI countermeasures
-Return error value by default.
-Success is returned only after checking internal states.
-Append flow_control to cover also last function call.
2019-11-25 16:29:10 +02:00
Arto Kinnunen
5b36693774 Harden hmac_drbg and md against fault injection
-Add flow monitor, loop integrity check and variable doubling to
 harden mbedtls_hmac_drbg_update_ret.

-Use longer hamming distance for nonce usage in hmac_drbg_reseed_core

-Return actual value instead of success in mbedtls_hmac_drbg_seed and
 mbedtls_hmac_drbg_seed_buf

-Check illegal condition in hmac_drbg_reseed_core.

-Double buf/buf_len variables in mbedtls_hmac_drbg_random_with_add

-Add more hamming distance to MBEDTLS_HMAC_DRBG_PR_ON/OFF
2019-11-25 13:45:44 +02:00
Simon Butcher
45fd0d68d9 Add USE_TINYCRYPT build option to CMake files
Adds the USE_TINYCRYPT build option to the CMake build files. Default is
enabled.
2019-11-22 16:56:17 +00:00
Simon Butcher
9699887185 Add Makefile option to exclude TinyCrypt files
Added an additional Makefile option of 'TINYCRYPT_BUILD' to exclude the
TinyCrypt source files from the build. This allows some tests to exclude those
files as and when necessary.

Specifically this includes in all.sh the test
'component_build_arm_none_eabi_gcc_no_64bit_multiplication' which was failing as
64bit cannot be disabled in TinyCrypt, and check-names.sh as TinyCrypt obviously
does not conform to Mbed TLS naming conventions.
2019-11-22 15:09:39 +00:00
Manuel Pégourié-Gonnard
18761926a8 Fix double-check for bad signature
In the previous version, it was enough for the attacker to glitch the
top-level 'if' to skip the entire block. We want two independent blocks here,
so that an attacker can only succeed with two successive glitches.
2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
4c9b556e38 Add double-check for flags == 0 in crt_verify()
Also move to "default flow assumes failure" while at it.
2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
ea7eab1fde Add redundancy (Hamming distance) to cert flags
Before this commit, if a certificate only had one issue (for example, if the
"untrusted" bit was the only set in flags), an attacker that could flip this
single bit between the moment it's set and the moment flags are checked before
returning from mbedtls_x509_crt_verify() could make the entire verification
routine appear to succeed (return 0 with no bit set in flags).

Avoid that by making sure that flags always has either 0 or at least 9 bits
set during the execution of the function. However, to preserve the API, clear
the 8 extra bits before returning. This doesn't open the door to other
attacks, as fortunately the API already had redundancy: either both flags and
the return value are 0, or flags has bits set and the return value is non-zero
with at least 16 bits set (assuming 32-bit 2-complement ints).
2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
81c1fc4132 Add double check on bad signature flagging 2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
f66657ac44 Use large Hamming distance for signature validity
If signature_is_good is 0 (invalid) of 1 (valid), then it's all too easy for
an active physical attacker to turn invalid into valid by flipping a single
bit in RAM, on the bus or in a CPU register.

Use a special value to represent "valid" that can't easily be reached by
flipping a few bits.
2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
d1e55dfce6 Add double check on cert signature verification
x509_crt_check_signature() directly returns the return value of
pk_verify_xxx() without looking at it, so nothing to do here. But its caller
compares the value to 0, which ought to be double-checked.
2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
72a8c9e7dc Force some compilers to respect volatile reads
Inspection of the generated assembly showed that before this commit, armcc 5
was optimizing away the successive reads to the volatile local variable that's
used for double-checks. Inspection also reveals that inserting a call to an
external function is enough to prevent it from doing that.

The tested versions of ARM-GCC, Clang and Armcc 6 (aka armclang) all keep the
double read, with our without a call to an external function in the middle.

The inserted function can also be changed to insert a random delay if
desired in the future, as it is appropriately places between the reads.
2019-11-21 15:14:59 +01:00
Manuel Pégourié-Gonnard
ca7b5ab5ef Use double-checking of critical value in pk_verify()
Also change the flow so that the default return value is a failing one.
2019-11-21 15:14:59 +01:00
Manuel Pégourié-Gonnard
324c6e9cc9 Add error code MBEDTLS_ERR_PLATFORM_FAULT_DETECTED
This can be used by Mbed TLS functions in any module to signal that a fault
attack is likely happening, so this can be appropriately handled by the
application (report, fall back to safer mode or even halt, etc.)
2019-11-21 15:14:59 +01:00
Manuel Pégourié-Gonnard
10d8e8ed64 Use safer return values in uECC_verify()
This is a first step in protecting against fault injection attacks: the
attacker can no longer change failure into success by flipping a single bit.
Additional steps are needed to prevent other attacks (instruction skip etc)
and will be the object of future commits.

The return value of uECC_vli_equal() should be protected as well, which will
be done in a future commit as well.
2019-11-21 15:12:44 +01:00
Simon Butcher
a3877007e6 Merge remote-tracking branch 'public/pr/2876' into baremetal 2019-11-20 12:00:18 +00:00
Manuel Pégourié-Gonnard
1e96b46b03 Disable use of HRNG in SCA-hardened mem-functions
This is a temporary work-around for an integration issue.

A future task will re-integrate randomness into these functions are their
entire point is to be randomized; this is really just temporary.
2019-11-19 11:49:05 +01:00
Teppo Järvelin
d49d2b6d4f Changed mbedtls_platform_memset/cpy/cmp in selftest functions back to original methods 2019-10-30 14:07:04 +02:00
Teppo Järvelin
6f4e030166 Changed mbedtls_platform_memcpy to memcpy in places which don't handle critical data
and under baremetal define
2019-10-30 14:07:04 +02:00
Teppo Järvelin
b5c4671a80 Changed mbedtls_platform_memcpy back to memcpy for selftest and test functions 2019-10-30 14:07:04 +02:00
Teppo Järvelin
3137fb271a Added include platform_util.h to padlock.c to fix compile with all defines variants 2019-10-30 14:07:04 +02:00