ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update mbed TLS feature to mbedtls-2.4.2

pull/3877/head
Andres AG 2017-03-03 13:30:37 +00:00
parent b2726470f6
commit 1c8d7c1115
29 changed files with 405 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
features/mbedtls/VERSION.txt
View File

@ -1 +1 @@
mbedtls-2.4.0 mbedtls-2.4.2

2
features/mbedtls/importer/Makefile
View File

@ -27,7 +27,7 @@
# #
# Set the mbed TLS release to import (this can/should be edited before import) # Set the mbed TLS release to import (this can/should be edited before import)
MBED_TLS_RELEASE ?= mbedtls-2.4.0 MBED_TLS_RELEASE ?= mbedtls-2.4.2
# Translate between mbed TLS namespace and mbed namespace # Translate between mbed TLS namespace and mbed namespace
TARGET_PREFIX:=../ TARGET_PREFIX:=../

10
features/mbedtls/inc/mbedtls/cmac.h
View File

@ -58,9 +58,13 @@ struct mbedtls_cmac_context_t
/** /**
* \brief Set the CMAC key and prepare to authenticate the input * \brief Set the CMAC key and prepare to authenticate the input
* data. * data.
* Should be called with an initialised cipher context. * Should be called with an initialized cipher context.
* *
* \param ctx Cipher context * \param ctx Cipher context. This should be a cipher context,
* initialized to be one of the following types:
* MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB,
* MBEDTLS_CIPHER_AES_256_ECB or
* MBEDTLS_CIPHER_DES_EDE3_ECB.
* \param key CMAC key * \param key CMAC key
* \param keybits length of the CMAC key in bits * \param keybits length of the CMAC key in bits
* (must be acceptable by the cipher) * (must be acceptable by the cipher)
@ -115,7 +119,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
/** /**
* \brief Output = Generic_CMAC( hmac key, input buffer ) * \brief Output = Generic_CMAC( cmac key, input buffer )
* *
* \param cipher_info message digest info * \param cipher_info message digest info
* \param key CMAC key * \param key CMAC key

1
features/mbedtls/inc/mbedtls/compat-1.3.h
View File

@ -2453,7 +2453,6 @@
#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support #define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
#define ssl_set_authmode mbedtls_ssl_conf_authmode #define ssl_set_authmode mbedtls_ssl_conf_authmode
#define ssl_set_bio mbedtls_ssl_set_bio #define ssl_set_bio mbedtls_ssl_set_bio
#define ssl_set_bio mbedtls_ssl_set_bio_timeout
#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain #define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting #define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites #define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites

62
features/mbedtls/inc/mbedtls/config.h
View File

@ -1540,7 +1540,7 @@
* library/pkwrite.c * library/pkwrite.c
* library/x509_create.c * library/x509_create.c
* library/x509write_crt.c * library/x509write_crt.c
* library/mbedtls_x509write_csr.c * library/x509write_csr.c
*/ */
#define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_ASN1_WRITE_C
@ -1901,7 +1901,7 @@
* *
* Enable the generic message digest layer. * Enable the generic message digest layer.
* *
* Module: library/mbedtls_md.c * Module: library/md.c
* Caller: * Caller:
* *
* Uncomment to enable generic message digest wrappers. * Uncomment to enable generic message digest wrappers.
@ -1913,7 +1913,7 @@
* *
* Enable the MD2 hash algorithm. * Enable the MD2 hash algorithm.
* *
* Module: library/mbedtls_md2.c * Module: library/md2.c
* Caller: * Caller:
* *
* Uncomment to enable support for (rare) MD2-signed X.509 certs. * Uncomment to enable support for (rare) MD2-signed X.509 certs.
@ -1925,7 +1925,7 @@
* *
* Enable the MD4 hash algorithm. * Enable the MD4 hash algorithm.
* *
* Module: library/mbedtls_md4.c * Module: library/md4.c
* Caller: * Caller:
* *
* Uncomment to enable support for (rare) MD4-signed X.509 certs. * Uncomment to enable support for (rare) MD4-signed X.509 certs.
@ -1937,8 +1937,8 @@
* *
* Enable the MD5 hash algorithm. * Enable the MD5 hash algorithm.
* *
* Module: library/mbedtls_md5.c * Module: library/md5.c
* Caller: library/mbedtls_md.c * Caller: library/md.c
* library/pem.c * library/pem.c
* library/ssl_tls.c * library/ssl_tls.c
* *
@ -1995,11 +1995,11 @@
* library/rsa.c * library/rsa.c
* library/x509.c * library/x509.c
* library/x509_create.c * library/x509_create.c
* library/mbedtls_x509_crl.c * library/x509_crl.c
* library/mbedtls_x509_crt.c * library/x509_crt.c
* library/mbedtls_x509_csr.c * library/x509_csr.c
* library/x509write_crt.c * library/x509write_crt.c
* library/mbedtls_x509write_csr.c * library/x509write_csr.c
* *
* This modules translates between OIDs and internal values. * This modules translates between OIDs and internal values.
*/ */
@ -2027,9 +2027,9 @@
* Module: library/pem.c * Module: library/pem.c
* Caller: library/dhm.c * Caller: library/dhm.c
* library/pkparse.c * library/pkparse.c
* library/mbedtls_x509_crl.c * library/x509_crl.c
* library/mbedtls_x509_crt.c * library/x509_crt.c
* library/mbedtls_x509_csr.c * library/x509_csr.c
* *
* Requires: MBEDTLS_BASE64_C * Requires: MBEDTLS_BASE64_C
* *
@ -2045,7 +2045,7 @@
* Module: library/pem.c * Module: library/pem.c
* Caller: library/pkwrite.c * Caller: library/pkwrite.c
* library/x509write_crt.c * library/x509write_crt.c
* library/mbedtls_x509write_csr.c * library/x509write_csr.c
* *
* Requires: MBEDTLS_BASE64_C * Requires: MBEDTLS_BASE64_C
* *
@ -2075,8 +2075,8 @@
* Enable the generic public (asymetric) key parser. * Enable the generic public (asymetric) key parser.
* *
* Module: library/pkparse.c * Module: library/pkparse.c
* Caller: library/mbedtls_x509_crt.c * Caller: library/x509_crt.c
* library/mbedtls_x509_csr.c * library/x509_csr.c
* *
* Requires: MBEDTLS_PK_C * Requires: MBEDTLS_PK_C
* *
@ -2167,8 +2167,8 @@
* *
* Enable the RIPEMD-160 hash algorithm. * Enable the RIPEMD-160 hash algorithm.
* *
* Module: library/mbedtls_ripemd160.c * Module: library/ripemd160.c
* Caller: library/mbedtls_md.c * Caller: library/md.c
* *
*/ */
//#define MBEDTLS_RIPEMD160_C //#define MBEDTLS_RIPEMD160_C
@ -2196,8 +2196,8 @@
* *
* Enable the SHA1 cryptographic hash algorithm. * Enable the SHA1 cryptographic hash algorithm.
* *
* Module: library/mbedtls_sha1.c * Module: library/sha1.c
* Caller: library/mbedtls_md.c * Caller: library/md.c
* library/ssl_cli.c * library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
@ -2212,9 +2212,9 @@
* *
* Enable the SHA-224 and SHA-256 cryptographic hash algorithms. * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
* *
* Module: library/mbedtls_sha256.c * Module: library/sha256.c
* Caller: library/entropy.c * Caller: library/entropy.c
* library/mbedtls_md.c * library/md.c
* library/ssl_cli.c * library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
@ -2229,9 +2229,9 @@
* *
* Enable the SHA-384 and SHA-512 cryptographic hash algorithms. * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
* *
* Module: library/mbedtls_sha512.c * Module: library/sha512.c
* Caller: library/entropy.c * Caller: library/entropy.c
* library/mbedtls_md.c * library/md.c
* library/ssl_cli.c * library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* *
@ -2379,9 +2379,9 @@
* Enable X.509 core for using certificates. * Enable X.509 core for using certificates.
* *
* Module: library/x509.c * Module: library/x509.c
* Caller: library/mbedtls_x509_crl.c * Caller: library/x509_crl.c
* library/mbedtls_x509_crt.c * library/x509_crt.c
* library/mbedtls_x509_csr.c * library/x509_csr.c
* *
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
* MBEDTLS_PK_PARSE_C * MBEDTLS_PK_PARSE_C
@ -2395,7 +2395,7 @@
* *
* Enable X.509 certificate parsing. * Enable X.509 certificate parsing.
* *
* Module: library/mbedtls_x509_crt.c * Module: library/x509_crt.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
@ -2411,8 +2411,8 @@
* *
* Enable X.509 CRL parsing. * Enable X.509 CRL parsing.
* *
* Module: library/mbedtls_x509_crl.c * Module: library/x509_crl.c
* Caller: library/mbedtls_x509_crt.c * Caller: library/x509_crt.c
* *
* Requires: MBEDTLS_X509_USE_C * Requires: MBEDTLS_X509_USE_C
* *
@ -2425,7 +2425,7 @@
* *
* Enable X.509 Certificate Signing Request (CSR) parsing. * Enable X.509 Certificate Signing Request (CSR) parsing.
* *
* Module: library/mbedtls_x509_csr.c * Module: library/x509_csr.c
* Caller: library/x509_crt_write.c * Caller: library/x509_crt_write.c
* *
* Requires: MBEDTLS_X509_USE_C * Requires: MBEDTLS_X509_USE_C

2
features/mbedtls/inc/mbedtls/rsa.h
View File

@ -206,7 +206,7 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rs
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
* *
* \note This function does NOT take care of message * \note This function does NOT take care of message
* padding. Also, be sure to set input[0] = 0 or assure that * padding. Also, be sure to set input[0] = 0 or ensure that
* input is smaller than N. * input is smaller than N.
* *
* \note The input and output buffers must be large * \note The input and output buffers must be large

17
features/mbedtls/inc/mbedtls/ssl.h
View File

@ -1146,7 +1146,7 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
* *
* \note See the documentation of \c mbedtls_ssl_set_timer_t and * \note See the documentation of \c mbedtls_ssl_set_timer_t and
* \c mbedtls_ssl_get_timer_t for the conventions this pair of * \c mbedtls_ssl_get_timer_t for the conventions this pair of
* callbacks must fallow. * callbacks must follow.
* *
* \note On some platforms, timing.c provides * \note On some platforms, timing.c provides
* \c mbedtls_timing_set_delay() and * \c mbedtls_timing_set_delay() and
@ -2183,7 +2183,7 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_
/** /**
* \brief Set record counter threshold for periodic renegotiation. * \brief Set record counter threshold for periodic renegotiation.
* (Default: 2^64 - 256.) * (Default: 2^48 - 1)
* *
* Renegotiation is automatically triggered when a record * Renegotiation is automatically triggered when a record
* counter (outgoing or ingoing) crosses the defined * counter (outgoing or ingoing) crosses the defined
@ -2194,9 +2194,17 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_
* Lower values can be used to enforce policies such as "keys * Lower values can be used to enforce policies such as "keys
* must be refreshed every N packets with cipher X". * must be refreshed every N packets with cipher X".
* *
* The renegotiation period can be disabled by setting
* conf->disable_renegotiation to
* MBEDTLS_SSL_RENEGOTIATION_DISABLED.
*
* \note When the configured transport is
* MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
* period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,
* the maximum renegotiation period is 2^64 - 1.
*
* \param conf SSL configuration * \param conf SSL configuration
* \param period The threshold value: a big-endian 64-bit number. * \param period The threshold value: a big-endian 64-bit number.
* Set to 2^64 - 1 to disable periodic renegotiation
*/ */
void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] ); const unsigned char period[8] );
@ -2428,7 +2436,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
* \param len how many bytes must be written * \param len how many bytes must be written
* *
* \return the number of bytes actually written (may be less than len), * \return the number of bytes actually written (may be less than len),
* or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ, * or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
* or another negative error code. * or another negative error code.
* *
* \note If this function returns something other than a positive * \note If this function returns something other than a positive
@ -2513,7 +2521,6 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
* \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
* \param preset a MBEDTLS_SSL_PRESET_XXX value * \param preset a MBEDTLS_SSL_PRESET_XXX value
* (currently unused).
* *
* \note See \c mbedtls_ssl_conf_transport() for notes on DTLS. * \note See \c mbedtls_ssl_conf_transport() for notes on DTLS.
* *

8
features/mbedtls/inc/mbedtls/version.h
View File

@ -39,16 +39,16 @@
*/ */
#define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 4 #define MBEDTLS_VERSION_MINOR 4
#define MBEDTLS_VERSION_PATCH 0 #define MBEDTLS_VERSION_PATCH 2
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define MBEDTLS_VERSION_NUMBER 0x02040000 #define MBEDTLS_VERSION_NUMBER 0x02040200
#define MBEDTLS_VERSION_STRING "2.4.0" #define MBEDTLS_VERSION_STRING "2.4.2"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.0" #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.2"
#if defined(MBEDTLS_VERSION_C) #if defined(MBEDTLS_VERSION_C)

2
features/mbedtls/inc/mbedtls/x509.h
View File

@ -157,7 +157,7 @@
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
#define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14) #define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14)
#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */ #define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16)
/* /*
* Storage format identifiers * Storage format identifiers

6
features/mbedtls/src/base64.c
View File

@ -192,7 +192,11 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
return( 0 ); return( 0 );
} }
n = ( ( n * 6 ) + 7 ) >> 3; /* The following expression is to calculate the following formula without
* risk of integer overflow in n:
* n = ( ( n * 6 ) + 7 ) >> 3;
*/
n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
n -= j; n -= j;
if( dst == NULL || dlen < n ) if( dst == NULL || dlen < n )

7
features/mbedtls/src/bignum.c
View File

@ -534,7 +534,12 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
n = mbedtls_mpi_bitlen( X ); n = mbedtls_mpi_bitlen( X );
if( radix >= 4 ) n >>= 1; if( radix >= 4 ) n >>= 1;
if( radix >= 16 ) n >>= 1; if( radix >= 16 ) n >>= 1;
n += 3; /*
* Round up the buffer length to an even value to ensure that there is
* enough room for hexadecimal values that can be represented in an odd
* number of digits.
*/
n += 3 + ( ( n + 1 ) & 1 );
if( buflen < n ) if( buflen < n )
{ {

4
features/mbedtls/src/cipher.c
View File

@ -326,9 +326,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
* If there is not enough data for a full block, cache it. * If there is not enough data for a full block, cache it.
*/ */
if( ( ctx->operation == MBEDTLS_DECRYPT && if( ( ctx->operation == MBEDTLS_DECRYPT &&
ilen + ctx->unprocessed_len <= block_size ) || ilen <= block_size - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_ENCRYPT && ( ctx->operation == MBEDTLS_ENCRYPT &&
ilen + ctx->unprocessed_len < block_size ) ) ilen < block_size - ctx->unprocessed_len ) )
{ {
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
ilen ); ilen );

241
features/mbedtls/src/cmac.c
View File

@ -26,7 +26,7 @@
* *
* - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The
* CMAC Mode for Authentication * CMAC Mode for Authentication
* http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf * http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
* *
* - RFC 4493 - The AES-CMAC Algorithm * - RFC 4493 - The AES-CMAC Algorithm
* https://tools.ietf.org/html/rfc4493 * https://tools.ietf.org/html/rfc4493
@ -62,7 +62,7 @@
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)
#include <stdio.h> #include <stdio.h>
#define mbedtls_printf printf #define mbedtls_printf printf
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C || MBEDTLS_DES_C */ #endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
@ -80,7 +80,7 @@ static void mbedtls_zeroize( void *v, size_t n ) {
* with R_64 = 0x1B and R_128 = 0x87 * with R_64 = 0x1B and R_128 = 0x87
* *
* Input and output MUST NOT point to the same buffer * Input and output MUST NOT point to the same buffer
* Block size must be 8 byes or 16 bytes - the block sizes for DES and AES. * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES.
*/ */
static int cmac_multiply_by_u( unsigned char *output, static int cmac_multiply_by_u( unsigned char *output,
const unsigned char *input, const unsigned char *input,
@ -105,7 +105,7 @@ static int cmac_multiply_by_u( unsigned char *output,
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
} }
for( i = blocksize - 1; i >= 0; i-- ) for( i = (int)blocksize - 1; i >= 0; i-- )
{ {
output[i] = input[i] << 1 | overflow; output[i] = input[i] << 1 | overflow;
overflow = input[i] >> 7; overflow = input[i] >> 7;
@ -209,7 +209,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if( ( retval = mbedtls_cipher_setkey( ctx, key, keybits, if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits,
MBEDTLS_ENCRYPT ) ) != 0 ) MBEDTLS_ENCRYPT ) ) != 0 )
return( retval ); return( retval );
@ -244,8 +244,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
{ {
mbedtls_cmac_context_t* cmac_ctx; mbedtls_cmac_context_t* cmac_ctx;
unsigned char *state; unsigned char *state;
int n, j, ret = 0; int ret = 0;
size_t olen, block_size; size_t n, j, olen, block_size;
if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || if( ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
ctx->cmac_ctx == NULL ) ctx->cmac_ctx == NULL )
@ -280,8 +280,9 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
/* n is the number of blocks including any final partial block */ /* n is the number of blocks including any final partial block */
n = ( ilen + block_size - 1 ) / block_size; n = ( ilen + block_size - 1 ) / block_size;
/* Iterate across the input data in block sized chunks */ /* Iterate across the input data in block sized chunks, excluding any
for( j = 0; j < n - 1; j++ ) * final partial or complete block */
for( j = 1; j < n; j++ )
{ {
cmac_xor_block( state, input, state, block_size ); cmac_xor_block( state, input, state, block_size );
@ -469,8 +470,9 @@ exit:
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)
/* /*
* CMAC test data from SP800-38B Appendix D.1 (corrected) * CMAC test data for SP800-38B
* http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CMAC.pdf
* http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/TDES_CMAC.pdf
* *
* AES-CMAC-PRF-128 test data from RFC 4615 * AES-CMAC-PRF-128 test data from RFC 4615
* https://tools.ietf.org/html/rfc4615#page-4 * https://tools.ietf.org/html/rfc4615#page-4
@ -482,128 +484,148 @@ exit:
#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C)
/* All CMAC test inputs are truncated from the same 64 byte buffer. */ /* All CMAC test inputs are truncated from the same 64 byte buffer. */
static const unsigned char test_message[] = { static const unsigned char test_message[] = {
0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, /* PT */
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
}; };
#endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */ #endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_AES_C)
/* Truncation point of message for AES CMAC tests */ /* Truncation point of message for AES CMAC tests */
static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
/* Mlen */
0, 0,
16, 16,
40, 20,
64 64
}; };
/* AES 128 CMAC Test Data */ /* CMAC-AES128 Test Data */
static const unsigned char aes_128_key[16] = { static const unsigned char aes_128_key[16] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
}; };
static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, /* K1 */
0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66,
0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde
}, },
{ {
0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, /* K2 */
0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc,
0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b
} }
}; };
static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, /* Example #1 */
0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
}, },
{ {
0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, /* Example #2 */
0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
}, },
{ {
0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, /* Example #3 */
0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 0x7d, 0x85, 0x44, 0x9e, 0xa6, 0xea, 0x19, 0xc8,
0x23, 0xa7, 0xbf, 0x78, 0x83, 0x7d, 0xfa, 0xde
}, },
{ {
0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, /* Example #4 */
0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
} }
}; };
/* AES 192 CMAC Test Data */ /* CMAC-AES192 Test Data */
static const unsigned char aes_192_key[24] = { static const unsigned char aes_192_key[24] = {
0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
}; };
static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, /* K1 */
0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27,
0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96
}, },
{ {
0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, /* K2 */
0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e,
0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c
} }
}; };
static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, /* Example #1 */
0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
}, },
{ {
0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, /* Example #2 */
0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
}, },
{ {
0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, /* Example #3 */
0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e 0x3d, 0x75, 0xc1, 0x94, 0xed, 0x96, 0x07, 0x04,
0x44, 0xa9, 0xfa, 0x7e, 0xc7, 0x40, 0xec, 0xf8
}, },
{ {
0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, /* Example #4 */
0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
} }
}; };
/* AES 256 CMAC Test Data */ /* CMAC-AES256 Test Data */
static const unsigned char aes_256_key[32] = { static const unsigned char aes_256_key[32] = {
0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
}; };
static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, /* K1 */
0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac,
0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f
}, },
{ {
0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, /* K2 */
0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58,
0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9
} }
}; };
static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, /* Example #1 */
0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
}, },
{ {
0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, /* Example #2 */
0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
}, },
{ {
0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, /* Example #3 */
0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6 0x15, 0x67, 0x27, 0xdc, 0x08, 0x78, 0x94, 0x4a,
0x02, 0x3c, 0x1f, 0xe0, 0x3b, 0xad, 0x6d, 0x93
}, },
{ {
0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, /* Example #4 */
0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
} }
}; };
#endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_AES_C */
@ -612,66 +634,84 @@ static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTL
/* Truncation point of message for 3DES CMAC tests */ /* Truncation point of message for 3DES CMAC tests */
static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
0, 0,
8, 16,
20, 20,
32 32
}; };
/* 3DES 2 Key CMAC Test Data */ /* CMAC-TDES (Generation) - 2 Key Test Data */
static const unsigned char des3_2key_key[24] = { static const unsigned char des3_2key_key[24] = {
0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, /* Key1 */
0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 /* Key2 */
0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xEF, 0x01,
/* Key3 */
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
}; };
static const unsigned char des3_2key_subkeys[2][8] = { static const unsigned char des3_2key_subkeys[2][8] = {
{ {
0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef /* K1 */
0x0d, 0xd2, 0xcb, 0x7a, 0x3d, 0x88, 0x88, 0xd9
}, },
{ {
0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 /* K2 */
0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2
} }
}; };
static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
{ {
0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 /* Sample #1 */
0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60
}, },
{ {
0x4f, 0xf2, 0xab, 0x81, 0x3c, 0x53, 0xce, 0x83 /* Sample #2 */
0xcc, 0x18, 0xa0, 0xb7, 0x9a, 0xf2, 0x41, 0x3b
}, },
{ {
0x62, 0xdd, 0x1b, 0x47, 0x19, 0x02, 0xbd, 0x4e /* Sample #3 */
0xc0, 0x6d, 0x37, 0x7e, 0xcd, 0x10, 0x19, 0x69
}, },
{ {
0x31, 0xb1, 0xe4, 0x31, 0xda, 0xbc, 0x4e, 0xb8 /* Sample #4 */
0x9c, 0xd3, 0x35, 0x80, 0xf9, 0xb6, 0x4d, 0xfb
} }
}; };
/* 3DES 3 Key CMAC Test Data */ /* CMAC-TDES (Generation) - 3 Key Test Data */
static const unsigned char des3_3key_key[24] = { static const unsigned char des3_3key_key[24] = {
0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, /* Key1 */
0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, 0x01, 0x23, 0x45, 0x67, 0x89, 0xaa, 0xcd, 0xef,
0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 /* Key2 */
0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01,
/* Key3 */
0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23
}; };
static const unsigned char des3_3key_subkeys[2][8] = { static const unsigned char des3_3key_subkeys[2][8] = {
{ {
0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f /* K1 */
0x9d, 0x74, 0xe7, 0x39, 0x33, 0x17, 0x96, 0xc0
}, },
{ {
0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 /* K2 */
0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b
} }
}; };
static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
{ {
0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 /* Sample #1 */
0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50
}, },
{ {
0x8e, 0x8f, 0x29, 0x31, 0x36, 0x28, 0x37, 0x97 /* Sample #2 */
0x30, 0x23, 0x9c, 0xf1, 0xf5, 0x2e, 0x66, 0x09
}, },
{ {
0x74, 0x3d, 0xdb, 0xe0, 0xce, 0x2d, 0xc2, 0xed /* Sample #3 */
0x6c, 0x9f, 0x3e, 0xe4, 0x92, 0x3f, 0x6b, 0xe2
}, },
{ {
0x33, 0xe6, 0xb1, 0x09, 0x24, 0x00, 0xea, 0xe5 /* Sample #4 */
0x99, 0x42, 0x9b, 0xd0, 0xbF, 0x79, 0x04, 0xe5
} }
}; };
@ -680,8 +720,9 @@ static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBED
#if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_AES_C)
/* AES AES-CMAC-PRF-128 Test Data */ /* AES AES-CMAC-PRF-128 Test Data */
static const unsigned char PRFK[] = { static const unsigned char PRFK[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* Key */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0xed, 0xcb 0xed, 0xcb
}; };
@ -692,25 +733,25 @@ static const size_t PRFKlen[NB_PRF_TESTS] = {
10 10
}; };
/* PRF M */ /* Message */
static const unsigned char PRFM[] = { static const unsigned char PRFM[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13 0x10, 0x11, 0x12, 0x13
}; };
static const unsigned char PRFT[NB_PRF_TESTS][16] = { static const unsigned char PRFT[NB_PRF_TESTS][16] = {
{ {
0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b,
0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a
}, },
{ {
0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52,
0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d
}, },
{ {
0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee,
0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d
} }
}; };
#endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_AES_C */

3
features/mbedtls/src/ctr_drbg.c
View File

@ -290,7 +290,8 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
size_t seedlen = 0; size_t seedlen = 0;
if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ||
len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );

2
features/mbedtls/src/debug.c
View File

@ -71,7 +71,7 @@ static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
*/ */
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */ char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", ssl, str ); mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr ); ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
#else #else
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str ); ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );

6
features/mbedtls/src/ecp_curves.c
View File

@ -1213,7 +1213,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
int ret; int ret;
size_t i; size_t i;
mbedtls_mpi M, R; mbedtls_mpi M, R;
mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R]; mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
if( N->n < p_limbs ) if( N->n < p_limbs )
return( 0 ); return( 0 );
@ -1235,7 +1235,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
if( shift != 0 ) if( shift != 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
M.n += R.n - adjust; /* Make room for multiplication by R */ M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */ /* N = A0 */
if( mask != 0 ) if( mask != 0 )
@ -1257,7 +1257,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
if( shift != 0 ) if( shift != 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
M.n += R.n - adjust; /* Make room for multiplication by R */ M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */ /* N = A0 */
if( mask != 0 ) if( mask != 0 )

2
features/mbedtls/src/md2.c
View File

@ -158,7 +158,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s
while( ilen > 0 ) while( ilen > 0 )
{ {
if( ctx->left + ilen > 16 ) if( ilen > 16 - ctx->left )
fill = 16 - ctx->left; fill = 16 - ctx->left;
else else
fill = ilen; fill = ilen;

7
features/mbedtls/src/net_sockets.c
View File

@ -133,7 +133,8 @@ void mbedtls_net_init( mbedtls_net_context *ctx )
/* /*
* Initiate a TCP connection with host:port and the given protocol * Initiate a TCP connection with host:port and the given protocol
*/ */
int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ) int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host,
const char *port, int proto )
{ {
int ret; int ret;
struct addrinfo hints, *addr_list, *cur; struct addrinfo hints, *addr_list, *cur;
@ -238,7 +239,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
} }
} }
/* I we ever get there, it's a success */ /* Bind was successful */
ret = 0; ret = 0;
break; break;
} }
@ -322,7 +323,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
{ {
/* TCP: actual accept() */ /* TCP: actual accept() */
ret = client_ctx->fd = (int) accept( bind_ctx->fd, ret = client_ctx->fd = (int) accept( bind_ctx->fd,
(struct sockaddr *) &client_addr, &n ); (struct sockaddr *) &client_addr, &n );
} }
else else
{ {

22
features/mbedtls/src/pem.c
View File

@ -44,12 +44,12 @@
#define mbedtls_free free #define mbedtls_free free
#endif #endif
#if defined(MBEDTLS_PEM_PARSE_C)
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) { static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0; volatile unsigned char *p = v; while( n-- ) *p++ = 0;
} }
#if defined(MBEDTLS_PEM_PARSE_C)
void mbedtls_pem_init( mbedtls_pem_context *ctx ) void mbedtls_pem_init( mbedtls_pem_context *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_pem_context ) ); memset( ctx, 0, sizeof( mbedtls_pem_context ) );
@ -249,7 +249,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
enc = 0; enc = 0;
if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
{ {
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
@ -262,22 +262,22 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
#if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_DES_C)
if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
{ {
enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
s1 += 23; s1 += 23;
if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 )
return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
s1 += 16; s1 += 16;
} }
else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
{ {
enc_alg = MBEDTLS_CIPHER_DES_CBC; enc_alg = MBEDTLS_CIPHER_DES_CBC;
s1 += 18; s1 += 18;
if( pem_get_iv( s1, pem_iv, 8) != 0 ) if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 )
return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
s1 += 16; s1 += 16;
@ -285,9 +285,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
#endif /* MBEDTLS_DES_C */ #endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_AES_C)
if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
{ {
if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) if( s2 - s1 < 22 )
return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
enc_alg = MBEDTLS_CIPHER_AES_128_CBC; enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
enc_alg = MBEDTLS_CIPHER_AES_192_CBC; enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
@ -297,7 +299,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
s1 += 22; s1 += 22;
if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 )
return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
s1 += 32; s1 += 32;
@ -316,7 +318,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
} }
if( s1 == s2 ) if( s1 >= s2 )
return( MBEDTLS_ERR_PEM_INVALID_DATA ); return( MBEDTLS_ERR_PEM_INVALID_DATA );
ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );

11
features/mbedtls/src/pk.c
View File

@ -29,6 +29,8 @@
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "mbedtls/pk_internal.h" #include "mbedtls/pk_internal.h"
#include "mbedtls/bignum.h"
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h" #include "mbedtls/rsa.h"
#endif #endif
@ -39,6 +41,8 @@
#include "mbedtls/ecdsa.h" #include "mbedtls/ecdsa.h"
#endif #endif
#include <limits.h>
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) { static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0; volatile unsigned char *p = v; while( n-- ) *p++ = 0;
@ -209,6 +213,11 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
int ret; int ret;
const mbedtls_pk_rsassa_pss_options *pss_opts; const mbedtls_pk_rsassa_pss_options *pss_opts;
#if defined(MBEDTLS_HAVE_INT64)
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* MBEDTLS_HAVE_INT64 */
if( options == NULL ) if( options == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@ -232,7 +241,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
return( 0 ); return( 0 );
#else #else
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
#endif #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
} }
/* General case: no options */ /* General case: no options */

18
features/mbedtls/src/pk_wrap.c
View File

@ -30,6 +30,7 @@
/* Even if RSA not activated, for the sake of RSA-alt */ /* Even if RSA not activated, for the sake of RSA-alt */
#include "mbedtls/rsa.h" #include "mbedtls/rsa.h"
#include "mbedtls/bignum.h"
#include <string.h> #include <string.h>
@ -49,6 +50,8 @@
#define mbedtls_free free #define mbedtls_free free
#endif #endif
#include <limits.h>
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) { static void mbedtls_zeroize( void *v, size_t n ) {
@ -74,6 +77,11 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
{ {
int ret; int ret;
#if defined(MBEDTLS_HAVE_INT64)
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* MBEDTLS_HAVE_INT64 */
if( sig_len < ((mbedtls_rsa_context *) ctx)->len ) if( sig_len < ((mbedtls_rsa_context *) ctx)->len )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
@ -93,6 +101,11 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
unsigned char *sig, size_t *sig_len, unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
#if defined(MBEDTLS_HAVE_INT64)
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* MBEDTLS_HAVE_INT64 */
*sig_len = ((mbedtls_rsa_context *) ctx)->len; *sig_len = ((mbedtls_rsa_context *) ctx)->len;
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
@ -402,6 +415,11 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
{ {
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
#if defined(MBEDTLS_HAVE_INT64)
if( UINT_MAX < hash_len )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* MBEDTLS_HAVE_INT64 */
*sig_len = rsa_alt->key_len_func( rsa_alt->key ); *sig_len = rsa_alt->key_len_func( rsa_alt->key );
return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,

12
features/mbedtls/src/pkparse.c
View File

@ -1187,12 +1187,12 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
#endif /* MBEDTLS_PEM_PARSE_C */ #endif /* MBEDTLS_PEM_PARSE_C */
/* /*
* At this point we only know it's not a PEM formatted key. Could be any * At this point we only know it's not a PEM formatted key. Could be any
* of the known DER encoded private key formats * of the known DER encoded private key formats
* *
* We try the different DER format parsers to see if one passes without * We try the different DER format parsers to see if one passes without
* error * error
*/ */
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
pwd, pwdlen ) ) == 0 ) pwd, pwdlen ) ) == 0 )

4
features/mbedtls/src/platform.c
View File

@ -237,7 +237,7 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
} }
fclose( file ); fclose( file );
return( n ); return( (int)n );
} }
int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
@ -255,7 +255,7 @@ int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
} }
fclose( file ); fclose( file );
return( n ); return( (int)n );
} }
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */

2
features/mbedtls/src/ssl_cookie.c
View File

@ -98,7 +98,7 @@ void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
mbedtls_md_free( &ctx->hmac_ctx ); mbedtls_md_free( &ctx->hmac_ctx );
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &ctx->mutex ); mbedtls_mutex_free( &ctx->mutex );
#endif #endif
mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );

28
features/mbedtls/src/ssl_tls.c
View File

@ -3428,7 +3428,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
{ {
/* Dont check write errors as we can't do anything here. /* Don't check write errors as we can't do anything here.
* If the error is permanent we'll catch it later, * If the error is permanent we'll catch it later,
* if it's not, then hopefully it'll work next time. */ * if it's not, then hopefully it'll work next time. */
(void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
@ -6006,8 +6006,9 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot
const char **p; const char **p;
/* /*
* "Empty strings MUST NOT be included and byte strings MUST NOT be * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
* truncated". Check lengths now rather than later. * MUST NOT be truncated."
* We check lengths now rather than later.
*/ */
tot_len = 0; tot_len = 0;
for( p = protos; *p != NULL; p++ ) for( p = protos; *p != NULL; p++ )
@ -6481,6 +6482,10 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
*/ */
static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
{ {
size_t ep_len = ssl_ep_len( ssl );
int in_ctr_cmp;
int out_ctr_cmp;
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
@ -6488,8 +6493,12 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
if( memcmp( ssl->in_ctr, ssl->conf->renego_period, 8 ) <= 0 && in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 ) ssl->conf->renego_period + ep_len, 8 - ep_len );
out_ctr_cmp = memcmp( ssl->out_ctr + ep_len,
ssl->conf->renego_period + ep_len, 8 - ep_len );
if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
{ {
return( 0 ); return( 0 );
} }
@ -7230,8 +7239,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
memset( conf->renego_period, 0xFF, 7 ); memset( conf->renego_period, 0x00, 2 );
conf->renego_period[7] = 0x00; memset( conf->renego_period + 2, 0xFF, 6 );
#endif #endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
@ -7585,7 +7594,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
* and, for DTLS, to/from TLS equivalent. * and, for DTLS, to/from TLS equivalent.
* *
* For TLS this is the identity. * For TLS this is the identity.
* For DTLS, use one complement (v -> 255 - v, and then map as follows: * For DTLS, use 1's complement (v -> 255 - v, and then map as follows:
* 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1)
* 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
*/ */
@ -7644,8 +7653,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
#if defined(MBEDTLS_MD5_C) #if defined(MBEDTLS_MD5_C)
case MBEDTLS_SSL_HASH_MD5: case MBEDTLS_SSL_HASH_MD5:
ssl->handshake->calc_verify = ssl_calc_verify_tls; return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
break;
#endif #endif
#if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_SHA1_C)
case MBEDTLS_SSL_HASH_SHA1: case MBEDTLS_SSL_HASH_SHA1:

139
features/mbedtls/src/x509.c
View File

@ -480,14 +480,20 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
} }
} }
static int x509_parse_int(unsigned char **p, unsigned n, int *res){ static int x509_parse_int( unsigned char **p, size_t n, int *res )
{
*res = 0; *res = 0;
for( ; n > 0; --n ){
if( ( **p < '0') || ( **p > '9' ) ) return MBEDTLS_ERR_X509_INVALID_DATE; for( ; n > 0; --n )
{
if( ( **p < '0') || ( **p > '9' ) )
return ( MBEDTLS_ERR_X509_INVALID_DATE );
*res *= 10; *res *= 10;
*res += (*(*p)++ - '0'); *res += ( *(*p)++ - '0' );
} }
return 0;
return( 0 );
} }
static int x509_date_is_valid(const mbedtls_x509_time *time) static int x509_date_is_valid(const mbedtls_x509_time *time)
@ -517,6 +523,70 @@ static int x509_date_is_valid(const mbedtls_x509_time *time)
return( 0 ); return( 0 );
} }
/*
* Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4)
* field.
*/
static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
mbedtls_x509_time *time )
{
int ret;
/*
* Minimum length is 10 or 12 depending on yearlen
*/
if ( len < yearlen + 8 )
return ( MBEDTLS_ERR_X509_INVALID_DATE );
len -= yearlen + 8;
/*
* Parse year, month, day, hour, minute
*/
CHECK( x509_parse_int( p, yearlen, &time->year ) );
if ( 2 == yearlen )
{
if ( time->year < 50 )
time->year += 100;
time->year += 1900;
}
CHECK( x509_parse_int( p, 2, &time->mon ) );
CHECK( x509_parse_int( p, 2, &time->day ) );
CHECK( x509_parse_int( p, 2, &time->hour ) );
CHECK( x509_parse_int( p, 2, &time->min ) );
/*
* Parse seconds if present
*/
if ( len >= 2 )
{
CHECK( x509_parse_int( p, 2, &time->sec ) );
len -= 2;
}
else
return ( MBEDTLS_ERR_X509_INVALID_DATE );
/*
* Parse trailing 'Z' if present
*/
if ( 1 == len && 'Z' == **p )
{
(*p)++;
len--;
}
/*
* We should have parsed all characters at this point
*/
if ( 0 != len )
return ( MBEDTLS_ERR_X509_INVALID_DATE );
CHECK( x509_date_is_valid( time ) );
return ( 0 );
}
/* /*
* Time ::= CHOICE { * Time ::= CHOICE {
* utcTime UTCTime, * utcTime UTCTime,
@ -526,7 +596,7 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
mbedtls_x509_time *time ) mbedtls_x509_time *time )
{ {
int ret; int ret;
size_t len; size_t len, year_len;
unsigned char tag; unsigned char tag;
if( ( end - *p ) < 1 ) if( ( end - *p ) < 1 )
@ -536,55 +606,20 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
tag = **p; tag = **p;
if( tag == MBEDTLS_ASN1_UTC_TIME ) if( tag == MBEDTLS_ASN1_UTC_TIME )
{ year_len = 2;
(*p)++;
ret = mbedtls_asn1_get_len( p, end, &len );
if( ret != 0 )
return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
CHECK( x509_parse_int( p, 2, &time->year ) );
CHECK( x509_parse_int( p, 2, &time->mon ) );
CHECK( x509_parse_int( p, 2, &time->day ) );
CHECK( x509_parse_int( p, 2, &time->hour ) );
CHECK( x509_parse_int( p, 2, &time->min ) );
if( len > 10 )
CHECK( x509_parse_int( p, 2, &time->sec ) );
if( len > 12 && *(*p)++ != 'Z' )
return( MBEDTLS_ERR_X509_INVALID_DATE );
time->year += 100 * ( time->year < 50 );
time->year += 1900;
CHECK( x509_date_is_valid( time ) );
return( 0 );
}
else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME ) else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
{ year_len = 4;
(*p)++;
ret = mbedtls_asn1_get_len( p, end, &len );
if( ret != 0 )
return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
CHECK( x509_parse_int( p, 4, &time->year ) );
CHECK( x509_parse_int( p, 2, &time->mon ) );
CHECK( x509_parse_int( p, 2, &time->day ) );
CHECK( x509_parse_int( p, 2, &time->hour ) );
CHECK( x509_parse_int( p, 2, &time->min ) );
if( len > 12 )
CHECK( x509_parse_int( p, 2, &time->sec ) );
if( len > 14 && *(*p)++ != 'Z' )
return( MBEDTLS_ERR_X509_INVALID_DATE );
CHECK( x509_date_is_valid( time ) );
return( 0 );
}
else else
return( MBEDTLS_ERR_X509_INVALID_DATE + return( MBEDTLS_ERR_X509_INVALID_DATE +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
(*p)++;
ret = mbedtls_asn1_get_len( p, end, &len );
if( ret != 0 )
return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
return x509_parse_time( p, len, year_len, time );
} }
int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ) int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
@ -661,7 +696,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50
/* /*
* X.509 Extensions (No parsing of extensions, pointer should * X.509 Extensions (No parsing of extensions, pointer should
* be either manually updated or extensions should be parsed! * be either manually updated or extensions should be parsed!)
*/ */
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag ) mbedtls_x509_buf *ext, int tag )

7
features/mbedtls/src/x509_crl.c
View File

@ -525,16 +525,17 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
if( ( ret = mbedtls_x509_crl_parse_der( chain, if( ( ret = mbedtls_x509_crl_parse_der( chain,
pem.buf, pem.buflen ) ) != 0 ) pem.buf, pem.buflen ) ) != 0 )
{ {
mbedtls_pem_free( &pem );
return( ret ); return( ret );
} }
mbedtls_pem_free( &pem );
} }
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) else if( is_pem )
{ {
mbedtls_pem_free( &pem ); mbedtls_pem_free( &pem );
return( ret ); return( ret );
} }
mbedtls_pem_free( &pem );
} }
/* In the PEM case, buflen is 1 at the end, for the terminated NULL byte. /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
* And a valid CRL cannot be less than 1 byte anyway. */ * And a valid CRL cannot be less than 1 byte anyway. */

37
features/mbedtls/src/x509_crt.c
View File

@ -969,8 +969,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
*/ */
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
{ {
int success = 0, first_error = 0, total_failed = 0;
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)
int success = 0, first_error = 0, total_failed = 0;
int buf_format = MBEDTLS_X509_FORMAT_DER; int buf_format = MBEDTLS_X509_FORMAT_DER;
#endif #endif
@ -1122,7 +1122,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
p = filename + len; p = filename + len;
filename[len++] = '*'; filename[len++] = '*';
w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir, w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
MAX_PATH - 3 ); MAX_PATH - 3 );
if( w_ret == 0 ) if( w_ret == 0 )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
@ -1904,6 +1904,7 @@ static int x509_crt_verify_top(
int check_path_cnt; int check_path_cnt;
unsigned char hash[MBEDTLS_MD_MAX_SIZE]; unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
mbedtls_x509_crt *future_past_ca = NULL;
if( mbedtls_x509_time_is_past( &child->valid_to ) ) if( mbedtls_x509_time_is_past( &child->valid_to ) )
*flags |= MBEDTLS_X509_BADCERT_EXPIRED; *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
@ -1958,16 +1959,6 @@ static int x509_crt_verify_top(
continue; continue;
} }
if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
{
continue;
}
if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
{
continue;
}
if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk,
child->sig_md, hash, mbedtls_md_get_size( md_info ), child->sig_md, hash, mbedtls_md_get_size( md_info ),
child->sig.p, child->sig.len ) != 0 ) child->sig.p, child->sig.len ) != 0 )
@ -1975,6 +1966,20 @@ static int x509_crt_verify_top(
continue; continue;
} }
if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ||
mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
{
if ( future_past_ca == NULL )
future_past_ca = trust_ca;
continue;
}
break;
}
if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL )
{
/* /*
* Top of chain is signed by a trusted CA * Top of chain is signed by a trusted CA
*/ */
@ -1982,8 +1987,6 @@ static int x509_crt_verify_top(
if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 ) if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_KEY; *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
break;
} }
/* /*
@ -2003,6 +2006,12 @@ static int x509_crt_verify_top(
((void) ca_crl); ((void) ca_crl);
#endif #endif
if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
if( NULL != f_vrfy ) if( NULL != f_vrfy )
{ {
if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,

2
features/mbedtls/src/x509_csr.c
View File

@ -265,8 +265,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
*/ */
int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen )
{ {
int ret;
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)
int ret;
size_t use_len; size_t use_len;
mbedtls_pem_context pem; mbedtls_pem_context pem;
#endif #endif