From fa8f635eade29f3239808e92d4706a241fcb877d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 20 Jun 2017 15:48:46 +0300 Subject: [PATCH 001/415] Add `MBEDTLS_SELF_TEST` check in header files Add the `MBEDTLS_SELF_TEST` precompilation surrounding the self test functions, which were missing this check in the header files. ( most of the header files were missing this check). Addresses issue #971 --- ChangeLog | 4 ++++ include/mbedtls/aes.h | 4 ++++ include/mbedtls/arc4.h | 4 ++++ include/mbedtls/base64.h | 3 +++ include/mbedtls/bignum.h | 4 ++++ include/mbedtls/camellia.h | 4 ++++ include/mbedtls/ctr_drbg.h | 4 ++++ include/mbedtls/des.h | 4 ++++ include/mbedtls/dhm.h | 3 +++ include/mbedtls/gcm.h | 4 ++++ include/mbedtls/md2.h | 4 ++++ include/mbedtls/md4.h | 4 ++++ include/mbedtls/md5.h | 4 ++++ include/mbedtls/pkcs5.h | 4 ++++ include/mbedtls/ripemd160.h | 4 ++++ include/mbedtls/rsa.h | 4 ++++ include/mbedtls/sha1.h | 4 ++++ include/mbedtls/sha256.h | 4 ++++ include/mbedtls/sha512.h | 5 +++++ include/mbedtls/x509.h | 4 ++++ include/mbedtls/xtea.h | 4 ++++ 21 files changed, 83 insertions(+) diff --git a/ChangeLog b/ChangeLog index 348864c0e..4ea209d86 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ API Changes Therefore, mbedtls_platform_zeroize() is moved to the platform module to facilitate testing and maintenance. +Bugfix + * Add `MBEDTLS_SELF_TEST` for the mbedtls_self_test functions + in the header files, which missed the precompilation check. #971 + = mbed TLS 2.9.0 branch released 2018-04-30 Security diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index e0fc238d7..2aef99307 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -400,6 +400,8 @@ MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ + +#if defined(MBEDTLS_SELF_TEST) /** * \brief Checkup routine. * @@ -408,6 +410,8 @@ MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, */ int mbedtls_aes_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h index f11fc5be0..26eb9ea4a 100644 --- a/include/mbedtls/arc4.h +++ b/include/mbedtls/arc4.h @@ -122,6 +122,8 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, unsigned char *output ); +#if defined(MBEDTLS_SELF_TEST) + /** * \brief Checkup routine * @@ -134,6 +136,8 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned */ int mbedtls_arc4_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h index 7a64f5216..9af1149fe 100644 --- a/include/mbedtls/base64.h +++ b/include/mbedtls/base64.h @@ -75,6 +75,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen ); +#if defined(MBEDTLS_SELF_TEST) /** * \brief Checkup routine * @@ -82,6 +83,8 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, */ int mbedtls_base64_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 31383b1eb..4b579b050 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -758,6 +758,8 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +#if defined(MBEDTLS_SELF_TEST) + /** * \brief Checkup routine * @@ -765,6 +767,8 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, */ int mbedtls_mpi_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index f0466bfd7..0183ce654 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -215,6 +215,8 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_CTR */ +#if defined(MBEDTLS_SELF_TEST) + /** * \brief Checkup routine * @@ -222,6 +224,8 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, */ int mbedtls_camellia_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index dcbc04792..dda356e75 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -310,6 +310,8 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); #endif /* MBEDTLS_FS_IO */ +#if defined(MBEDTLS_SELF_TEST) + /** * \brief The CTR_DRBG checkup routine. * @@ -318,6 +320,8 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char */ int mbedtls_ctr_drbg_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + /* Internal functions (do not call directly) */ int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *, int (*)(void *, unsigned char *, size_t), void *, diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 6eb7d03ba..50c69bcf9 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -336,6 +336,8 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +#if defined(MBEDTLS_SELF_TEST) + /** * \brief Checkup routine * @@ -343,6 +345,8 @@ void mbedtls_des_setkey( uint32_t SK[32], */ int mbedtls_des_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 75317a8e6..2f5b5a024 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -295,6 +295,8 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ +#if defined(MBEDTLS_SELF_TEST) + /** * \brief The DMH checkup routine. * @@ -303,6 +305,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); */ int mbedtls_dhm_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus } #endif diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index bec557714..4b0c36178 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -250,6 +250,8 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, */ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); +#if defined(MBEDTLS_SELF_TEST) + /** * \brief The GCM checkup routine. * @@ -258,6 +260,8 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); */ int mbedtls_gcm_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 08e75b247..d60d0f87a 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -282,6 +282,8 @@ MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#if defined(MBEDTLS_SELF_TEST) + /** * \brief Checkup routine * @@ -294,6 +296,8 @@ MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input, */ int mbedtls_md2_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 8ee4e5cab..70e11f910 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -287,6 +287,8 @@ MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#if defined(MBEDTLS_SELF_TEST) + /** * \brief Checkup routine * @@ -299,6 +301,8 @@ MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input, */ int mbedtls_md4_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 43ead4b74..1adde5c16 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -287,6 +287,8 @@ MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#if defined(MBEDTLS_SELF_TEST) + /** * \brief Checkup routine * @@ -299,6 +301,8 @@ MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input, */ int mbedtls_md5_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index 9a3c9fddc..fe56cbd5a 100644 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -81,6 +81,8 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p unsigned int iteration_count, uint32_t key_length, unsigned char *output ); +#if defined(MBEDTLS_SELF_TEST) + /** * \brief Checkup routine * @@ -88,6 +90,8 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p */ int mbedtls_pkcs5_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index a0dac0c36..442b49cdd 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -217,6 +217,8 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#if defined(MBEDTLS_SELF_TEST) + /** * \brief Checkup routine * @@ -224,6 +226,8 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input, */ int mbedtls_ripemd160_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 19eb2ee74..71b5c2e8b 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1116,6 +1116,8 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) */ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); +#if defined(MBEDTLS_SELF_TEST) + /** * \brief The RSA checkup routine. * @@ -1124,6 +1126,8 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); */ int mbedtls_rsa_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 65a124c94..88f0e8c1c 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -304,6 +304,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#if defined(MBEDTLS_SELF_TEST) + /** * \brief The SHA-1 checkup routine. * @@ -317,6 +319,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, */ int mbedtls_sha1_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index adf31a82e..de19dc249 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -257,6 +257,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#if defined(MBEDTLS_SELF_TEST) + /** * \brief The SHA-224 and SHA-256 checkup routine. * @@ -265,6 +267,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, */ int mbedtls_sha256_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 5bb83f43b..28ba29d4e 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -230,6 +230,7 @@ int mbedtls_sha512_ret( const unsigned char *input, #else #define MBEDTLS_DEPRECATED #endif + /** * \brief This function calculates the SHA-512 or SHA-384 * checksum of a buffer. @@ -255,6 +256,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ + +#if defined(MBEDTLS_SELF_TEST) + /** * \brief The SHA-384 or SHA-512 checkup routine. * @@ -262,6 +266,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, * \return \c 1 on failure. */ int mbedtls_sha512_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus } diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index d6db9c6e3..9ae825c18 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -269,6 +269,8 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); */ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); +#if defined(MBEDTLS_SELF_TEST) + /** * \brief Checkup routine * @@ -276,6 +278,8 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); */ int mbedtls_x509_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + /* * Internal module functions. You probably do not want to use these unless you * know you do. diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h index 8df708a3a..fad43a0b2 100644 --- a/include/mbedtls/xtea.h +++ b/include/mbedtls/xtea.h @@ -119,6 +119,8 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ +#if defined(MBEDTLS_SELF_TEST) + /** * \brief Checkup routine * @@ -126,6 +128,8 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, */ int mbedtls_xtea_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif From 2239a868f7bd9ad5b96311995c8630484d2d49d1 Mon Sep 17 00:00:00 2001 From: irwir Date: Tue, 12 Jun 2018 18:25:09 +0300 Subject: [PATCH 002/415] Clear pk context and other minor changes in *_free() procedures --- library/dhm.c | 15 ++++++++++----- library/pem.c | 6 ++++-- library/pk.c | 5 +++-- library/rsa.c | 18 ++++++++++++------ 4 files changed, 29 insertions(+), 15 deletions(-) diff --git a/library/dhm.c b/library/dhm.c index 82cbb0ce8..a30d9b541 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -428,11 +428,16 @@ cleanup: */ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) { - mbedtls_mpi_free( &ctx->pX ); mbedtls_mpi_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->RP ); - mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY ); - mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); - mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P ); + mbedtls_mpi_free( &ctx->pX ); + mbedtls_mpi_free( &ctx->Vf ); + mbedtls_mpi_free( &ctx->Vi ); + mbedtls_mpi_free( &ctx->RP ); + mbedtls_mpi_free( &ctx->K ); + mbedtls_mpi_free( &ctx->GY ); + mbedtls_mpi_free( &ctx->GX ); + mbedtls_mpi_free( &ctx->X ); + mbedtls_mpi_free( &ctx->G ); + mbedtls_mpi_free( &ctx->P ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); } diff --git a/library/pem.c b/library/pem.c index 6069a23de..897c8a0d6 100644 --- a/library/pem.c +++ b/library/pem.c @@ -423,9 +423,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const void mbedtls_pem_free( mbedtls_pem_context *ctx ) { - if( ctx->buf != NULL ) + if ( ctx->buf != NULL ) + { mbedtls_platform_zeroize( ctx->buf, ctx->buflen ); - mbedtls_free( ctx->buf ); + mbedtls_free( ctx->buf ); + } mbedtls_free( ctx->info ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) ); diff --git a/library/pk.c b/library/pk.c index f05b139e3..08e9b44bc 100644 --- a/library/pk.c +++ b/library/pk.c @@ -61,10 +61,11 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx ) */ void mbedtls_pk_free( mbedtls_pk_context *ctx ) { - if( ctx == NULL || ctx->pk_info == NULL ) + if( ctx == NULL ) return; - ctx->pk_info->ctx_free_func( ctx->pk_ctx ); + if ( ctx->pk_info != NULL ) + ctx->pk_info->ctx_free_func( ctx->pk_ctx ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); } diff --git a/library/rsa.c b/library/rsa.c index 88c1cf100..642e83ae5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2168,14 +2168,20 @@ cleanup: */ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) { - mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D ); - mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P ); - mbedtls_mpi_free( &ctx->E ); mbedtls_mpi_free( &ctx->N ); + mbedtls_mpi_free( &ctx->Vi ); + mbedtls_mpi_free( &ctx->Vf ); + mbedtls_mpi_free( &ctx->RN ); + mbedtls_mpi_free( &ctx->D ); + mbedtls_mpi_free( &ctx->Q ); + mbedtls_mpi_free( &ctx->P ); + mbedtls_mpi_free( &ctx->E ); + mbedtls_mpi_free( &ctx->N ); #if !defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP ); - mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ ); + mbedtls_mpi_free( &ctx->RQ ); + mbedtls_mpi_free( &ctx->RP ); + mbedtls_mpi_free( &ctx->QP ); + mbedtls_mpi_free( &ctx->DQ ); mbedtls_mpi_free( &ctx->DP ); #endif /* MBEDTLS_RSA_NO_CRT */ From b0ef434911127cfe4681d2394c5d571fe486b80d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 1 Apr 2018 17:43:26 +0300 Subject: [PATCH 003/415] Add doxygen.sh script to git hooks Add the doxygen.sh script to the pre-push git script --- tests/git-scripts/pre-push.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh index 7407f44b9..86edf5a30 100755 --- a/tests/git-scripts/pre-push.sh +++ b/tests/git-scripts/pre-push.sh @@ -46,3 +46,4 @@ run_test ./tests/scripts/check-doxy-blocks.pl run_test ./tests/scripts/check-names.sh run_test ./tests/scripts/check-generated-files.sh run_test ./tests/scripts/check-files.py +run_test ./tests/scripts/doxygen.sh From 723f8674c499e278b66d670570a16b54c22cbe59 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Mon, 16 Jul 2018 14:27:07 +0200 Subject: [PATCH 004/415] Provide cross platform vsnprintf wrapper --- ChangeLog | 3 ++ include/mbedtls/config.h | 2 ++ include/mbedtls/platform.h | 55 ++++++++++++++++++++++++++-- library/debug.c | 16 ++------- library/platform.c | 73 ++++++++++++++++++++++++++++++-------- library/version_features.c | 3 ++ 6 files changed, 121 insertions(+), 31 deletions(-) diff --git a/ChangeLog b/ChangeLog index 44533d2ae..ed0f1d874 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ Bugfix Changes * Change the shebang line in Perl scripts to look up perl in the PATH. Contributed by fbrosson. + * Provide Mbed TLS wrapper for vsnprintf used in debug.c. Based on + contributions by Joris Aerts in #761 and Nathaniel Wesley Filardo in + #1381. = mbed TLS 2.11.0 branch released 2018-06-18 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index e13026e0f..bc3f07559 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -217,6 +217,7 @@ //#define MBEDTLS_PLATFORM_FPRINTF_ALT //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT +//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT @@ -2943,6 +2944,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ /* Note: your snprintf must correclty zero-terminate the buffer! */ //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 9d9c5293e..24c63625f 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -55,17 +55,33 @@ extern "C" { * \{ */ +/* The older Microsoft Windows common runtime provides non-conforming + * implementations of some standard library functions, including snprintf + * and vsnprintf. This affects MSVC and MinGW builds. + */ +#if defined(_MSC_VER) && _MSC_VER <= 1900 +#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF +#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF +#endif + #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) #include #include #include #if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF) -#if defined(_WIN32) +#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF) #define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */ #else #define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */ #endif #endif +#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF) +#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF) +#define MBEDTLS_PLATFORM_STD_VSNPRINTF mbedtls_platform_win32_vsnprintf /**< The default \c vsnprintf function to use. */ +#else +#define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf /**< The default \c vsnprintf function to use. */ +#endif +#endif #if !defined(MBEDTLS_PLATFORM_STD_PRINTF) #define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */ #endif @@ -201,7 +217,7 @@ int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ); * - however it is acceptable to return -1 instead of the required length when * the destination buffer is too short. */ -#if defined(_WIN32) +#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF) /* For Windows (inc. MSYS2), we provide our own fixed implementation */ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ); #endif @@ -227,6 +243,41 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, #endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */ #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ +/* + * The function pointers for vsnprintf + * + * The vsnprintf implementation should conform to C99: + * - it *must* always correctly zero-terminate the buffer + * (except when n == 0, then it must leave the buffer untouched) + * - however it is acceptable to return -1 instead of the required length when + * the destination buffer is too short. + */ +#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF) +/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */ +int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg ); +#endif + +#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) +#include +extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg ); + +/** + * \brief Set your own snprintf function pointer + * + * \param vsnprintf_func the snprintf function implementation + * + * \return 0 + */ +int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, + const char * format, va_list arg ) ); +#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ +#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) +#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO +#else +#define mbedtls_vsnprintf vsnprintf +#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */ +#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ + /* * The function pointers for exit */ diff --git a/library/debug.c b/library/debug.c index db3924ac5..98086d678 100644 --- a/library/debug.c +++ b/library/debug.c @@ -35,6 +35,7 @@ #define mbedtls_free free #define mbedtls_time_t time_t #define mbedtls_snprintf snprintf +#define mbedtls_vsnprintf vsnprintf #endif #include "mbedtls/debug.h" @@ -90,20 +91,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, return; va_start( argp, format ); -#if defined(_WIN32) -#if defined(_TRUNCATE) && !defined(__MINGW32__) - ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp ); -#else - ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp ); - if( ret < 0 || (size_t) ret == DEBUG_BUF_SIZE ) - { - str[DEBUG_BUF_SIZE-1] = '\0'; - ret = -1; - } -#endif -#else - ret = vsnprintf( str, DEBUG_BUF_SIZE, format, argp ); -#endif + ret = mbedtls_vsnprintf( str, DEBUG_BUF_SIZE, format, argp ); va_end( argp ); if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 ) diff --git a/library/platform.c b/library/platform.c index b24b2fa65..7d0569bb7 100644 --- a/library/platform.c +++ b/library/platform.c @@ -73,28 +73,15 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), } #endif /* MBEDTLS_PLATFORM_MEMORY */ -#if defined(_WIN32) +#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF) #include int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ) { int ret; va_list argp; - /* Avoid calling the invalid parameter handler by checking ourselves */ - if( s == NULL || n == 0 || fmt == NULL ) - return( -1 ); - va_start( argp, fmt ); -#if defined(_TRUNCATE) && !defined(__MINGW32__) - ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp ); -#else - ret = _vsnprintf( s, n, fmt, argp ); - if( ret < 0 || (size_t) ret == n ) - { - s[n-1] = '\0'; - ret = -1; - } -#endif + ret = mbedtls_vsnprintf( s, n, fmt, argp ); va_end( argp ); return( ret ); @@ -131,6 +118,62 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, } #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ +#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF) +#include +int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg ) +{ + int ret; + + /* Avoid calling the invalid parameter handler by checking ourselves */ + if( s == NULL || n == 0 || fmt == NULL ) + return( -1 ); + +#if defined(_TRUNCATE) + ret = vsnprintf_s( s, n, _TRUNCATE, fmt, arg ); +#else + ret = vsnprintf( s, n, fmt, arg ); + if( ret < 0 || (size_t) ret == n ) + { + s[n-1] = '\0'; + ret = -1; + } +#endif + + return( ret ); +} +#endif + +#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) +#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF) +/* + * Make dummy function to prevent NULL pointer dereferences + */ +static int platform_vsnprintf_uninit( char * s, size_t n, + const char * format, va_list arg ) +{ + ((void) s); + ((void) n); + ((void) format); + ((void) arg); + return( 0 ); +} + +#define MBEDTLS_PLATFORM_STD_VSNPRINTF platform_vsnprintf_uninit +#endif /* !MBEDTLS_PLATFORM_STD_VSNPRINTF */ + +int (*mbedtls_vsnprintf)( char * s, size_t n, + const char * format, + va_list arg ) = MBEDTLS_PLATFORM_STD_VSNPRINTF; + +int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, + const char * format, + va_list arg ) ) +{ + mbedtls_vsnprintf = vsnprintf_func; + return( 0 ); +} +#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ + #if defined(MBEDTLS_PLATFORM_PRINTF_ALT) #if !defined(MBEDTLS_PLATFORM_STD_PRINTF) /* diff --git a/library/version_features.c b/library/version_features.c index b6135462f..8cb6d0b46 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -72,6 +72,9 @@ static const char *features[] = { #if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) "MBEDTLS_PLATFORM_SNPRINTF_ALT", #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ +#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) + "MBEDTLS_PLATFORM_VSNPRINTF_ALT", +#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) "MBEDTLS_PLATFORM_NV_SEED_ALT", #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ From 65e619a1fa3503628a30c8196049d1ee431c45f7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 23 Aug 2018 15:46:33 +0100 Subject: [PATCH 005/415] Improve documentation of mbedtls_x509_crt_parse() Fixes #1883. --- include/mbedtls/x509_crt.h | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index d41ec93a6..4be617359 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -175,19 +175,34 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu size_t buflen ); /** - * \brief Parse one or more certificates and add them - * to the chained list. Parses permissively. If some - * certificates can be parsed, the result is the number - * of failed certificates it encountered. If none complete - * correctly, the first error is returned. + * \brief Parse one DER-encoded or multiple concatenated PEM-encoded + * certificates and add them to the chained list. * - * \param chain points to the start of the chain - * \param buf buffer holding the certificate data in PEM or DER format - * \param buflen size of the buffer - * (including the terminating null byte for PEM data) + * For PEM-encoded CRTs, the function parses permissively: + * If at least one certificate can be parsed, the function + * returns the number of certificates for which parsing failed + * (hence \c 0 if all certificates were parsed successfully). + * If no certificate could be parsed, the function returns + * the first (negative) error encountered during parsing. + * + * PEM encoded certificates may be interleaved by other data + * such as human readable descriptions of their content, as + * long as the certificates are enclosed in the PEM specific + * '-----{BEGIN/END} CERTIFICATE-----' delimiters. + * + * \param chain The chain to which to add the parsed certificates. + * \param buf The buffer holding the certificate data in PEM or DER format. + * For certificates in PEM encoding, this may be a concatenation + * of multiple certificates; for DER encoding, the buffer must + * comprise exactly one certificate. + * \param buflen The size of \p buf, including the terminating \c NULL byte + * in case of PEM encoded data. + * + * \return \c 0 if all certificates were parsed successfully. + * \return The (positive) number of certificates that couldn't + * be parsed if parsing was partly successful (see above). + * \return A negative X509- or PEM-specific error code otherwise. * - * \return 0 if all certificates parsed successfully, a positive number - * if partly successful or a specific X509 or PEM error code */ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ); From 89a91121df12e9e76199544af805221f2a1fda1b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 23 Aug 2018 16:14:00 +0100 Subject: [PATCH 006/415] Improve wording --- include/mbedtls/x509_crt.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 4be617359..9227701d3 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -175,7 +175,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu size_t buflen ); /** - * \brief Parse one DER-encoded or multiple concatenated PEM-encoded + * \brief Parse one DER-encoded or one or more concatenated PEM-encoded * certificates and add them to the chained list. * * For PEM-encoded CRTs, the function parses permissively: @@ -201,7 +201,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu * \return \c 0 if all certificates were parsed successfully. * \return The (positive) number of certificates that couldn't * be parsed if parsing was partly successful (see above). - * \return A negative X509- or PEM-specific error code otherwise. + * \return A negative X509 or PEM error code otherwise. * */ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ); From e8658e28930326b3ea8bf5e835f06061d7efce4a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 24 Aug 2018 10:01:17 +0100 Subject: [PATCH 007/415] Improve documentation of mbedtls_x509_crt_parse() --- include/mbedtls/x509_crt.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 9227701d3..afe886e59 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -178,8 +178,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu * \brief Parse one DER-encoded or one or more concatenated PEM-encoded * certificates and add them to the chained list. * - * For PEM-encoded CRTs, the function parses permissively: - * If at least one certificate can be parsed, the function + * For CRTs in PEM encoding, the function parses permissively: + * if at least one certificate can be parsed, the function * returns the number of certificates for which parsing failed * (hence \c 0 if all certificates were parsed successfully). * If no certificate could be parsed, the function returns From 643bcb36f6d07856f4902ac336a2566b7589b1b7 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 29 Aug 2018 15:33:59 +0200 Subject: [PATCH 008/415] Force ANSI stdio in MinGW --- include/mbedtls/platform.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 24c63625f..a121654e2 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -64,6 +64,10 @@ extern "C" { #define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF #endif +#if defined(__MINGW32__) && !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) #include #include From 41734a1f2aa3ea2eb67f1e191fc11413243e86a8 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Thu, 13 Sep 2018 15:04:31 +0200 Subject: [PATCH 009/415] Return an error code from a dummy function --- library/platform.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/platform.c b/library/platform.c index 7d0569bb7..4f8e40f30 100644 --- a/library/platform.c +++ b/library/platform.c @@ -155,7 +155,7 @@ static int platform_vsnprintf_uninit( char * s, size_t n, ((void) n); ((void) format); ((void) arg); - return( 0 ); + return( -1 ); } #define MBEDTLS_PLATFORM_STD_VSNPRINTF platform_vsnprintf_uninit From edb868dcf9722da1bad692a99eae16e019180ea5 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Mon, 24 Sep 2018 12:41:18 +0200 Subject: [PATCH 010/415] Move MinGW specific define out of a header file --- include/mbedtls/platform.h | 4 ---- library/platform.c | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a121654e2..24c63625f 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -64,10 +64,6 @@ extern "C" { #define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF #endif -#if defined(__MINGW32__) && !defined(__USE_MINGW_ANSI_STDIO) -#define __USE_MINGW_ANSI_STDIO 1 -#endif - #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) #include #include diff --git a/library/platform.c b/library/platform.c index 4f8e40f30..8bf6ff5fb 100644 --- a/library/platform.c +++ b/library/platform.c @@ -30,6 +30,10 @@ #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" +#if defined(__MINGW32__) && !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + #if defined(MBEDTLS_PLATFORM_MEMORY) #if !defined(MBEDTLS_PLATFORM_STD_CALLOC) static void *platform_calloc_uninit( size_t n, size_t size ) From 15557169941e6dbbe64094c24cdb0300fb8cddda Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Mon, 24 Sep 2018 14:15:46 +0200 Subject: [PATCH 011/415] Correct formatting in `mbedtls_platform_set_vsnprint()` doxygen comment --- include/mbedtls/platform.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 24c63625f..ada898edc 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -264,9 +264,9 @@ extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_lis /** * \brief Set your own snprintf function pointer * - * \param vsnprintf_func the snprintf function implementation + * \param vsnprintf_func The \c vsnprintf function implementation * - * \return 0 + * \return \c 0 */ int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, const char * format, va_list arg ) ); From 54187b82994ccd07f7513c47805732f1a3debc50 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Mon, 24 Sep 2018 14:17:50 +0200 Subject: [PATCH 012/415] Improve wording in ChangeLog --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index ed0f1d874..dd9edb770 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,9 +22,9 @@ Bugfix Changes * Change the shebang line in Perl scripts to look up perl in the PATH. Contributed by fbrosson. - * Provide Mbed TLS wrapper for vsnprintf used in debug.c. Based on - contributions by Joris Aerts in #761 and Nathaniel Wesley Filardo in - #1381. + * Provide an abstraction of vsnprintf to allow alternative implementations + for platforms that don't provide it. Based on contributions by Joris Aerts + and Nathaniel Wesley Filardo. = mbed TLS 2.11.0 branch released 2018-06-18 From a86de14fcad994d31306d62a6e42cac76540ed45 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 30 Sep 2018 12:09:47 +0100 Subject: [PATCH 013/415] Strip trailing whitespace in bn_mul.h Remove the trailing whitespace from the inline assembly for AMD64 target, to overcome a warning in Clang, which was objecting to the string literal generated by the inline assembly being greater than 4096 characters specified by the ISO C99 standard. (-Woverlength-strings) This is a cosmetic change and doesn't change the logic of the code in any way. This change only fixes the problem for AMD64 target, and leaves other targets as they are. Fixes #482. --- include/mbedtls/bn_mul.h | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index b587317d9..80e4b380d 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -170,19 +170,19 @@ #define MULADDC_INIT \ asm( \ - "xorq %%r8, %%r8 \n\t" + "xorq %%r8, %%r8\n" #define MULADDC_CORE \ - "movq (%%rsi), %%rax \n\t" \ - "mulq %%rbx \n\t" \ - "addq $8, %%rsi \n\t" \ - "addq %%rcx, %%rax \n\t" \ - "movq %%r8, %%rcx \n\t" \ - "adcq $0, %%rdx \n\t" \ - "nop \n\t" \ - "addq %%rax, (%%rdi) \n\t" \ - "adcq %%rdx, %%rcx \n\t" \ - "addq $8, %%rdi \n\t" + "movq (%%rsi), %%rax\n" \ + "mulq %%rbx\n" \ + "addq $8, %%rsi\n" \ + "addq %%rcx, %%rax\n" \ + "movq %%r8, %%rcx\n" \ + "adcq $0, %%rdx\n" \ + "nop \n" \ + "addq %%rax, (%%rdi)\n" \ + "adcq %%rdx, %%rcx\n" \ + "addq $8, %%rdi\n" #define MULADDC_STOP \ : "+c" (c), "+D" (d), "+S" (s) \ From df0500d7bcd9c2a7e4d2028ce9d3f7a6b80df3ae Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 30 Sep 2018 12:27:26 +0100 Subject: [PATCH 014/415] Add Changelog entry for #482 Add Changelog entry for inline assembly/literal strings too long issue with Clang. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..13604e8c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ Bugfix invalidated keys of a lifetime of less than a 1s. Fixes #1968. * Fix failure in hmac_drbg in the benchmark sample application, when MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 + * Fix for Clang, which was reporting a warning for the bignum.c inline + assembly for AMD64 targets creating string literals greater than those + permitted by the ISO C99 standard. Found by Aaron Jones. Fixes #482. Changes * Add tests for session resumption in DTLS. From 5908dd44558e1ea36b95a89056597e1d055fe2e4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Oct 2018 22:43:06 +0200 Subject: [PATCH 015/415] Minor readability improvement Polish the beginning of mbedtls_rsa_rsaes_pkcs1_v15_decrypt a little, to prepare for some behavior changes. --- library/rsa.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 88c1cf100..38ce62d53 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1387,18 +1387,20 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, - size_t output_max_len) + size_t output_max_len ) { int ret; - size_t ilen, pad_count = 0, i; - unsigned char *p, bad, pad_done = 0; + size_t ilen = ctx->len; + size_t pad_count = 0; + size_t i; + unsigned bad = 0; + unsigned char pad_done = 0; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; + unsigned char *p = buf; if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - ilen = ctx->len; - if( ilen < 16 || ilen > sizeof( buf ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1409,9 +1411,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, if( ret != 0 ) goto cleanup; - p = buf; - bad = 0; - /* * Check and get padding len in "constant-time" */ From e2a10de27541ec85be4428cc3ae961d893261ca9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Oct 2018 22:44:41 +0200 Subject: [PATCH 016/415] Fix a timing-based Bleichenbacher attack on PKCS#1v1.5 decryption mbedtls_rsa_rsaes_pkcs1_v15_decrypt took care of calculating the padding length without leaking the amount of padding or the validity of the padding. However it then skipped the copying of the data if the padding was invalid, which could allow an adversary to find out whether the padding was valid through precise timing measurements, especially if for a local attacker who could observe memory access via cache timings. Avoid this leak by always copying from the decryption buffer to the output buffer, even when the padding is invalid. With invalid padding, copy the same amount of data as what is expected on valid padding: the minimum valid padding size if this fits in the output buffer, otherwise the output buffer size. To avoid leaking payload data from an unsuccessful decryption, zero the decryption buffer before copying if the padding was invalid. --- library/rsa.c | 88 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 79 insertions(+), 9 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 38ce62d53..5859bbeb1 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1378,6 +1378,37 @@ cleanup: #endif /* MBEDTLS_PKCS1_V21 */ #if defined(MBEDTLS_PKCS1_V15) +/** Turn zero-or-nonzero into zero-or-all-bits-one, without branches. + * + * \param value The value to analyze. + * \return \c 0 if \p value is zero, otherwise \c 0xff. + */ +static unsigned unsigned_all_or_nothing( unsigned value ) +{ + /* MSVC has a warning about unary minus on unsigned, but this is + * well-defined and precisely what we want to do here */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) ); +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif +} + +/** Choose between two integer values, without branches. + * + * \param mask Either \c 0 or \c ~0. + * \param if0 Value to use if \p mask = \c 0. + * \param if1 Value to use if \p mask = \c ~0. + * \return \c if1 if \p value is zero, otherwise \c if0. + */ +static unsigned choose_int_from_mask( unsigned mask, unsigned if1, unsigned if0 ) +{ + return( ( mask & if1 ) | (~mask & if0 ) ); +} + /* * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function */ @@ -1395,6 +1426,10 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, size_t i; unsigned bad = 0; unsigned char pad_done = 0; + size_t plaintext_size = 0; + size_t plaintext_max_size = ( output_max_len > ilen - 11 ? + ilen - 11 : + output_max_len ); unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char *p = buf; @@ -1448,23 +1483,58 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, bad |= *p++; /* Must be zero */ } + /* There must be at least 8 bytes of padding. */ bad |= ( pad_count < 8 ); - if( bad ) - { - ret = MBEDTLS_ERR_RSA_INVALID_PADDING; - goto cleanup; - } + /* Set bad to zero if the padding is valid and + * all-bits-one otherwise. The whole calculation of bad + * is done in such a way to avoid branches. */ + bad = unsigned_all_or_nothing( bad ); - if( ilen - ( p - buf ) > output_max_len ) + /* If the padding is valid, set plaintext_size to the number of + * remaining bytes after stripping the padding. If the padding + * is invalid, avoid leaking this fact through the size of the + * output: use the maximum message size that fits in the output + * buffer. Do it without branches to avoid leaking the padding + * validity through timing. RSA keys are small enough that all the + * size_t values involved fit in unsigned int. */ + plaintext_size = choose_int_from_mask( bad, + (unsigned) plaintext_max_size, + (unsigned) ( ilen - ( p - buf ) ) ); + + /* Check if the decrypted plaintext fits in the output buffer. + * If the padding is bad, this will always be the case, + * thus we don't leak the padding validity by trying to produce + * a larger output than what the caller expects. */ + if( plaintext_size > output_max_len ) { ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; goto cleanup; } - *olen = ilen - (p - buf); - memcpy( output, p, *olen ); - ret = 0; + /* Set ret to INVALID_PADDING if the padding is bad and to 0 + * otherwise. At this point, the variable bad is zero if + * the padding is good and can be any nonzero value otherwise. + * Do this without branches to avoid timing attacks. */ + ret = - ( bad & ( - MBEDTLS_ERR_RSA_INVALID_PADDING ) ); + + /* If the padding is bad, zero the data that we're about to copy + * to the output buffer. We need to copy the same amount of data + * from the same buffer whether the padding is good or not to + * avoid leaking the padding validity through overall timing or + * through memory or cache access patterns. */ + for( i = 11; i < ilen; i++ ) + buf[i] &= ~bad; + + /* Copy the decrypted plaintext from the end of the buffer. */ + memcpy( output, buf + ilen - plaintext_size, plaintext_size ); + + /* Report the amount of data we copied to the output buffer. + * When the padding is invalid, the value of *olen when this + * function returns is not specified. Making it equivalent to + * the good-padding case limits the risks of leaking the + * padding validity. */ + *olen = plaintext_size; cleanup: mbedtls_platform_zeroize( buf, sizeof( buf ) ); From ddffa06501085d3800962b86a2b7eddb18f4e3b4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Oct 2018 13:40:16 +0200 Subject: [PATCH 017/415] Add ChangeLog entry --- ChangeLog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index 820c26b40..32311bfaa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.xx.x branch released xxxx-xx-xx + +Security + * Fix a timing variation in RSA PKCS#1 v1.5 decryption that could + lead to a Bleichenbacher-style attack. In TLS, this affects + RSA-based ciphersuites without DHE or ECDHE. Reported by Yuval Yarom, + Eyal Ronen, Adi Shamir, David Wong and Daniel Genkin. + = mbed TLS 2.13.1 branch released 2018-09-06 API Changes From 331d80e162d5b8528405e5e4814ec60cf8ab8618 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Oct 2018 18:32:29 +0200 Subject: [PATCH 018/415] Evolve choose_int_from_mask to if_int Make the function more robust by taking an arbitrary zero/nonzero argument instead of insisting on zero/all-bits-one. Update and fix its documentation. --- library/rsa.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 5859bbeb1..f2b2fb4ed 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1381,9 +1381,9 @@ cleanup: /** Turn zero-or-nonzero into zero-or-all-bits-one, without branches. * * \param value The value to analyze. - * \return \c 0 if \p value is zero, otherwise \c 0xff. + * \return Zero if \p value is zero, otherwise all-bits-one. */ -static unsigned unsigned_all_or_nothing( unsigned value ) +static unsigned all_or_nothing_int( unsigned value ) { /* MSVC has a warning about unary minus on unsigned, but this is * well-defined and precisely what we want to do here */ @@ -1399,13 +1399,17 @@ static unsigned unsigned_all_or_nothing( unsigned value ) /** Choose between two integer values, without branches. * - * \param mask Either \c 0 or \c ~0. - * \param if0 Value to use if \p mask = \c 0. - * \param if1 Value to use if \p mask = \c ~0. - * \return \c if1 if \p value is zero, otherwise \c if0. + * This is equivalent to `cond ? if1 : if0`, but is likely to be compiled + * to code using bitwise operation rather than a branch. + * + * \param cond Condition to test. + * \param if1 Value to use if \p cond is nonzero. + * \param if0 Value to use if \p cond is zero. + * \return \c if1 if \p cond is nonzero, otherwise \c if0. */ -static unsigned choose_int_from_mask( unsigned mask, unsigned if1, unsigned if0 ) +static unsigned if_int( unsigned cond, unsigned if1, unsigned if0 ) { + unsigned mask = all_or_nothing_int( cond ); return( ( mask & if1 ) | (~mask & if0 ) ); } @@ -1489,7 +1493,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, /* Set bad to zero if the padding is valid and * all-bits-one otherwise. The whole calculation of bad * is done in such a way to avoid branches. */ - bad = unsigned_all_or_nothing( bad ); + bad = all_or_nothing_int( bad ); /* If the padding is valid, set plaintext_size to the number of * remaining bytes after stripping the padding. If the padding @@ -1498,9 +1502,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * buffer. Do it without branches to avoid leaking the padding * validity through timing. RSA keys are small enough that all the * size_t values involved fit in unsigned int. */ - plaintext_size = choose_int_from_mask( bad, - (unsigned) plaintext_max_size, - (unsigned) ( ilen - ( p - buf ) ) ); + plaintext_size = if_int( bad, + (unsigned) plaintext_max_size, + (unsigned) ( ilen - ( p - buf ) ) ); /* Check if the decrypted plaintext fits in the output buffer. * If the padding is bad, this will always be the case, From 9265ff4ee6a843b7f1634facee2b087c8c7359fb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Oct 2018 19:13:43 +0200 Subject: [PATCH 019/415] Bleichenbacher fix: don't leak the plaintext length (step 1) mbedtls_rsa_rsaes_pkcs1_v15_decrypt takes care not to reveal whether the padding is valid or not, even through timing or memory access patterns. This is a defense against an attack published by Bleichenbacher. The attacker can also obtain the same information by observing the length of the plaintext. The current implementation leaks the length of the plaintext through timing and memory access patterns. This commit is a first step towards fixing this leak. It reduces the leak to a single memmove call inside the working buffer. --- library/rsa.c | 69 +++++++++++++++++++++++++++++---------------------- 1 file changed, 40 insertions(+), 29 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index f2b2fb4ed..f4aafa97c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1434,6 +1434,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, size_t plaintext_max_size = ( output_max_len > ilen - 11 ? ilen - 11 : output_max_len ); + unsigned output_too_large; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char *p = buf; @@ -1490,11 +1491,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, /* There must be at least 8 bytes of padding. */ bad |= ( pad_count < 8 ); - /* Set bad to zero if the padding is valid and - * all-bits-one otherwise. The whole calculation of bad - * is done in such a way to avoid branches. */ - bad = all_or_nothing_int( bad ); - /* If the padding is valid, set plaintext_size to the number of * remaining bytes after stripping the padding. If the padding * is invalid, avoid leaking this fact through the size of the @@ -1506,38 +1502,53 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, (unsigned) plaintext_max_size, (unsigned) ( ilen - ( p - buf ) ) ); - /* Check if the decrypted plaintext fits in the output buffer. - * If the padding is bad, this will always be the case, - * thus we don't leak the padding validity by trying to produce - * a larger output than what the caller expects. */ - if( plaintext_size > output_max_len ) - { - ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; - goto cleanup; - } + /* Set output_too_large to 0 if the plaintext fits in the output + * buffer and to 1 otherwise. This is the sign bit (1 for negative) + * of (output_max_len - plaintext_size). */ + output_too_large = ( ( output_max_len - plaintext_size ) >> + ( ( sizeof( output_max_len ) * 8 - 1 ) ) ); - /* Set ret to INVALID_PADDING if the padding is bad and to 0 - * otherwise. At this point, the variable bad is zero if - * the padding is good and can be any nonzero value otherwise. - * Do this without branches to avoid timing attacks. */ - ret = - ( bad & ( - MBEDTLS_ERR_RSA_INVALID_PADDING ) ); + /* Set ret without branches to avoid timing attacks. Return: + * - INVALID_PADDING if the padding is bad (bad != 0). + * - OUTPUT_TOO_LARGE if the padding is good but the decrypted + * plaintext does not fit in the output buffer. + * - 0 if the padding is correct. */ + ret = - if_int( bad, - MBEDTLS_ERR_RSA_INVALID_PADDING, + if_int( output_too_large, - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, + 0 ) ); - /* If the padding is bad, zero the data that we're about to copy - * to the output buffer. We need to copy the same amount of data + /* If the padding is bad or the plaintext is too large, zero the + * data that we're about to copy to the output buffer. + * We need to copy the same amount of data * from the same buffer whether the padding is good or not to * avoid leaking the padding validity through overall timing or * through memory or cache access patterns. */ for( i = 11; i < ilen; i++ ) - buf[i] &= ~bad; + buf[i] &= ~( bad | output_too_large ); - /* Copy the decrypted plaintext from the end of the buffer. */ - memcpy( output, buf + ilen - plaintext_size, plaintext_size ); + /* If the plaintext is too large, truncate it to the buffer size. + * Copy anyway to avoid revealing the length through timing, because + * revealing the length is as bad as revealing the padding validity + * for a Bleichenbacher attack. */ + plaintext_size = if_int( output_too_large, + (unsigned) plaintext_max_size, + (unsigned) plaintext_size ); - /* Report the amount of data we copied to the output buffer. - * When the padding is invalid, the value of *olen when this - * function returns is not specified. Making it equivalent to - * the good-padding case limits the risks of leaking the - * padding validity. */ + /* Move the plaintext to the beginning of the working buffer so that + * its position no longer depends on the padding and we have enough + * room from the beginning of the plaintext to copy a number of bytes + * that does not depend on the padding. */ + /* FIXME: we need a constant-time, constant-trace memmove here. */ + memmove( buf, p, plaintext_size ); + + /* Finally copy the decrypted plaintext plus trailing data + * into the output buffer. */ + memcpy( output, buf, plaintext_max_size ); + + /* Report the amount of data we copied to the output buffer. In case + * of errors (bad padding or output too large), the value of *olen + * when this function returns is not specified. Making it equivalent + * to the good case limits the risks of leaking the padding validity. */ *olen = plaintext_size; cleanup: From a1af5c8ea2586c2f4f93908cc84398041ee8c806 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Oct 2018 21:18:30 +0200 Subject: [PATCH 020/415] Bleichenbacher fix: don't leak the plaintext length (step 2) Replace memmove(to, to + offset, length) by a functionally equivalent function that strives to make the same memory access patterns regardless of the value of length. This fixes an information leak through timing (especially timing of memory accesses via cache probes) that leads to a Bleichenbacher-style attack on PKCS#1 v1.5 decryption using the plaintext length as the observable. --- library/rsa.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index f4aafa97c..f4a680ce3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1397,6 +1397,22 @@ static unsigned all_or_nothing_int( unsigned value ) #endif } +/** Check whether a size is out of bounds, without branches. + * + * This is equivalent to `size > max`, but is likely to be compiled to + * to code using bitwise operation rather than a branch. + * + * \param size Size to check. + * \param max Maximum desired value for \p size. + * \return \c 0 if `size <= max`. + * \return \c 1 if `size > max`. + */ +static unsigned size_greater_than( size_t size, size_t max ) +{ + /* Return the sign bit (1 for negative) of (max - size). */ + return( ( max - size ) >> ( sizeof( size_t ) * 8 - 1 ) ); +} + /** Choose between two integer values, without branches. * * This is equivalent to `cond ? if1 : if0`, but is likely to be compiled @@ -1413,6 +1429,42 @@ static unsigned if_int( unsigned cond, unsigned if1, unsigned if0 ) return( ( mask & if1 ) | (~mask & if0 ) ); } +/** Shift some data towards the left inside a buffer without leaking + * the length of the data through side channels. + * + * `mem_move_to_left(start, total, offset)` is functionally equivalent to + * ``` + * memmove(start, start + offset, total - offset); + * memset(start + offset, 0, total - offset); + * ``` + * but it strives to use a memory access pattern (and thus total timing) + * that does not depend on \p offset. This timing independence comes at + * the expense of performance. + * + * \param start Pointer to the start of the buffer. + * \param total Total size of the buffer. + * \param offset Offset from which to copy \p total - \p offset bytes. + */ +static void mem_move_to_left( void *start, + size_t total, + size_t offset ) +{ + volatile unsigned char *buf = start; + size_t i, n; + if( total == 0 ) + return; + for( i = 0; i < total; i++ ) + { + unsigned no_op = size_greater_than( total - offset, i ); + /* The first `total - offset` passes are a no-op. The last + * `offset` passes shift the data one byte to the left and + * zero out the last byte. */ + for( n = 0; n < total - 1; n++ ) + buf[n] = if_int( no_op, buf[n], buf[n+1] ); + buf[total-1] = if_int( no_op, buf[total-1], 0 ); + } +} + /* * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function */ @@ -1538,8 +1590,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * its position no longer depends on the padding and we have enough * room from the beginning of the plaintext to copy a number of bytes * that does not depend on the padding. */ - /* FIXME: we need a constant-time, constant-trace memmove here. */ - memmove( buf, p, plaintext_size ); + mem_move_to_left( buf, ilen, ilen - plaintext_size ); /* Finally copy the decrypted plaintext plus trailing data * into the output buffer. */ From 8c9440a2cb73df1a48acc0a13c0bb41634e582ca Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Oct 2018 21:24:21 +0200 Subject: [PATCH 021/415] Use branch-free size comparison for the padding size In mbedtls_rsa_rsaes_pkcs1_v15_decrypt, use size_greater_than (which is based on bitwise operations) instead of the < operator to compare sizes when the values being compared must not leak. Some compilers compile < to a branch at least under some circumstances (observed with gcc 5.4 for arm-gnueabi -O9 on a toy program). --- library/rsa.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index f4a680ce3..19bafa1f0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1541,7 +1541,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, } /* There must be at least 8 bytes of padding. */ - bad |= ( pad_count < 8 ); + bad |= size_greater_than( 8, pad_count ); /* If the padding is valid, set plaintext_size to the number of * remaining bytes after stripping the padding. If the padding @@ -1555,10 +1555,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, (unsigned) ( ilen - ( p - buf ) ) ); /* Set output_too_large to 0 if the plaintext fits in the output - * buffer and to 1 otherwise. This is the sign bit (1 for negative) - * of (output_max_len - plaintext_size). */ - output_too_large = ( ( output_max_len - plaintext_size ) >> - ( ( sizeof( output_max_len ) * 8 - 1 ) ) ); + * buffer and to 1 otherwise. */ + output_too_large = size_greater_than( plaintext_size, + plaintext_max_size ); /* Set ret without branches to avoid timing attacks. Return: * - INVALID_PADDING if the padding is bad (bad != 0). From eeedabe25eb0d8872fbe9dc1944ed9ac5d6786aa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Oct 2018 22:45:13 +0200 Subject: [PATCH 022/415] Minor optimization in the PKCS#1v1.5 unpadding step Rather than doing the quadratic-time constant-memory-trace on the whole working buffer, do it on the section of the buffer where the data to copy has to lie, which can be significantly smaller if the output buffer is significantly smaller than the working buffer, e.g. for TLS RSA ciphersuites (48 bytes vs MBEDTLS_MPI_MAX_SIZE). --- library/rsa.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 19bafa1f0..5434d1419 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1585,15 +1585,19 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, (unsigned) plaintext_max_size, (unsigned) plaintext_size ); - /* Move the plaintext to the beginning of the working buffer so that - * its position no longer depends on the padding and we have enough - * room from the beginning of the plaintext to copy a number of bytes - * that does not depend on the padding. */ - mem_move_to_left( buf, ilen, ilen - plaintext_size ); + /* Move the plaintext to the leftmost position where it can start in + * the working buffer, i.e. make it start plaintext_max_size from + * the end of the buffer. Do this with a memory access trace that + * does not depend on the plaintext size. After this move, the + * starting location of the plaintext is no longer sensitive + * information. */ + p = buf + ilen - plaintext_max_size; + mem_move_to_left( p, plaintext_max_size, + plaintext_max_size - plaintext_size ); - /* Finally copy the decrypted plaintext plus trailing data + /* Finally copy the decrypted plaintext plus trailing zeros * into the output buffer. */ - memcpy( output, buf, plaintext_max_size ); + memcpy( output, p, plaintext_max_size ); /* Report the amount of data we copied to the output buffer. In case * of errors (bad padding or output too large), the value of *olen From a08651f4846ec193ff399c51a862d8f1863a1dc3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Oct 2018 09:38:59 +0100 Subject: [PATCH 023/415] Remove lines above 80 characters in library/ctr_drbg.c --- library/ctr_drbg.c | 76 ++++++++++++++++++++++++++++++---------------- 1 file changed, 50 insertions(+), 26 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index d0e5ba862..35890eb49 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -90,7 +90,8 @@ int mbedtls_ctr_drbg_seed_entropy_len( /* * Initialize with an empty key */ - if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) + if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, + MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) { return( ret ); } @@ -108,8 +109,9 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, const unsigned char *custom, size_t len ) { - return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy, custom, len, - MBEDTLS_CTR_DRBG_ENTROPY_LEN ) ); + return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy, + custom, len, + MBEDTLS_CTR_DRBG_ENTROPY_LEN ) ); } void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ) @@ -124,17 +126,20 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ) mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); } -void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance ) +void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, + int resistance ) { ctx->prediction_resistance = resistance; } -void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, size_t len ) +void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, + size_t len ) { ctx->entropy_len = len; } -void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, int interval ) +void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, + int interval ) { ctx->reseed_interval = interval; } @@ -142,7 +147,8 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, int in static int block_cipher_df( unsigned char *output, const unsigned char *data, size_t data_len ) { - unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16]; + unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16]; unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN]; unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE]; unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; @@ -156,7 +162,8 @@ static int block_cipher_df( unsigned char *output, if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); - memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 ); + memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 ); mbedtls_aes_init( &aes_ctx ); /* @@ -181,7 +188,8 @@ static int block_cipher_df( unsigned char *output, for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ ) key[i] = i; - if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) + if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key, + MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) { goto exit; } @@ -203,7 +211,8 @@ static int block_cipher_df( unsigned char *output, use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; - if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain ) ) != 0 ) + if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, + chain, chain ) ) != 0 ) { goto exit; } @@ -220,7 +229,8 @@ static int block_cipher_df( unsigned char *output, /* * Do final encryption with reduced data */ - if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) + if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp, + MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) { goto exit; } @@ -229,7 +239,8 @@ static int block_cipher_df( unsigned char *output, for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE ) { - if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv ) ) != 0 ) + if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, + iv, iv ) ) != 0 ) { goto exit; } @@ -257,7 +268,7 @@ exit: } static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, - const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] ) + const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] ) { unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN]; unsigned char *p = tmp; @@ -278,7 +289,8 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, /* * Crypt counter block */ - if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p ) ) != 0 ) + if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, + ctx->counter, p ) ) != 0 ) { return( ret ); } @@ -292,11 +304,13 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, /* * Update key and counter */ - if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) + if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, + MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) { return( ret ); } - memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE ); + memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, + MBEDTLS_CTR_DRBG_BLOCKSIZE ); return( 0 ); } @@ -425,13 +439,14 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, /* * Crypt counter block */ - if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp ) ) != 0 ) + if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, + ctx->counter, tmp ) ) != 0 ) { return( ret ); } - use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : - output_len; + use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) + ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len; /* * Copy random block to destination */ @@ -450,7 +465,8 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, return( 0 ); } -int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len ) +int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, + size_t output_len ) { int ret; mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng; @@ -471,7 +487,8 @@ int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_l } #if defined(MBEDTLS_FS_IO) -int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ) +int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, + const char *path ) { int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; FILE *f; @@ -480,13 +497,19 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char if( ( f = fopen( path, "wb" ) ) == NULL ) return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR ); - if( ( ret = mbedtls_ctr_drbg_random( ctx, buf, MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 ) + if( ( ret = mbedtls_ctr_drbg_random( ctx, buf, + MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 ) goto exit; - if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != MBEDTLS_CTR_DRBG_MAX_INPUT ) + if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != + MBEDTLS_CTR_DRBG_MAX_INPUT ) + { ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; + } else + { ret = 0; + } exit: mbedtls_platform_zeroize( buf, sizeof( buf ) ); @@ -495,7 +518,8 @@ exit: return( ret ); } -int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ) +int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, + const char *path ) { int ret = 0; FILE *f; @@ -608,7 +632,7 @@ int mbedtls_ctr_drbg_self_test( int verbose ) test_offset = 0; CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy, - (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) ); + (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) ); mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON ); CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) ); CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) ); @@ -629,7 +653,7 @@ int mbedtls_ctr_drbg_self_test( int verbose ) test_offset = 0; CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy, - (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) ); + (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) ); CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) ); CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) ); CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) ); From 85a7442753f806f739f2c8fb8ea0b12ee8c139f0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 5 Oct 2018 14:50:21 +0200 Subject: [PATCH 024/415] mbedtls_rsa_rsaes_pkcs1_v15_decrypt: remove the variable p Get rid of the variable p. This makes it more apparent where the code accesses the buffer at an offset whose value is sensitive. No intended behavior change in this commit. --- library/rsa.c | 50 ++++++++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 5434d1419..6aa02da2b 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1478,17 +1478,26 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, { int ret; size_t ilen = ctx->len; - size_t pad_count = 0; size_t i; - unsigned bad = 0; - unsigned char pad_done = 0; - size_t plaintext_size = 0; size_t plaintext_max_size = ( output_max_len > ilen - 11 ? ilen - 11 : output_max_len ); - unsigned output_too_large; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - unsigned char *p = buf; + /* The following variables take sensitive values: their value must + * not leak into the observable behavior of the function other than + * the designated outputs (output, olen, return value). Otherwise + * this would open the execution of the function to + * side-channel-based variants of the Bleichenbacher padding oracle + * attack. Potential side channels include overall timing, memory + * access patterns (especially visible to an adversary who has access + * to a shared memory cache), and branches (especially visible to + * an adversary who has access to a shared code cache or to a shared + * branch predictor). */ + size_t pad_count = 0; + unsigned bad = 0; + unsigned char pad_done = 0; + size_t plaintext_size = 0; + unsigned output_too_large; if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1506,38 +1515,35 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, /* * Check and get padding len in "constant-time" */ - bad |= *p++; /* First byte must be 0 */ + bad |= buf[0]; /* First byte must be 0 */ /* This test does not depend on secret data */ if( mode == MBEDTLS_RSA_PRIVATE ) { - bad |= *p++ ^ MBEDTLS_RSA_CRYPT; + bad |= buf[1] ^ MBEDTLS_RSA_CRYPT; /* Get padding len, but always read till end of buffer * (minus one, for the 00 byte) */ - for( i = 0; i < ilen - 3; i++ ) + for( i = 2; i < ilen - 1; i++ ) { - pad_done |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1; + pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1; pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; } - p += pad_count; - bad |= *p++; /* Must be zero */ + bad |= buf[pad_count + 2]; } else { - bad |= *p++ ^ MBEDTLS_RSA_SIGN; + bad |= buf[1] ^ MBEDTLS_RSA_SIGN; /* Get padding len, but always read till end of buffer * (minus one, for the 00 byte) */ - for( i = 0; i < ilen - 3; i++ ) + for( i = 2; i < ilen - 1; i++ ) { - pad_done |= ( p[i] != 0xFF ); + pad_done |= ( buf[i] != 0xFF ); pad_count += ( pad_done == 0 ); } - - p += pad_count; - bad |= *p++; /* Must be zero */ + bad |= buf[pad_count + 2]; } /* There must be at least 8 bytes of padding. */ @@ -1552,7 +1558,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * size_t values involved fit in unsigned int. */ plaintext_size = if_int( bad, (unsigned) plaintext_max_size, - (unsigned) ( ilen - ( p - buf ) ) ); + (unsigned) ( ilen - pad_count - 3 ) ); /* Set output_too_large to 0 if the plaintext fits in the output * buffer and to 1 otherwise. */ @@ -1591,13 +1597,13 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * does not depend on the plaintext size. After this move, the * starting location of the plaintext is no longer sensitive * information. */ - p = buf + ilen - plaintext_max_size; - mem_move_to_left( p, plaintext_max_size, + mem_move_to_left( buf + ilen - plaintext_max_size, + plaintext_max_size, plaintext_max_size - plaintext_size ); /* Finally copy the decrypted plaintext plus trailing zeros * into the output buffer. */ - memcpy( output, p, plaintext_max_size ); + memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size ); /* Report the amount of data we copied to the output buffer. In case * of errors (bad padding or output too large), the value of *olen From 40b57f4acde4480bf33c0c393c4c77d0c2c98d5c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 5 Oct 2018 15:06:12 +0200 Subject: [PATCH 025/415] Remove a remaining sensitive memory access in PKCS#1 v1.5 decryption --- library/rsa.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 6aa02da2b..f581fd73c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1512,14 +1512,14 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, if( ret != 0 ) goto cleanup; - /* - * Check and get padding len in "constant-time" - */ - bad |= buf[0]; /* First byte must be 0 */ + /* Check and get padding length in constant time and constant + * memory trace. The first byte must be 0. */ + bad |= buf[0]; - /* This test does not depend on secret data */ if( mode == MBEDTLS_RSA_PRIVATE ) { + /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00 + * where PS must be at least 8 nonzero bytes. */ bad |= buf[1] ^ MBEDTLS_RSA_CRYPT; /* Get padding len, but always read till end of buffer @@ -1529,23 +1529,26 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1; pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; } - - bad |= buf[pad_count + 2]; } else { + /* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00 + * where PS must be at least 8 bytes with the value 0xFF. */ bad |= buf[1] ^ MBEDTLS_RSA_SIGN; /* Get padding len, but always read till end of buffer * (minus one, for the 00 byte) */ for( i = 2; i < ilen - 1; i++ ) { - pad_done |= ( buf[i] != 0xFF ); - pad_count += ( pad_done == 0 ); + pad_done |= if_int( buf[i], 0, 1 ); + pad_count += if_int( pad_done, 0, 1 ); + bad |= if_int( pad_done, 0, buf[i] ^ 0xFF ); } - bad |= buf[pad_count + 2]; } + /* If pad_done is still zero, there's no data, only unfinished padding. */ + bad |= if_int( pad_done, 0, 1 ); + /* There must be at least 8 bytes of padding. */ bad |= size_greater_than( 8, pad_count ); @@ -1580,8 +1583,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * from the same buffer whether the padding is good or not to * avoid leaking the padding validity through overall timing or * through memory or cache access patterns. */ + bad = all_or_nothing_int( bad | output_too_large ); for( i = 11; i < ilen; i++ ) - buf[i] &= ~( bad | output_too_large ); + buf[i] &= ~bad; /* If the plaintext is too large, truncate it to the buffer size. * Copy anyway to avoid revealing the length through timing, because From c5ccd7a1e7ff3c084bd07fa4a6d59284c8a778b4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 5 Oct 2018 15:42:52 +0200 Subject: [PATCH 026/415] Indicate the memory access variations in the changelog entry --- ChangeLog | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 32311bfaa..0bb9ec04a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,10 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.xx.x branch released xxxx-xx-xx Security - * Fix a timing variation in RSA PKCS#1 v1.5 decryption that could - lead to a Bleichenbacher-style attack. In TLS, this affects - RSA-based ciphersuites without DHE or ECDHE. Reported by Yuval Yarom, - Eyal Ronen, Adi Shamir, David Wong and Daniel Genkin. + * Fix timing variations and memory access variations in RSA PKCS#1 v1.5 + decryption that could lead to a Bleichenbacher-style padding oracle + attack. In TLS, this affects RSA-based ciphersuites without DHE or + ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and + Daniel Genkin. = mbed TLS 2.13.1 branch released 2018-09-06 From ec2a5fdee143f52d5800f2e2f3282634800a46c1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 5 Oct 2018 18:11:27 +0200 Subject: [PATCH 027/415] PKCS#1 v1.5 decoding: fix empty payload case --- library/rsa.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index f581fd73c..69542f352 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1522,9 +1522,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * where PS must be at least 8 nonzero bytes. */ bad |= buf[1] ^ MBEDTLS_RSA_CRYPT; - /* Get padding len, but always read till end of buffer - * (minus one, for the 00 byte) */ - for( i = 2; i < ilen - 1; i++ ) + /* Read the whole buffer. Set pad_done to nonzero if we find + * the 0x00 byte and remember the padding length in pad_count. */ + for( i = 2; i < ilen; i++ ) { pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1; pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; @@ -1536,9 +1536,10 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * where PS must be at least 8 bytes with the value 0xFF. */ bad |= buf[1] ^ MBEDTLS_RSA_SIGN; - /* Get padding len, but always read till end of buffer - * (minus one, for the 00 byte) */ - for( i = 2; i < ilen - 1; i++ ) + /* Read the whole buffer. Set pad_done to nonzero if we find + * the 0x00 byte and remember the padding length in pad_count. + * If there's a non-0xff byte in the padding, the padding is bad. */ + for( i = 2; i < ilen; i++ ) { pad_done |= if_int( buf[i], 0, 1 ); pad_count += if_int( pad_done, 0, 1 ); From 0488ce653a1cf791be9d4061832e33694e6d1f63 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 30 Sep 2018 15:36:50 +0100 Subject: [PATCH 028/415] Add support for alternative CSR headers Add support for RFC7468, and the alternative Microsoft footer/headers for CSR's that contain the text 'BEGIN NEW CERTIFICATE REQUEST' instead of 'BEGIN CERTIFICATE REQUEST'. --- library/x509_csr.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/library/x509_csr.c b/library/x509_csr.c index f84425728..032b15c65 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -279,15 +279,23 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz { mbedtls_pem_init( &pem ); ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN CERTIFICATE REQUEST-----", - "-----END CERTIFICATE REQUEST-----", - buf, NULL, 0, &use_len ); - + "-----BEGIN CERTIFICATE REQUEST-----", + "-----END CERTIFICATE REQUEST-----", + buf, NULL, 0, &use_len ); + if( ret != 0 ) + { + ret = mbedtls_pem_read_buffer( &pem, + "-----BEGIN NEW CERTIFICATE REQUEST-----", + "-----END NEW CERTIFICATE REQUEST-----", + buf, NULL, 0, &use_len ); + } if( ret == 0 ) + { /* * Was PEM encoded, parse the result */ ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen ); + } mbedtls_pem_free( &pem ); if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) From 03de21059d037b46bc43cc152e472963325d1a52 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 6 Oct 2018 16:24:13 +0100 Subject: [PATCH 029/415] Add additional test case for alternative CSR headers Add a test case for alternative headers possible for CSR's, as defined in RFC7468. --- tests/data_files/server1-ms.req.sha256 | 16 ++++++++++++++++ tests/suites/test_suite_x509parse.data | 4 ++++ 2 files changed, 20 insertions(+) create mode 100644 tests/data_files/server1-ms.req.sha256 diff --git a/tests/data_files/server1-ms.req.sha256 b/tests/data_files/server1-ms.req.sha256 new file mode 100644 index 000000000..b0d9414a2 --- /dev/null +++ b/tests/data_files/server1-ms.req.sha256 @@ -0,0 +1,16 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow +GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA +A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb ++OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr +eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19 +3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm +TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF +ox+ATHKxQ/XpRQP+2OTb9sw1kM59 +-----END NEW CERTIFICATE REQUEST----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 406cf5931..d5b5351b5 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -278,6 +278,10 @@ X509 CSR Information RSA-PSS with SHA512 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n" +X509 CSR Information RSA with SHA256 - Microsoft header +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +mbedtls_x509_csr_info:"data_files/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" + X509 Verify Information: empty x509_verify_info:0:"":"" From 5199227d87ce8b2812c8f3c99ed97762f6c634a7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 30 Sep 2018 15:44:52 +0100 Subject: [PATCH 030/415] Add Changelog entry for #767 Add Changelog entry for fix for alternative header/footers in CSR's. --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..dde23d868 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ Changes * Close a test gap in (D)TLS between the client side and the server side: test the handling of large packets and small packets on the client side in the same way as on the server side. + * Add support for alternative CSR headers, as used by Microsoft and defined + in RFC 7468. Found by Michael Ernst. Fixes #767. = mbed TLS 2.13.1 branch released 2018-09-06 From e1660af2e2c402b535bac5d7a8dbd44269347f80 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 7 Oct 2018 17:48:37 +0100 Subject: [PATCH 031/415] Fix CSR parsing header call Change the secondary X509 CSR parsing call for the alternative MS header to only occur if the first call fails due to the header being unfound, instead of any call. --- library/x509_csr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/x509_csr.c b/library/x509_csr.c index 032b15c65..c8c08c87b 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -282,13 +282,14 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz "-----BEGIN CERTIFICATE REQUEST-----", "-----END CERTIFICATE REQUEST-----", buf, NULL, 0, &use_len ); - if( ret != 0 ) + if( ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) { ret = mbedtls_pem_read_buffer( &pem, "-----BEGIN NEW CERTIFICATE REQUEST-----", "-----END NEW CERTIFICATE REQUEST-----", buf, NULL, 0, &use_len ); } + if( ret == 0 ) { /* From 695a34654ab43f1f0b2e42cfde2f51b21a7e4de7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 5 Oct 2018 18:15:25 +0200 Subject: [PATCH 032/415] Add tests for PKCS#1 v1.5 decoding Functional tests for various payload sizes and output buffer sizes. When the padding is bad or the plaintext is too large for the output buffer, verify that function writes some outputs. This doesn't validate that the implementation is time-constant, but it at least validates that it doesn't just return early without outputting anything. --- tests/suites/test_suite_pkcs1_v15.data | 90 +++++++++++++ tests/suites/test_suite_pkcs1_v15.function | 148 +++++++++++++++++++++ 2 files changed, 238 insertions(+) diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data index 030940007..a4d6eb545 100644 --- a/tests/suites/test_suite_pkcs1_v15.data +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -33,3 +33,93 @@ pkcs1_rsassa_v15_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0 RSASSA-V15 Verification Test Vector Int pkcs1_rsassa_v15_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0 + +RSAES-V15 decoding: good, payload=max, tight output buffer +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:117:0 + +RSAES-V15 decoding: good, payload=max, larger output buffer +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:128:0 + +RSAES-V15 decoding: good, payload=max-1, tight output buffer +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:116:0 + +RSAES-V15 decoding: good, payload=max-1, larger output buffer +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:117:0 + +RSAES-V15 decoding: good, payload=1 +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"00025050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":1:1:0 + +RSAES-V15 decoding: good, empty payload +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":0:0:0 + +RSAES-V15 decoding: payload=max, output too large +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:116:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE + +RSAES-V15 decoding: payload=max-1, output too large +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:115:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE + +RSAES-V15 decoding: bad first byte +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0102505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 decoding: bad second byte (0 instead of 2) +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0000505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 decoding: bad second byte (1 instead of 2) +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0001505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 decoding: padding too short (0) +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000200":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 decoding: padding too short (7) +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050500000ffffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 decoding: unfinished padding +pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +EMSA-V15 decoding: good, payload=max, tight output buffer +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffff00":117:117:0 + +EMSA-V15 decoding: good, payload=max, larger output buffer +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffff00":117:128:0 + +EMSA-V15 decoding: good, payload=max-1, tight output buffer +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffff00":116:116:0 + +EMSA-V15 decoding: good, payload=max-1, larger output buffer +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffff00":116:117:0 + +EMSA-V15 decoding: good, payload=1 +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00":1:1:0 + +EMSA-V15 decoding: good, empty payload +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00":0:0:0 + +EMSA-V15 decoding: bad first byte +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0101ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +EMSA-V15 decoding: bad second byte (0 instead of 1) +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0000ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +EMSA-V15 decoding: bad second byte (2 instead of 1) +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0002ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +EMSA-V15 decoding: padding too short (0) +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"000100":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +EMSA-V15 decoding: padding too short (7) +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffff0000ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +EMSA-V15 decoding: invalid padding at first byte +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001fffffffffffffffe00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +EMSA-V15 decoding: invalid padding at last byte +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001feffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +EMSA-V15 decoding: unfinished padding +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +EMSA-V15 decoding: unfinished padding with invalid first byte +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING + +EMSA-V15 decoding: unfinished padding with invalid last byte +pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 83f417ca8..0723623a5 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -93,6 +93,154 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void pkcs1_v15_decode( int mode, + data_t *input, + int expected_plaintext_length_arg, + int output_size_arg, + int expected_result ) +{ + size_t expected_plaintext_length = expected_plaintext_length_arg; + size_t output_size = output_size_arg; + rnd_pseudo_info rnd_info; + mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi; + mbedtls_rsa_context ctx; + static unsigned char N[128] = { + 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5, + 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec, + 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5, + 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73, + 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5, + 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde, + 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d, + 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e, + 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2, + 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1, + 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46, + 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec, + 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33, + 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11, + 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12, + 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb + }; + static unsigned char E[1] = { 0x03 }; + static unsigned char P[64] = { + 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8, + 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8, + 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd, + 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9, + 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5, + 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55, + 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1, + 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b + }; + static unsigned char Q[64] = { + 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b, + 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03, + 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c, + 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e, + 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83, + 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc, + 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca, + 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1 + }; + unsigned char original[128]; + unsigned char intermediate[128]; + static unsigned char default_content[128] = { + /* A randomly generated pattern. */ + 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a, + 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19, + 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58, + 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4, + 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50, + 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa, + 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08, + 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf, + 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70, + 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef, + 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a, + 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2, + 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b, + 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde, + 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d, + 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42 + }; + unsigned char final[128]; + size_t output_length = 0x7EA0; + + memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi ); + mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi ); + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); + + TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_binary( &Pmpi, P, sizeof( P ) ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_binary( &Qmpi, Q, sizeof( Q ) ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import( &ctx, &Nmpi, &Pmpi, &Qmpi, + NULL, &Empi ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); + + TEST_ASSERT( input->len <= sizeof( N ) ); + memcpy( original, input->x, input->len ); + memset( original + input->len, 'd', sizeof( original ) - input->len ); + if( mode == MBEDTLS_RSA_PRIVATE ) + TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 ); + else + TEST_ASSERT( mbedtls_rsa_private( &ctx, &rnd_pseudo_rand, &rnd_info, + original, intermediate ) == 0 ); + + memcpy( final, default_content, sizeof( final ) ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, + &rnd_pseudo_rand, &rnd_info, + mode, + &output_length, + intermediate, + final, + output_size ) == expected_result ); + if( expected_result == 0 ) + { + TEST_ASSERT( output_length == expected_plaintext_length ); + TEST_ASSERT( memcmp( original + sizeof( N ) - output_length, + final, + output_length ) == 0 ); + } + else if( expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING || + expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ) + { + size_t max_payload_length = + output_size > sizeof( N ) - 11 ? sizeof( N ) - 11 : output_size; + size_t i; + size_t count = 0; + +#if !defined(MBEDTLS_RSA_ALT) + /* Check that the output in invalid cases is what the default + * implementation currently does. Alternative implementations + * may produce different output, so we only perform these precise + * checks when using the default implementation. */ + TEST_ASSERT( output_length == max_payload_length ); + for( i = 0; i < max_payload_length; i++ ) + TEST_ASSERT( final[i] == 0 ); +#endif + /* Even in alternative implementations, the outputs must have + * changed, otherwise it indicates at least a timing vulnerability + * because no write to the outputs is performed in the bad case. */ + TEST_ASSERT( output_length != 0x7EA0 ); + for( i = 0; i < max_payload_length; i++ ) + count += ( final[i] == default_content[i] ); + /* If more than 16 bytes are unchanged in final, that's evidence + * that final wasn't overwritten. */ + TEST_ASSERT( count < 16 ); + } + +exit: + mbedtls_mpi_free( &Nmpi ); mbedtls_mpi_free( &Empi ); + mbedtls_mpi_free( &Pmpi ); mbedtls_mpi_free( &Qmpi ); + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, From 9b430704d151efdf917eb388446bded760e86dd8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Oct 2018 19:15:34 +0200 Subject: [PATCH 033/415] Fix likely-harmless undefined behavior surrounding volatile The code was making two unsequenced reads from volatile locations. This is undefined behavior. It was probably harmless because we didn't care in what order the reads happened and the reads were from ordinary memory, but UB is UB and IAR8 complained. --- library/rsa.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 69542f352..b401189d2 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1460,7 +1460,11 @@ static void mem_move_to_left( void *start, * `offset` passes shift the data one byte to the left and * zero out the last byte. */ for( n = 0; n < total - 1; n++ ) - buf[n] = if_int( no_op, buf[n], buf[n+1] ); + { + unsigned char current = buf[n]; + unsigned char next = buf[n+1]; + buf[n] = if_int( no_op, current, next ); + } buf[total-1] = if_int( no_op, buf[total-1], 0 ); } } From 4899247bf2cf1cae088e0c11a36f09166561875b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Oct 2018 19:19:12 +0200 Subject: [PATCH 034/415] Fix undefined behavior in unsigned-to-signed conversion The code assumed that `int x = - (unsigned) u` with 0 <= u < INT_MAX sets `x` to the negative of u, but actually this calculates (UINT_MAX - u) and then converts this value to int, which overflows. Cast to int before applying the unary minus operator to guarantee the desired behavior. --- library/rsa.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index b401189d2..b9708646f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1578,9 +1578,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * - OUTPUT_TOO_LARGE if the padding is good but the decrypted * plaintext does not fit in the output buffer. * - 0 if the padding is correct. */ - ret = - if_int( bad, - MBEDTLS_ERR_RSA_INVALID_PADDING, - if_int( output_too_large, - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, - 0 ) ); + ret = - (int) if_int( bad, - MBEDTLS_ERR_RSA_INVALID_PADDING, + if_int( output_too_large, - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, + 0 ) ); /* If the padding is bad or the plaintext is too large, zero the * data that we're about to copy to the output buffer. From cb9debda6bb3fd4f6c53fd94895dfcc5f885502f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 12 Oct 2018 10:44:27 +0100 Subject: [PATCH 035/415] Guard PK-parse module by ASN.1-parse module in check_config.h --- include/mbedtls/check_config.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 9e6bb8a46..ebd28eaf1 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -127,6 +127,10 @@ #error "MBEDTLS_ECP_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) +#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites" +#endif + #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \ !defined(MBEDTLS_SHA256_C)) #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" From 8a89f9fcd2cc4a43089414ebf33130217f95d2f7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 12 Oct 2018 10:46:32 +0100 Subject: [PATCH 036/415] Make PBE-related parts of PKCS12 depend on MBEDTLS_ASN1_PARSE_C --- include/mbedtls/pkcs12.h | 4 ++++ library/pkcs12.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index a621ef5b1..69f04177c 100644 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -46,6 +46,8 @@ extern "C" { #endif +#if defined(MBEDTLS_ASN1_PARSE_C) + /** * \brief PKCS12 Password Based function (encryption / decryption) * for pbeWithSHAAnd128BitRC4 @@ -87,6 +89,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *input, size_t len, unsigned char *output ); +#endif /* MBEDTLS_ASN1_PARSE_C */ + /** * \brief The PKCS#12 derivation function uses a password and a salt * to produce pseudo-random bits for a particular "purpose". diff --git a/library/pkcs12.c b/library/pkcs12.c index 16a15cb63..7edf064c1 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -48,6 +48,8 @@ #include "mbedtls/des.h" #endif +#if defined(MBEDTLS_ASN1_PARSE_C) + static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations ) { @@ -226,6 +228,8 @@ exit: return( ret ); } +#endif /* MBEDTLS_ASN1_PARSE_C */ + static void pkcs12_fill_buffer( unsigned char *data, size_t data_len, const unsigned char *filler, size_t fill_len ) { From 1ea604d3ee70bf6c735b3d03bcfe892cca7cdd96 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 12 Oct 2018 10:57:33 +0100 Subject: [PATCH 037/415] Guard mbedtls_pkcs5_pbes2() by MBEDTLS_ASN1_PARSE_C Previously, mbedtls_pkcs5_pbes2() was unconditionally declared in `pkcs5.h` but defined as a stub returning `MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE` in case MBEDTLS_ASN1_PARSE_C was not defined. In line with the previous commits, this commit removes declaration and definition from both `pkcs5.h` and `pkcs5.c` in case MBEDTLS_ASN1_PARSE_C is not defined. --- include/mbedtls/pkcs5.h | 4 ++++ library/pkcs5.c | 17 +---------------- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index 9a3c9fddc..d4bb36dfa 100644 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -44,6 +44,8 @@ extern "C" { #endif +#if defined(MBEDTLS_ASN1_PARSE_C) + /** * \brief PKCS#5 PBES2 function * @@ -62,6 +64,8 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *data, size_t datalen, unsigned char *output ); +#endif /* MBEDTLS_ASN1_PARSE_C */ + /** * \brief PKCS#5 PBKDF2 using HMAC * diff --git a/library/pkcs5.c b/library/pkcs5.c index f04f0ab25..50133435c 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -54,22 +54,7 @@ #define mbedtls_printf printf #endif -#if !defined(MBEDTLS_ASN1_PARSE_C) -int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t datalen, - unsigned char *output ) -{ - ((void) pbe_params); - ((void) mode); - ((void) pwd); - ((void) pwdlen); - ((void) data); - ((void) datalen); - ((void) output); - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); -} -#else +#if defined(MBEDTLS_ASN1_PARSE_C) static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations, int *keylen, mbedtls_md_type_t *md_type ) From 44da18a2944c27d63af58494b9fec76e8b51b0d8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 12 Oct 2018 10:42:13 +0100 Subject: [PATCH 038/415] Duplicate mbedtls_asn1_find_named_data in asn1write.c to avoid dep. This commit duplicates the public function mbedtls_asn1_find_named_data() defined in library/asn1parse.c within library/asn1write.c in order to avoid a dependency of the ASN.1 writing module on the ASN.1 parsing module. The duplication is unproblematic from a semantic and an efficiency perspective becasue it is just a short list traversal that doesn't actually do any ASN.1 parsing. --- library/asn1write.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index 72acdf301..119a6d0d1 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -328,14 +328,36 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, return( (int) len ); } -mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head, + +/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(), + * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */ +static mbedtls_asn1_named_data *asn1_find_named_data( + mbedtls_asn1_named_data *list, + const char *oid, size_t len ) +{ + while( list != NULL ) + { + if( list->oid.len == len && + memcmp( list->oid.p, oid, len ) == 0 ) + { + break; + } + + list = list->next; + } + + return( list ); +} + +mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( + mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, const unsigned char *val, size_t val_len ) { mbedtls_asn1_named_data *cur; - if( ( cur = mbedtls_asn1_find_named_data( *head, oid, oid_len ) ) == NULL ) + if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL ) { // Add new entry if not present yet based on OID // From b14c331eb903cd59f62a705ed4b8b112c441650e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 16 Oct 2018 13:45:22 +0100 Subject: [PATCH 039/415] Add dependency of key_app_writer example program on PK parse module --- programs/pkey/key_app_writer.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 13602c2e5..cd0c23064 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -87,10 +87,12 @@ USAGE_OUT \ "\n" -#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_FS_IO) +#if !defined(MBEDTLS_PK_PARSE_C) || \ + !defined(MBEDTLS_PK_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) int main( void ) { - mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" ); + mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" ); return( 0 ); } #else @@ -433,4 +435,4 @@ exit: return( exit_code ); } -#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */ +#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */ From 19d858e8e6c1e44136b79e10367ccf28f6b1585a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 16 Oct 2018 13:46:25 +0100 Subject: [PATCH 040/415] Add dependency of pkwrite test suite on pkparse module --- tests/suites/test_suite_pkwrite.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 3ad782d33..43c275ef2 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -5,7 +5,7 @@ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO + * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO * END_DEPENDENCIES */ From 0fbbc64fee0b83981baac2752fef5dd4fb094302 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 16 Oct 2018 13:48:23 +0100 Subject: [PATCH 041/415] Add dependency of mbedtls_asn1_write_len() test on ASN.1 parsing --- tests/suites/test_suite_asn1write.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index aae44a8c6..57a974125 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -78,7 +78,7 @@ void mbedtls_asn1_write_ia5_string( char * str, data_t * asn1, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ASN1PARSE_C */ void mbedtls_asn1_write_len( int len, data_t * asn1, int buf_len, int result ) { From 27516979c14459d5519700b47765c8fd684d29cc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 18 Oct 2018 11:49:25 +0100 Subject: [PATCH 042/415] Entropy: Fall through to /dev/random if getrandom() syscall unknown This commit fixes issue #1212 related to platform-specific entropy polling in an syscall-emulated environment. Previously, the implementation of the entropy gathering function `mbedtls_platform_entropy_poll()` for linux machines used the following logic to determine how to obtain entropy from the kernel: 1. If the getrandom() system call identifier SYS_getrandom is present and the kernel version is 3.17 or higher, use syscall( SYS_getrandom, ... ) 2. Otherwise, fall back to reading from /dev/random. There are two issues with this: 1. Portability: When cross-compiling the code for a different architecture and running it through system call emulation in qemu, qemu reports the host kernel version through uname but, as of v.2.5.0, doesn't support emulating the getrandom() syscall. This leads to `mbedtls_platform_entropy_poll()` failing even though reading from /dev/random would have worked. 2. Style: Extracting the linux kernel version from the output of `uname` is slightly tedious. This commit fixes both by implementing the suggestion in #1212: - It removes the kernel-version detection through uname(). - Instead, it checks whether `syscall( SYS_getrandom, ... )` fails with errno set to ENOSYS indicating an unknown system call. If so, it falls through to trying to read from /dev/random. Fixes #1212. --- library/entropy_poll.c | 57 +++++++----------------------------------- 1 file changed, 9 insertions(+), 48 deletions(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 040aa117d..ae3d2d5b6 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -99,6 +99,7 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len #include #if defined(SYS_getrandom) #define HAVE_GETRANDOM +#include static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) { @@ -108,47 +109,8 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) memset( buf, 0, buflen ); #endif #endif - return( syscall( SYS_getrandom, buf, buflen, flags ) ); } - -#include -/* Check if version is at least 3.17.0 */ -static int check_version_3_17_plus( void ) -{ - int minor; - struct utsname un; - const char *ver; - - /* Get version information */ - uname(&un); - ver = un.release; - - /* Check major version; assume a single digit */ - if( ver[0] < '3' || ver[0] > '9' || ver [1] != '.' ) - return( -1 ); - - if( ver[0] - '0' > 3 ) - return( 0 ); - - /* Ok, so now we know major == 3, check minor. - * Assume 1 or 2 digits. */ - if( ver[2] < '0' || ver[2] > '9' ) - return( -1 ); - - minor = ver[2] - '0'; - - if( ver[3] >= '0' && ver[3] <= '9' ) - minor = 10 * minor + ver[3] - '0'; - else if( ver [3] != '.' ) - return( -1 ); - - if( minor < 17 ) - return( -1 ); - - return( 0 ); -} -static int has_getrandom = -1; #endif /* SYS_getrandom */ #endif /* __linux__ */ @@ -159,22 +121,21 @@ int mbedtls_platform_entropy_poll( void *data, { FILE *file; size_t read_len; + int ret; ((void) data); #if defined(HAVE_GETRANDOM) - if( has_getrandom == -1 ) - has_getrandom = ( check_version_3_17_plus() == 0 ); - - if( has_getrandom ) + ret = getrandom_wrapper( output, len, 0 ); + if( ret >= 0 ) { - int ret; - - if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); - *olen = ret; return( 0 ); } + else if( errno != ENOSYS ) + return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + /* Fall through if the system call isn't known. */ +#else + ((void) ret; #endif /* HAVE_GETRANDOM */ *olen = 0; From 5e0924cb52965169eadc73410061454610338026 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 18 Oct 2018 12:11:54 +0100 Subject: [PATCH 043/415] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..a7e41100b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ Bugfix invalidated keys of a lifetime of less than a 1s. Fixes #1968. * Fix failure in hmac_drbg in the benchmark sample application, when MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 + * Fix runtime error in `mbedtls_platform_entropy_poll()` when run + through qemu user emulation. Reported and fix suggested by randombit + in #1212. Fixes #1212. Changes * Add tests for session resumption in DTLS. From 2cdb6b46be0c163798b45547a605cef695fb0212 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Mon, 22 Oct 2018 10:43:56 +0200 Subject: [PATCH 044/415] Include MinGW in the non-conforming (v)snprintf scope It turns out that in some environments MinGW esposes a non-conforming (v)snprintf behavior despite the tests against the MSVC runtime pass. Therefore it has been included in the "non-conforming" scope alongide older MSVC rungime environments. --- include/mbedtls/platform.h | 2 +- library/platform.c | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index ada898edc..afd6367a2 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -59,7 +59,7 @@ extern "C" { * implementations of some standard library functions, including snprintf * and vsnprintf. This affects MSVC and MinGW builds. */ -#if defined(_MSC_VER) && _MSC_VER <= 1900 +#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900) #define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF #define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF #endif diff --git a/library/platform.c b/library/platform.c index 8bf6ff5fb..4f8e40f30 100644 --- a/library/platform.c +++ b/library/platform.c @@ -30,10 +30,6 @@ #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" -#if defined(__MINGW32__) && !defined(__USE_MINGW_ANSI_STDIO) -#define __USE_MINGW_ANSI_STDIO 1 -#endif - #if defined(MBEDTLS_PLATFORM_MEMORY) #if !defined(MBEDTLS_PLATFORM_STD_CALLOC) static void *platform_calloc_uninit( size_t n, size_t size ) From f343de12dc39d6430ee0f435faab61e7cc438c8f Mon Sep 17 00:00:00 2001 From: Brian J Murray Date: Mon, 22 Oct 2018 16:40:49 -0700 Subject: [PATCH 045/415] typo fix --- library/ecp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp.c b/library/ecp.c index 9e2c085bb..b8364183d 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -407,7 +407,7 @@ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ) } /* - * Compare two points lazyly + * Compare two points lazily */ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) From b5d835f062f41ca75ff9773e16a610d0bb41f589 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 23 Oct 2018 09:59:19 +0100 Subject: [PATCH 046/415] Improve documentation of MBEDTLS_SSL_{MAX/IN/OUT}_CONTENT_LEN Fixes #2062. --- include/mbedtls/config.h | 63 ++++++++++++++++++++++++++++++---------- 1 file changed, 47 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 81438c5b1..96166c676 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2977,31 +2977,65 @@ /** \def MBEDTLS_SSL_MAX_CONTENT_LEN * - * Maximum fragment length in bytes. + * Maximum length (in bytes) of incoming and outgoing plaintext fragments. * - * Determines the size of both the incoming and outgoing TLS I/O buffers. + * This determines the size of both the incoming and outgoing TLS I/O buffers + * in such a way that both are capable of holding the specified amount of + * plaintext data, regardless of the protection mechanism used. * - * Uncommenting MBEDTLS_SSL_IN_CONTENT_LEN and/or MBEDTLS_SSL_OUT_CONTENT_LEN - * will override this length by setting maximum incoming and/or outgoing - * fragment length, respectively. + * To configure incoming and outgoing I/O buffers separately, use + * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN, + * which overwrite the value set by this option. + * + * \note When using a value less than the default of 16KB on the client, it is + * recommended to use the Maximum Fragment Length (MFL) extension to + * to inform the server about this limitation. On the server, there + * is no supported, standardized way of informing the client about + * restriction on the maximum size of incoming messages, and unless + * the limitation has been communicated by other means, it is recommended + * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN + * while keeping the default value of 16KB for the incoming buffer. + * + * Uncomment to set the maximum plaintext size of both + * incoming and outgoing I/O buffers. */ //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /** \def MBEDTLS_SSL_IN_CONTENT_LEN * - * Maximum incoming fragment length in bytes. + * Maximum length (in bytes) of incoming plaintext fragments. * - * Uncomment to set the size of the inward TLS buffer independently of the - * outward buffer. + * This determines the size of the incoming TLS I/O buffer in such a way + * that it is capable of holding the specified amount of plaintext data, + * regardless of the protection mechanism used. + * + * If this option is undefined, it inherits its value from + * #MBEDTLS_SSL_MAX_CONTENT_LEN. + * + * \note When using a value less than the default of 16KB on the client, it is + * recommended to use the Maximum Fragment Length (MFL) extension to + * to inform the server about this limitation. On the server, there + * is no supported, standardized way of informing the client about + * restriction on the maximum size of incoming messages, and unless + * the limitation has been communicated by other means, it is recommended + * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN + * while keeping the default value of 16KB for the incoming buffer. + * + * Uncomment to set the maximum plaintext size of the incoming I/O buffer + * independently of the outgoing I/O buffer. */ //#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN * - * Maximum outgoing fragment length in bytes. + * Maximum length (in bytes) of outgoing plaintext fragments. * - * Uncomment to set the size of the outward TLS buffer independently of the - * inward buffer. + * This determines the size of the outgoing TLS I/O buffer in such a way + * that it is capable of holding the specified amount of plaintext data, + * regardless of the protection mechanism used. + * + * If this option undefined, it inherits its value from + * #MBEDTLS_SSL_MAX_CONTENT_LEN. * * It is possible to save RAM by setting a smaller outward buffer, while keeping * the default inward 16384 byte buffer to conform to the TLS specification. @@ -3011,11 +3045,8 @@ * The specific size requirement depends on the configured ciphers and any * certificate data which is sent during the handshake. * - * For absolute minimum RAM usage, it's best to enable - * MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and reduce MBEDTLS_SSL_MAX_CONTENT_LEN. This - * reduces both incoming and outgoing buffer sizes. However this is only - * guaranteed if the other end of the connection also supports the TLS - * max_fragment_len extension. Otherwise the connection may fail. + * Uncomment to set the maximum plaintext size of the outgoing I/O buffer + * independently of the incoming I/O buffer. */ //#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 From 9543373668c933027eb2976307db91ff71529b1e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 24 Oct 2018 13:31:49 +0100 Subject: [PATCH 047/415] Use brackets around shift operations Use `( x >> y ) & z` instead of `x >> y & z`. Both are equivalent by operator precedence, but the former is more readable and the commonly used idiom in the library. --- library/ssl_ticket.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 985b7cd50..97ea6419c 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -188,9 +188,9 @@ static int ssl_save_session( const mbedtls_ssl_session *session, if( left < 3 + cert_len ) return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - *p++ = (unsigned char)( cert_len >> 16 & 0xFF ); - *p++ = (unsigned char)( cert_len >> 8 & 0xFF ); - *p++ = (unsigned char)( cert_len & 0xFF ); + *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF ); + *p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( cert_len ) & 0xFF ); if( session->peer_cert != NULL ) memcpy( p, session->peer_cert->raw.p, cert_len ); From 137015c1b12c4cbf7ca60c49911f59f48b5600e4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 24 Oct 2018 13:33:02 +0100 Subject: [PATCH 048/415] Fix unsafe bounds checks in ssl_load_session() Fixes #659 reported by Guido Vranken. --- library/ssl_ticket.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 97ea6419c..5a5445f2f 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -215,14 +215,14 @@ static int ssl_load_session( mbedtls_ssl_session *session, size_t cert_len; #endif /* MBEDTLS_X509_CRT_PARSE_C */ - if( p + sizeof( mbedtls_ssl_session ) > end ) + if( sizeof( mbedtls_ssl_session ) > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); memcpy( session, p, sizeof( mbedtls_ssl_session ) ); p += sizeof( mbedtls_ssl_session ); #if defined(MBEDTLS_X509_CRT_PARSE_C) - if( p + 3 > end ) + if( 3 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; @@ -236,7 +236,7 @@ static int ssl_load_session( mbedtls_ssl_session *session, { int ret; - if( p + cert_len > end ) + if( cert_len > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); From 6934e9b2887e65887d9d27c5a3e12442b840648c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 24 Oct 2018 13:41:37 +0100 Subject: [PATCH 049/415] Indentation fix --- library/ssl_ticket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 5a5445f2f..8492c19a8 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -247,7 +247,7 @@ static int ssl_load_session( mbedtls_ssl_session *session, mbedtls_x509_crt_init( session->peer_cert ); if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert, - p, cert_len ) ) != 0 ) + p, cert_len ) ) != 0 ) { mbedtls_x509_crt_free( session->peer_cert ); mbedtls_free( session->peer_cert ); From a7d2fa7891ab22c886d803604b9e2453eda2fd8d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 24 Oct 2018 13:41:43 +0100 Subject: [PATCH 050/415] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..58a51ff9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ Bugfix invalidated keys of a lifetime of less than a 1s. Fixes #1968. * Fix failure in hmac_drbg in the benchmark sample application, when MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 + * Fix an unsafe bounds check when restoring an SSL session from a ticket. + This could lead to a buffer overflow, but only in case ticket authentication + was broken. Reported and fix suggested by Guido Vranken in #659. Changes * Add tests for session resumption in DTLS. From d0d01c584e79ce8a3240a1d07f3ddd45c8c5a9e3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Oct 2018 16:49:48 +0100 Subject: [PATCH 051/415] Document `psk_list` parameter of ssl_server2 example program --- programs/ssl/ssl_server2.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 4eac51f74..6b560ca6c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -220,8 +220,11 @@ int main( void ) #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -#define USAGE_PSK \ - " psk=%%s default: \"\" (in hex, without 0x)\n" \ +#define USAGE_PSK \ + " psk=%%s default: \"\" (in hex, without 0x)\n" \ + " psk_list=%%s default: \"\"\n" \ + " A list of (PSK identity, PSK value) pairs in (hex format, without 0x)\n" \ + " id1,psk1[,id2,psk2[,...]]\n" \ " psk_identity=%%s default: \"Client_identity\"\n" #else #define USAGE_PSK "" From 8e5301165e9e74055a55a6ccfd21b6ea6e5693e1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Oct 2018 14:01:41 +0100 Subject: [PATCH 052/415] Correct typo in documentation of MBEDTLS_SSL_MAX_CONTENT_LEN --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 96166c676..415ac6352 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2989,7 +2989,7 @@ * * \note When using a value less than the default of 16KB on the client, it is * recommended to use the Maximum Fragment Length (MFL) extension to - * to inform the server about this limitation. On the server, there + * inform the server about this limitation. On the server, there * is no supported, standardized way of informing the client about * restriction on the maximum size of incoming messages, and unless * the limitation has been communicated by other means, it is recommended @@ -3014,7 +3014,7 @@ * * \note When using a value less than the default of 16KB on the client, it is * recommended to use the Maximum Fragment Length (MFL) extension to - * to inform the server about this limitation. On the server, there + * inform the server about this limitation. On the server, there * is no supported, standardized way of informing the client about * restriction on the maximum size of incoming messages, and unless * the limitation has been communicated by other means, it is recommended From 5ddc063c88784a5201767848dad307446156622b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Oct 2018 10:04:13 +0100 Subject: [PATCH 053/415] Correct typo --- programs/ssl/ssl_server2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 6b560ca6c..37f5c3fac 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -223,7 +223,8 @@ int main( void ) #define USAGE_PSK \ " psk=%%s default: \"\" (in hex, without 0x)\n" \ " psk_list=%%s default: \"\"\n" \ - " A list of (PSK identity, PSK value) pairs in (hex format, without 0x)\n" \ + " A list of (PSK identity, PSK value) pairs.\n" \ + " The PSK values are in hex, without 0x.\n" \ " id1,psk1[,id2,psk2[,...]]\n" \ " psk_identity=%%s default: \"Client_identity\"\n" #else From d8e3a1ef665082f314cc000f77804dfe17c85782 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 25 Oct 2018 13:24:21 +0200 Subject: [PATCH 054/415] Clarify documentation of ssl_set_own_cert() fixes #507 --- ChangeLog | 2 ++ include/mbedtls/ssl.h | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 513f24f3a..149e43972 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,8 @@ Bugfix invalidated keys of a lifetime of less than a 1s. Fixes #1968. * Fix failure in hmac_drbg in the benchmark sample application, when MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 + * Clarify documentation of mbedtls_ssl_set_own_cert() regarding the absence + of check for certificate/key matching. Reported by Attila Molnar, #507. Changes * Add tests for session resumption in DTLS. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 83849a564..78db69eb5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2043,6 +2043,14 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, * whether it matches those preferences - the server can then * decide what it wants to do with it. * + * \note The provided \p pk_key needs to match the public key in the + * first certificate in \p own_cert, or all handshakes using + * that certificate will fail. It is your responsibility + * to ensure that; this function will not perform any check. + * You may use mbedtls_pk_check_pair() in order to perform + * this check yourself, but be aware that this function can + * be computationally expensive on some key types. + * * \param conf SSL configuration * \param own_cert own public certificate chain * \param pk_key own private key From c388a8c394b69267153cba1168286a31fd2e4b1f Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 31 Oct 2018 16:49:20 +0100 Subject: [PATCH 055/415] Fix typo in a test condition code --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 25aaff3b0..d0d1cdb65 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2180,7 +2180,7 @@ static int x509_crt_find_parent( } /* extra precaution against mistakes in the caller */ - if( parent == NULL ) + if( *parent == NULL ) { *parent_is_trusted = 0; *signature_is_good = 0; From 79e4f4e933983ae771ee1a2c6744e35e6ab01400 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 5 Oct 2018 12:21:15 +0100 Subject: [PATCH 056/415] test: Print verbosely on failures in verbose mode Update the test runner to print detail about why the test failed when it fails, if the runner is running in verbose mode. --- tests/scripts/run-test-suites.pl | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 6fe6abfa5..73f33bb61 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -50,10 +50,20 @@ my ($failed_suites, $total_tests_run, $failed, $suite_cases_passed, $suite_cases_failed, $suite_cases_skipped, $total_cases_passed, $total_cases_failed, $total_cases_skipped ); +sub pad_print_center { + my( $width, $padchar, $string ) = @_; + my $padlen = ( $width - length( $string ) - 2 ) / 2; + print $padchar x( $padlen ), " $string ", $padchar x( $padlen ), "\n"; +} + for my $suite (@suites) { print "$suite ", "." x ( 72 - length($suite) - 2 - 4 ), " "; - my $result = `$prefix$suite`; + my $command = "$prefix$suite"; + if( $verbose ) { + $command .= ' -v'; + } + my $result = `$command`; $suite_cases_passed = () = $result =~ /.. PASS/g; $suite_cases_failed = () = $result =~ /.. FAILED/g; @@ -64,6 +74,11 @@ for my $suite (@suites) } else { $failed_suites++; print "FAIL\n"; + if( $verbose ) { + pad_print_center( 72, '-', "Begin $suite" ); + print $result; + pad_print_center( 72, '-', "End $suite" ); + } } my ($passed, $tests, $skipped) = $result =~ /([0-9]*) \/ ([0-9]*) tests.*?([0-9]*) skipped/; From f4b521dd10a4d336e1409af2458be2f216e2d9c5 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 5 Oct 2018 12:45:15 +0100 Subject: [PATCH 057/415] test: Use GetOpt::Long for argument parsing Simplify argument parsing by using a core perl library for parsing arguments. --- tests/scripts/run-test-suites.pl | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 73f33bb61..237326aff 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -24,14 +24,10 @@ use strict; use utf8; use open qw(:std utf8); -use constant FALSE => 0; -use constant TRUE => 1; +use Getopt::Long; my $verbose; -my $switch = shift; -if ( defined($switch) && ( $switch eq "-v" || $switch eq "--verbose" ) ) { - $verbose = TRUE; -} +GetOptions( "verbose|v" => \$verbose ); # All test suites = executable files, excluding source files, debug # and profiling information, etc. We can't just grep {! /\./} because From 8396a71449d9632aa962e0ab66de5b5de3c368df Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 5 Oct 2018 13:23:35 +0100 Subject: [PATCH 058/415] test: Enable multiple levels of verbosity Enable passing a number to "-v" in order to set the level of verbosity. Print detailed test failure information at verbosity level 1 or higher. Display summary messages at the verbosity level 2 or higher. Print detailed test information at verbosity level 3 or higher, whether the test failed or not. This enables a more readable output style that includes detailed failure information when a failure occurs. --- tests/scripts/run-test-suites.pl | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 237326aff..d0d404621 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -26,8 +26,8 @@ use open qw(:std utf8); use Getopt::Long; -my $verbose; -GetOptions( "verbose|v" => \$verbose ); +my $verbose = 0; +GetOptions( "verbose|v:1" => \$verbose ); # All test suites = executable files, excluding source files, debug # and profiling information, etc. We can't just grep {! /\./} because @@ -67,6 +67,11 @@ for my $suite (@suites) if( $result =~ /PASSED/ ) { print "PASS\n"; + if( $verbose > 2 ) { + pad_print_center( 72, '-', "Begin $suite" ); + print $result; + pad_print_center( 72, '-', "End $suite" ); + } } else { $failed_suites++; print "FAIL\n"; @@ -80,7 +85,7 @@ for my $suite (@suites) my ($passed, $tests, $skipped) = $result =~ /([0-9]*) \/ ([0-9]*) tests.*?([0-9]*) skipped/; $total_tests_run += $tests - $skipped; - if ( $verbose ) { + if( $verbose > 1 ) { print "(test cases passed:", $suite_cases_passed, " failed:", $suite_cases_failed, " skipped:", $suite_cases_skipped, @@ -98,7 +103,7 @@ print "-" x 72, "\n"; print $failed_suites ? "FAILED" : "PASSED"; printf " (%d suites, %d tests run)\n", scalar @suites, $total_tests_run; -if ( $verbose ) { +if( $verbose > 1 ) { print " test cases passed :", $total_cases_passed, "\n"; print " failed :", $total_cases_failed, "\n"; print " skipped :", $total_cases_skipped, "\n"; From 79bf327a95fe72c511ea52d4bb36edd81422a208 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 Nov 2018 11:57:03 +0100 Subject: [PATCH 059/415] Add ARIA and ChachaPoly to basic-build-test The invocation of `compat.sh` that runs those tests was added in all.sh but not here, resulting in our reported coverage figures being slightly lower than what we actually test. Fixing that omission change the figures reported from: Lines Tested : 19105 of 22623 84.4% Functions Tested : 1392 of 1460 95.3% to: Lines Tested : 19126 of 22623 84.5% Functions Tested : 1399 of 1460 95.8% It requires `$OPENSSL_NEXT` to be set and point to an OpenSSL version in the 1.1.1 line or later. --- tests/scripts/basic-build-test.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index b4058718a..537bd9072 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -93,6 +93,9 @@ OPENSSL_CMD="$OPENSSL_LEGACY" \ GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ sh compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ tee -a compat-test-$TEST_OUTPUT +OPENSSL_CMD="$OPENSSL_NEXT" \ + sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \ + tee -a compat-test-$TEST_OUTPUT echo # Step 3 - Process the coverage report From c242eea7327109977c82a74d7416f76008a5ba1f Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 5 Nov 2018 16:22:36 +0200 Subject: [PATCH 060/415] Change data file suffix for ott Change the suffix of the data files searched in `mbedtls_test.py` to `datax` as the generated files have this suffix. --- tests/scripts/mbedtls_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py index 8e8a89ba9..f9e88cf99 100755 --- a/tests/scripts/mbedtls_test.py +++ b/tests/scripts/mbedtls_test.py @@ -185,7 +185,7 @@ class MbedTlsTest(BaseHostTest): binary_path = self.get_config_item('image_path') script_dir = os.path.split(os.path.abspath(__file__))[0] suite_name = os.path.splitext(os.path.basename(binary_path))[0] - data_file = ".".join((suite_name, 'data')) + data_file = ".".join((suite_name, 'datax')) data_file = os.path.join(script_dir, '..', 'mbedtls', suite_name, data_file) if os.path.exists(data_file): From e2dae7e1f5cfe4bdca22d62b6b2c3c1bde4ddca1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 5 Nov 2018 16:54:40 +0000 Subject: [PATCH 061/415] Add explicit integer to enumeration casts to programs/pkey/gen_key.c Fixes #2170. --- programs/pkey/gen_key.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index f01bf5fcd..31abb0cb8 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -322,7 +322,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Generating the private key ..." ); fflush( stdout ); - if( ( ret = mbedtls_pk_setup( &key, mbedtls_pk_info_from_type( opt.type ) ) ) != 0 ) + if( ( ret = mbedtls_pk_setup( &key, + mbedtls_pk_info_from_type( (mbedtls_pk_type_t) opt.type ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", -ret ); goto exit; @@ -344,7 +345,8 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_ECP_C) if( opt.type == MBEDTLS_PK_ECKEY ) { - ret = mbedtls_ecp_gen_key( opt.ec_curve, mbedtls_pk_ec( key ), + ret = mbedtls_ecp_gen_key( (mbedtls_ecp_group_id) opt.ec_curve, + mbedtls_pk_ec( key ), mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { From 9772da8792a75881d935db6eb9e073fb112d5888 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 5 Nov 2018 11:43:07 +0000 Subject: [PATCH 062/415] Add missing bracket Wasn't spotted earlier because it's guarded by `! HAVE_GETRANDOM`. --- library/entropy_poll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index ae3d2d5b6..4556f88a5 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -135,7 +135,7 @@ int mbedtls_platform_entropy_poll( void *data, return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); /* Fall through if the system call isn't known. */ #else - ((void) ret; + ((void) ret); #endif /* HAVE_GETRANDOM */ *olen = 0; From fe936c35c1f6e18c5819ce8c30fdcdef95608636 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 5 Nov 2018 16:56:02 +0000 Subject: [PATCH 063/415] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 83eb55426..24a0aa9b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,9 @@ Bugfix after use. * Use `mbedtls_platform_zeroize()` instead of `memset()` for zeroization of sensitive data in the example programs aescrypt2 and crypt_and_hash. + * Add explicit integer to enumeration type casts to example program + programs/pkey/gen_key which previously led to compilation failure + on some toolchains. Reported by phoenixmcallister. Fixes #2170. Changes * Removed support for Yotta as a build tool. From f6d6e3082077fea70b5559a60994c1f847172211 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 7 Nov 2018 11:57:51 +0000 Subject: [PATCH 064/415] Fix incomplete assertion in ssl_write_handshake_msg() ssl_write_handshake_msg() includes the assertion that `ssl->handshake != NULL` when handling a record which is (a) a handshake message, and NOT (b) a HelloRequest. However, it later calls `ssl_append_flight()` for any record different from a HelloRequest handshake record, that is, records satisfying !(a) || !(b), instead of (a) && !(b) as covered by the assertion (specifically, CCS or Alert records). Since `ssl_append_flight()` assumes that `ssl->handshake != NULL`, this rightfully triggers static analyzer warnings. This commit expands the scope of the assertion to check that `ssl->handshake != NULL` for any record which is not a HelloRequest. --- library/ssl_tls.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 82e65251f..4dd291052 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3200,8 +3200,10 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) } } - if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && + /* Whenever we send anything different from a + * HelloRequest we should be in a handshake - double check. */ + if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) && ssl->handshake == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -3295,8 +3297,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) /* Either send now, or just save to be sent (and resent) later */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || - hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) ) + ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) ) { if( ( ret = ssl_flight_append( ssl ) ) != 0 ) { From 7a977881b422c85e1a0e56a91afa7cad08326d48 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 19 Nov 2018 13:45:22 +0200 Subject: [PATCH 065/415] Change buf size to a valid size Change the size of `buf` to a valid hash size, in `ecdsa_prim_random()` --- tests/suites/test_suite_ecdsa.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 7f8995294..71078329b 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -14,7 +14,7 @@ void ecdsa_prim_random( int id ) mbedtls_ecp_point Q; mbedtls_mpi d, r, s; rnd_pseudo_info rnd_info; - unsigned char buf[66]; + unsigned char buf[MBEDTLS_MD_MAX_SIZE]; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &Q ); From f560a2d6fc617dc5a393acca1f536467b8807df7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 19 Nov 2018 13:23:42 +0100 Subject: [PATCH 066/415] Disable test that trigger bug in old GnuTLS This is temporary until we fix the GnuTLS version available in our CI. --- tests/ssl-opt.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ce9aee28a..335f59d02 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7306,6 +7306,11 @@ run_test "DTLS proxy: 3d, gnutls server" \ -s "Extra-header:" \ -c "Extra-header:" +# The next two test are disabled because they tend to trigger a bug in the +# version of GnuTLS that's currently installed on our CI. The bug occurs when +# different fragments of the same handshake message are received out-of-order +# by GnuTLS and results in a timeout. It's been fixed in GnuTLS 3.5.2. +skip_next_test requires_gnutls client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out @@ -7317,6 +7322,7 @@ run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -s "Extra-header:" \ -c "Extra-header:" +skip_next_test requires_gnutls client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out From 11cdb0559e46dbe9301bd37a36d583e3d2fefd3b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 20 Nov 2018 16:47:47 +0100 Subject: [PATCH 067/415] mbedtls_mpi_write_binary: don't leak the exact size of the number In mbedtls_mpi_write_binary, avoid leaking the size of the number through timing or branches, if possible. More precisely, if the number fits in the output buffer based on its allocated size, the new code's trace doesn't depend on the value of the number. --- library/bignum.c | 45 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 423e375fd..6e4ceeebf 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -321,6 +321,10 @@ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ) return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 ); } +/* Get a specific byte, without range checks. */ +#define GET_BYTE( X, i ) \ + ( ( ( X )->p[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff ) + /* * Set a bit to a specific value of 0 or 1 */ @@ -704,19 +708,40 @@ cleanup: /* * Export X into unsigned binary data, big endian */ -int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen ) +int mbedtls_mpi_write_binary( const mbedtls_mpi *X, + unsigned char *buf, size_t buflen ) { - size_t i, j, n; + size_t stored_bytes = X->n * ciL; + size_t bytes_to_copy; + unsigned char *p; + size_t i; - n = mbedtls_mpi_size( X ); + if( stored_bytes < buflen ) + { + /* There is enough space in the output buffer. Write initial + * null bytes and record the position at which to start + * writing the significant bytes. In this case, the execution + * trace of this function does not depend on the value of the + * number. */ + bytes_to_copy = stored_bytes; + p = buf + buflen - stored_bytes; + memset( buf, 0, buflen - stored_bytes ); + } + else + { + /* The output buffer is smaller than the allocated size of X. + * However X may fit if its leading bytes are zero. */ + bytes_to_copy = buflen; + p = buf; + for( i = bytes_to_copy; i < stored_bytes; i++ ) + { + if( GET_BYTE( X, i ) != 0 ) + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + } + } - if( buflen < n ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - - memset( buf, 0, buflen ); - - for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- ) - buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) ); + for( i = 0; i < bytes_to_copy; i++ ) + p[bytes_to_copy - i - 1] = GET_BYTE( X, i ); return( 0 ); } From 8672cb7909b6cfc62b7cd8dc4de45eb20a4d460d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 13 Nov 2018 18:42:35 +0200 Subject: [PATCH 068/415] Set result to False on Failure Add a member for holding a failed result, and notify_complete with this member value, when finished. --- tests/scripts/mbedtls_test.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py index 8e8a89ba9..2aeb68082 100755 --- a/tests/scripts/mbedtls_test.py +++ b/tests/scripts/mbedtls_test.py @@ -163,6 +163,7 @@ class MbedTlsTest(BaseHostTest): self.tests = [] self.test_index = -1 self.dep_index = 0 + self.suite_passed = True self.error_str = dict() self.error_str[self.DEPENDENCY_SUPPORTED] = \ 'DEPENDENCY_SUPPORTED' @@ -293,7 +294,7 @@ class MbedTlsTest(BaseHostTest): name, function_id, dependencies, args = self.tests[self.test_index] self.run_test(name, function_id, dependencies, args) else: - self.notify_complete(True) + self.notify_complete(self.suite_passed) def run_test(self, name, function_id, dependencies, args): """ @@ -353,6 +354,8 @@ class MbedTlsTest(BaseHostTest): self.log('{{__testcase_start;%s}}' % name) self.log('{{__testcase_finish;%s;%d;%d}}' % (name, int_val == 0, int_val != 0)) + if int_val != 0: + self.suite_passed = False self.run_next_test() @event_callback("F") From 043980585c29feee1b03091adccdf5fcba60aab8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Nov 2018 21:11:30 +0100 Subject: [PATCH 069/415] Factor record_issue into its own method --- tests/scripts/check-files.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index ed6787289..8fce8be5a 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -43,11 +43,14 @@ class IssueTracker(object): for i, line in enumerate(iter(f.readline, b"")): self.check_file_line(filepath, line, i + 1) + def record_issue(self, filepath, line_number): + if filepath not in self.files_with_issues.keys(): + self.files_with_issues[filepath] = [] + self.files_with_issues[filepath].append(line_number) + def check_file_line(self, filepath, line, line_number): if self.issue_with_line(line): - if filepath not in self.files_with_issues.keys(): - self.files_with_issues[filepath] = [] - self.files_with_issues[filepath].append(line_number) + self.record_issue(filepath, line_number) def output_file_issues(self, logger): if self.files_with_issues.values(): From c117d5928cf5411f36555d57ea962a7d50460362 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Nov 2018 21:11:52 +0100 Subject: [PATCH 070/415] check-files: detect merge artifacts Detect Git merge artifacts. These are lines starting with "<<<<<<", "|||||||" or ">>>>>>>" followed by a space, or containing just "=======". For "=======", exempt Markdown files, because this can be used to underline a title, as a compromise between false negatives and false positives. --- tests/scripts/check-files.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 8fce8be5a..b263e4d27 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -135,6 +135,27 @@ class TabIssueTracker(IssueTracker): return b"\t" in line +class MergeArtifactIssueTracker(IssueTracker): + + def __init__(self): + super().__init__() + self.heading = "Merge artifact:" + + def issue_with_line(self, filepath, line): + # Detect leftover git conflict markers. + if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '): + return True + if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3 + return True + if line.rstrip(b'\r\n') == b'=======' and \ + not filepath.endswith('.md'): + return True + return False + + def check_file_line(self, filepath, line, line_number): + if self.issue_with_line(filepath, line): + self.record_issue(filepath, line_number) + class TodoIssueTracker(IssueTracker): def __init__(self): @@ -170,6 +191,7 @@ class IntegrityChecker(object): LineEndingIssueTracker(), TrailingWhitespaceIssueTracker(), TabIssueTracker(), + MergeArtifactIssueTracker(), TodoIssueTracker(), ] From 6dbb9aabf85d032e1491ee56fc4c6f915f584fd5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 25 Nov 2018 10:31:53 +0200 Subject: [PATCH 071/415] Test AD too long only when CCM_ALT not defined Since the AD too long is a limitation on Mbed TLS, HW accelerators may support this. Run the test for AD too long, only if `MBEDTLS_CCM_ALT` is not defined. Addresses comment in #1996. --- tests/suites/test_suite_ccm.data | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index a2d877841..316c30129 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -36,6 +36,7 @@ CCM lengths #6 tag length not even ccm_lengths:5:10:5:7:MBEDTLS_ERR_CCM_BAD_INPUT CCM lenghts #7 AD too long (2^16 - 2^8 + 1) +depends_on:!MBEDTLS_CCM_ALT ccm_lengths:5:10:65281:8:MBEDTLS_ERR_CCM_BAD_INPUT CCM lengths #8 msg too long for this IV length (2^16, q = 2) From 822b834bdf4a7fdd5c5189f781141630af52484a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 25 Nov 2018 10:38:34 +0200 Subject: [PATCH 072/415] Update ChangeLog Add an entry in ChangeLog describing the fix. --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8f0e8c1c7..00298a214 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.xx.x branch released xxxx-xx-xx + +Bugfix + * Run the AD too long test only if MBEDTLS_CCM_ALT is not defined. + Raised as a comment in #1996. + = mbed TLS 2.14.0 branch released 2018-11-19 Security From d5062dedeb7d9b13a167915d39780bba4ca7f5f5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 26 Nov 2018 14:23:14 +0200 Subject: [PATCH 073/415] Add conditional dependency to tests Add a way to check compile time defionitions values, for determining whether to skip tests. --- tests/scripts/generate_test_code.py | 8 +++++--- tests/suites/test_suite_rsa.data | 1 + 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index ce6f88c3c..cb80c764b 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -184,7 +184,7 @@ BEGIN_CASE_REGEX = r'/\*\s*BEGIN_CASE\s*(?P.*?)\s*\*/' END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/' DEPENDENCY_REGEX = r'depends_on:(?P.*)' -C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*$' +C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*(([<>]=?|==)[0-9]*)?$' TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P\w+)\s*\(' INT_CHECK_REGEX = r'int\s+.*' CHAR_CHECK_REGEX = r'char\s*\*\s*.*' @@ -255,6 +255,7 @@ class FileWrapper(io.FileIO, object): def split_dep(dep): """ Split NOT character '!' from dependency. Used by gen_dependencies() + Determine condition MACRO and definition MACRO. :param dep: Dependency list :return: string tuple. Ex: ('!', MACRO) for !MACRO and ('', MACRO) for @@ -731,18 +732,19 @@ def gen_dep_check(dep_id, dep): raise GeneratorInputError("Dependency Id should be a positive " "integer.") _not, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep) + _defined = '' if re.search(r'(<=?|>=?|==)', dep) else 'defined' if not dep: raise GeneratorInputError("Dependency should not be an empty string.") dep_check = ''' case {id}: {{ -#if {_not}defined({macro}) +#if {_not}{_defined}({macro}) ret = DEPENDENCY_SUPPORTED; #else ret = DEPENDENCY_NOT_SUPPORTED; #endif }} - break;'''.format(_not=_not, macro=dep, id=dep_id) + break;'''.format(_not=_not, _defined=_defined, macro=dep, id=dep_id) return dep_check diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index e49515165..53a608eb8 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -339,6 +339,7 @@ RSA Check Public key #5 (N smaller than 128 bits) mbedtls_rsa_check_pubkey:16:"7edcba9876543210deadbeefcafe4321":16:"3":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Check Public key #6 (N exactly 8192 bits) +depends_on:MBEDTLS_MPI_MAX_SIZE>=1024 mbedtls_rsa_check_pubkey:16:"88F48075BF29E95C1C6AE8716678B74E957B69CC2E49708C160C6343AAD2F076D25397ACE74220311ED18AEEB681F463611B3340C3945CAAEAD3ACC616E08A25A55683A32979BD55EA5DAB7630AF393886896F11DDC5F07E15EDF949324CF0F0B2A5C0E85DFA23167193182D1A43079DC8645F6C2C029629F475575802F7D326DE5BD891A9C5F84A433D45154181EC05685A4B368A5B6434775A00ABC6B0A04647D4598CEEE566B552230F691C98CA30B402A76C686A94B373CCD2F60EFA3878A867BB5F585D088E27C507937262D098A477B9218BE7C03B2E4C102D244CA701645F1827CD947E5E796446378B848862E689F0D1773F752056841A1F0EECE7CAB74921A42DBF2EF264ADCF4ABE05A1242E5F629A657A2D67958A2DAC9A2245074A37099B45064723ABE21241058252632C2BA6FE85AB1C75FF310891B84C9C40AB646FE1D90BC716FB3A4B56DA3EA25CA397C04B994F7C6AD1DD0CB9E994CA6B835F7830F4F4E0F976BBEA5AE8556BC7C90B3E50E21C19AD1F6BC4A8FF15F2909D9CC5F3DA533BADFF50F487869D631C3E34D69636B4C25A55127EF5B715F2FC0565734B38DF996D1970E56F7F64EBECB9D00A587AAEC608F2D3AAA51E66BF53E92C3096BF78D1DCBCE1A645FA4F0542E6F68E5A94AAA6E839F75620FABED5D2BCF40AB8EAF95F838BFA962429F281578882DF0F2721C27C8905C9E776B1D3251FC066A8BC64C0CE7FBA2B8E21F65EF6739AB6F19EC2AB07817DFF03DAB7C846AB5CC86C103642D7664A85DC2D846A8004CD6A144C72CCCAC86DB5901A047324927B80E281F5F7315FA2F9083BDE0DB7AA46DC055E36BB73FB6DBD3A14759D06CBBE8D57CBC213C4D55DE4478679E0A5902C8655BE1391C0E88D2B1FBD57E9232A2CEBC67569ECD94E4BF0FCC6C003F9AA51A2A5E6EE084A46DAE65E52400A727F9713D29E92CD6CA37FD599598B3F677624A2A484A8B36B98EFEAD662C0A23BC1D9280EF2A31F887065EB20A93B41F7A264ECFA65B3555F3E400927018186EAA2D4F00C6B7AB1BCED5F893D64478177592C7F2B945307AB474D7EC7FF2E7E55834CC763BEF81DA9BD70FB3D423AE5ADB86B336734C8A3BEC90CEB05438B5BA030D0D30DEC1442D2EB08450480FBAE090FFA1A5ADD748A415BDCDE45094E792420F0AF94BCA0A80A2096D1A478D3428A214A7E68C0F07F58C6FB232ECC3D8B821AE29AE76E13EB751193F6ECA670016D54F3D796937DDBB8900062EF116CCA3F5B3AECA618272875336C9C050FBC0FC7EDD5B88D85DA0061D21E176E1419CF573629BE7B0496E761EAD45FE32B59EB00D47CDD178AC8F8EC8D6F26DED34F7576CD938422E18E936F16A704B483A48EE3BEA59D95F688136119894930EC8E9282E5974740CF031DF8DBB07EB08F2DA0ACCADECE15A6A57502890F4A03740E60BD":16:"010001":0 RSA Check Public key #7 (N larger than 8192 bits) From d9aa84dc0d42dcb5e23ba2bb47ce39592193b8f1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Sep 2018 15:34:17 +0200 Subject: [PATCH 074/415] CTR_DRBG: clean stack buffers Wipe stack buffers that may contain sensitive data (data that contributes to the DRBG state. --- library/ctr_drbg.c | 44 ++++++++++++++++++-------------------------- 1 file changed, 18 insertions(+), 26 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index fead18f72..559538121 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -299,9 +299,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, * Crypt counter block */ if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p ) ) != 0 ) - { - return( ret ); - } + goto exit; p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } @@ -313,12 +311,12 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, * Update key and counter */ if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) - { - return( ret ); - } + goto exit; memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE ); - return( 0 ); +exit: + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + return( ret ); } /* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2) @@ -347,6 +345,7 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, block_cipher_df( add_input, additional, add_len ); ctr_drbg_update_internal( ctx, add_input ); + mbedtls_platform_zeroize( add_input, sizeof( add_input ) ); } } @@ -399,20 +398,18 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, * Reduce to 384 bits */ if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 ) - { - return( ret ); - } + goto exit; /* * Update state */ if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 ) - { - return( ret ); - } + goto exit; ctx->reseed_counter = 1; - return( 0 ); +exit: + mbedtls_platform_zeroize( seed, sizeof( seed ) ); + return( ret ); } /* CTR_DRBG_Generate with derivation function (SP 800-90A §10.2.1.5.2) @@ -467,13 +464,9 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, if( add_len > 0 ) { if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 ) - { - return( ret ); - } + goto exit; if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ) - { - return( ret ); - } + goto exit; } while( output_len > 0 ) @@ -489,9 +482,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, * Crypt counter block */ if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp ) ) != 0 ) - { - return( ret ); - } + goto exit; use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len; @@ -504,12 +495,13 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, } if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ) - { - return( ret ); - } + goto exit; ctx->reseed_counter++; +exit: + mbedtls_platform_zeroize( add_input, sizeof( add_input ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); return( 0 ); } From afa803775a1bf4f5bd0cd147bf4984785b576a04 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Sep 2018 15:35:41 +0200 Subject: [PATCH 075/415] HMAC_DRBG: clean stack buffers Wipe stack buffers that may contain sensitive data (data that contributes to the DRBG state. --- library/hmac_drbg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index dad55ff86..65c8daccd 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -89,6 +89,8 @@ void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len ); mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ); } + + mbedtls_platform_zeroize( K, sizeof( K ) ); } /* @@ -154,6 +156,7 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, ctx->reseed_counter = 1; /* 4. Done */ + mbedtls_platform_zeroize( seed, seedlen ); return( 0 ); } From 1b09f4027e1b2ad6c383e8f1f50ce8a9bc9e5804 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Sep 2018 18:53:58 +0200 Subject: [PATCH 076/415] Add ChangeLog entry for wiping sensitive buffers --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8f0e8c1c7..3d0c7e8ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Security + * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG + modules. + = mbed TLS 2.14.0 branch released 2018-11-19 Security From d919993b76e51e6d822e5eb0af1d7ce1e23964bf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Sep 2018 16:41:54 +0200 Subject: [PATCH 077/415] CTR_DRBG: deprecate mbedtls_ctr_drbg_update because it ignores errors Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a new function mbedtls_ctr_drbg_update_ret which reports error. --- include/mbedtls/ctr_drbg.h | 36 ++++++++++++++++++-- library/ctr_drbg.c | 41 ++++++++++++++++------- tests/suites/test_suite_ctr_drbg.function | 8 +++-- 3 files changed, 67 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index c91ca58b3..9a3aba0d3 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -248,9 +248,12 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, * \param additional The data to update the state with. * \param add_len Length of \p additional data. * + * \return \c 0 on success. + * \return An error from the underlying AES cipher on failure. */ -void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, size_t add_len ); +int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t add_len ); /** * \brief This function updates a CTR_DRBG instance with additional @@ -290,6 +293,35 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len ); + +#if ! defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief This function updates the state of the CTR_DRBG context. + * + * \deprecated Superseded by mbedtls_ctr_drbg_update_ret() + * in 2.16.0. + * + * \note If \p add_len is greater than + * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first + * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used. + * The remaining Bytes are silently discarded. + * + * \param ctx The CTR_DRBG context. + * \param additional The data to update the state with. + * \param add_len Length of \p additional data. + */ +MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update( + mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t add_len ); +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ + #if defined(MBEDTLS_FS_IO) /** * \brief This function writes a seed file. diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 559538121..a264dedb0 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -331,24 +331,39 @@ exit: * and with outputs * ctx = initial_working_state */ -void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, size_t add_len ) +int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t add_len ) { unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN]; + int ret; - if( add_len > 0 ) - { - /* MAX_INPUT would be more logical here, but we have to match - * block_cipher_df()'s limits since we can't propagate errors */ - if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) - add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT; + if( add_len == 0 ) + return( 0 ); - block_cipher_df( add_input, additional, add_len ); - ctr_drbg_update_internal( ctx, add_input ); - mbedtls_platform_zeroize( add_input, sizeof( add_input ) ); - } + if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 ) + goto exit; + if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ) + goto exit; + +exit: + mbedtls_platform_zeroize( add_input, sizeof( add_input ) ); + return( ret ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t add_len ) +{ + /* MAX_INPUT would be more logical here, but we have to match + * block_cipher_df()'s limits since we can't propagate errors */ + if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) + add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT; + (void) mbedtls_ctr_drbg_update_ret( ctx, additional, add_len ); +} +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + /* CTR_DRBG_Reseed with derivation function (SP 800-90A §10.2.1.4.2) * mbedtls_ctr_drbg_reseed(ctx, additional, len) * implements @@ -573,7 +588,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char if( fread( buf, 1, n, f ) != n ) ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; else - mbedtls_ctr_drbg_update( ctx, buf, n ); + ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n ); fclose( f ); diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index f10e98aa5..4a97826f6 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -244,9 +244,11 @@ void ctr_drbg_entropy_usage( ) } TEST_ASSERT( last_idx == test_offset_idx ); - /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT) - * (just make sure it doesn't cause memory corruption) */ - mbedtls_ctr_drbg_update( &ctx, entropy, sizeof( entropy ) ); + /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT). + * Make sure it's detected as an error and doesn't cause memory + * corruption. */ + TEST_ASSERT( mbedtls_ctr_drbg_update_ret( + &ctx, entropy, sizeof( entropy ) ) != 0 ); /* Now enable PR, so the next few calls should all reseed */ mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON ); From e0e9c573ad613bdb897cd548ec55a96b3f843190 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Sep 2018 16:47:16 +0200 Subject: [PATCH 078/415] HMAC_DRBG: deprecate mbedtls_hmac_drbg_update because it ignores errors Deprecate mbedtls_hmac_drbg_update (which returns void) in favor of a new function mbedtls_hmac_drbg_update_ret which reports error. --- include/mbedtls/hmac_drbg.h | 30 ++++++++++++++- library/hmac_drbg.c | 73 ++++++++++++++++++++++++++++--------- 2 files changed, 84 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 3bc675ec7..146367b9d 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -195,10 +195,13 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, * \param additional Additional data to update state with, or NULL * \param add_len Length of additional data, or 0 * + * \return \c 0 on success, or an error from the underlying + * hash calculation. + * * \note Additional data is optional, pass NULL and 0 as second * third argument if no additional data is being used. */ -void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, +int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, const unsigned char *additional, size_t add_len ); /** @@ -257,6 +260,31 @@ int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len */ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ); +#if ! defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief HMAC_DRBG update state + * + * \deprecated Superseded by mbedtls_hmac_drbg_update_ret() + * in 2.16.0. + * + * \param ctx HMAC_DRBG context + * \param additional Additional data to update state with, or NULL + * \param add_len Length of additional data, or 0 + * + * \note Additional data is optional, pass NULL and 0 as second + * third argument if no additional data is being used. + */ +MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update( + mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, size_t add_len ); +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ + #if defined(MBEDTLS_FS_IO) /** * \brief Write a seed file diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 65c8daccd..7f6535477 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -66,33 +66,60 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ) /* * HMAC_DRBG update, using optional additional data (10.1.2.2) */ -void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t add_len ) +int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, + size_t add_len ) { size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info ); unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1; unsigned char sep[1]; unsigned char K[MBEDTLS_MD_MAX_SIZE]; + int ret; for( sep[0] = 0; sep[0] < rounds; sep[0]++ ) { /* Step 1 or 4 */ - mbedtls_md_hmac_reset( &ctx->md_ctx ); - mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len ); - mbedtls_md_hmac_update( &ctx->md_ctx, sep, 1 ); + if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, + ctx->V, md_len ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, + sep, 1 ) ) != 0 ) + goto exit; if( rounds == 2 ) - mbedtls_md_hmac_update( &ctx->md_ctx, additional, add_len ); - mbedtls_md_hmac_finish( &ctx->md_ctx, K ); + { + if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, + additional, add_len ) ) != 0 ) + goto exit; + } + if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, K ) ) != 0 ) + goto exit; /* Step 2 or 5 */ - mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len ); - mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len ); - mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ); + if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, + ctx->V, md_len ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 ) + goto exit; } +exit: mbedtls_platform_zeroize( K, sizeof( K ) ); + return( ret ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, + size_t add_len ) +{ + (void) mbedtls_hmac_drbg_update_ret( ctx, additional, add_len ); +} +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + /* * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA) */ @@ -113,7 +140,8 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, mbedtls_md_get_size( md_info ) ); memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) ); - mbedtls_hmac_drbg_update( ctx, data, data_len ); + if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 ) + return( ret ); return( 0 ); } @@ -126,6 +154,7 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, { unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT]; size_t seedlen; + int ret; /* III. Check input length */ if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT || @@ -150,14 +179,16 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, } /* 2. Update state */ - mbedtls_hmac_drbg_update( ctx, seed, seedlen ); + if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 ) + goto exit; /* 3. Reset reseed_counter */ ctx->reseed_counter = 1; +exit: /* 4. Done */ mbedtls_platform_zeroize( seed, seedlen ); - return( 0 ); + return( ret ); } /* @@ -276,7 +307,11 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, /* 2. Use additional data if any */ if( additional != NULL && add_len != 0 ) - mbedtls_hmac_drbg_update( ctx, additional, add_len ); + { + if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, + additional, add_len ) ) != 0 ) + goto exit; + } /* 3, 4, 5. Generate bytes */ while( left != 0 ) @@ -293,13 +328,16 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, } /* 6. Update */ - mbedtls_hmac_drbg_update( ctx, additional, add_len ); + if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, + additional, add_len ) ) != 0 ) + goto exit; /* 7. Update reseed counter */ ctx->reseed_counter++; +exit: /* 8. Done */ - return( 0 ); + return( ret ); } /* @@ -391,8 +429,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch if( fread( buf, 1, n, f ) != n ) ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR; else - mbedtls_hmac_drbg_update( ctx, buf, n ); - + ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n ); fclose( f ); mbedtls_platform_zeroize( buf, sizeof( buf ) ); From b7f71c8bc1f84584b7aec8c6c02bbd693d3be21f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Sep 2018 16:54:57 +0200 Subject: [PATCH 079/415] HMAC_DRBG: report all errors from HMAC functions Make sure that any error from mbedtls_md_hmac_xxx is propagated. --- library/hmac_drbg.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 7f6535477..d5ac2f6ad 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -137,7 +137,9 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, * Use the V memory location, which is currently all 0, to initialize the * MD context with an all-zero key. Then set V to its initial value. */ - mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, mbedtls_md_get_size( md_info ) ); + if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, + mbedtls_md_get_size( md_info ) ) ) != 0 ) + return( ret ); memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) ); if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 ) @@ -166,7 +168,8 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT ); /* IV. Gather entropy_len bytes of entropy for the seed */ - if( ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) != 0 ) + if( ( ret = ctx->f_entropy( ctx->p_entropy, + seed, ctx->entropy_len ) ) != 0 ) return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED ); seedlen = ctx->entropy_len; @@ -214,7 +217,8 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, * Use the V memory location, which is currently all 0, to initialize the * MD context with an all-zero key. Then set V to its initial value. */ - mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size ); + if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size ) ) != 0 ) + return( ret ); memset( ctx->V, 0x01, md_size ); ctx->f_entropy = f_entropy; @@ -318,9 +322,13 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, { size_t use_len = left > md_len ? md_len : left; - mbedtls_md_hmac_reset( &ctx->md_ctx ); - mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len ); - mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ); + if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, + ctx->V, md_len ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 ) + goto exit; memcpy( out, ctx->V, use_len ); out += use_len; @@ -430,6 +438,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR; else ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n ); + fclose( f ); mbedtls_platform_zeroize( buf, sizeof( buf ) ); From 8220466297a06e91944151d4a1e2f7781e3011ae Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Sep 2018 18:43:09 +0200 Subject: [PATCH 080/415] Streamline mbedtls_xxx_drbg_update_seed_file Refactor mbedtls_ctr_drbg_update_seed_file and mbedtls_hmac_drbg_update_seed_file to make the error logic clearer. The new code does not use fseek, so it works with non-seekable files. --- library/ctr_drbg.c | 31 ++++++++++++++++--------------- library/hmac_drbg.c | 31 ++++++++++++++++--------------- 2 files changed, 32 insertions(+), 30 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index a264dedb0..fb121575b 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -568,35 +568,36 @@ exit: int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ) { int ret = 0; - FILE *f; + FILE *f = NULL; size_t n; unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ]; + unsigned char c; if( ( f = fopen( path, "rb" ) ) == NULL ) return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR ); - fseek( f, 0, SEEK_END ); - n = (size_t) ftell( f ); - fseek( f, 0, SEEK_SET ); - - if( n > MBEDTLS_CTR_DRBG_MAX_INPUT ) + n = fread( buf, 1, sizeof( buf ), f ); + if( fread( &c, 1, 1, f ) != 0 ) { - fclose( f ); - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; + goto exit; } - - if( fread( buf, 1, n, f ) != n ) + if( n == 0 || ferror( f ) ) + { ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; - else - ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n ); - + goto exit; + } fclose( f ); + f = NULL; + ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n ); + +exit: mbedtls_platform_zeroize( buf, sizeof( buf ) ); - + if( f != NULL ) + fclose( f ); if( ret != 0 ) return( ret ); - return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) ); } #endif /* MBEDTLS_FS_IO */ diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index d5ac2f6ad..c50330e7d 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -417,35 +417,36 @@ exit: int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ) { int ret = 0; - FILE *f; + FILE *f = NULL; size_t n; unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ]; + unsigned char c; if( ( f = fopen( path, "rb" ) ) == NULL ) return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR ); - fseek( f, 0, SEEK_END ); - n = (size_t) ftell( f ); - fseek( f, 0, SEEK_SET ); - - if( n > MBEDTLS_HMAC_DRBG_MAX_INPUT ) + n = fread( buf, 1, sizeof( buf ), f ); + if( fread( &c, 1, 1, f ) != 0 ) { - fclose( f ); - return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG ); + ret = MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG; + goto exit; } - - if( fread( buf, 1, n, f ) != n ) + if( n == 0 || ferror( f ) ) + { ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR; - else - ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n ); - + goto exit; + } fclose( f ); + f = NULL; + ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n ); + +exit: mbedtls_platform_zeroize( buf, sizeof( buf ) ); - + if( f != NULL ) + fclose( f ); if( ret != 0 ) return( ret ); - return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) ); } #endif /* MBEDTLS_FS_IO */ From 5da0505842aca20e129d33b21b07d703aa1de51c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Sep 2018 18:59:55 +0200 Subject: [PATCH 081/415] Add ChangeLog entry for deprecation of mbedtls_xxx_drbg_update Fixes ARMmbed/mbedtls#1798 --- ChangeLog | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3d0c7e8ba..a3e0aeb88 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,19 @@ Security * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG modules. +API Changes + * The following functions in the random generator modules have been + deprecated and replaced as shown below. The new functions change + the return type from void to int to allow returning error codes when + using MBEDTLS__ALT for the underlying AES or message digest + primitive. Fixes #1798. + mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() + mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() + +New deprecations + * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update + in favor of functions that can return an error code. + = mbed TLS 2.14.0 branch released 2018-11-19 Security From c4a8017e3ed289f2600948489f0a60b2648e35cd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Sep 2018 19:15:53 +0200 Subject: [PATCH 082/415] mbedtls_ctr_drbg_update_ret: correct doc for input length limit Unlike mbedtls_ctr_drbg_update, this function returns an error if the length limit is exceeded, rather than silently truncating the input. --- include/mbedtls/ctr_drbg.h | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 9a3aba0d3..10f9389d9 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -239,16 +239,15 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, /** * \brief This function updates the state of the CTR_DRBG context. * - * \note If \p add_len is greater than - * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first - * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used. - * The remaining Bytes are silently discarded. - * * \param ctx The CTR_DRBG context. * \param additional The data to update the state with. - * \param add_len Length of \p additional data. + * \param add_len Length of \p additional in bytes. This must be at + * most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. * * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if + * \p add_len is more than + * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. * \return An error from the underlying AES cipher on failure. */ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, From 687d6739b28fc7bdd2ef1eac161558083b8fac43 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Nov 2018 21:23:28 +0000 Subject: [PATCH 083/415] Fix resource leak of file desc in test code --- tests/suites/helpers.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 32b1b790d..6f7c07dbc 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -175,6 +175,7 @@ static int redirect_output( FILE** out_stream, const char* path ) if( *out_stream == NULL ) { + close( stdout_fd ); return -1; } From a16fa297f79c122aa861284ab221a05c62780444 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 20 Nov 2018 14:07:01 +0200 Subject: [PATCH 084/415] Refactor mpi_write_hlp to not be recursive Refactor `mpi_write_hlp()` to not be recursive, to fix stack overflows. Iterate over the `mbedtls_mpi` division of the radix requested, until it is zero. Each iteration, put the residue in the next LSB of the output buffer. Fixes #2190 --- library/bignum.c | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index ae5e7cfa0..593229ecd 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -499,26 +499,38 @@ cleanup: } /* - * Helper to write the digits high-order first + * Helper to write the digits high-order first. */ -static int mpi_write_hlp( mbedtls_mpi *X, int radix, char **p ) +static int mpi_write_hlp( mbedtls_mpi *X, int radix, + char **p, const size_t buflen ) { int ret; mbedtls_mpi_uint r; + size_t length = 0; + char *p_end = *p + buflen; - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + do + { + if( length >= buflen ) + { + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + } - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) ); + /* + * Write the residue in the current position, as an ASCII character. + */ + if( r < 0xA ) + *(--p_end) = (char)( '0' + r ); + else + *(--p_end) = (char)( 'A' + ( r - 0xA ) ); - if( mbedtls_mpi_cmp_int( X, 0 ) != 0 ) - MBEDTLS_MPI_CHK( mpi_write_hlp( X, radix, p ) ); + length++; + } while( mbedtls_mpi_cmp_int( X, 0 ) != 0 ); - if( r < 10 ) - *(*p)++ = (char)( r + 0x30 ); - else - *(*p)++ = (char)( r + 0x37 ); + memmove( *p, p_end, length ); + *p += length; cleanup: @@ -588,7 +600,7 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, if( T.s == -1 ) T.s = 1; - MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p ) ); + MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p, buflen ) ); } *p++ = '\0'; From 8a6917dc67ecb8d98421909402cdbe0c0a973d20 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 27 Nov 2018 10:33:38 +0200 Subject: [PATCH 085/415] Update ChangeLog Update the ChangeLog with the fix. --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8f0e8c1c7..292df8334 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.xx.x branch released xxxx-xx-xx + +Bugfix + * Reduce stack usage of `mpi_write_hlp()` by eliminating recursion. + Fixes #2190. + = mbed TLS 2.14.0 branch released 2018-11-19 Security From 111ba0e949ce14d764ab86c3a477d536229220e5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 18 Nov 2018 17:05:05 +0200 Subject: [PATCH 086/415] Fix parsing error of test data Fix parsing error that contains special character. The previous implementation replaced the `:` char with `\n`, and split on `\n`. Test data containing strings with `\n` were split as well. Fixes #2193. The split function caused strings containing `\:` to add another escape char, resulting in `\\:`. This caused the tests with the `\:` in the string data to fail. The fix doesn't replace with `\n`, but splits all `:` that are not preceded with `\`. After that, removes the preceding `\` char. --- tests/scripts/mbedtls_test.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py index 8e8a89ba9..ea85700af 100755 --- a/tests/scripts/mbedtls_test.py +++ b/tests/scripts/mbedtls_test.py @@ -75,11 +75,10 @@ class TestDataParser(object): :param split_char: Split character :return: List of splits """ + split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x) if len(split_char) > 1: raise ValueError('Expected split character. Found string!') - out = re.sub(r'(\\.)|' + split_char, - lambda m: m.group(1) or '\n', inp_str, - len(inp_str)).split('\n') + out = map(split_colon_fn, re.split(r'(? Date: Tue, 27 Nov 2018 16:35:20 +0200 Subject: [PATCH 087/415] Separate REGEX of MACRO to groups Seperate the REGEX into identifier, condition and value, into groups, to behandled differently. --- tests/scripts/generate_test_code.py | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index cb80c764b..125802442 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -184,7 +184,13 @@ BEGIN_CASE_REGEX = r'/\*\s*BEGIN_CASE\s*(?P.*?)\s*\*/' END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/' DEPENDENCY_REGEX = r'depends_on:(?P.*)' -C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*(([<>]=?|==)[0-9]*)?$' +C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*' +CONDITION_OPERATOR_REGEX = r'[!=]=|[<>]=?' +# forbid 0ddd which might be accidentally octal or accidentally decimal +CONDITION_VALUE_REGEX = r'[-+]?(0x[0-9a-f]+|0|[1-9][0-9]*)' +CONDITION_REGEX = r'({})(?:\s*({})\s*({}))?$'.format(C_IDENTIFIER_REGEX, + CONDITION_OPERATOR_REGEX, + CONDITION_VALUE_REGEX) TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P\w+)\s*\(' INT_CHECK_REGEX = r'int\s+.*' CHAR_CHECK_REGEX = r'char\s*\*\s*.*' @@ -255,7 +261,6 @@ class FileWrapper(io.FileIO, object): def split_dep(dep): """ Split NOT character '!' from dependency. Used by gen_dependencies() - Determine condition MACRO and definition MACRO. :param dep: Dependency list :return: string tuple. Ex: ('!', MACRO) for !MACRO and ('', MACRO) for @@ -384,7 +389,7 @@ def validate_dependency(dependency): :return: input dependency stripped of leading & trailing white spaces. """ dependency = dependency.strip() - if not re.match(C_IDENTIFIER_REGEX, dependency, re.I): + if not re.match(CONDITION_REGEX, dependency, re.I): raise GeneratorInputError('Invalid dependency %s' % dependency) return dependency @@ -732,19 +737,29 @@ def gen_dep_check(dep_id, dep): raise GeneratorInputError("Dependency Id should be a positive " "integer.") _not, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep) - _defined = '' if re.search(r'(<=?|>=?|==)', dep) else 'defined' if not dep: raise GeneratorInputError("Dependency should not be an empty string.") + + dependency = re.match(CONDITION_REGEX, dep, re.I) + if not dependency: + raise GeneratorInputError('Invalid dependency %s' % dep) + + _defined = '' if dependency.group(2) else 'defined' + _cond = dependency.group(2) if dependency.group(2) else '' + _value = dependency.group(3) if dependency.group(3) else '' + dep_check = ''' case {id}: {{ -#if {_not}{_defined}({macro}) +#if {_not}{_defined}({macro}{_cond}{_value}) ret = DEPENDENCY_SUPPORTED; #else ret = DEPENDENCY_NOT_SUPPORTED; #endif }} - break;'''.format(_not=_not, _defined=_defined, macro=dep, id=dep_id) + break;'''.format(_not=_not, _defined=_defined, + macro=dependency.group(1), id=dep_id, + _cond=_cond, _value=_value) return dep_check From 056f19c79f14414a7b3745d29825783dce3a85af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 29 Nov 2018 12:45:01 +0100 Subject: [PATCH 088/415] Tweak RSA vulnerability changelog entry * Correct the list of authors. * Add the CVE number. * Improve the impact description. --- ChangeLog | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0bb9ec04a..4f90d560b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,9 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix timing variations and memory access variations in RSA PKCS#1 v1.5 decryption that could lead to a Bleichenbacher-style padding oracle - attack. In TLS, this affects RSA-based ciphersuites without DHE or - ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and - Daniel Genkin. + attack. In TLS, this affects servers that accept ciphersuites based on + RSA decryption (i.e. ciphersuites whose name contains RSA but not + (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi + Shamir, David Wong and Yuval Yarom. CVE-2018-19608 = mbed TLS 2.13.1 branch released 2018-09-06 From 50da016e5ce5eacdc7c41f55122ec8450f0b94c4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 29 Nov 2018 12:46:05 +0100 Subject: [PATCH 089/415] Add changelog entry for mbedtls_mpi_write_binary fix --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4f90d560b..5d2e8db18 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,13 @@ Security RSA decryption (i.e. ciphersuites whose name contains RSA but not (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom. CVE-2018-19608 + * In mbedtls_mpi_write_binary(), don't leak the exact size of the number + via branching and memory access patterns. An attacker who could submit + a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing + of the decryption and not its result could nonetheless decrypt RSA + plaintexts and forge RSA signatures. Other asymmetric algorithms may + have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham, + Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom. = mbed TLS 2.13.1 branch released 2018-09-06 From 89ac8c9266184bb8edc2c04111f7b0df220bb440 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 30 Oct 2018 11:24:05 +0000 Subject: [PATCH 090/415] ECP: Add mbedtls_ecp_tls_read_group_id() `mbedtls_ecp_tls_read_group()` both parses the group ID and loads the group into the structure provided. We want to support alternative implementations of ECDH in the future and for that we need to parse the group ID without populating an `mbedtls_ecp_group` structure (because alternative implementations might not use that). This commit moves the part that parses the group ID to a new function. There is no need to test the new function directly, because the tests for `mbedtls_ecp_tls_read_group()` are already implicitly testing it. There is no intended change in behaviour in this commit. --- include/mbedtls/ecp.h | 31 ++++++++++++++++++++++++++----- library/ecp.c | 23 +++++++++++++++++++++-- 2 files changed, 47 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 2fb1af49a..0e5b47fc2 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -632,7 +632,7 @@ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_poi /** * \brief This function imports a point from a TLS ECPoint record. * - * \note On function return, \p buf is updated to point to immediately + * \note On function return, \p *buf is updated to point immediately * after the ECPoint record. * * \param grp The ECP group used. @@ -641,7 +641,8 @@ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_poi * \param len The length of the buffer. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. + * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization + * failure. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, @@ -687,19 +688,39 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); /** * \brief This function sets a group from a TLS ECParameters record. * - * \note \p buf is updated to point right after the ECParameters record - * on exit. + * \note \p buf is updated to point right after the ECParameters + * record on exit. * * \param grp The destination group. * \param buf The address of the pointer to the start of the input buffer. * \param len The length of the buffer. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. + * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization + * failure. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not + * recognised. */ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ); +/** + * \brief This function reads a group from a TLS ECParameters record. + * + * \note \p buf is updated to point right after the ECParameters + * record on exit. + * + * \param grp Output parameter to hold the group id. + * \param buf The address of the pointer to the start of the input buffer. + * \param len The length of the buffer. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not + * recognised. + */ +int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, + const unsigned char **buf, size_t len ); /** * \brief This function writes the TLS ECParameters record for a group. * diff --git a/library/ecp.c b/library/ecp.c index de5725c70..49255b103 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -833,7 +833,24 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp /* * Set a group from an ECParameters record (RFC 4492) */ -int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ) +int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, + const unsigned char **buf, size_t len ) +{ + int ret; + mbedtls_ecp_group_id grp_id; + + if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 ) + return( ret ); + + return mbedtls_ecp_group_load( grp, grp_id ); +} + +/* + * Read a group id from an ECParameters record (RFC 4492) and convert it to + * mbedtls_ecp_group_id. + */ +int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, + const unsigned char **buf, size_t len ) { uint16_t tls_id; const mbedtls_ecp_curve_info *curve_info; @@ -860,7 +877,9 @@ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **bu if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL ) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); - return mbedtls_ecp_group_load( grp, curve_info->grp_id ); + *grp = curve_info->grp_id; + + return( 0 ); } /* From f61e486179843ea7b6346066629b1bfa9f37b5fc Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 30 Oct 2018 11:53:25 +0000 Subject: [PATCH 091/415] ECDH: Add mbedtls_ecdh_setup() In the future we want to support alternative ECDH implementations. We can't make assumptions about the structure of the context they might use, and therefore shouldn't access the members of `mbedtls_ecdh_context`. Currently the lifecycle of the context can't be done without direct manipulation. This commit adds `mbedtls_ecdh_setup()` to complete covering the context lifecycle with functions. --- include/mbedtls/ecdh.h | 27 +++++++++++++++++++++++---- library/ecdh.c | 30 ++++++++++++++++++++++++++---- 2 files changed, 49 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 27f2ffc6a..68a6989c8 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -134,6 +134,24 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, */ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ); +/** + * \brief This function sets up the ECDH context with the information + * given. + * + * This function should be called after mbedtls_ecdh_init() but + * before mbedtls_ecdh_make_params(). There is no need to call + * this function before mbedtls_ecdh_read_params(). + * + * This is the first function used by a TLS server for ECDHE + * ciphersuites. + * + * \param ctx The ECDH context to set up. + * \param grp_id The group id of the group to set up the context for. + * + * \return \c 0 on success. + */ +int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ); + /** * \brief This function frees a context. * @@ -145,8 +163,8 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); * \brief This function generates a public key and a TLS * ServerKeyExchange payload. * - * This is the first function used by a TLS server for ECDHE - * ciphersuites. + * This is the second function used by a TLS server for ECDHE + * ciphersuites. (It is called after mbedtls_ecdh_setup().) * * \note This function assumes that the ECP group (grp) of the * \p ctx context has already been properly set, @@ -242,8 +260,9 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, * \brief This function parses and processes a TLS ClientKeyExchange * payload. * - * This is the second function used by a TLS server for ECDH(E) - * ciphersuites. + * This is the third function used by a TLS server for ECDH(E) + * ciphersuites. (It is called after mbedtls_ecdh_setup() and + * mbedtls_ecdh_make_params().) * * \see ecp.h * diff --git a/library/ecdh.c b/library/ecdh.c index e6ae99994..702ba1a40 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -145,6 +145,23 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) #endif } +/* + * Setup context + */ +int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) +{ + int ret; + + ret = mbedtls_ecp_group_load( &ctx->grp, grp_id ); + if( ret != 0 ) + { + mbedtls_ecdh_free( ctx ); + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + } + + return( 0 ); +} + /* * Free context */ @@ -240,12 +257,17 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, const unsigned char **buf, const unsigned char *end ) { int ret; + mbedtls_ecp_group_id grp_id; - if( ( ret = mbedtls_ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 ) + if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) ) + != 0 ) return( ret ); - if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) ) - != 0 ) + if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, + end - *buf ) ) != 0 ) return( ret ); return( 0 ); @@ -259,7 +281,7 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypai { int ret; - if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ) + if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 ) return( ret ); /* If it's not our key, just import the public part as Qp */ From fc03e8dfa9912ff08a5431cf11bcad6da4da754a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 4 Oct 2018 17:17:54 +0100 Subject: [PATCH 092/415] ECDH: Adapt tests for mbedtls_ecdh_setup() The recently added `mbedtls_ecdh_setup()` function is not used in the tests yet. This commit adapts the tests to the new workflow. Having done that, the old lifecycle is not tested anymore, so we add a new test to ensure backward compatibility. --- tests/suites/test_suite_ecdh.data | 4 +++ tests/suites/test_suite_ecdh.function | 44 +++++++++++++++++++++++++-- 2 files changed, 45 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data index 0165a7e0a..89e5e3a80 100644 --- a/tests/suites/test_suite_ecdh.data +++ b/tests/suites/test_suite_ecdh.data @@ -69,3 +69,7 @@ ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8A ECDH restartable rfc 5903 p256 restart disabled max_ops=250 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:250:0:0 + +ECDH exchange legacy context +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecdh_exchange_legacy:MBEDTLS_ECP_DP_SECP192R1 diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 965230885..52fecf350 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -134,16 +134,16 @@ void ecdh_exchange( int id ) mbedtls_ecdh_init( &cli ); memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); - TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000, @@ -273,3 +273,41 @@ exit: mbedtls_ecdh_free( &cli ); } /* END_CASE */ + +/* BEGIN_CASE */ +void ecdh_exchange_legacy( int id ) +{ + mbedtls_ecdh_context srv, cli; + unsigned char buf[1000]; + const unsigned char *vbuf; + size_t len; + + rnd_pseudo_info rnd_info; + + mbedtls_ecdh_init( &srv ); + mbedtls_ecdh_init( &cli ); + memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + + TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 ); + + memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; + TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000, + &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 ); + + memset( buf, 0x00, sizeof( buf ) ); + TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000, + &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); + + TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000, + &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL, + NULL ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 ); + +exit: + mbedtls_ecdh_free( &srv ); + mbedtls_ecdh_free( &cli ); +} +/* END_CASE */ From c9c32f3f639bb64153c3130110f38797392cb615 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 13 Aug 2018 15:52:45 +0100 Subject: [PATCH 093/415] ECDH: Add flexible context and legacy flag We want to support alternative software implementations and we extend the ECDH context to enable this. The actual functional change that makes use of the new context is out of scope for this commit. Changing the context breaks the API and therefore it has to be excluded from the default configuration by a compile time flag. We add the compile time flag to the module header instead of `config.h`, because this is not a standalone feature, it only enables adding new implementations in the future. The new context features a union of the individual implementations and a selector that chooses the implementation in use. An alternative is to use an opaque context and function pointers, like for example the PK module does it, but it is more dangerous, error prone and tedious to implement. We leave the group ID and the point format at the top level of the structure, because they are very simple and adding an abstraction layer around them away does not come with any obvious benefit. Other alternatives considered: - Using the module level replacement mechanism in the ECP module. This would have made the use of the replacement feature more difficult and the benefit limited. - Replacing our Montgomery implementations with a new one directly. This would have prevented using Montgomery curves across implementations. (For example use implementation A for Curve448 and implementation B for Curve22519.) Also it would have been inflexible and limited to Montgomery curves. - Encoding the implementation selector and the alternative context in `mbedtls_ecp_point` somehow and rewriting `mbedtls_ecp_mul()` to dispatch between implementations. This would have been a dangerous and ugly hack, and very likely to break legacy applications. - Same as above just with hardcoding the selector and using a compile time option to make the selection. Rejected for the same reasons as above. - Using the PK module to provide to provide an entry point for alternative implementations. Like most of the above options this wouldn't have come with a new compile time option, but conceptually would have been very out of place and would have meant much more work to complete the abstraction around the context. In retrospect: - We could have used the group ID as the selector, but this would have made the code less flexible and only marginally simpler. On the other hand it would have allowed to get rid of the compile time option if a tight integration of the alternative is possible. (It does not seem possible at this point.) - We could have used the same approach we do in this commit to the `mbedtls_ecp_point` structure. Completing the abstraction around this structure would have been a much bigger and much riskier code change with increase in memory footprint, potential decrease in performance and no immediate benefit. --- include/mbedtls/ecdh.h | 67 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 68a6989c8..cbd48414a 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -36,6 +36,18 @@ #include "ecp.h" +/* + * Use a backward compatible ECDH context. + * + * This flag is always enabled for now and future versions might add a + * configuration option that conditionally undefines this flag. + * The configuration option in question may have a different name. + * + * Features undefining this flag, must have a warning in their description in + * config.h stating that the feature breaks backward compatibility. + */ +#define MBEDTLS_ECDH_LEGACY_CONTEXT + #ifdef __cplusplus extern "C" { #endif @@ -49,6 +61,39 @@ typedef enum MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */ } mbedtls_ecdh_side; +#if !defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +/** + * Defines the ECDH implementation used. + * + * Later versions of the library may add new variants, therefore users should + * not make any assumptions about them. + */ +typedef enum +{ + MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */ + MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */ +} mbedtls_ecdh_variant; + +/** + * The context used by the default ECDH implementation. + * + * Later versions might change the structure of this context, therefore users + * should not make any assumptions about the structure of + * mbedtls_ecdh_context_mbed. + */ +typedef struct mbedtls_ecdh_context_mbed +{ + mbedtls_ecp_group grp; /*!< The elliptic curve used. */ + mbedtls_mpi d; /*!< The private key. */ + mbedtls_ecp_point Q; /*!< The public key. */ + mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */ + mbedtls_mpi z; /*!< The shared secret. */ +#if defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */ +#endif +} mbedtls_ecdh_context_mbed; +#endif + /** * * \warning Performing multiple operations concurrently on the same @@ -58,6 +103,7 @@ typedef enum */ typedef struct mbedtls_ecdh_context { +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) mbedtls_ecp_group grp; /*!< The elliptic curve used. */ mbedtls_mpi d; /*!< The private key. */ mbedtls_ecp_point Q; /*!< The public key. */ @@ -70,7 +116,26 @@ typedef struct mbedtls_ecdh_context #if defined(MBEDTLS_ECP_RESTARTABLE) int restart_enabled; /*!< The flag for restartable mode. */ mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */ -#endif +#endif /* MBEDTLS_ECP_RESTARTABLE */ +#else + uint8_t point_format; /*!< The format of point export in TLS messages + as defined in RFC 4492. */ + mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */ + mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */ + union + { + mbedtls_ecdh_context_mbed mbed_ecdh; + } ctx; /*!< Implementation-specific context. The + context in use is specified by the \c var + field. */ +#if defined(MBEDTLS_ECP_RESTARTABLE) + uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of + an alternative implementation not supporting + restartable mode must return + MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error + if this flag is set. */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */ } mbedtls_ecdh_context; From 52735ef2fec4502870877f5dfcd06cd7a36774aa Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 15 Aug 2018 10:19:16 +0100 Subject: [PATCH 094/415] ECDH: Prevent direct access in non-legacy mode Some sample programs access structure fields directly. Making these work is desirable in the long term, but these are not essential for the core functionality in non-legacy mode. --- programs/pkey/ecdh_curve25519.c | 4 ++-- programs/test/benchmark.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 5db04088f..7fbf1678f 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -35,12 +35,12 @@ #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ -#if !defined(MBEDTLS_ECDH_C) || \ +#if !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDH_LEGACY_CONTEXT) || \ !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) int main( void ) { - mbedtls_printf( "MBEDTLS_ECDH_C and/or " + mbedtls_printf( "MBEDTLS_ECDH_C and/or MBEDTLS_ECDH_LEGACY_CONTEXT and/or " "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " "not defined\n" ); diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index e7d29c396..dd4303b89 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -862,7 +862,7 @@ int main( int argc, char *argv[] ) } #endif -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_LEGACY_CONTEXT) if( todo.ecdh ) { mbedtls_ecdh_context ecdh; From fabc6001ff1cf2132550e34248b5f16f42b7e86d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 1 Dec 2018 22:43:08 +0000 Subject: [PATCH 095/415] Clarify attribution for the Bleichenbacher's Cat fix --- ChangeLog | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 81c7534cf..3f2385451 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,8 +7,11 @@ Security decryption that could lead to a Bleichenbacher-style padding oracle attack. In TLS, this affects servers that accept ciphersuites based on RSA decryption (i.e. ciphersuites whose name contains RSA but not - (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi - Shamir, David Wong and Yuval Yarom. CVE-2018-19608 + (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham + (University of Adelaide), Daniel Genkin (University of Michigan), + Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom + (University of Adelaide, Data61). The attack is described in more detail + in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608 * In mbedtls_mpi_write_binary(), don't leak the exact size of the number via branching and memory access patterns. An attacker who could submit a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing From 5a3e1bfda0ef95f18b01a14eac21a68255c21451 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 13 Aug 2018 15:54:22 +0100 Subject: [PATCH 096/415] ECDH: Make the implementation use the new context The functionality from public API functions are moved to `xxx_internal()` functions. The public API functions are modified to do basic parameter validation and dispatch the call to the right implementation. There is no intended change in behaviour when `MBEDTLS_ECDH_LEGACY_CONTEXT` is enabled. --- library/ecdh.c | 374 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 304 insertions(+), 70 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 702ba1a40..d68db8ac7 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -38,6 +38,10 @@ #include +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; +#endif + #if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) /* * Generate public key (restartable version) @@ -124,38 +128,48 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, } #endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ -/* - * Initialize context - */ -void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) +static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx ) { mbedtls_ecp_group_init( &ctx->grp ); mbedtls_mpi_init( &ctx->d ); mbedtls_ecp_point_init( &ctx->Q ); mbedtls_ecp_point_init( &ctx->Qp ); mbedtls_mpi_init( &ctx->z ); - ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; - mbedtls_ecp_point_init( &ctx->Vi ); - mbedtls_ecp_point_init( &ctx->Vf ); - mbedtls_mpi_init( &ctx->_d ); #if defined(MBEDTLS_ECP_RESTARTABLE) - ctx->restart_enabled = 0; mbedtls_ecp_restart_init( &ctx->rs ); #endif } /* - * Setup context + * Initialize context */ -int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) +void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) +{ +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + ecdh_init_internal( ctx ); + mbedtls_ecp_point_init( &ctx->Vi ); + mbedtls_ecp_point_init( &ctx->Vf ); + mbedtls_mpi_init( &ctx->_d ); +#else + memset( ctx, 0, sizeof( mbedtls_ecdh_context ) ); + + ctx->var = MBEDTLS_ECDH_VARIANT_NONE; +#endif + ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; +#if defined(MBEDTLS_ECP_RESTARTABLE) + ctx->restart_enabled = 0; +#endif +} + +static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx, + mbedtls_ecp_group_id grp_id ) { int ret; ret = mbedtls_ecp_group_load( &ctx->grp, grp_id ); if( ret != 0 ) { - mbedtls_ecdh_free( ctx ); return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); } @@ -163,21 +177,35 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) } /* - * Free context + * Setup context */ -void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) +int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) { if( ctx == NULL ) - return; + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_setup_internal( ctx, grp_id ) ); +#else + switch( grp_id ) + { + default: + ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; + ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; + ctx->grp_id = grp_id; + ecdh_init_internal( &ctx->ctx.mbed_ecdh ); + return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) ); + } +#endif +} + +static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx ) +{ mbedtls_ecp_group_free( &ctx->grp ); mbedtls_mpi_free( &ctx->d ); mbedtls_ecp_point_free( &ctx->Q ); mbedtls_ecp_point_free( &ctx->Qp ); mbedtls_mpi_free( &ctx->z ); - mbedtls_ecp_point_free( &ctx->Vi ); - mbedtls_ecp_point_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->_d ); #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_free( &ctx->rs ); @@ -190,21 +218,50 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) */ void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ) { + if( ctx == NULL ) + return; + ctx->restart_enabled = 1; } #endif /* - * Setup and write the ServerKeyExhange parameters (RFC 4492) - * struct { - * ECParameters curve_params; - * ECPoint public; - * } ServerECDHParams; + * Free context */ -int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) +{ + if( ctx == NULL ) + return; + +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + mbedtls_ecp_point_free( &ctx->Vi ); + mbedtls_ecp_point_free( &ctx->Vf ); + mbedtls_mpi_free( &ctx->_d ); + ecdh_free_internal( ctx ); +#else + switch( ctx->var ) + { + case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: + ecdh_free_internal( &ctx->ctx.mbed_ecdh ); + break; + default: + break; + } + + ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; + ctx->var = MBEDTLS_ECDH_VARIANT_NONE; + ctx->grp_id = MBEDTLS_ECP_DP_NONE; +#endif +} + +static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx, + size_t *olen, int point_format, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng, + int restart_enabled ) { int ret; size_t grp_len, pt_len; @@ -212,12 +269,14 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif - if( ctx == NULL || ctx->grp.pbits == 0 ) + if( ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ctx->restart_enabled ) + if( restart_enabled ) rs_ctx = &ctx->rs; +#else + (void) restart_enabled; #endif @@ -231,14 +290,14 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, return( ret ); #endif /* MBEDTLS_ECP_RESTARTABLE */ - if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) ) - != 0 ) + if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, + blen ) ) != 0 ) return( ret ); buf += grp_len; blen -= grp_len; - if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format, + if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, &pt_len, buf, blen ) ) != 0 ) return( ret ); @@ -246,6 +305,54 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, return( 0 ); } +/* + * Setup and write the ServerKeyExhange parameters (RFC 4492) + * struct { + * ECParameters curve_params; + * ECPoint public; + * } ServerECDHParams; + */ +int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int restart_enabled = 0; + + if( ctx == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + restart_enabled = ctx->restart_enabled; +#else + (void) restart_enabled; +#endif + +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen, + f_rng, p_rng, restart_enabled ) ); +#else + switch( ctx->var ) + { + case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: + return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen, + ctx->point_format, buf, blen, + f_rng, p_rng, + restart_enabled ) ); + default: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } +#endif +} + +static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx, + const unsigned char **buf, + const unsigned char *end ) +{ + return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, + end - *buf ) ); +} + /* * Read the ServerKeyExhange parameters (RFC 4492) * struct { @@ -254,11 +361,15 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, * } ServerECDHParams; */ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, - const unsigned char **buf, const unsigned char *end ) + const unsigned char **buf, + const unsigned char *end ) { int ret; mbedtls_ecp_group_id grp_id; + if( ctx == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) ) != 0 ) return( ret ); @@ -266,24 +377,26 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, - end - *buf ) ) != 0 ) - return( ret ); - - return( 0 ); +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_read_params_internal( ctx, buf, end ) ); +#else + switch( ctx->var ) + { + case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: + return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh, + buf, end ) ); + default: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } +#endif } -/* - * Get parameters from a keypair - */ -int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, - mbedtls_ecdh_side side ) +static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx, + const mbedtls_ecp_keypair *key, + mbedtls_ecdh_side side ) { int ret; - if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 ) - return( ret ); - /* If it's not our key, just import the public part as Qp */ if( side == MBEDTLS_ECDH_THEIRS ) return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) ); @@ -300,29 +413,61 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypai } /* - * Setup and export the client public value + * Get parameters from a keypair */ -int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, + const mbedtls_ecp_keypair *key, + mbedtls_ecdh_side side ) +{ + int ret; + + if( ctx == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 ) + return( ret ); + +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_get_params_internal( ctx, key, side ) ); +#else + switch( ctx->var ) + { + case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: + return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh, + key, side ) ); + default: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } +#endif +} + +static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx, + size_t *olen, int point_format, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng, + int restart_enabled ) { int ret; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif - if( ctx == NULL || ctx->grp.pbits == 0 ) + if( ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ctx->restart_enabled ) + if( restart_enabled ) rs_ctx = &ctx->rs; +#else + (void) restart_enabled; #endif #if defined(MBEDTLS_ECP_RESTARTABLE) if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng, rs_ctx ) ) != 0 ) + f_rng, p_rng, rs_ctx ) ) != 0 ) return( ret ); #else if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, @@ -330,23 +475,52 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, return( ret ); #endif /* MBEDTLS_ECP_RESTARTABLE */ - return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format, - olen, buf, blen ); + return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, olen, + buf, blen ); } /* - * Parse and import the client's public value + * Setup and export the client public value */ -int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, - const unsigned char *buf, size_t blen ) +int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { - int ret; - const unsigned char *p = buf; + int restart_enabled = 0; if( ctx == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, blen ) ) != 0 ) +#if defined(MBEDTLS_ECP_RESTARTABLE) + restart_enabled = ctx->restart_enabled; +#endif + +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen, + f_rng, p_rng, restart_enabled ) ); +#else + switch( ctx->var ) + { + case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: + return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen, + ctx->point_format, buf, blen, + f_rng, p_rng, + restart_enabled ) ); + default: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } +#endif +} + +static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx, + const unsigned char *buf, size_t blen ) +{ + int ret; + const unsigned char *p = buf; + + if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, + blen ) ) != 0 ) return( ret ); if( (size_t)( p - buf ) != blen ) @@ -356,12 +530,36 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, } /* - * Derive and export the shared secret + * Parse and import the client's public value */ -int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, + const unsigned char *buf, size_t blen ) +{ + if( ctx == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_read_public_internal( ctx, buf, blen ) ); +#else + switch( ctx->var ) + { + case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: + return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh, + buf, blen ) ); + default: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } +#endif +} + +static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx, + size_t *olen, unsigned char *buf, + size_t blen, + int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng, + int restart_enabled ) { int ret; #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -372,13 +570,16 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ctx->restart_enabled ) + if( restart_enabled ) rs_ctx = &ctx->rs; +#else + (void) restart_enabled; #endif #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, - &ctx->z, &ctx->Qp, &ctx->d, f_rng, p_rng, rs_ctx ) ) != 0 ) + if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp, + &ctx->d, f_rng, p_rng, + rs_ctx ) ) != 0 ) { return( ret ); } @@ -397,4 +598,37 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, return mbedtls_mpi_write_binary( &ctx->z, buf, *olen ); } +/* + * Derive and export the shared secret + */ +int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int restart_enabled = 0; + + if( ctx == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + restart_enabled = ctx->restart_enabled; +#endif + +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng, + restart_enabled ) ); +#else + switch( ctx->var ) + { + case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: + return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf, + blen, f_rng, p_rng, + restart_enabled ) ); + default: + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } +#endif +} + #endif /* MBEDTLS_ECDH_C */ From 948f4bedcceacd44dac08797f42019f3dad7cb13 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 22 Aug 2018 01:37:55 +0100 Subject: [PATCH 097/415] Debug: Add functions for ECDH contexts The SSL module accesses ECDH context members directly to print debug information. This can't work with the new context, where we can't make assumptions about the implementation of the context. This commit adds new debug functions to complete the encapsulation of the ECDH context and work around the problem. --- include/mbedtls/debug.h | 36 +++++++++++++++++++++++++++++ library/debug.c | 50 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index ef8db67ff..736444bb7 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -65,6 +65,11 @@ mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt ) #endif +#if defined(MBEDTLS_ECDH_C) +#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) \ + mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr ) +#endif + #else /* MBEDTLS_DEBUG_C */ #define MBEDTLS_SSL_DEBUG_MSG( level, args ) do { } while( 0 ) @@ -73,6 +78,7 @@ #define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) do { } while( 0 ) #define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) do { } while( 0 ) #define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 ) +#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) do { } while( 0 ) #endif /* MBEDTLS_DEBUG_C */ @@ -221,6 +227,36 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_x509_crt *crt ); #endif +#if defined(MBEDTLS_ECDH_C) +typedef enum +{ + MBEDTLS_DEBUG_ECDH_Q, + MBEDTLS_DEBUG_ECDH_QP, + MBEDTLS_DEBUG_ECDH_Z, +} mbedtls_debug_ecdh_attr; + +/** + * \brief Print a field of the ECDH structure in the SSL context to the debug + * output. This function is always used through the + * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file + * and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param ecdh the ECDH context + * \param attr the identifier of the attribute being output + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ +void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const mbedtls_ecdh_context *ecdh, + mbedtls_debug_ecdh_attr attr ); +#endif + #ifdef __cplusplus } #endif diff --git a/library/debug.c b/library/debug.c index db3924ac5..824cd0236 100644 --- a/library/debug.c +++ b/library/debug.c @@ -365,4 +365,54 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_ECDH_C) +static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl, + int level, const char *file, + int line, + const mbedtls_ecdh_context *ecdh, + mbedtls_debug_ecdh_attr attr ) +{ +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + const mbedtls_ecdh_context* ctx = ecdh; +#else + const mbedtls_ecdh_context_mbed* ctx = &ecdh->ctx.mbed_ecdh; +#endif + + switch( attr ) + { + case MBEDTLS_DEBUG_ECDH_Q: + mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Q", + &ctx->Q ); + break; + case MBEDTLS_DEBUG_ECDH_QP: + mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Qp", + &ctx->Qp ); + break; + case MBEDTLS_DEBUG_ECDH_Z: + mbedtls_debug_print_mpi( ssl, level, file, line, "ECDH: z", + &ctx->z ); + break; + default: + break; + } +} + +void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const mbedtls_ecdh_context *ecdh, + mbedtls_debug_ecdh_attr attr ) +{ +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, attr ); +#else + switch( ecdh->var ) + { + default: + mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, + attr ); + } +#endif +} +#endif /* MBEDTLS_ECDH_C */ + #endif /* MBEDTLS_DEBUG_C */ From 3fbdadad7b9d3db16936bbb275f5915224a2baba Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 15 Aug 2018 10:26:53 +0100 Subject: [PATCH 098/415] SSL: Make use of the new ECDH interface The SSL module accesses ECDH context members directly. This can't work with the new context, where we can't make any assumption about the implementation of the context. This commit makes use of the new functions to avoid accessing ECDH members directly. The only members that are still accessed directly are the group ID and the point format and they are independent from the implementation. --- library/ssl_cli.c | 22 ++++++++++++++++------ library/ssl_srv.c | 16 ++++++++++------ library/ssl_tls.c | 3 ++- 3 files changed, 28 insertions(+), 13 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index ff576f3a8..afced7a99 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2027,8 +2027,14 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char * static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) { const mbedtls_ecp_curve_info *curve_info; + mbedtls_ecp_group_id grp_id; +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + grp_id = ssl->handshake->ecdh_ctx.grp.id; +#else + grp_id = ssl->handshake->ecdh_ctx.grp_id; +#endif - curve_info = mbedtls_ecp_curve_info_from_grp_id( ssl->handshake->ecdh_ctx.grp.id ); + curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); if( curve_info == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -2038,14 +2044,15 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); #if defined(MBEDTLS_ECP_C) - if( mbedtls_ssl_check_curve( ssl, ssl->handshake->ecdh_ctx.grp.id ) != 0 ) + if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 ) #else if( ssl->handshake->ecdh_ctx.grp.nbits < 163 || ssl->handshake->ecdh_ctx.grp.nbits > 521 ) #endif return( -1 ); - MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp ); + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_QP ); return( 0 ); } @@ -2967,7 +2974,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) return( ret ); } - MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q ); + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q ); #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled ) @@ -2994,7 +3002,8 @@ ecdh_calc_secret: return( ret ); } - MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Z ); } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || @@ -3089,7 +3098,8 @@ ecdh_calc_secret: return( ret ); } - MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q ); + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q ); } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 36ca0d69f..bc77f8020 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3048,8 +3048,8 @@ curve_matching_done: MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) ); - if( ( ret = mbedtls_ecp_group_load( &ssl->handshake->ecdh_ctx.grp, - (*curve)->grp_id ) ) != 0 ) + if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx, + (*curve)->grp_id ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret ); return( ret ); @@ -3071,7 +3071,8 @@ curve_matching_done: ssl->out_msglen += len; - MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q ); + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q ); } #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */ @@ -3794,7 +3795,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); } - MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp ); + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_QP ); if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &ssl->handshake->pmslen, @@ -3806,7 +3808,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); } - MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z ", &ssl->handshake->ecdh_ctx.z ); + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Z ); } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || @@ -3919,7 +3922,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); } - MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp ); + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_QP ); if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, ciphersuite_info->key_exchange ) ) != 0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 82e65251f..c64036c0c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1333,7 +1333,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch *(p++) = (unsigned char)( zlen ); p += zlen; - MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Z ); } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ From 36c5f7fe9be9b0f7250cda63fb6a975c4d5a96f1 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 30 Oct 2018 14:08:52 +0000 Subject: [PATCH 099/415] ECDH: Hide context from tests The tests for the ECDH key exchange that use the context accessed it directly. This can't work with the new context, where we can't make any assumptions about the implementation of the context. This commit works around this problem and comes with the cost of allocating an extra structures on the stack when executing the test. One of the tests is testing an older interface for the sake of backward compatibility. The new ECDH context is not backward compatible and this test doesn't make any sense for it, therefore we skip this test in non-legacy mode. --- tests/suites/test_suite_ecdh.function | 29 ++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 52fecf350..7144763a2 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -129,6 +129,8 @@ void ecdh_exchange( int id ) const unsigned char *vbuf; size_t len; rnd_pseudo_info rnd_info; + unsigned char res_buf[1000]; + size_t res_len; mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &cli ); @@ -147,9 +149,11 @@ void ecdh_exchange( int id ) TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); - TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL, NULL ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 ); + &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000, + NULL, NULL ) == 0 ); + TEST_ASSERT( len == res_len ); + TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 ); exit: mbedtls_ecdh_free( &srv ); @@ -172,7 +176,9 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES]; rnd_buf_info rnd_info_A, rnd_info_B; int cnt_restart; + mbedtls_ecp_group grp; + mbedtls_ecp_group_init( &grp ); mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &cli ); @@ -184,16 +190,20 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, rnd_info_B.buf = rnd_buf_B; rnd_info_B.length = unhexify( rnd_buf_B, dB_str ); - TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 ); + /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure + * in every configuration, therefore we load it separately. */ + TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - /* otherwise we would have to fix the random buffer, - * as in ecdh_primitive_test_vec */ - TEST_ASSERT( srv.grp.nbits % 8 == 0 ); + /* Otherwise we would have to fix the random buffer, + * as in ecdh_primitive_testvec. */ + TEST_ASSERT( grp.nbits % 8 == 0 ); + + TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 ); /* set up restart parameters */ mbedtls_ecp_set_max_ops( max_ops ); - if( enable) + if( enable ) { mbedtls_ecdh_enable_restart( &srv ); mbedtls_ecdh_enable_restart( &cli ); @@ -269,12 +279,13 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, TEST_ASSERT( memcmp( buf, z, len ) == 0 ); exit: + mbedtls_ecp_group_free( &grp ); mbedtls_ecdh_free( &srv ); mbedtls_ecdh_free( &cli ); } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECDH_LEGACY_CONTEXT */ void ecdh_exchange_legacy( int id ) { mbedtls_ecdh_context srv, cli; From b8f27060e0e05da8fe318acb041ec17a12c0e698 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 16 Aug 2018 16:32:43 +0100 Subject: [PATCH 100/415] Add Changelog entry for the new ECDH context --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8f0e8c1c7..f3dca4072 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Changes + * Extend ECDH interface to enable alternative implementations. + = mbed TLS 2.14.0 branch released 2018-11-19 Security From c3b680b028495615733c5272ae3a74c6498f1484 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 5 Dec 2018 16:01:13 +0000 Subject: [PATCH 101/415] Clarify requirements on handling ECP group IDs --- include/mbedtls/ecp.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 0e5b47fc2..1c372980e 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -159,6 +159,10 @@ mbedtls_ecp_point; * additions or subtractions. Therefore, it is only an approximative modular * reduction. It must return 0 on success and non-zero on failure. * + * \note Alternative implementations must keep the group IDs distinct. If + * two group structures have the same ID, then they must be + * identical. + * */ typedef struct mbedtls_ecp_group { From af6f2694a47f9e4505bf2b419588a6497dcfa6d9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 7 Dec 2018 09:55:24 +0000 Subject: [PATCH 102/415] Fix ECC hardware double initialization We initialized the ECC hardware before calling mbedtls_ecp_mul_shortcuts(). This in turn calls mbedtls_ecp_mul_restartable(), which initializes and frees the hardware too. This issue has been introduced by recent changes and caused some accelerators to hang. We move the initialization after the mbedtle_ecp_mul_shortcuts() calls to avoid double initialization. --- library/ecp.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index de5725c70..e3b9106db 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2393,11 +2393,6 @@ int mbedtls_ecp_muladd_restartable( mbedtls_ecp_point_init( &mP ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) - MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - ECP_RS_ENTER( ma ); #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -2425,6 +2420,12 @@ int mbedtls_ecp_muladd_restartable( mul2: #endif MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) ); + +#if defined(MBEDTLS_ECP_INTERNAL_ALT) + if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) + MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); +#endif /* MBEDTLS_ECP_INTERNAL_ALT */ + #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->ma != NULL ) rs_ctx->ma->state = ecp_rsma_add; From 855def157f7092ecad6b7d4f510401b3ca9f8530 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 7 Dec 2018 10:04:17 +0000 Subject: [PATCH 103/415] Add changelog entry for ECC hardware bugfix --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3f2385451..ef3c63bc2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,10 @@ New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update in favor of functions that can return an error code. +Bugfix + * Fix double initialization of ECC hardware that made some accelerators + hang. + = mbed TLS 2.14.0 branch released 2018-11-19 Security From d2af46f1e68200c00009be4053f0d0e95a40937f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 7 Dec 2018 10:39:00 +0000 Subject: [PATCH 104/415] Fix typo in ECP alternative documentation --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 16ed503ca..87a81c9ea 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -414,11 +414,11 @@ * unsigned char mbedtls_internal_ecp_grp_capable( * const mbedtls_ecp_group *grp ) * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) - * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp ) + * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) * The mbedtls_internal_ecp_grp_capable function should return 1 if the * replacement functions implement arithmetic for the given group and 0 * otherwise. - * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are + * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are * called before and after each point operation and provide an opportunity to * implement optimized set up and tear down instructions. * From 60ca6e58b6e691f948772284d2633636c556cf81 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 7 Dec 2018 13:06:24 +0000 Subject: [PATCH 105/415] test: Make basic-build-test.sh see summary statuses We've changed the behavior of "-v" to no longer output test summary statuses. Update basic-build-test.sh to use the test runner's verbosity option "-v 2", so that the basic-build-test.sh script can get the summary statuses it needs. --- tests/scripts/basic-build-test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index b4058718a..fbe757d9e 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -76,7 +76,7 @@ TEST_OUTPUT=out_${PPID} cd tests # Step 2a - Unit Tests -perl scripts/run-test-suites.pl -v |tee unit-test-$TEST_OUTPUT +perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT echo # Step 2b - System Tests From 683c58253073809aad026f4c0ab1bc5d8453efe5 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 7 Dec 2018 12:09:25 +0000 Subject: [PATCH 106/415] Clarify alternative ECP calling conventions Function calls to alternative implementations have to follow certain rules in order to preserve correct functionality. To avoid accidentally breaking these rules we state them explicitly in the ECP module for ourselves and every contributor to see. --- library/ecp.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/library/ecp.c b/library/ecp.c index e3b9106db..d9a3ac2f7 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -47,6 +47,35 @@ #include MBEDTLS_CONFIG_FILE #endif +/** + * \brief Function level alternative implementation. + * + * The MBEDTLS_ECP_INTERNAL_ALT macro enables alternative implementations to + * replace certain functions in this module. The alternative implementations are + * typically hardware accelerators and need to activate the hardware before the + * computation starts and deactivate it after it finishes. The + * mbedtls_internal_ecp_init() and mbedtls_internal_ecp_free() functions serve + * this purpose. + * + * To preserve the correct functionality the following conditions must hold: + * + * - The alternative implementation must be activated by + * mbedtls_internal_ecp_init() before any of the replaceable functions is + * called. + * - mbedtls_internal_ecp_free() must \b only be called when the alternative + * implementation is activated. + * - mbedtls_internal_ecp_init() must \b not be called when the alternative + * implementation is activated. + * - Public functions must not return while the alternative implementation is + * activated. + * - Replaceable functions are guarded by \c MBEDTLS_ECP_XXX_ALT macros and + * before calling them an \code if( mbedtls_internal_ecp_grp_capable( grp ) ) + * \endcode ensures that the alternative implementation supports the current + * group. + */ +#if defined(MBEDTLS_ECP_INTERNAL_ALT) +#endif + #if defined(MBEDTLS_ECP_C) #include "mbedtls/ecp.h" From 172ba634638770f7ee764fe3e05189093c08d927 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 7 Dec 2018 12:13:54 +0000 Subject: [PATCH 107/415] Add guard for MBEDTLS_ECP_INTERNAL_ALT MBEDTLS_ECP_RESTARTABLE and MBEDTLS_ECP_INTERNAL_ALT are mutually exclusive, can't work and shouldn't be compiled together. --- include/mbedtls/check_config.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 425e3ea58..d051cbb71 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -114,6 +114,7 @@ defined(MBEDTLS_ECDSA_SIGN_ALT) || \ defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ defined(MBEDTLS_ECDSA_GENKEY_ALT) || \ + defined(MBEDTLS_ECP_INTERNAL_ALT) || \ defined(MBEDTLS_ECP_ALT) ) #error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation" #endif From b4868034dd60ce0a19f230c6394aceb0bb8ca77b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Dec 2018 17:36:34 +0000 Subject: [PATCH 108/415] Add initial options and support for parameter validation This function adds the additional config.h option of MBEDTLS_CHECK_PARAMS which allows additional validation of parameters passed to the library. --- include/mbedtls/config.h | 22 ++++++++++++++++++++++ include/mbedtls/platform_util.h | 28 ++++++++++++++++++++++++++++ library/platform_util.c | 9 +++++++++ 3 files changed, 59 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 87a81c9ea..a8a8f7568 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -256,6 +256,25 @@ */ //#define MBEDTLS_DEPRECATED_REMOVED +/** + * \def MBEDTLS_CHECK_PARAMS + * + * This configuration controls whether the library validates parameters passed + * to it. + * + * Application code that deals with 3rd party input may wish to enable such + * validation, whilst code on closed systems, such as embedded systems, where + * the input is controlled and predictable, may wish to disable it entirely to + * reduce the code size of the library. + * + * When the symbol is not defined, no parameter validation except that required + * to ensure the integrity or security of the library are performed. + * + * When the symbol is defined, all parameters will be validated, and an error + * code returned where appropriate. + */ +#define MBEDTLS_CHECK_PARAMS + /* \} name SECTION: System support */ /** @@ -2996,6 +3015,9 @@ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +//#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) /**< Default parameter validation callback to use. Can be undefined */ + + /* SSL Cache options */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 164a1a05f..4a2efde50 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -41,6 +41,34 @@ extern "C" { #endif +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) && \ + !defined(MBEDTLS_PARAM_FAILED) +#define MBEDTLS_PARAM_FAILED( cond, file, line ) \ + mbedtls_param_failed( cond, file, line ) + +/** + * \brief User supplied callback function for parameter validation failure. + * + * When the MBEDTLS_CHECK_PARAMS option is enabled, the library + * provides additional validation of all input parameters to + * confirm that they conform to what the interface can accept. + * For example - NULL paramater checks. + * + * These checks are designed to check programmatic issues in the + * application software using Mbed TLS, or catch other runtime + * errors which may be due to issues in the application software. + * + * This function will be called unless an alternative function is + * defined through the MBEDTLS_PARAM_FAILURE function. + * + * This function can return, and the operation will be aborted, or + * alternatively, through use of setjmp()/longjmp() can resume + * execution in the application code. + */ +void mbedtls_param_failed( char* failure_condition, char* file, int line ); + +#endif /* MBEDTLS_CHECK_PARAMS && MBEDTLS_PLATFORM_C && !MBEDTLS_PARAM_FAILED */ + /** * \brief Securely zeroize a buffer * diff --git a/library/platform_util.c b/library/platform_util.c index ca5fe4fb8..61ed926ff 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -35,6 +35,7 @@ #endif #include "mbedtls/platform_util.h" +#include "mbedtls/platform.h" #include "mbedtls/threading.h" #include @@ -133,3 +134,11 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, #endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) && \ + defined(MBEDTLS_DEBUG_INVALID_PARAMS) +void mbedtls_param_failed( char* failure_condition ) +{ + mbedtls_printf("%s:%i: Input param failed - %s\n", __FILE__, __LINE__, failure_condition ); +} +#endif From 5201e414aa19aab1d3bf11283bbe761f4eb64b92 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Dec 2018 17:40:14 +0000 Subject: [PATCH 109/415] Add optional parameter validation to the AES module This adds additional and optional parameter validation to the AES module that can be used by enabling the MBEDTLS_CHECK_PARAMS config.h option. --- include/mbedtls/aes.h | 20 ++++++++++++++++++++ library/aes.c | 26 ++++++++++++++++++-------- 2 files changed, 38 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index cfb20c4fc..35c222918 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -67,6 +67,26 @@ /* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ +#if defined( MBEDTLS_CHECK_PARAMS ) +#define MBEDTLS_AES_VALIDATE_RET( cond ) do{ if( !(cond) ) { \ + MBEDTLS_PARAM_FAILED( #cond, \ + __FILE__, \ + __LINE__ ); \ + return MBEDTLS_ERR_AES_BAD_INPUT_DATA;} \ + } while(0); + +#define MBEDTLS_AES_VALIDATE( cond ) do{ if( !(cond) ) { \ + MBEDTLS_PARAM_FAILED( #cond, \ + __FILE__, \ + __LINE__ ); \ + return; } \ + } while(0); +#else +/* No validation of parameters will be performed */ +#define MBEDTLS_AES_VALIDATE_RET( cond ) +#define MBEDTLS_AES_VALIDATE( cond) +#endif + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/library/aes.c b/library/aes.c index 3de571e69..7a364a0f6 100644 --- a/library/aes.c +++ b/library/aes.c @@ -511,6 +511,8 @@ static void aes_gen_tables( void ) void mbedtls_aes_init( mbedtls_aes_context *ctx ) { + MBEDTLS_AES_VALIDATE( ctx != NULL ); + memset( ctx, 0, sizeof( mbedtls_aes_context ) ); } @@ -525,12 +527,16 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ) #if defined(MBEDTLS_CIPHER_MODE_XTS) void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ) { + MBEDTLS_AES_VALIDATE( ctx != NULL ); + mbedtls_aes_init( &ctx->crypt ); mbedtls_aes_init( &ctx->tweak ); } void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ) { + MBEDTLS_AES_VALIDATE( ctx != NULL ); + mbedtls_aes_free( &ctx->crypt ); mbedtls_aes_free( &ctx->tweak ); } @@ -546,14 +552,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int i; uint32_t *RK; -#if !defined(MBEDTLS_AES_ROM_TABLES) - if( aes_init_done == 0 ) - { - aes_gen_tables(); - aes_init_done = 1; - - } -#endif + MBEDTLS_AES_VALIDATE_RET( ctx != NULL && key != NULL ); switch( keybits ) { @@ -563,6 +562,15 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); } +#if !defined(MBEDTLS_AES_ROM_TABLES) + if( aes_init_done == 0 ) + { + aes_gen_tables(); + aes_init_done = 1; + + } +#endif + #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16) if( aes_padlock_ace == -1 ) aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE ); @@ -662,6 +670,8 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, uint32_t *RK; uint32_t *SK; + MBEDTLS_AES_VALIDATE_RET( ctx != NULL && key != NULL ); + mbedtls_aes_init( &cty ); #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16) From a646345e3fb61573154c98f703ff1b5dc8cd57e2 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Dec 2018 17:41:56 +0000 Subject: [PATCH 110/415] Add additional parameter validation tests for the AES module This adds additional tests to validate the AES module parameter validation checks which are enabled using the MBEDTLS_CHECK_PARAMS option. --- tests/suites/helpers.function | 185 +++++++++++++++++++++++++- tests/suites/test_suite_aes.function | 35 ++++- tests/suites/test_suite_aes.rest.data | 4 + 3 files changed, 213 insertions(+), 11 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 32b1b790d..4c105ed3c 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -23,6 +23,11 @@ #include "mbedtls/memory_buffer_alloc.h" #endif +#if defined(MBEDTLS_CHECK_PARAMS) +#include +#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) +#endif + #ifdef _MSC_VER #include typedef UINT8 uint8_t; @@ -69,15 +74,166 @@ typedef struct data_tag /*----------------------------------------------------------------------------*/ /* Macros */ -#define TEST_ASSERT( TEST ) \ - do { \ - if( ! (TEST) ) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ +#if defined(MBEDTLS_CHECK_PARAMS) + +/** + * \brief This macro tests the expression passed to it as a test step or + * individual test in a test case. + * + * It allows a library function to return a value and return an error + * code that can be tested. + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAIL, will be assumed to be a test failure. + * + * This macro is not suitable for negative parameter validation tests, + * as it assumes the test step will not create an error. + * + * \param TEST The test expression to be tested. + */ +#define TEST_ASSERT( TEST ) \ + do { \ + if ( setjmp( param_fail_jmp ) == 0 ) \ + { \ + if( ! (TEST) ) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } \ + else \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ } while( 0 ) +/** + * \brief This macro tests and individual function call as a test step or + * individual test in a test case. + * + * It does not require a library function to return a value, and cannot + tets a return error code that can be tested. + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAIL, will be assumed to be a test failure. + * + * This macro is not suitable for negative parameter validation tests + * as it assumes the test step will not create an error. + * + * \param TEST The test statement to be executed. + */ +#define TEST_FN( TEST ) \ + do { \ + if ( setjmp( param_fail_jmp ) == 0 ) \ + { \ + TEST; \ + } \ + else \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ + } while( 0 ) + +/** + * \brief This macro tests the statement passed to it as a test step or + * individual test in a test case. The macro assumes the test will fail + * and will generate an error. + * + * It allows a library function to return a value and tests the return + * code on return to confirm the given error code was returned. + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAIL, are assumed to indicate the + * expected failure, and the test will pass. + * + * This macro is intended for negative parameter validation tests, + * where the failing function may return an error value or call + * MBEDTLS_PARAM_FAIL to indicate the error. + * + * \param PARAM_ERROR_VALUE The expected error code. + * + * \param TEST The test expression to be tested. + */ +#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ + do { \ + if ( setjmp( param_fail_jmp ) == 0 ) \ + { \ + if( (TEST) != PARAM_ERR_VALUE) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } \ + memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ + } while( 0 ) + +/** + * \brief This macro tests the statement passed to it as a test step or + * individual test in a test case. The macro assumes the test will fail + * and will generate an error. + * + * It assumes the library function under test cannot return a value and + * assumes errors can only be indicated byt calls to + * MBEDTLS_PARAM_FAIL. + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAIL, are assumed to indicate the + * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test + * can be made. + * + * This macro is intended for negative parameter validation tests, + * where the failing function can only return an error by calling + * MBEDTLS_PARAM_FAIL to indicate the error. + * + * \param TEST The test expression to be tested. + */ +#define TEST_INVALID_PARAM( TEST ) \ + do { \ + if ( setjmp( param_fail_jmp ) == 0 ) \ + { \ + TEST; \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ + } while( 0 ) + +#else + +#define TEST_ASSERT( TEST ) \ + do { \ + if( ! (TEST) ) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } while( 0 ) + +#define TEST_FN( TEST ) \ + do { \ + TEST; \ + } while( 0 ) + +#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ + do { \ + if( (TEST) != (PARAM_ERR_VALUE) ) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } while( 0 ) + +#define TEST_INVALID_PARAM( TEST ) \ + do { \ + TEST; \ + } while( 0 ) + +#endif /* !defined( MBEDTLS_CHECK_PARAMS ) */ + #define assert(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ @@ -126,6 +282,10 @@ test_info; mbedtls_platform_context platform_ctx; #endif +#if defined(MBEDTLS_CHECK_PARAMS) +jmp_buf param_fail_jmp; +#endif + /*----------------------------------------------------------------------------*/ /* Helper flags for complex dependencies */ @@ -159,6 +319,17 @@ static void platform_teardown() #endif /* MBEDTLS_PLATFORM_C */ } +#if defined(MBEDTLS_CHECK_PARAMS) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + (void)failure_condition; + (void)file; + (void)line; + + longjmp( param_fail_jmp, 1 ); +} +#endif + #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) static int redirect_output( FILE** out_stream, const char* path ) { diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index a797e699c..24b5e4d6e 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -15,8 +15,8 @@ void aes_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_aes_context ctx; memset(output, 0x00, 100); - mbedtls_aes_init( &ctx ); + TEST_FN( mbedtls_aes_init( &ctx ) ); TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) @@ -39,8 +39,8 @@ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_aes_context ctx; memset(output, 0x00, 100); - mbedtls_aes_init( &ctx ); + TEST_FN( mbedtls_aes_init( &ctx ) ); TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) @@ -64,8 +64,8 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, mbedtls_aes_context ctx; memset(output, 0x00, 100); - mbedtls_aes_init( &ctx ); + TEST_FN( mbedtls_aes_init( &ctx ) ); mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result ); @@ -91,7 +91,6 @@ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str, memset(output, 0x00, 100); mbedtls_aes_init( &ctx ); - mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result ); if( cbc_result == 0) @@ -372,6 +371,34 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aes_invalid_param( ) +{ + mbedtls_aes_context dummy_ctx; + const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; + + TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); + + /* mbedtls_aes_setkey_enc() */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_setkey_enc( NULL, key, 128 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_setkey_enc( &dummy_ctx, NULL, 128 ) ); + + /* mbedtls_aes_setkey_dec() */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_setkey_dec( NULL, key, 128 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_setkey_dec( &dummy_ctx, NULL, 128 ) ); + + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void aes_selftest( ) { diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data index bbb222f10..3ec916ded 100644 --- a/tests/suites/test_suite_aes.rest.data +++ b/tests/suites/test_suite_aes.rest.data @@ -10,6 +10,10 @@ aes_encrypt_cbc:"000000000000000000000000000000000000000000000000000000000000000 AES-256-CBC Decrypt (Invalid input length) aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH +AES - Invalid parameters +depends_on:MBEDTLS_CHECK_PARAMS +aes_invalid_param: + AES Selftest depends_on:MBEDTLS_SELF_TEST aes_selftest: From 63cb97e562c19bde01ec603ac8598903ac180529 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Dec 2018 17:43:31 +0000 Subject: [PATCH 111/415] Add handlers for parameter validation in the sample programs The sample programs require an additional handler function of mbedtls_param_failed() to handle any failed parameter validation checks enabled by the MBEDTLS_CHECK_PARAMS config.h option. --- programs/aes/aescrypt2.c | 11 +++++++++++ programs/aes/crypt_and_hash.c | 10 ++++++++++ programs/pkey/dh_client.c | 9 +++++++++ programs/pkey/dh_genprime.c | 8 ++++++++ programs/pkey/dh_server.c | 9 +++++++++ programs/pkey/ecdh_curve25519.c | 8 ++++++++ programs/pkey/ecdsa.c | 8 ++++++++ programs/pkey/gen_key.c | 9 +++++++++ programs/pkey/key_app.c | 9 +++++++++ programs/pkey/key_app_writer.c | 9 +++++++++ programs/pkey/pk_decrypt.c | 9 +++++++++ programs/pkey/pk_encrypt.c | 9 +++++++++ programs/pkey/pk_sign.c | 8 ++++++++ programs/pkey/pk_verify.c | 8 ++++++++ programs/pkey/rsa_decrypt.c | 9 +++++++++ programs/pkey/rsa_encrypt.c | 9 +++++++++ programs/pkey/rsa_genkey.c | 9 +++++++++ programs/pkey/rsa_sign_pss.c | 8 ++++++++ programs/pkey/rsa_verify_pss.c | 8 ++++++++ programs/random/gen_random_ctr_drbg.c | 9 +++++++++ programs/ssl/dtls_client.c | 8 ++++++++ programs/ssl/dtls_server.c | 8 ++++++++ programs/ssl/mini_client.c | 8 ++++++++ programs/ssl/ssl_client1.c | 8 ++++++++ programs/ssl/ssl_client2.c | 8 ++++++++ programs/ssl/ssl_fork_server.c | 8 ++++++++ programs/ssl/ssl_mail_client.c | 8 ++++++++ programs/ssl/ssl_server.c | 8 ++++++++ programs/ssl/ssl_server2.c | 8 ++++++++ programs/test/benchmark.c | 8 ++++++++ programs/test/selftest.c | 8 ++++++++ programs/test/ssl_cert_test.c | 8 ++++++++ programs/x509/cert_app.c | 8 ++++++++ programs/x509/cert_req.c | 8 ++++++++ programs/x509/cert_write.c | 8 ++++++++ programs/x509/crl_app.c | 8 ++++++++ programs/x509/req_app.c | 8 ++++++++ 37 files changed, 312 insertions(+) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 5725eb0f3..522bfdacf 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -78,6 +78,16 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %s\n", file, line, + failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 0; @@ -109,6 +119,7 @@ int main( int argc, char *argv[] ) off_t filesize, offset; #endif + mbedtls_aes_init( NULL ); mbedtls_aes_init( &aes_ctx ); mbedtls_md_init( &sha_ctx ); diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 88b852b4b..542b37ef8 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -80,6 +80,16 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %s\n", file, line, + failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1, i, n; diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 3dadf48e6..36ff8c093 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -70,6 +70,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { FILE *f; diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 360e3554a..9a37d5d09 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -68,6 +68,14 @@ int main( void ) */ #define GENERATOR "4" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char **argv ) { int ret = 1; diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index c4e2c391e..24f66ea69 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -70,6 +70,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { FILE *f; diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 7fbf1678f..0d8db09d0 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -52,6 +52,14 @@ int main( void ) #include "mbedtls/ctr_drbg.h" #include "mbedtls/ecdh.h" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1; diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index c653df9e4..c38b16ec0 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -99,6 +99,14 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key ) #define dump_pubkey( a, b ) #endif +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1; diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 31abb0cb8..98936c950 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -135,6 +135,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 027b95f9d..845d600b5 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -73,6 +73,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index cd0c23064..70c2440a9 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -96,6 +96,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 1d8c959a0..3f08fe1d2 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -59,6 +59,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 22dedba10..231381808 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -59,6 +59,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 7ec46752a..dcfc0fc48 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -59,6 +59,14 @@ int main( void ) #include #include +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 3c7709f9d..75ecf5296 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -55,6 +55,14 @@ int main( void ) #include #include +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 0a252d2ad..a5fd48274 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -58,6 +58,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 411657a07..86de8dfbb 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -58,6 +58,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 3359e1407..77d9d8e74 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -62,6 +62,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { int ret = 1; diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index b0b0f7ecf..57c096d5c 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -60,6 +60,14 @@ int main( void ) #include #include +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 7c9c68f22..3e1507e04 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -59,6 +59,14 @@ int main( void ) #include #include +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index 5ade946a7..dfef8afa8 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -52,6 +52,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index c29ab34a6..4d7177f91 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -79,6 +79,14 @@ int main( void ) #define DEBUG_LEVEL 0 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index b4ad6b53a..0cee83414 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -88,6 +88,14 @@ int main( void ) #define READ_TIMEOUT_MS 10000 /* 5 seconds */ #define DEBUG_LEVEL 0 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 290455e9a..c44794703 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -168,6 +168,14 @@ enum exit_codes ssl_write_failed, }; +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { int ret = exit_ok; diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index bf7c0132a..a7e4513ac 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -70,6 +70,14 @@ int main( void ) #define DEBUG_LEVEL 1 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 15c778d31..098c138fe 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -314,6 +314,14 @@ int main( void ) #define ALPN_LIST_SIZE 10 #define CURVE_LIST_SIZE 20 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 1c3a80600..3304b6bb1 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -86,6 +86,14 @@ int main( void ) #define DEBUG_LEVEL 0 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 16cedfe94..6bf6cde68 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -141,6 +141,14 @@ int main( void ) " force_ciphersuite= default: all enabled\n"\ " acceptable ciphersuite names:\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index dcdafbb86..044193d86 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -80,6 +80,14 @@ int main( void ) #define DEBUG_LEVEL 0 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index efda65d23..fffd98c7d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -426,6 +426,14 @@ int main( void ) (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \ } +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index dd4303b89..ff1f4d1ba 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -254,6 +254,14 @@ typedef struct { rsa, dhm, ecdsa, ecdh; } todo_list; +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { int i; diff --git a/programs/test/selftest.c b/programs/test/selftest.c index f923a43f5..6dc0f7fb8 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -77,6 +77,14 @@ #include "mbedtls/memory_buffer_alloc.h" #endif +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret ) { int ret; diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c index fd3526f7f..fd713f50f 100644 --- a/programs/test/ssl_cert_test.c +++ b/programs/test/ssl_cert_test.c @@ -81,6 +81,14 @@ const char *client_private_keys[MAX_CLIENT_CERTS] = "cert_digest.key" }; +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { int ret = 1, i; diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index c57ecca03..16c3d9f6f 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -99,6 +99,14 @@ int main( void ) " permissive=%%d default: 0 (disabled)\n" \ "\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 8c56287b6..a5560702e 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -100,6 +100,14 @@ int main( void ) " SHA384, SHA512\n" \ "\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 3842ebce4..fe60fbe89 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -153,6 +153,14 @@ int main( void ) " object_signing_ca\n" \ "\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index f8316835f..89adbdb7a 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -60,6 +60,14 @@ int main( void ) " filename=%%s default: crl.pem\n" \ "\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 0f20c85f5..fc1da0d73 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -60,6 +60,14 @@ int main( void ) " filename=%%s default: cert.req\n" \ "\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ From 747f5fe3e23217f8d51e47f4dd8584d2432007dc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 7 Dec 2018 16:53:57 +0000 Subject: [PATCH 112/415] Add disabling of gcc 'clobbered' warning With gcc, use of setjmp() was triggering warnings about use of auto variables being clobbered. --- tests/suites/helpers.function | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 4c105ed3c..2d1f6922e 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -26,8 +26,13 @@ #if defined(MBEDTLS_CHECK_PARAMS) #include #define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) + +#if defined(__GNUC__) && !defined(__clang__) +#pragma GCC diagnostic ignored "-Wno-uninitialized" #endif +#endif /* MBEDTLS_CHECK_PARAMS */ + #ifdef _MSC_VER #include typedef UINT8 uint8_t; From 6542f6c597b8c03a5f40850244976fb2aedc7e5a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 9 Dec 2018 22:09:59 +0000 Subject: [PATCH 113/415] Change the use of setjmp/longjmp in parameter failure callback Change the use of setjmp and longjmp in signalling parameter validation failures when using the MBEDTLS_CHECK_PARAMS config.h option. This change allows all calls which might result in a call to the parameter validation failure handler to always be caught, even without use of the new macros, by placing a setjmp() in the outer function which calls the test function, which the handler can jump to. This has several benefits: * it allows us to remove the clang compiler warning (-Wclobbered) caused by local auto variables being in the same function as the call to setjmp. * removes the need to wrap all function calls in the test functions with the TEST_ASSERT() macro. Now all parameter validation function calls should be caught. --- tests/suites/helpers.function | 163 +++++++++++++------------------- tests/suites/host_test.function | 1 + tests/suites/main_test.function | 34 ++++++- 3 files changed, 97 insertions(+), 101 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2d1f6922e..3ae547184 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -27,10 +27,6 @@ #include #define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) -#if defined(__GNUC__) && !defined(__clang__) -#pragma GCC diagnostic ignored "-Wno-uninitialized" -#endif - #endif /* MBEDTLS_CHECK_PARAMS */ #ifdef _MSC_VER @@ -75,12 +71,19 @@ typedef struct data_tag #define DISPATCH_UNSUPPORTED_SUITE -5 /* Test suite not supported by the build */ +typedef enum +{ + PARAMFAIL_TESTSTATE_IDLE = 0, /* No parameter failure call test */ + PARAMFAIL_TESTSTATE_PENDING, /* Test call to the parameter failure + * is pending */ + PARAMFAIL_TESTSTATE_CALLED /* The test call to the parameter + * failure function has been made */ +} paramfail_test_state_t; + /*----------------------------------------------------------------------------*/ /* Macros */ -#if defined(MBEDTLS_CHECK_PARAMS) - /** * \brief This macro tests the expression passed to it as a test step or * individual test in a test case. @@ -96,53 +99,17 @@ typedef struct data_tag * * \param TEST The test expression to be tested. */ -#define TEST_ASSERT( TEST ) \ - do { \ - if ( setjmp( param_fail_jmp ) == 0 ) \ - { \ - if( ! (TEST) ) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - } \ - else \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ - } while( 0 ) - -/** - * \brief This macro tests and individual function call as a test step or - * individual test in a test case. - * - * It does not require a library function to return a value, and cannot - tets a return error code that can be tested. - * - * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAIL, will be assumed to be a test failure. - * - * This macro is not suitable for negative parameter validation tests - * as it assumes the test step will not create an error. - * - * \param TEST The test statement to be executed. - */ -#define TEST_FN( TEST ) \ - do { \ - if ( setjmp( param_fail_jmp ) == 0 ) \ - { \ - TEST; \ - } \ - else \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ + +#define TEST_ASSERT( TEST ) \ + do { \ + if( ! (TEST) ) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ } while( 0 ) +#if defined(MBEDTLS_CHECK_PARAMS) /** * \brief This macro tests the statement passed to it as a test step or * individual test in a test case. The macro assumes the test will fail @@ -163,18 +130,16 @@ typedef struct data_tag * * \param TEST The test expression to be tested. */ -#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ - do { \ - if ( setjmp( param_fail_jmp ) == 0 ) \ - { \ - if( (TEST) != PARAM_ERR_VALUE) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - } \ - memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ - } while( 0 ) +#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ + do { \ + test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_PENDING; \ + if( (TEST) != (PARAM_ERR_VALUE) && \ + test_info.paramfail_test_state != PARAMFAIL_TESTSTATE_CALLED ) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } while( 0 ) /** * \brief This macro tests the statement passed to it as a test step or @@ -196,33 +161,20 @@ typedef struct data_tag * * \param TEST The test expression to be tested. */ -#define TEST_INVALID_PARAM( TEST ) \ - do { \ - if ( setjmp( param_fail_jmp ) == 0 ) \ - { \ - TEST; \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ +#define TEST_INVALID_PARAM( TEST ) \ + do { \ + memcpy(jmp_tmp, param_fail_jmp, sizeof(jmp_buf)); \ + if ( setjmp( param_fail_jmp ) == 0 ) \ + { \ + TEST; \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \ } while( 0 ) #else -#define TEST_ASSERT( TEST ) \ - do { \ - if( ! (TEST) ) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - } while( 0 ) - -#define TEST_FN( TEST ) \ - do { \ - TEST; \ - } while( 0 ) - #define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ do { \ if( (TEST) != (PARAM_ERR_VALUE) ) \ @@ -273,9 +225,9 @@ typedef struct data_tag /*----------------------------------------------------------------------------*/ /* Global variables */ - static struct { + paramfail_test_state_t paramfail_test_state; int failed; const char *test; const char *filename; @@ -289,6 +241,7 @@ mbedtls_platform_context platform_ctx; #if defined(MBEDTLS_CHECK_PARAMS) jmp_buf param_fail_jmp; +jmp_buf jmp_tmp; #endif /*----------------------------------------------------------------------------*/ @@ -308,6 +261,15 @@ jmp_buf param_fail_jmp; /*----------------------------------------------------------------------------*/ /* Helper Functions */ + +static void test_fail( const char *test, int line_no, const char* filename ) +{ + test_info.failed = 1; + test_info.test = test; + test_info.line_no = line_no; + test_info.filename = filename; +} + static int platform_setup() { int ret = 0; @@ -327,11 +289,22 @@ static void platform_teardown() #if defined(MBEDTLS_CHECK_PARAMS) void mbedtls_param_failed( char* failure_condition, char* file, int line ) { - (void)failure_condition; - (void)file; - (void)line; + /* If we are testing the callback function... */ + if ( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING ) + { + test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_CALLED; + } + else + { + /* ...else we treat this as an error */ - longjmp( param_fail_jmp, 1 ); + /* Record the location of the failure, but not as a failure yet, in case + * it was part of the test */ + test_fail( failure_condition, line, file ); + test_info.failed = 0; + + longjmp( param_fail_jmp, 1 ); + } } #endif @@ -623,14 +596,6 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -static void test_fail( const char *test, int line_no, const char* filename ) -{ - test_info.failed = 1; - test_info.test = test; - test_info.line_no = line_no; - test_info.filename = filename; -} - int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) { int ret = 0; diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index b354af473..3c4303208 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -546,6 +546,7 @@ int execute_tests( int argc , const char ** argv ) if( unmet_dep_count == 0 ) { test_info.failed = 0; + test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_IDLE; #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) /* Suppress all output from the library unless we're verbose diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 2ba919ce0..ca4783dcf 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -134,9 +134,39 @@ $dispatch_code #line $line_no "suites/main_test.function" }; +/** + * \brief Execute the test function. + * + * This is a wrapper function around the test function execution + * to allow the setjmp() call used to catch any calls to the + * parameter failure callback, to be used. Calls to setjmp() + * can invalidate the state of any local auto variables. + * + * \param fp Function pointer to the test function + * \param params Parameters to pass + * + */ +void execute_function_ptr(TestWrapper_t fp, void **params) +{ +#if defined(MBEDTLS_CHECK_PARAMS) + if ( setjmp( param_fail_jmp ) == 0 ) + { + fp( params ); + } + else + { + /* Unexpected parameter validation error */ + test_info.failed = 1; + } + + memset( param_fail_jmp, 0, sizeof(jmp_buf) ); +#else + fp( params ); +#endif +} /** - * \brief Dispatches test functions based on function index. + * \brief Dispatches test functions based on function index. * * \param exp_id Test function index. * @@ -153,7 +183,7 @@ int dispatch_test( int func_idx, void ** params ) { fp = test_funcs[func_idx]; if ( fp ) - fp( params ); + execute_function_ptr(fp, params); else ret = DISPATCH_UNSUPPORTED_SUITE; } From 249b3d6efe776929288f088c2ee487c90db0957b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 9 Dec 2018 22:18:46 +0000 Subject: [PATCH 114/415] Remove use of the macro TEST_FN from the AES test suite The TEST_FN macro is now redundant and no longer necessary. --- tests/suites/test_suite_aes.function | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 24b5e4d6e..062234b50 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -16,7 +16,7 @@ void aes_encrypt_ecb( data_t * key_str, data_t * src_str, memset(output, 0x00, 100); - TEST_FN( mbedtls_aes_init( &ctx ) ); + mbedtls_aes_init( &ctx ); TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) @@ -40,7 +40,7 @@ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, memset(output, 0x00, 100); - TEST_FN( mbedtls_aes_init( &ctx ) ); + mbedtls_aes_init( &ctx ); TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) @@ -65,7 +65,7 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, memset(output, 0x00, 100); - TEST_FN( mbedtls_aes_init( &ctx ) ); + mbedtls_aes_init( &ctx ); mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result ); @@ -393,7 +393,6 @@ void aes_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_setkey_dec( &dummy_ctx, NULL, 128 ) ); - exit: return; } From 4c37db6d879dedb9812bfa6ebb34b32e532815ab Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 9 Dec 2018 22:42:11 +0000 Subject: [PATCH 115/415] Remove the library provided function of MBEDTLS_PARAM_FAILED The function called through the macro MBEDTLS_PARAM_FAILED() must be supplied by users and makes no sense as a library function, apart from debug and test. --- include/mbedtls/platform_util.h | 5 ++--- library/platform_util.c | 8 -------- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 4a2efde50..d09957152 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -41,8 +41,7 @@ extern "C" { #endif -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) && \ - !defined(MBEDTLS_PARAM_FAILED) +#if defined( MBEDTLS_CHECK_PARAMS ) && !defined(MBEDTLS_PARAM_FAILED) #define MBEDTLS_PARAM_FAILED( cond, file, line ) \ mbedtls_param_failed( cond, file, line ) @@ -67,7 +66,7 @@ extern "C" { */ void mbedtls_param_failed( char* failure_condition, char* file, int line ); -#endif /* MBEDTLS_CHECK_PARAMS && MBEDTLS_PLATFORM_C && !MBEDTLS_PARAM_FAILED */ +#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED */ /** * \brief Securely zeroize a buffer diff --git a/library/platform_util.c b/library/platform_util.c index 61ed926ff..756e22679 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -134,11 +134,3 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, #endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ - -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) && \ - defined(MBEDTLS_DEBUG_INVALID_PARAMS) -void mbedtls_param_failed( char* failure_condition ) -{ - mbedtls_printf("%s:%i: Input param failed - %s\n", __FILE__, __LINE__, failure_condition ); -} -#endif From 2c21073789fb98945157b688180e7f3524f7f6a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 11:48:49 +0100 Subject: [PATCH 116/415] Remove leftover from testing --- programs/aes/aescrypt2.c | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 522bfdacf..a5691d73f 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -119,7 +119,6 @@ int main( int argc, char *argv[] ) off_t filesize, offset; #endif - mbedtls_aes_init( NULL ); mbedtls_aes_init( &aes_ctx ); mbedtls_md_init( &sha_ctx ); From 8e661bf6a8773b8f5928b063981e79f6c84a3974 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 12:41:46 +0100 Subject: [PATCH 117/415] Fix arity of the PARAM_FAILED() macro and function It was inconsistent between files: sometimes 3 arguments, sometimes one. Align to 1 argument for the macro and 3 for the function, because: - we don't need 3 arguments for the macro, it can add __FILE__ and __LINE__ in its expansion, while the function needs them as parameters to be correct; - people who re-defined the macro should have flexibility, and 3 arguments can give the impression they they don't have as much as they actually do; - the design document has the macro with 1 argument, so let's stick to that. --- include/mbedtls/aes.h | 8 ++------ include/mbedtls/config.h | 2 +- include/mbedtls/platform_util.h | 5 ++--- tests/suites/helpers.function | 2 +- 4 files changed, 6 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 35c222918..62c1f9234 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -69,16 +69,12 @@ #if defined( MBEDTLS_CHECK_PARAMS ) #define MBEDTLS_AES_VALIDATE_RET( cond ) do{ if( !(cond) ) { \ - MBEDTLS_PARAM_FAILED( #cond, \ - __FILE__, \ - __LINE__ ); \ + MBEDTLS_PARAM_FAILED( #cond ); \ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;} \ } while(0); #define MBEDTLS_AES_VALIDATE( cond ) do{ if( !(cond) ) { \ - MBEDTLS_PARAM_FAILED( #cond, \ - __FILE__, \ - __LINE__ ); \ + MBEDTLS_PARAM_FAILED( #cond ); \ return; } \ } while(0); #else diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a8a8f7568..25f6c8c28 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3015,7 +3015,7 @@ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ -//#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) /**< Default parameter validation callback to use. Can be undefined */ +//#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x, __FILE__, __LINE__ ) /**< Default parameter validation callback to use. Can be undefined */ /* SSL Cache options */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index d09957152..6aada21c9 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -42,8 +42,8 @@ extern "C" { #endif #if defined( MBEDTLS_CHECK_PARAMS ) && !defined(MBEDTLS_PARAM_FAILED) -#define MBEDTLS_PARAM_FAILED( cond, file, line ) \ - mbedtls_param_failed( cond, file, line ) +#define MBEDTLS_PARAM_FAILED( cond ) \ + mbedtls_param_failed( cond, __FILE__, __LINE__ ) /** * \brief User supplied callback function for parameter validation failure. @@ -65,7 +65,6 @@ extern "C" { * execution in the application code. */ void mbedtls_param_failed( char* failure_condition, char* file, int line ); - #endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED */ /** diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 3ae547184..4b9513f9d 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -25,7 +25,7 @@ #if defined(MBEDTLS_CHECK_PARAMS) #include -#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) +#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x, __FILE__, __LINE__ ) #endif /* MBEDTLS_CHECK_PARAMS */ From 3ef6a6dc5c9104235c11b22449b644740814b949 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 14:31:45 +0100 Subject: [PATCH 118/415] Fix const-ness in mbedtls_param_failed() The previous prototype gave warnings are the strings produced by #cond and __FILE__ are const, so we shouldn't implicitly cast them to non-const. While at it modifying most example programs: - include the header that has the function declaration, so that the definition can be checked to match by the compiler - fix whitespace - make it work even if PLATFORM_C is not defined: - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is no reason why it should - so, remove the corresponding #if defined in each program... - and add missing #defines for mbedtls_exit when needed The result has been tested (make all test with -Werror) with the following configurations: - full with CHECK_PARAMS with PLATFORM_C - full with CHECK_PARAMS without PLATFORM_C - full without CHECK_PARAMS without PLATFORM_C - full without CHECK_PARAMS with PLATFORM_C Additionally, it has been manually tested that adding mbedtls_aes_init( NULL ); near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the expected effect when running the program. --- include/mbedtls/platform_util.h | 4 +++- programs/aes/aescrypt2.c | 12 ++++++---- programs/aes/crypt_and_hash.c | 12 ++++++---- programs/hash/generic_sum.c | 14 +++++++++++ programs/hash/hello.c | 14 +++++++++++ programs/pkey/dh_client.c | 11 ++++++--- programs/pkey/dh_genprime.c | 11 ++++++--- programs/pkey/dh_server.c | 11 ++++++--- programs/pkey/ecdh_curve25519.c | 11 ++++++--- programs/pkey/ecdsa.c | 11 ++++++--- programs/pkey/gen_key.c | 11 ++++++--- programs/pkey/key_app.c | 11 ++++++--- programs/pkey/key_app_writer.c | 11 ++++++--- programs/pkey/mpi_demo.c | 14 +++++++++++ programs/pkey/pk_decrypt.c | 11 ++++++--- programs/pkey/pk_encrypt.c | 11 ++++++--- programs/pkey/pk_sign.c | 11 ++++++--- programs/pkey/pk_verify.c | 11 ++++++--- programs/pkey/rsa_decrypt.c | 10 +++++--- programs/pkey/rsa_encrypt.c | 10 +++++--- programs/pkey/rsa_genkey.c | 11 ++++++--- programs/pkey/rsa_sign.c | 13 ++++++++++ programs/pkey/rsa_sign_pss.c | 11 ++++++--- programs/pkey/rsa_verify.c | 13 ++++++++++ programs/pkey/rsa_verify_pss.c | 11 ++++++--- programs/random/gen_entropy.c | 14 +++++++++++ programs/random/gen_random_ctr_drbg.c | 11 ++++++--- programs/random/gen_random_havege.c | 14 +++++++++++ programs/ssl/dtls_client.c | 13 +++++++--- programs/ssl/dtls_server.c | 13 +++++++--- programs/ssl/mini_client.c | 34 ++++++++++++++------------- programs/ssl/ssl_client1.c | 11 ++++++--- programs/ssl/ssl_client2.c | 13 +++++++--- programs/ssl/ssl_fork_server.c | 11 ++++++--- programs/ssl/ssl_mail_client.c | 11 ++++++--- programs/ssl/ssl_pthread_server.c | 16 +++++++++++++ programs/ssl/ssl_server.c | 13 +++++++--- programs/ssl/ssl_server2.c | 13 +++++++--- programs/test/benchmark.c | 14 ++++++++--- programs/test/selftest.c | 10 +++++--- programs/test/ssl_cert_test.c | 11 ++++++--- programs/util/pem2der.c | 14 +++++++++++ programs/x509/cert_app.c | 11 ++++++--- programs/x509/cert_req.c | 10 +++++--- programs/x509/cert_write.c | 11 ++++++--- programs/x509/crl_app.c | 11 ++++++--- programs/x509/req_app.c | 11 ++++++--- tests/suites/helpers.function | 4 +++- 48 files changed, 447 insertions(+), 128 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 6aada21c9..e8fab66a4 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -64,7 +64,9 @@ extern "C" { * alternatively, through use of setjmp()/longjmp() can resume * execution in the application code. */ -void mbedtls_param_failed( char* failure_condition, char* file, int line ); +void mbedtls_param_failed( const char* failure_condition, + const char* file, + int line ); #endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED */ /** diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index a5691d73f..bdeac3afc 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -37,6 +37,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -79,11 +80,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %s\n", file, line, - failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 542b37ef8..f58e6166d 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -38,6 +38,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -81,11 +82,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %s\n", file, line, - failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index bbe8d92a2..4b7fe37be 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -32,6 +32,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -50,6 +51,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum ) { int ret = mbedtls_md_file( md_info, filename, sum ); diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 2e8c2244d..6046f868c 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif @@ -46,6 +47,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { int i, ret; diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 36ff8c093..1dce31aa7 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -32,6 +32,7 @@ #include #define mbedtls_printf printf #define mbedtls_time_t time_t +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -71,10 +72,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 9a37d5d09..cca43ca59 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -32,6 +32,7 @@ #include #define mbedtls_printf printf #define mbedtls_time_t time_t +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -68,10 +69,14 @@ int main( void ) */ #define GENERATOR "4" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 24f66ea69..a797e6070 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -32,6 +32,7 @@ #include #define mbedtls_printf printf #define mbedtls_time_t time_t +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -71,10 +72,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 0d8db09d0..9267c7ef5 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -52,10 +53,14 @@ int main( void ) #include "mbedtls/ctr_drbg.h" #include "mbedtls/ecdh.h" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index c38b16ec0..4471a201e 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -99,10 +100,14 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key ) #define dump_pubkey( a, b ) #endif -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 98936c950..35fc1498f 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -136,10 +137,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 845d600b5..0bd61e481 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -74,10 +75,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 70c2440a9..500e258a3 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -97,10 +98,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index 365bdc480..80573c0ed 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -48,6 +49,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { int ret = 1; diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 3f08fe1d2..978f39ef1 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -60,10 +61,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 231381808..806c59aae 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -32,6 +32,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -60,10 +61,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index dcfc0fc48..7354082f1 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -32,6 +32,7 @@ #include #define mbedtls_snprintf snprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -59,10 +60,14 @@ int main( void ) #include #include -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 75ecf5296..9fcf029b8 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -32,6 +32,7 @@ #include #define mbedtls_snprintf snprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -55,10 +56,14 @@ int main( void ) #include #include -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index a5fd48274..dc8a9200d 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -59,10 +59,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 86de8dfbb..e9effe806 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -59,10 +59,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 77d9d8e74..81867ee9e 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -63,10 +64,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index b16fe5d22..f01487202 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -33,6 +33,7 @@ #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_snprintf snprintf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -55,6 +56,18 @@ int main( void ) #include #include +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 57c096d5c..ad03a91bb 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -32,6 +32,7 @@ #include #define mbedtls_snprintf snprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -60,10 +61,14 @@ int main( void ) #include #include -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 6f88345f2..5d1c0851e 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -32,6 +32,7 @@ #include #define mbedtls_printf printf #define mbedtls_snprintf snprintf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -54,6 +55,18 @@ int main( void ) #include #include +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 3e1507e04..34122ca4f 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -32,6 +32,7 @@ #include #define mbedtls_snprintf snprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -59,10 +60,14 @@ int main( void ) #include #include -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index a1eb3868a..3b350ede2 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -32,6 +32,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -49,6 +50,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index dfef8afa8..a50402f19 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -32,6 +32,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -53,10 +54,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c index 3fb3f0196..ef888ff61 100644 --- a/programs/random/gen_random_havege.c +++ b/programs/random/gen_random_havege.c @@ -32,6 +32,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -50,6 +51,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 4d7177f91..90db06ca9 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -31,6 +31,9 @@ #include #define mbedtls_printf printf #define mbedtls_fprintf fprintf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ @@ -79,10 +82,14 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 0cee83414..dd21fbf47 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -32,6 +32,9 @@ #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_time_t time_t +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* Uncomment out the following line to default to IPv4 and disable IPv6 */ @@ -88,10 +91,14 @@ int main( void ) #define READ_TIMEOUT_MS 10000 /* 5 seconds */ #define DEBUG_LEVEL 0 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index c44794703..ff3612885 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -26,6 +26,17 @@ #include MBEDTLS_CONFIG_FILE #endif +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#include +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + /* * We're creating and connecting the socket "manually" rather than using the * NET module, in order to avoid the overhead of getaddrinfo() which tends to @@ -44,13 +55,6 @@ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(UNIX) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif - int main( void ) { mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or " @@ -60,12 +64,6 @@ int main( void ) } #else -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#endif - #include #include "mbedtls/net_sockets.h" @@ -168,10 +166,14 @@ enum exit_codes ssl_write_failed, }; -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index a7e4513ac..646909f11 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -34,6 +34,7 @@ #define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -70,10 +71,14 @@ int main( void ) #define DEBUG_LEVEL 1 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 098c138fe..1ce10b62e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -35,6 +35,9 @@ #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_snprintf snprintf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_ENTROPY_C) || \ @@ -314,10 +317,14 @@ int main( void ) #define ALPN_LIST_SIZE 10 #define CURVE_LIST_SIZE 20 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 3304b6bb1..b6f1cc4fd 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -33,6 +33,7 @@ #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_time_t time_t +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -86,10 +87,14 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 6bf6cde68..bbe4c700b 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -39,6 +39,7 @@ #define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -141,10 +142,14 @@ int main( void ) " force_ciphersuite= default: all enabled\n"\ " acceptable ciphersuite names:\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 9a05ad8fd..b5026959a 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -30,9 +30,13 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_snprintf snprintf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \ @@ -77,6 +81,18 @@ int main( void ) #include "mbedtls/memory_buffer_alloc.h" #endif +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + #define HTTP_RESPONSE \ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ "

mbed TLS Test Server

\r\n" \ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 044193d86..1852b2bad 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -34,6 +34,9 @@ #define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \ @@ -80,10 +83,14 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index fffd98c7d..d23a55eaf 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -36,6 +36,9 @@ #define mbedtls_calloc calloc #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_ENTROPY_C) || \ @@ -426,10 +429,14 @@ int main( void ) (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \ } -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index ff1f4d1ba..8d7ecf7c9 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -29,10 +29,14 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_exit exit #define mbedtls_printf printf #define mbedtls_snprintf snprintf #define mbedtls_free free +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_TIMING_C) @@ -254,10 +258,14 @@ typedef struct { rsa, dhm, ecdsa, ecdh; } todo_list; -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 6dc0f7fb8..9d3ea7ec0 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -77,10 +77,14 @@ #include "mbedtls/memory_buffer_alloc.h" #endif -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c index fd713f50f..fdf30ef40 100644 --- a/programs/test/ssl_cert_test.c +++ b/programs/test/ssl_cert_test.c @@ -32,6 +32,7 @@ #include #define mbedtls_snprintf snprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -81,10 +82,14 @@ const char *client_private_keys[MAX_CLIENT_CERTS] = "cert_digest.key" }; -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 73a9fb5e0..0cc9d0664 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -33,6 +33,7 @@ #define mbedtls_free free #define mbedtls_calloc calloc #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -63,6 +64,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#define mbedtls_exit exit +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 16c3d9f6f..626c4d101 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -34,6 +34,7 @@ #define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -99,10 +100,14 @@ int main( void ) " permissive=%%d default: 0 (disabled)\n" \ "\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#define mbedtls_exit exit +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index a5560702e..027050c07 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -100,10 +101,13 @@ int main( void ) " SHA384, SHA512\n" \ "\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index fe60fbe89..cd39108f2 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -153,10 +154,14 @@ int main( void ) " object_signing_ca\n" \ "\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#define mbedtls_exit exit +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 89adbdb7a..a95157067 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -60,10 +61,14 @@ int main( void ) " filename=%%s default: crl.pem\n" \ "\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#define mbedtls_exit exit +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index fc1da0d73..04ad119f7 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -60,10 +61,14 @@ int main( void ) " filename=%%s default: cert.req\n" \ "\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#define mbedtls_exit exit +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 4b9513f9d..472df425b 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -287,7 +287,9 @@ static void platform_teardown() } #if defined(MBEDTLS_CHECK_PARAMS) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { /* If we are testing the callback function... */ if ( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING ) From a2b0e27378f1613c45fd324e4cf74a54654b2ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 15:23:58 +0100 Subject: [PATCH 119/415] Skip param validation tests if custom macro used The test framework for validation of parameters depends on the macro MBEDTLS_PARAM_FAILED() being set to its default value when building the library. So far the test framework attempted to define this macro but this was the wrong place - this definition wouldn't be picked by the library. Instead, a different approach is taken: skip those tests when the macro is defined in config.h, as in that case we have no way to know if it will indeed end up calling mbedtls_param_failed() as we need it to. This commit was tested by manually ensuring that aes_invalid_params: - passes (and is not skipped) in the default configuration - is skipped when MBEDTLS_PARAM_FAILED() is defined in config.h --- include/mbedtls/platform_util.h | 14 ++++++++-- tests/suites/helpers.function | 38 ++++++++------------------- tests/suites/test_suite_aes.function | 2 +- tests/suites/test_suite_aes.rest.data | 1 - 4 files changed, 24 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index e8fab66a4..a712764a6 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -41,7 +41,16 @@ extern "C" { #endif -#if defined( MBEDTLS_CHECK_PARAMS ) && !defined(MBEDTLS_PARAM_FAILED) +#if defined( MBEDTLS_CHECK_PARAMS ) + +#if defined(MBEDTLS_PARAM_FAILED) +/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h. + * + * This flag can be used to check whether it is safe to assume that + * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed(). + */ +#define MBEDTLS_PARAM_FAILED_ALT +#else #define MBEDTLS_PARAM_FAILED( cond ) \ mbedtls_param_failed( cond, __FILE__, __LINE__ ) @@ -67,7 +76,8 @@ extern "C" { void mbedtls_param_failed( const char* failure_condition, const char* file, int line ); -#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED */ +#endif /* MBEDTLS_PARAM_FAILED */ +#endif /* MBEDTLS_CHECK_PARAMS */ /** * \brief Securely zeroize a buffer diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 472df425b..71390ecfe 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -24,10 +24,9 @@ #endif #if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" #include -#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x, __FILE__, __LINE__ ) - -#endif /* MBEDTLS_CHECK_PARAMS */ +#endif #ifdef _MSC_VER #include @@ -92,7 +91,8 @@ typedef enum * code that can be tested. * * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAIL, will be assumed to be a test failure. + * callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test + * failure. * * This macro is not suitable for negative parameter validation tests, * as it assumes the test step will not create an error. @@ -109,7 +109,7 @@ typedef enum } \ } while( 0 ) -#if defined(MBEDTLS_CHECK_PARAMS) +#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT) /** * \brief This macro tests the statement passed to it as a test step or * individual test in a test case. The macro assumes the test will fail @@ -119,12 +119,12 @@ typedef enum * code on return to confirm the given error code was returned. * * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAIL, are assumed to indicate the + * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the * expected failure, and the test will pass. * * This macro is intended for negative parameter validation tests, * where the failing function may return an error value or call - * MBEDTLS_PARAM_FAIL to indicate the error. + * MBEDTLS_PARAM_FAILED() to indicate the error. * * \param PARAM_ERROR_VALUE The expected error code. * @@ -148,16 +148,16 @@ typedef enum * * It assumes the library function under test cannot return a value and * assumes errors can only be indicated byt calls to - * MBEDTLS_PARAM_FAIL. + * MBEDTLS_PARAM_FAILED(). * * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAIL, are assumed to indicate the + * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test * can be made. * * This macro is intended for negative parameter validation tests, * where the failing function can only return an error by calling - * MBEDTLS_PARAM_FAIL to indicate the error. + * MBEDTLS_PARAM_FAILED() to indicate the error. * * \param TEST The test expression to be tested. */ @@ -173,23 +173,7 @@ typedef enum memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \ } while( 0 ) -#else - -#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ - do { \ - if( (TEST) != (PARAM_ERR_VALUE) ) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - } while( 0 ) - -#define TEST_INVALID_PARAM( TEST ) \ - do { \ - TEST; \ - } while( 0 ) - -#endif /* !defined( MBEDTLS_CHECK_PARAMS ) */ +#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ #define assert(a) if( !( a ) ) \ { \ diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 062234b50..7dab01b47 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -371,7 +371,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void aes_invalid_param( ) { mbedtls_aes_context dummy_ctx; diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data index 3ec916ded..14b78a605 100644 --- a/tests/suites/test_suite_aes.rest.data +++ b/tests/suites/test_suite_aes.rest.data @@ -11,7 +11,6 @@ AES-256-CBC Decrypt (Invalid input length) aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH AES - Invalid parameters -depends_on:MBEDTLS_CHECK_PARAMS aes_invalid_param: AES Selftest From ab588529e1fd2d3a5368ffefd4ed2722f11d665e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 16:04:46 +0100 Subject: [PATCH 120/415] Rework documentation. --- include/mbedtls/config.h | 63 +++++++++++++++++++++++++++------ include/mbedtls/platform_util.h | 14 +++++--- 2 files changed, 61 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 25f6c8c28..54be651b9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -259,19 +259,41 @@ /** * \def MBEDTLS_CHECK_PARAMS * - * This configuration controls whether the library validates parameters passed - * to it. + * This configuration controls whether the library validates more of the + * parameters passed to it. * - * Application code that deals with 3rd party input may wish to enable such - * validation, whilst code on closed systems, such as embedded systems, where - * the input is controlled and predictable, may wish to disable it entirely to - * reduce the code size of the library. + * When this flag is not defined, the library only attempts to validate input + * parameter if: (1) they may come from the outside world (such as the + * network, the filesystem, etc.) or (2) not validating them could result in + * internal memory errors such as overflowing a buffer controlled by the + * library. On the other hand, it doesn't attempt to validate parameters whose + * values are fully controlled by the application (such as pointers). * - * When the symbol is not defined, no parameter validation except that required - * to ensure the integrity or security of the library are performed. + * When this flag is defined, the library additionally attempts to validate + * parameters that are fully controlled by the application, and should always + * be valid if the application code is fully correct and trusted. * - * When the symbol is defined, all parameters will be validated, and an error - * code returned where appropriate. + * For example, when a function accepts a input a pointer to a buffer than may + * contain untrusted data, and its documentation mentions that this pointer + * must not be NULL: + * - the pointer is checked to be non-NULL only if this option is enabled + * - the content of the buffer is always validated + * + * When this flag is defined, if a library function receives a parameter that + * is invalid, it will: + * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a + * call to the function mbedtls_param_failed() + * - immediately return (with a specific error code unless the function + * returns void and can't communicate an error). + * + * When defining this flag, you also need to: + * - either provide a definition of the function mbedtls_param_failed() in + * your application (see platform_util.h for its prototype) as the library + * calls that function, but does not provide a default definition for it, + * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() + * below if the above mechanism is not enough flexible to suit your needs. + * + * Uncomment to enable validation of application-controlled parameters. */ #define MBEDTLS_CHECK_PARAMS @@ -3015,7 +3037,26 @@ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ -//#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x, __FILE__, __LINE__ ) /**< Default parameter validation callback to use. Can be undefined */ +/** + * \brief This macro is invoked by the library when an invalid parameter + * is detected that is only checked with MBEDTLS_CHECK_PARAMS + * (see the document of the flag for context). + * + * When you leave this undefined here, a default definition is + * provided the invokes the function mbedtls_param_failed(), + * which is declared in platform_util.h for the benefit of the + * library, but that you need to define in your application. + * + * When you define this here, this replaces the default + * definition in platform_util.h (which no longer declares the + * function mbedtls_param_failed()) and it is your responsability + * to make sure this macro expands to something suitable (in + * particular, that all the necessary declarations are visible + * from within the library). + * + * \param cond The expression that should evaluate to true, but doesn't. + */ +//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) /* SSL Cache options */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index a712764a6..ed21ffa91 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -52,7 +52,7 @@ extern "C" { #define MBEDTLS_PARAM_FAILED_ALT #else #define MBEDTLS_PARAM_FAILED( cond ) \ - mbedtls_param_failed( cond, __FILE__, __LINE__ ) + mbedtls_param_failed( #cond, __FILE__, __LINE__ ) /** * \brief User supplied callback function for parameter validation failure. @@ -66,15 +66,19 @@ extern "C" { * application software using Mbed TLS, or catch other runtime * errors which may be due to issues in the application software. * - * This function will be called unless an alternative function is - * defined through the MBEDTLS_PARAM_FAILURE function. + * This function will be called unless an alternative treatement + * is defined through the MBEDTLS_PARAM_FAILURE() macro. * * This function can return, and the operation will be aborted, or * alternatively, through use of setjmp()/longjmp() can resume * execution in the application code. + * + * \param failure_condition The assertion that didn't hold. + * \param file The file where the assertion failed. + * \param line The line in the file where the assertion failed. */ -void mbedtls_param_failed( const char* failure_condition, - const char* file, +void mbedtls_param_failed( const char *failure_condition, + const char *file, int line ); #endif /* MBEDTLS_PARAM_FAILED */ #endif /* MBEDTLS_CHECK_PARAMS */ From a96762675395edf1c11574ccf0f8d17db2987468 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 16:12:56 +0100 Subject: [PATCH 121/415] Make MBEDTLS_CHECK_PARAMS disabled by default --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 54be651b9..bf4d1c424 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -295,7 +295,7 @@ * * Uncomment to enable validation of application-controlled parameters. */ -#define MBEDTLS_CHECK_PARAMS +//#define MBEDTLS_CHECK_PARAMS /* \} name SECTION: System support */ From 0e9cddbf1af8b92912e45a0a356a7a75ea4f972f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 16:37:51 +0100 Subject: [PATCH 122/415] Introduce generic validation macros Avoid duplicating source code for each module. --- include/mbedtls/aes.h | 16 ---------------- include/mbedtls/platform_util.h | 27 +++++++++++++++++++++++++++ library/aes.c | 16 +++++++++++----- 3 files changed, 38 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 62c1f9234..cfb20c4fc 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -67,22 +67,6 @@ /* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ -#if defined( MBEDTLS_CHECK_PARAMS ) -#define MBEDTLS_AES_VALIDATE_RET( cond ) do{ if( !(cond) ) { \ - MBEDTLS_PARAM_FAILED( #cond ); \ - return MBEDTLS_ERR_AES_BAD_INPUT_DATA;} \ - } while(0); - -#define MBEDTLS_AES_VALIDATE( cond ) do{ if( !(cond) ) { \ - MBEDTLS_PARAM_FAILED( #cond ); \ - return; } \ - } while(0); -#else -/* No validation of parameters will be performed */ -#define MBEDTLS_AES_VALIDATE_RET( cond ) -#define MBEDTLS_AES_VALIDATE( cond) -#endif - #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index ed21ffa91..1ac16d45f 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -81,6 +81,33 @@ void mbedtls_param_failed( const char *failure_condition, const char *file, int line ); #endif /* MBEDTLS_PARAM_FAILED */ + +/* Internal macro meant to be called only from within the library. */ +#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) \ + do { \ + if( !(cond) ) \ + { \ + MBEDTLS_PARAM_FAILED( #cond ); \ + return( ret ); \ + } \ + } while( 0 ) + +/* Internal macro meant to be called only from within the library. */ +#define MBEDTLS_INTERNAL_VALIDATE( cond ) \ + do { \ + if( !(cond) ) \ + { \ + MBEDTLS_PARAM_FAILED( #cond ); \ + return; \ + } \ + } while( 0 ) + +#else /* MBEDTLS_CHECK_PARAMS */ + +/* Internal macros meant to be called only from within the library. */ +#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) +#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 ) + #endif /* MBEDTLS_CHECK_PARAMS */ /** diff --git a/library/aes.c b/library/aes.c index 7a364a0f6..6ff39d74c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -56,6 +56,12 @@ #if !defined(MBEDTLS_AES_ALT) +/* Parameter validation macros based on platform_util.h */ +#define AES_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA) +#define AES_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + /* * 32-bit integer manipulation macros (little endian) */ @@ -511,7 +517,7 @@ static void aes_gen_tables( void ) void mbedtls_aes_init( mbedtls_aes_context *ctx ) { - MBEDTLS_AES_VALIDATE( ctx != NULL ); + AES_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_aes_context ) ); } @@ -527,7 +533,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ) #if defined(MBEDTLS_CIPHER_MODE_XTS) void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ) { - MBEDTLS_AES_VALIDATE( ctx != NULL ); + AES_VALIDATE( ctx != NULL ); mbedtls_aes_init( &ctx->crypt ); mbedtls_aes_init( &ctx->tweak ); @@ -535,7 +541,7 @@ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ) void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ) { - MBEDTLS_AES_VALIDATE( ctx != NULL ); + AES_VALIDATE( ctx != NULL ); mbedtls_aes_free( &ctx->crypt ); mbedtls_aes_free( &ctx->tweak ); @@ -552,7 +558,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int i; uint32_t *RK; - MBEDTLS_AES_VALIDATE_RET( ctx != NULL && key != NULL ); + AES_VALIDATE_RET( ctx != NULL && key != NULL ); switch( keybits ) { @@ -670,7 +676,7 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, uint32_t *RK; uint32_t *SK; - MBEDTLS_AES_VALIDATE_RET( ctx != NULL && key != NULL ); + AES_VALIDATE_RET( ctx != NULL && key != NULL ); mbedtls_aes_init( &cty ); From 44c5d58d05a1afbee11903d7c40f84b68f8bb888 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 16:56:14 +0100 Subject: [PATCH 123/415] Document AES functions and fix free() functions --- include/mbedtls/aes.h | 18 ++++++++++-------- library/aes.c | 11 +++++++---- tests/suites/helpers.function | 27 +++++++++++++++++++++++++++ tests/suites/test_suite_aes.function | 6 ++++++ 4 files changed, 50 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index cfb20c4fc..da7ab5496 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -121,14 +121,14 @@ typedef struct mbedtls_aes_xts_context * It must be the first API called before using * the context. * - * \param ctx The AES context to initialize. + * \param ctx The AES context to initialize. Must not be NULL. */ void mbedtls_aes_init( mbedtls_aes_context *ctx ); /** * \brief This function releases and clears the specified AES context. * - * \param ctx The AES context to clear. + * \param ctx The AES context to clear. If NULL, no action is taken. */ void mbedtls_aes_free( mbedtls_aes_context *ctx ); @@ -139,14 +139,14 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); * It must be the first API called before using * the context. * - * \param ctx The AES XTS context to initialize. + * \param ctx The AES XTS context to initialize. Must not be NULL. */ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); /** * \brief This function releases and clears the specified AES XTS context. * - * \param ctx The AES XTS context to clear. + * \param ctx The AES XTS context to clear. If NULL, no action is taken. */ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -154,8 +154,9 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); /** * \brief This function sets the encryption key. * - * \param ctx The AES context to which the key should be bound. - * \param key The encryption key. + * \param ctx The AES context to which the key should be bound. Must not + * be NULL. + * \param key The encryption key. Must not be NULL. * \param keybits The size of data passed in bits. Valid options are: *
  • 128 bits
    • *
  • 192 bits
    • @@ -170,8 +171,9 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, /** * \brief This function sets the decryption key. * - * \param ctx The AES context to which the key should be bound. - * \param key The decryption key. + * \param ctx The AES context to which the key should be bound. Must not + * be NULL. + * \param key The decryption key. Must not be NULL. * \param keybits The size of data passed. Valid options are: *
    • 128 bits
      • *
    • 192 bits
      • diff --git a/library/aes.c b/library/aes.c index 6ff39d74c..cc1e5ceb4 100644 --- a/library/aes.c +++ b/library/aes.c @@ -58,7 +58,7 @@ /* Parameter validation macros based on platform_util.h */ #define AES_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA) + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) #define AES_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) @@ -541,7 +541,8 @@ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ) void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ) { - AES_VALIDATE( ctx != NULL ); + if( ctx == NULL ) + return; mbedtls_aes_free( &ctx->crypt ); mbedtls_aes_free( &ctx->tweak ); @@ -558,7 +559,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int i; uint32_t *RK; - AES_VALIDATE_RET( ctx != NULL && key != NULL ); + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( key != NULL ); switch( keybits ) { @@ -676,7 +678,8 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, uint32_t *RK; uint32_t *SK; - AES_VALIDATE_RET( ctx != NULL && key != NULL ); + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( key != NULL ); mbedtls_aes_init( &cty ); diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 71390ecfe..57bc25913 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -173,6 +173,33 @@ typedef enum memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \ } while( 0 ) +/** + * \brief This macro tests the statement passed to it as a test step or + * individual test in a test case. The macro assumes the test will not fail. + * + * It assumes the library function under test cannot return a value and + * assumes errors can only be indicated by calls to + * MBEDTLS_PARAM_FAILED(). + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the + * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test + * can be made. + * + * This macro is intended to test that function that return void + * accept all of the parameter values they're supposed to accept - eg + * that they don't call MBEDTLS_PARAM_FAILED() when a parameter + * that's allowed to be NULL happends to be NULL. + * + * Note: for functions that return something other that void, + * checking that they accept all the parameters they're supposed to + * accept is best done by using TEST_ASSERT() and checking the return + * value as well. + * + * \param TEST The test expression to be tested. + */ +#define TEST_VALID_PARAM( TEST ) \ + TEST_ASSERT( ( TEST, 1 ) ); #endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ #define assert(a) if( !( a ) ) \ diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 7dab01b47..f61f71c3e 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -379,6 +379,8 @@ void aes_invalid_param( ) TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); + TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) ); + /* mbedtls_aes_setkey_enc() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_setkey_enc( NULL, key, 128 ) ); @@ -393,6 +395,10 @@ void aes_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_setkey_dec( &dummy_ctx, NULL, 128 ) ); + /* These calls accept NULL */ + TEST_VALID_PARAM( mbedtls_aes_free( NULL ) ); + TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) ); + exit: return; } From 0e17cc93c67b6c591e61ae6f6ec740e44c6a26c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 09:26:54 +0100 Subject: [PATCH 124/415] Avoid stringifying condition too early It's better if the macro receives the condition as an expression rather than a string - that way it can choose to use it as is or stringify it. Also, the documentation states that the parameter is an expression, not a string. --- include/mbedtls/platform_util.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 1ac16d45f..105b43caf 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -87,7 +87,7 @@ void mbedtls_param_failed( const char *failure_condition, do { \ if( !(cond) ) \ { \ - MBEDTLS_PARAM_FAILED( #cond ); \ + MBEDTLS_PARAM_FAILED( cond ); \ return( ret ); \ } \ } while( 0 ) @@ -97,7 +97,7 @@ void mbedtls_param_failed( const char *failure_condition, do { \ if( !(cond) ) \ { \ - MBEDTLS_PARAM_FAILED( #cond ); \ + MBEDTLS_PARAM_FAILED( cond ); \ return; \ } \ } while( 0 ) From e451be5d046eea930b9db0adb345cdafb5a8c105 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 09:37:26 +0100 Subject: [PATCH 125/415] Update version_features.c --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index f1798a7ff..4c36d3caa 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -84,6 +84,9 @@ static const char *features[] = { #if defined(MBEDTLS_DEPRECATED_REMOVED) "MBEDTLS_DEPRECATED_REMOVED", #endif /* MBEDTLS_DEPRECATED_REMOVED */ +#if defined(MBEDTLS_CHECK_PARAMS) + "MBEDTLS_CHECK_PARAMS", +#endif /* MBEDTLS_CHECK_PARAMS */ #if defined(MBEDTLS_TIMING_ALT) "MBEDTLS_TIMING_ALT", #endif /* MBEDTLS_TIMING_ALT */ From 22028a0b8d20beb6fbed81a526ba099d22ed2471 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 10:29:25 +0100 Subject: [PATCH 126/415] Fix a typo in documentation --- include/mbedtls/platform_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 105b43caf..2dc0fb7b9 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -67,7 +67,7 @@ extern "C" { * errors which may be due to issues in the application software. * * This function will be called unless an alternative treatement - * is defined through the MBEDTLS_PARAM_FAILURE() macro. + * is defined through the MBEDTLS_PARAM_FAILED() macro. * * This function can return, and the operation will be aborted, or * alternatively, through use of setjmp()/longjmp() can resume From 840af0a9ae6b8d7797786c5a6e3d83cec3417a7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 10:34:04 +0100 Subject: [PATCH 127/415] Add tests to all.sh for CHECK_PARAMS edge cases --- tests/scripts/all.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 19baf5e8a..64cb695c8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -618,6 +618,30 @@ record_status check_headers_in_cpp msg "build: Unix make, incremental g++" make TEST_CPP=1 + +msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" +cleanup +scripts/config.pl full # includes CHECK_PARAMS +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests +scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C +scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT +scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT +scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT +scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY +scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT +scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED +scripts/config.pl unset MBEDTLS_PLATFORM_C +make CC=gcc CFLAGS='-Werror -O1' all test + +msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" +cleanup +scripts/config.pl full # includes CHECK_PARAMS +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests +sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" +make CC=gcc CFLAGS='-Werror -O1' all test + + # Full configuration build, without platform support, file IO and net sockets. # This should catch missing mbedtls_printf definitions, and by disabling file # IO, it should catch missing '#include ' From acfdc623d2d47457a1f4c98bc4db373b5d143e36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 10:36:21 +0100 Subject: [PATCH 128/415] Fix test macro that was too lenient Previously, one could change the definition of AES_VALIDATE_RET() to return some other code than MBEDTLS_ERR_AES_BAD_INPUT_DATA, and the test suite wouldn't notice. Now this modification would make the suite fail as expected. --- tests/suites/helpers.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 57bc25913..b5bd31e74 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -133,7 +133,7 @@ typedef enum #define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ do { \ test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_PENDING; \ - if( (TEST) != (PARAM_ERR_VALUE) && \ + if( (TEST) != (PARAM_ERR_VALUE) || \ test_info.paramfail_test_state != PARAMFAIL_TESTSTATE_CALLED ) \ { \ test_fail( #TEST, __LINE__, __FILE__ ); \ From 8a46c22466a84697d69e2b8aaaeb7b12cfd26320 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 10:46:41 +0100 Subject: [PATCH 129/415] Add a ChangeLog entry for MBEDTLS_CHECK_PARAMS --- ChangeLog | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 43dfb9977..9d51378d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,15 +22,11 @@ Security * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG modules. -API Changes - * The following functions in the random generator modules have been - deprecated and replaced as shown below. The new functions change - the return type from void to int to allow returning error codes when - using MBEDTLS__ALT for the underlying AES or message digest - primitive. Fixes #1798. - mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() - mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() - * Extend ECDH interface to enable alternative implementations. +Features + * Add new config.h flag MBEDTLS_CHECK_PARAMS that enables validation of + more of the parameters by public API functions (see its documentation for + details). Disabled by default - requires users to provide an + implementation of the callback function or macro. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update @@ -52,6 +48,16 @@ Bugfix * Fix double initialization of ECC hardware that made some accelerators hang. +API Changes + * The following functions in the random generator modules have been + deprecated and replaced as shown below. The new functions change + the return type from void to int to allow returning error codes when + using MBEDTLS__ALT for the underlying AES or message digest + primitive. Fixes #1798. + mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() + mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() + * Extend ECDH interface to enable alternative implementations. + = mbed TLS 2.14.0 branch released 2018-11-19 Security From 9b8ea89ae50a19806423e87e20216a146b305167 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 10:56:56 +0100 Subject: [PATCH 130/415] Fix a few style / whitespace issues --- include/mbedtls/config.h | 1 - include/mbedtls/platform_util.h | 4 ++-- tests/suites/helpers.function | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index bf4d1c424..6b0db346d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3058,7 +3058,6 @@ */ //#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) - /* SSL Cache options */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 2dc0fb7b9..604498aa6 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -41,7 +41,7 @@ extern "C" { #endif -#if defined( MBEDTLS_CHECK_PARAMS ) +#if defined(MBEDTLS_CHECK_PARAMS) #if defined(MBEDTLS_PARAM_FAILED) /** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h. @@ -50,7 +50,7 @@ extern "C" { * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed(). */ #define MBEDTLS_PARAM_FAILED_ALT -#else +#else /* MBEDTLS_PARAM_FAILED */ #define MBEDTLS_PARAM_FAILED( cond ) \ mbedtls_param_failed( #cond, __FILE__, __LINE__ ) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index b5bd31e74..9aecbb1bb 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -99,7 +99,6 @@ typedef enum * * \param TEST The test expression to be tested. */ - #define TEST_ASSERT( TEST ) \ do { \ if( ! (TEST) ) \ From 35acb099d6d2562672e5ce969cc11ff97b836625 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 12:26:49 +0100 Subject: [PATCH 131/415] Fix some documentation typos/markup/duplication. --- include/mbedtls/aes.h | 16 ++++++++-------- include/mbedtls/config.h | 6 +++--- include/mbedtls/platform_util.h | 12 ++---------- 3 files changed, 13 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index da7ab5496..97c009802 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -121,14 +121,14 @@ typedef struct mbedtls_aes_xts_context * It must be the first API called before using * the context. * - * \param ctx The AES context to initialize. Must not be NULL. + * \param ctx The AES context to initialize. Must not be \c NULL. */ void mbedtls_aes_init( mbedtls_aes_context *ctx ); /** * \brief This function releases and clears the specified AES context. * - * \param ctx The AES context to clear. If NULL, no action is taken. + * \param ctx The AES context to clear. If \c NULL, no action is taken. */ void mbedtls_aes_free( mbedtls_aes_context *ctx ); @@ -139,14 +139,14 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); * It must be the first API called before using * the context. * - * \param ctx The AES XTS context to initialize. Must not be NULL. + * \param ctx The AES XTS context to initialize. Must not be \c NULL. */ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); /** * \brief This function releases and clears the specified AES XTS context. * - * \param ctx The AES XTS context to clear. If NULL, no action is taken. + * \param ctx The AES XTS context to clear. If \c NULL, no action is taken. */ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -155,8 +155,8 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); * \brief This function sets the encryption key. * * \param ctx The AES context to which the key should be bound. Must not - * be NULL. - * \param key The encryption key. Must not be NULL. + * be \c NULL. + * \param key The encryption key. Must not be \c NULL. * \param keybits The size of data passed in bits. Valid options are: *
      • 128 bits
        • *
      • 192 bits
        • @@ -172,8 +172,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, * \brief This function sets the decryption key. * * \param ctx The AES context to which the key should be bound. Must not - * be NULL. - * \param key The decryption key. Must not be NULL. + * be \c NULL. + * \param key The decryption key. Must not be \c NULL. * \param keybits The size of data passed. Valid options are: *
        • 128 bits
          • *
        • 192 bits
          • diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6b0db346d..a4ab9cb79 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3040,16 +3040,16 @@ /** * \brief This macro is invoked by the library when an invalid parameter * is detected that is only checked with MBEDTLS_CHECK_PARAMS - * (see the document of the flag for context). + * (see the documentation of that option for context). * * When you leave this undefined here, a default definition is - * provided the invokes the function mbedtls_param_failed(), + * provided that invokes the function mbedtls_param_failed(), * which is declared in platform_util.h for the benefit of the * library, but that you need to define in your application. * * When you define this here, this replaces the default * definition in platform_util.h (which no longer declares the - * function mbedtls_param_failed()) and it is your responsability + * function mbedtls_param_failed()) and it is your responsibility * to make sure this macro expands to something suitable (in * particular, that all the necessary declarations are visible * from within the library). diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 604498aa6..8846f4504 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -56,18 +56,10 @@ extern "C" { /** * \brief User supplied callback function for parameter validation failure. - * - * When the MBEDTLS_CHECK_PARAMS option is enabled, the library - * provides additional validation of all input parameters to - * confirm that they conform to what the interface can accept. - * For example - NULL paramater checks. - * - * These checks are designed to check programmatic issues in the - * application software using Mbed TLS, or catch other runtime - * errors which may be due to issues in the application software. + * See #MBEDTLS_CHECK_PARAMS for context. * * This function will be called unless an alternative treatement - * is defined through the MBEDTLS_PARAM_FAILED() macro. + * is defined through the #MBEDTLS_PARAM_FAILED macro. * * This function can return, and the operation will be aborted, or * alternatively, through use of setjmp()/longjmp() can resume From ed459e6995a5d3bebfd17c01f24eb5c7f6f814e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 10:20:33 +0100 Subject: [PATCH 132/415] Fix content and style of constraints documentation - Be specific about the constraints: be a readable/writable buffer of length X, be an initialized context, be a context initialized and bound to a key... - Always use full sentences with all the required pronouns. --- include/mbedtls/aes.h | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 97c009802..11edc0fab 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -121,14 +121,16 @@ typedef struct mbedtls_aes_xts_context * It must be the first API called before using * the context. * - * \param ctx The AES context to initialize. Must not be \c NULL. + * \param ctx The AES context to initialize. This must not be \c NULL. */ void mbedtls_aes_init( mbedtls_aes_context *ctx ); /** * \brief This function releases and clears the specified AES context. * - * \param ctx The AES context to clear. If \c NULL, no action is taken. + * \param ctx The AES context to clear. + * If this is \c NULL, this function does nothing. + * Otherwise, the context must have been at least initialized. */ void mbedtls_aes_free( mbedtls_aes_context *ctx ); @@ -139,14 +141,16 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); * It must be the first API called before using * the context. * - * \param ctx The AES XTS context to initialize. Must not be \c NULL. + * \param ctx The AES XTS context to initialize. This must not be \c NULL. */ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); /** * \brief This function releases and clears the specified AES XTS context. * - * \param ctx The AES XTS context to clear. If \c NULL, no action is taken. + * \param ctx The AES XTS context to clear. + * If this is \c NULL, this function does nothing. + * Otherwise, the context must have been at least initialized. */ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -154,9 +158,10 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); /** * \brief This function sets the encryption key. * - * \param ctx The AES context to which the key should be bound. Must not - * be \c NULL. - * \param key The encryption key. Must not be \c NULL. + * \param ctx The AES context to which the key should be bound. + * It must be initialized. + * \param key The encryption key. + * This must be a readable buffer of size \p keybits bits. * \param keybits The size of data passed in bits. Valid options are: *
          • 128 bits
            • *
          • 192 bits
            • @@ -171,9 +176,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, /** * \brief This function sets the decryption key. * - * \param ctx The AES context to which the key should be bound. Must not - * be \c NULL. - * \param key The decryption key. Must not be \c NULL. + * \param ctx The AES context to which the key should be bound. + * It must be initialized. + * \param key The decryption key. + * This must be a readable buffer of size \p keybits bits. * \param keybits The size of data passed. Valid options are: *
            • 128 bits
              • *
            • 192 bits
              • From cd2b29cd12673de3f02f0dbda1e0ac0e21fad1b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 10:23:57 +0100 Subject: [PATCH 133/415] Improve wording in documentation and ChangeLog --- ChangeLog | 4 ++-- include/mbedtls/config.h | 15 ++++++++------- tests/suites/helpers.function | 4 ++-- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9d51378d1..a4f3ae54e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,8 +24,8 @@ Security Features * Add new config.h flag MBEDTLS_CHECK_PARAMS that enables validation of - more of the parameters by public API functions (see its documentation for - details). Disabled by default - requires users to provide an + more of the parameters by public API functions (see its documentation in + config.h for details). Disabled by default - requires users to provide an implementation of the callback function or macro. New deprecations diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a4ab9cb79..4663481b2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -259,11 +259,11 @@ /** * \def MBEDTLS_CHECK_PARAMS * - * This configuration controls whether the library validates more of the - * parameters passed to it. + * This configuration option controls whether the library validates more of + * the parameters passed to it. * - * When this flag is not defined, the library only attempts to validate input - * parameter if: (1) they may come from the outside world (such as the + * When this flag is not defined, the library only attempts to validate an + * input parameter if: (1) they may come from the outside world (such as the * network, the filesystem, etc.) or (2) not validating them could result in * internal memory errors such as overflowing a buffer controlled by the * library. On the other hand, it doesn't attempt to validate parameters whose @@ -273,7 +273,7 @@ * parameters that are fully controlled by the application, and should always * be valid if the application code is fully correct and trusted. * - * For example, when a function accepts a input a pointer to a buffer than may + * For example, when a function accepts as input a pointer to a buffer that may * contain untrusted data, and its documentation mentions that this pointer * must not be NULL: * - the pointer is checked to be non-NULL only if this option is enabled @@ -291,7 +291,7 @@ * your application (see platform_util.h for its prototype) as the library * calls that function, but does not provide a default definition for it, * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() - * below if the above mechanism is not enough flexible to suit your needs. + * below if the above mechanism is not flexible enough to suit your needs. * * Uncomment to enable validation of application-controlled parameters. */ @@ -3052,7 +3052,8 @@ * function mbedtls_param_failed()) and it is your responsibility * to make sure this macro expands to something suitable (in * particular, that all the necessary declarations are visible - * from within the library). + * from within the library - you can ensure that by providing + * them in this file next to the macro definition). * * \param cond The expression that should evaluate to true, but doesn't. */ diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 9aecbb1bb..c77231df9 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -185,10 +185,10 @@ typedef enum * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test * can be made. * - * This macro is intended to test that function that return void + * This macro is intended to test that functions returning void * accept all of the parameter values they're supposed to accept - eg * that they don't call MBEDTLS_PARAM_FAILED() when a parameter - * that's allowed to be NULL happends to be NULL. + * that's allowed to be NULL happens to be NULL. * * Note: for functions that return something other that void, * checking that they accept all the parameters they're supposed to From aae10fa4275d9d9414bcfa81414b8a48c853c9b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 10:24:19 +0100 Subject: [PATCH 134/415] Fix some whitespace issues --- tests/suites/helpers.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index c77231df9..1ce17f53c 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -163,7 +163,7 @@ typedef enum #define TEST_INVALID_PARAM( TEST ) \ do { \ memcpy(jmp_tmp, param_fail_jmp, sizeof(jmp_buf)); \ - if ( setjmp( param_fail_jmp ) == 0 ) \ + if( setjmp( param_fail_jmp ) == 0 ) \ { \ TEST; \ test_fail( #TEST, __LINE__, __FILE__ ); \ @@ -302,7 +302,7 @@ void mbedtls_param_failed( const char *failure_condition, int line ) { /* If we are testing the callback function... */ - if ( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING ) + if( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING ) { test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_CALLED; } @@ -613,12 +613,12 @@ int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) int ret = 0; uint32_t i = 0; - if ( a_len != b_len ) + if( a_len != b_len ) return( -1 ); for( i = 0; i < a_len; i++ ) { - if ( a[i] != b[i] ) + if( a[i] != b[i] ) { ret = -1; break; From 54e7f312d33581a83e4dde3fbf5750ffbf5d322f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 11:56:09 +0100 Subject: [PATCH 135/415] Make TEST_VALID_PARAM() available unconditionally --- tests/suites/helpers.function | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 1ce17f53c..891fba6ee 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -171,6 +171,7 @@ typedef enum } \ memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \ } while( 0 ) +#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ /** * \brief This macro tests the statement passed to it as a test step or @@ -195,11 +196,16 @@ typedef enum * accept is best done by using TEST_ASSERT() and checking the return * value as well. * + * Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is + * disabled, as it makes sense to check that the functions accept all + * legal values even if this option is disabled - only in that case, + * the test if more about whether the function segfaults than about + * whether it invokes MBEDTLS_PARAM_FAILED(). + * * \param TEST The test expression to be tested. */ #define TEST_VALID_PARAM( TEST ) \ TEST_ASSERT( ( TEST, 1 ) ); -#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ #define assert(a) if( !( a ) ) \ { \ From a4251f477564383f65fb63897039d23bad0b8a06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 12:04:51 +0100 Subject: [PATCH 136/415] Test aes_free( NULL ) unconditionally --- tests/suites/test_suite_aes.function | 8 +++++--- tests/suites/test_suite_aes.rest.data | 3 +++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index f61f71c3e..1832f2db4 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -394,13 +394,15 @@ void aes_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_setkey_dec( &dummy_ctx, NULL, 128 ) ); +} +/* END_CASE */ +/* BEGIN_CASE */ +void aes_valid_param( ) +{ /* These calls accept NULL */ TEST_VALID_PARAM( mbedtls_aes_free( NULL ) ); TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) ); - -exit: - return; } /* END_CASE */ diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data index 14b78a605..a5d843de4 100644 --- a/tests/suites/test_suite_aes.rest.data +++ b/tests/suites/test_suite_aes.rest.data @@ -13,6 +13,9 @@ aes_decrypt_cbc:"000000000000000000000000000000000000000000000000000000000000000 AES - Invalid parameters aes_invalid_param: +AES - Valid parameters +aes_valid_param: + AES Selftest depends_on:MBEDTLS_SELF_TEST aes_selftest: From e7306d30a93b0cd00ab26f1ccbf5ef706eea7a72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Dec 2018 09:45:49 +0100 Subject: [PATCH 137/415] Improve some documentation and ChangeLog entry --- ChangeLog | 12 ++++++++---- include/mbedtls/config.h | 9 +++++++++ tests/suites/helpers.function | 2 +- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index a4f3ae54e..d4e754b71 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,10 +23,14 @@ Security modules. Features - * Add new config.h flag MBEDTLS_CHECK_PARAMS that enables validation of - more of the parameters by public API functions (see its documentation in - config.h for details). Disabled by default - requires users to provide an - implementation of the callback function or macro. + * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables additional + validation of parameters in the library's public interface. This does not + change the API of existing functions, but additional clarity has been + added to the defined documentation interface to make clearer what the + interface is designed to accept. See the corresponding API documentation + for each function to see what parameter values are defined as invalid. + This feature is disabled by default. See its API documentation in + config.h for additional steps you have to take when enabling it. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 4663481b2..73b5dce13 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -292,6 +292,9 @@ * calls that function, but does not provide a default definition for it, * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() * below if the above mechanism is not flexible enough to suit your needs. + * Note that you may define it to expand to nothing if you're happy to be + * notified about invalid parameters only in non-void functions, and have + * void function just silently return early on invalid parameters. * * Uncomment to enable validation of application-controlled parameters. */ @@ -3055,6 +3058,12 @@ * from within the library - you can ensure that by providing * them in this file next to the macro definition). * + * Note that you may define this macro to expand to nothing, in + * which case you don't have to worry about declarations or + * definitions. However, you will then be notified about invalid + * parameters only in non-void functions, and void function will + * just silently return early on invalid parameters. + * * \param cond The expression that should evaluate to true, but doesn't. */ //#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 891fba6ee..3aa5cd6d0 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -199,7 +199,7 @@ typedef enum * Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is * disabled, as it makes sense to check that the functions accept all * legal values even if this option is disabled - only in that case, - * the test if more about whether the function segfaults than about + * the test is more about whether the function segfaults than about * whether it invokes MBEDTLS_PARAM_FAILED(). * * \param TEST The test expression to be tested. From 12dce61e09b3f89ae6fea062227c4426331700cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Dec 2018 09:48:40 +0100 Subject: [PATCH 138/415] Fix order of sections in ChangeLog --- ChangeLog | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index d4e754b71..c67157128 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,16 @@ Features This feature is disabled by default. See its API documentation in config.h for additional steps you have to take when enabling it. +API Changes + * The following functions in the random generator modules have been + deprecated and replaced as shown below. The new functions change + the return type from void to int to allow returning error codes when + using MBEDTLS__ALT for the underlying AES or message digest + primitive. Fixes #1798. + mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() + mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() + * Extend ECDH interface to enable alternative implementations. + New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update in favor of functions that can return an error code. @@ -52,16 +62,6 @@ Bugfix * Fix double initialization of ECC hardware that made some accelerators hang. -API Changes - * The following functions in the random generator modules have been - deprecated and replaced as shown below. The new functions change - the return type from void to int to allow returning error codes when - using MBEDTLS__ALT for the underlying AES or message digest - primitive. Fixes #1798. - mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() - mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() - * Extend ECDH interface to enable alternative implementations. - = mbed TLS 2.14.0 branch released 2018-11-19 Security From 8b0cf2e76fa372ba6a0443ea4ee68469742aae57 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 14 Feb 2018 16:02:41 +0200 Subject: [PATCH 139/415] Include configuration file to headers Add inclusion to configration file in header files, instead of relying on other header files to include the configuration file. This issue resolves #1371 --- ChangeLog | 5 +++++ include/mbedtls/aesni.h | 6 ++++++ include/mbedtls/asn1write.h | 6 ++++++ include/mbedtls/bn_mul.h | 6 ++++++ include/mbedtls/ccm.h | 6 ++++++ include/mbedtls/certs.h | 6 ++++++ include/mbedtls/cmac.h | 6 ++++++ include/mbedtls/compat-1.3.h | 6 ++++++ include/mbedtls/ctr_drbg.h | 6 ++++++ include/mbedtls/ecdsa.h | 6 ++++++ include/mbedtls/ecjpake.h | 5 +++++ include/mbedtls/ecp.h | 6 ++++++ include/mbedtls/ecp_internal.h | 6 ++++++ include/mbedtls/gcm.h | 6 ++++++ include/mbedtls/hmac_drbg.h | 6 ++++++ include/mbedtls/net.h | 5 +++++ include/mbedtls/padlock.h | 6 ++++++ include/mbedtls/pem.h | 6 ++++++ include/mbedtls/ssl_ciphersuites.h | 6 ++++++ include/mbedtls/ssl_cookie.h | 6 ++++++ include/mbedtls/ssl_internal.h | 6 ++++++ include/mbedtls/ssl_ticket.h | 6 ++++++ 22 files changed, 129 insertions(+) diff --git a/ChangeLog b/ChangeLog index 43dfb9977..167a4767b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -52,6 +52,11 @@ Bugfix * Fix double initialization of ECC hardware that made some accelerators hang. +Changes + * Include configuration file in all header files that use configuration, + instead of relying on other header files that they include. + Inserted as an enhancement for #1371 + = mbed TLS 2.14.0 branch released 2018-11-19 Security diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h index 746baa0e1..7b16b4bad 100644 --- a/include/mbedtls/aesni.h +++ b/include/mbedtls/aesni.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_AESNI_H #define MBEDTLS_AESNI_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "aes.h" #define MBEDTLS_AESNI_AES 0x02000000u diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 76c1780b5..360540a00 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_ASN1_WRITE_H #define MBEDTLS_ASN1_WRITE_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "asn1.h" #define MBEDTLS_ASN1_CHK_ADD(g, f) \ diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index 2f7b72fe4..ac1e3f986 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -38,6 +38,12 @@ #ifndef MBEDTLS_BN_MUL_H #define MBEDTLS_BN_MUL_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "bignum.h" #if defined(MBEDTLS_HAVE_ASM) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index dfb1b5e56..483a67a03 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -49,6 +49,12 @@ #ifndef MBEDTLS_CCM_H #define MBEDTLS_CCM_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "cipher.h" #define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */ diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h index 8dab7b5ce..b7c5708f8 100644 --- a/include/mbedtls/certs.h +++ b/include/mbedtls/certs.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_CERTS_H #define MBEDTLS_CERTS_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include #ifdef __cplusplus diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index c19679353..9d42b3f20 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -28,6 +28,12 @@ #ifndef MBEDTLS_CMAC_H #define MBEDTLS_CMAC_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "cipher.h" #ifdef __cplusplus diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h index 213b69140..a58b47243 100644 --- a/include/mbedtls/compat-1.3.h +++ b/include/mbedtls/compat-1.3.h @@ -25,6 +25,12 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #if ! defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 10f9389d9..838f5f162 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -36,6 +36,12 @@ #ifndef MBEDTLS_CTR_DRBG_H #define MBEDTLS_CTR_DRBG_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "aes.h" #if defined(MBEDTLS_THREADING_C) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 4057828d4..6d99b974c 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -32,6 +32,12 @@ #ifndef MBEDTLS_ECDSA_H #define MBEDTLS_ECDSA_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "ecp.h" #include "md.h" diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 59d12f080..010f24a48 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -40,6 +40,11 @@ * The payloads are serialized in a way suitable for use in TLS, but could * also be use outside TLS. */ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif #include "ecp.h" #include "md.h" diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 1c372980e..e20d9e0e2 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -36,6 +36,12 @@ #ifndef MBEDTLS_ECP_H #define MBEDTLS_ECP_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "bignum.h" /* diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h index 18040697a..7625ed48e 100644 --- a/include/mbedtls/ecp_internal.h +++ b/include/mbedtls/ecp_internal.h @@ -61,6 +61,12 @@ #ifndef MBEDTLS_ECP_INTERNAL_H #define MBEDTLS_ECP_INTERNAL_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #if defined(MBEDTLS_ECP_INTERNAL_ALT) /** diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 93d15ee80..16092fa25 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -33,6 +33,12 @@ #ifndef MBEDTLS_GCM_H #define MBEDTLS_GCM_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "cipher.h" #include diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 146367b9d..7eae32bbd 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_HMAC_DRBG_H #define MBEDTLS_HMAC_DRBG_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "md.h" #if defined(MBEDTLS_THREADING_C) diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h index 6c13b53fb..8cead58e5 100644 --- a/include/mbedtls/net.h +++ b/include/mbedtls/net.h @@ -23,6 +23,11 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif #if !defined(MBEDTLS_DEPRECATED_REMOVED) #include "net_sockets.h" diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h index 677936ebf..918e6195a 100644 --- a/include/mbedtls/padlock.h +++ b/include/mbedtls/padlock.h @@ -25,6 +25,12 @@ #ifndef MBEDTLS_PADLOCK_H #define MBEDTLS_PADLOCK_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "aes.h" #define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */ diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index fa82f7bdb..a29e9ce30 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_PEM_H #define MBEDTLS_PEM_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include /** diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index cda8b4835..71053e5ba 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_SSL_CIPHERSUITES_H #define MBEDTLS_SSL_CIPHERSUITES_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "pk.h" #include "cipher.h" #include "md.h" diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index 6a0ad4fa9..e34760ae8 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_SSL_COOKIE_H #define MBEDTLS_SSL_COOKIE_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "ssl.h" #if defined(MBEDTLS_THREADING_C) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 97abb9f90..bd5ad94db 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_SSL_INTERNAL_H #define MBEDTLS_SSL_INTERNAL_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "ssl.h" #include "cipher.h" diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index b2686df09..a84e7816e 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_SSL_TICKET_H #define MBEDTLS_SSL_TICKET_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + /* * This implementation of the session ticket callbacks includes key * management, rotating the keys periodically in order to preserve forward From 9cbd1b2ecd6bd7bdc667ee4ffd7244dbcccd7b62 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 16 Dec 2018 12:14:37 +0200 Subject: [PATCH 140/415] Include configuration file for all headers Include the configuration file for all headers that were not included, and for new headers introduced. --- include/mbedtls/base64.h | 6 ++++++ include/mbedtls/ecdh.h | 6 ++++++ include/mbedtls/error.h | 6 ++++++ include/mbedtls/havege.h | 6 ++++++ include/mbedtls/hkdf.h | 6 ++++++ include/mbedtls/nist_kw.h | 6 ++++++ include/mbedtls/pkcs12.h | 6 ++++++ include/mbedtls/pkcs5.h | 6 ++++++ include/mbedtls/ssl_cache.h | 6 ++++++ 9 files changed, 54 insertions(+) diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h index 7a64f5216..10e4145ee 100644 --- a/include/mbedtls/base64.h +++ b/include/mbedtls/base64.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_BASE64_H #define MBEDTLS_BASE64_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include #define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */ diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index cbd48414a..e70865cd0 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -34,6 +34,12 @@ #ifndef MBEDTLS_ECDH_H #define MBEDTLS_ECDH_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "ecp.h" /* diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 0c3888987..72e19df85 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_ERROR_H #define MBEDTLS_ERROR_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include /** diff --git a/include/mbedtls/havege.h b/include/mbedtls/havege.h index 57e8c4094..4c1c86087 100644 --- a/include/mbedtls/havege.h +++ b/include/mbedtls/havege.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_HAVEGE_H #define MBEDTLS_HAVEGE_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include #define MBEDTLS_HAVEGE_COLLECT_SIZE 1024 diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h index e6ed7cde9..40ee64eb0 100644 --- a/include/mbedtls/hkdf.h +++ b/include/mbedtls/hkdf.h @@ -27,6 +27,12 @@ #ifndef MBEDTLS_HKDF_H #define MBEDTLS_HKDF_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "md.h" /** diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h index 5a0f656a8..3b67b59cd 100644 --- a/include/mbedtls/nist_kw.h +++ b/include/mbedtls/nist_kw.h @@ -37,6 +37,12 @@ #ifndef MBEDTLS_NIST_KW_H #define MBEDTLS_NIST_KW_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "cipher.h" #ifdef __cplusplus diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index 69f04177c..d441357b7 100644 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_PKCS12_H #define MBEDTLS_PKCS12_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "md.h" #include "cipher.h" #include "asn1.h" diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index d4bb36dfa..f20125004 100644 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -26,6 +26,12 @@ #ifndef MBEDTLS_PKCS5_H #define MBEDTLS_PKCS5_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "asn1.h" #include "md.h" diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h index ec081e6d2..52ba0948c 100644 --- a/include/mbedtls/ssl_cache.h +++ b/include/mbedtls/ssl_cache.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_SSL_CACHE_H #define MBEDTLS_SSL_CACHE_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "ssl.h" #if defined(MBEDTLS_THREADING_C) From 6d0816a8ae3973df2ff2d181034e2f4ef077666c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 11:30:27 +0000 Subject: [PATCH 141/415] Introduce macros to deprecate constants in the API This commit introduces macros * MBEDTLS_DEPRECATED_STRING_CONSTANT * MBEDTLS_DEPRECATED_NUMERIC_CONSTANT to platform_util.h which can be used to deprecate public macro constants. Their definition is essentially taken from dhm.h where the MBEDTLS_DEPRECATED_STRING_CONSTANT was used to deprecate insecure hardcoded DHM primes. --- include/mbedtls/dhm.h | 9 --------- include/mbedtls/platform_util.h | 21 +++++++++++++++++++++ 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 8e2d0208d..27e3753a4 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -353,15 +353,6 @@ int mbedtls_dhm_self_test( int verbose ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t; -#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ - ( (mbedtls_deprecated_constant_t) ( VAL ) ) -#else -#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL -#endif /* ! MBEDTLS_DEPRECATED_WARNING */ - /** * \warning The origin of the primes in RFC 5114 is not documented and * their use therefore constitutes a security risk! diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 164a1a05f..9da6f0fa0 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -41,6 +41,27 @@ extern "C" { #endif +/* Internal helper macros for deprecating API constants. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +/* Deliberately don't (yet) define MBEDTLS_DEPRECATED here to avoid + * conflict with other headers which define and use it, too. + * We might want to move all these definitions here at some point + * for uniformity. */ +__attribute__((deprecated)) +typedef char const * mbedtls_deprecated_string_constant_t; +#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ + ( (mbedtls_deprecated_string_constant_t) ( VAL ) ) + __attribute__((deprecated)) +typedef int mbedtls_deprecated_numeric_constant_t; +#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \ + ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) ) +#else /* MBEDTLS_DEPRECATED_WARNING */ +#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL +#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL +#endif /* MBEDTLS_DEPRECATED_WARNING */ +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + /** * \brief Securely zeroize a buffer * From 548cecdd2c287ac19f2b9637fa61c6b823df138f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 Dec 2018 13:13:30 +0100 Subject: [PATCH 142/415] Discourage making MBEDTLS_PARAM_FAILED() empty. --- include/mbedtls/config.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 73b5dce13..512fb6ca8 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -292,9 +292,7 @@ * calls that function, but does not provide a default definition for it, * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() * below if the above mechanism is not flexible enough to suit your needs. - * Note that you may define it to expand to nothing if you're happy to be - * notified about invalid parameters only in non-void functions, and have - * void function just silently return early on invalid parameters. + * See the documentation of this macro later in this file. * * Uncomment to enable validation of application-controlled parameters. */ @@ -3062,7 +3060,9 @@ * which case you don't have to worry about declarations or * definitions. However, you will then be notified about invalid * parameters only in non-void functions, and void function will - * just silently return early on invalid parameters. + * just silently return early on invalid parameters, which + * partially negates the benefits of enabling + * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged. * * \param cond The expression that should evaluate to true, but doesn't. */ From 9794098cfaa8ca7ce92bb2a0152255b7f315add1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 Dec 2018 13:13:50 +0100 Subject: [PATCH 143/415] Clarify ChangeLog entry again. --- ChangeLog | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index c67157128..66a8ce92f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,14 +23,14 @@ Security modules. Features - * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables additional - validation of parameters in the library's public interface. This does not - change the API of existing functions, but additional clarity has been - added to the defined documentation interface to make clearer what the - interface is designed to accept. See the corresponding API documentation - for each function to see what parameter values are defined as invalid. - This feature is disabled by default. See its API documentation in - config.h for additional steps you have to take when enabling it. + * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables validation + of parameters in the API. This allows detection of obvious misuses of the + API, such as passing NULL pointers. The API of existing functions hasn't + changed, but requirements on parameters have been made more explicit in + the documentation. See the corresponding API documentation for each + function to see for which parameter values it is defined. This feature is + disabled by default. See its API documentation in config.h for additional + steps you have to take when enabling it. API Changes * The following functions in the random generator modules have been From 2f47550018588cf5a82d1a7a7c8427e99016bacd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 13:19:06 +0000 Subject: [PATCH 144/415] Introduce single ARIA error code for bad input data Deprecate the old specific error codes * MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH * MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH --- ChangeLog | 4 ++++ include/mbedtls/aria.h | 9 +++++++-- include/mbedtls/error.h | 2 +- library/aria.c | 4 ++-- 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index e5b6a24b7..ff413d82e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,10 @@ API Changes mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() * Extend ECDH interface to enable alternative implementations. + * Deprecate the ARIA error constants + - MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + - MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH + in favour of a new single error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 483d4c299..ab6e8e5d3 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -39,6 +39,8 @@ #include #include +#include "platform_util.h" + #define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */ #define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */ @@ -46,8 +48,11 @@ #define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */ #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */ -#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */ -#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C ) +#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005E ) +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */ /* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 0c3888987..02505d9c3 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -63,7 +63,7 @@ * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F * NET 13 0x0042-0x0052 0x0043-0x0049 - * ARIA 4 0x0058-0x005E + * ARIA 3 0x0058-0x005C * ASN1 7 0x0060-0x006C * CMAC 1 0x007A-0x007A * PBKDF2 1 0x007C-0x007C diff --git a/library/aria.c b/library/aria.c index ca9e147f0..9763ca6ed 100644 --- a/library/aria.c +++ b/library/aria.c @@ -451,7 +451,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, uint32_t w[4][4], *w2; if( keybits != 128 && keybits != 192 && keybits != 256 ) - return( MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH ); + return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); /* Copy key to W0 (and potential remainder to W1) */ GET_UINT32_LE( w[0][0], key, 0 ); @@ -613,7 +613,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE]; if( length % MBEDTLS_ARIA_BLOCKSIZE ) - return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH ); + return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); if( mode == MBEDTLS_ARIA_DECRYPT ) { From 4c029d09be2dd9610dd9de2553f076eb68a563ca Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 13:20:05 +0000 Subject: [PATCH 145/415] Introduce single CAMELLIA error code for bad input data Deprecate the old specific error codes * MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH --- ChangeLog | 4 ++++ include/mbedtls/camellia.h | 9 +++++++-- include/mbedtls/error.h | 2 +- library/camellia.c | 4 ++-- tests/suites/test_suite_camellia.data | 8 ++++---- 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index ff413d82e..392ba31b2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,10 @@ API Changes - MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH - MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH in favour of a new single error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. + * Deprecate the CAMELLIA error constants + - MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH + - MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH + in favour of a new single error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 1555867cf..af3ef8868 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -33,11 +33,16 @@ #include #include +#include "platform_util.h" + #define MBEDTLS_CAMELLIA_ENCRYPT 1 #define MBEDTLS_CAMELLIA_DECRYPT 0 -#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */ -#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 ) +#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0026 ) +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */ /* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 02505d9c3..9531ef5e1 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -54,7 +54,7 @@ * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 * THREADING 3 0x001A-0x001E * AES 5 0x0020-0x0022 0x0021-0x0025 - * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 + * CAMELLIA 2 0x0024-0x0024 0x0027-0x0027 * XTEA 2 0x0028-0x0028 0x0029-0x0029 * BASE64 2 0x002A-0x002C * OID 1 0x002E-0x002E 0x000B-0x000B diff --git a/library/camellia.c b/library/camellia.c index 41b7da0fa..2fe0b7758 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -356,7 +356,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c case 128: ctx->nr = 3; idx = 0; break; case 192: case 256: ctx->nr = 4; idx = 1; break; - default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH ); + default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); } for( i = 0; i < keybits / 8; ++i ) @@ -562,7 +562,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, unsigned char temp[16]; if( length % 16 ) - return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); + return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); if( mode == MBEDTLS_CAMELLIA_DECRYPT ) { diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data index 14298387a..efa786534 100644 --- a/tests/suites/test_suite_camellia.data +++ b/tests/suites/test_suite_camellia.data @@ -185,16 +185,16 @@ depends_on:MBEDTLS_CIPHER_MODE_CFB camellia_decrypt_cfb128:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"555FC3F34BDD2D54C62D9E3BF338C1C4":"F69F2445DF4F9B17AD2B417BE66C3710":"5953ADCE14DB8C7F39F1BD39F359BFFA" Camellia-ECB Encrypt (Invalid key length) -camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH +camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia-ECB Decrypt (Invalid key length) -camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH +camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia-256-CBC Encrypt (Invalid input length) -camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH +camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia-256-CBC Decrypt (Invalid input length) -camellia_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH +camellia_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia Selftest depends_on:MBEDTLS_SELF_TEST From d2f3a00062036b39e23bf3ed038de3d3b1264db8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 13:21:06 +0000 Subject: [PATCH 146/415] Introduce single BLOWFISH error code for bad input data Deprecate the old specific error codes * MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH * MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH --- ChangeLog | 4 ++++ include/mbedtls/blowfish.h | 10 +++++++--- include/mbedtls/error.h | 2 +- library/blowfish.c | 4 ++-- tests/suites/test_suite_blowfish.data | 12 ++++++------ 5 files changed, 20 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 392ba31b2..7a298ad27 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,10 @@ API Changes - MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH - MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH in favour of a new single error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. + * Deprecate the Blowfish error constants + - MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH + - MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH + in favour of a new single error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 82b772ada..0f192aa3a 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -33,6 +33,8 @@ #include #include +#include "platform_util.h" + #define MBEDTLS_BLOWFISH_ENCRYPT 1 #define MBEDTLS_BLOWFISH_DECRYPT 0 #define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448 @@ -40,14 +42,16 @@ #define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */ #define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ -#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 ) +#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0018 ) +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */ /* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ -#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ - #ifdef __cplusplus extern "C" { #endif diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 9531ef5e1..a8f587ca6 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -51,7 +51,7 @@ * Module Nr Codes assigned * MPI 7 0x0002-0x0010 * GCM 3 0x0012-0x0014 0x0013-0x0013 - * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 + * BLOWFISH 2 0x0016-0x0016 0x0017-0x0017 * THREADING 3 0x001A-0x001E * AES 5 0x0020-0x0022 0x0021-0x0025 * CAMELLIA 2 0x0024-0x0024 0x0027-0x0027 diff --git a/library/blowfish.c b/library/blowfish.c index 5b6bb9885..e42bd2b2e 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -176,7 +176,7 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS || ( keybits % 8 ) ) { - return( MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH ); + return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); } keybits >>= 3; @@ -265,7 +265,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE]; if( length % MBEDTLS_BLOWFISH_BLOCKSIZE ) - return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH ); + return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); if( mode == MBEDTLS_BLOWFISH_DECRYPT ) { diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data index 1ba311f59..a39f8754a 100644 --- a/tests/suites/test_suite_blowfish.data +++ b/tests/suites/test_suite_blowfish.data @@ -203,13 +203,13 @@ BLOWFISH-ECB Decrypt SSLeay reference #34 blowfish_decrypt_ecb:"fedcba9876543210":"6b5c5a9c5d9e0a5a":"ffffffffffffffff":0 BLOWFISH-SETKEY Setkey SSLeay reference #1 -blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-SETKEY Setkey SSLeay reference #2 -blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-SETKEY Setkey SSLeay reference #3 -blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-SETKEY Setkey SSLeay reference #4 blowfish_encrypt_ecb:"f0e1d2c3":"fedcba9876543210":"be1e639408640f05":0 @@ -281,7 +281,7 @@ BLOWFISH-SETKEY Setkey 448 bits blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fff":"fedcba9876543210":"2fb3ab7f0ee91b69":0 BLOWFISH-SETKEY Setkey 456 bits -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-CBC Encrypt blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000000000":"6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc":0 @@ -290,10 +290,10 @@ BLOWFISH-CBC Decrypt blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC":"37363534333231204e6f77206973207468652074696d6520666f722000000000":0 BLOWFISH-CBC Encrypt -blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F7220000000":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH +blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F7220000000":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-CBC Decrypt -blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC00":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH +blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC00":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-CFB Encrypt blowfish_encrypt_cfb64:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000":"e73214a2822139caf26ecf6d2eb9e76e3da3de04d1517200519d57a6c3" From 3214215b1ee28ee19e62e7cbed0055ca7c1ade8f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 13:25:58 +0000 Subject: [PATCH 147/415] Update errors.c --- library/error.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/library/error.c b/library/error.c index eabee9e21..da1d5d494 100644 --- a/library/error.c +++ b/library/error.c @@ -618,10 +618,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_ARIA_C) - if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) ) - mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" ); - if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" ); + if( use_ret == -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "ARIA - Bad input data" ); if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "ARIA - Feature not available. For example, an unsupported ARIA key size" ); if( use_ret == -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED) ) @@ -672,19 +670,15 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_BLOWFISH_C) - if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) ) - mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" ); + if( use_ret == -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "BLOWFISH - Bad input data" ); if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" ); - if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" ); #endif /* MBEDTLS_BLOWFISH_C */ #if defined(MBEDTLS_CAMELLIA_C) - if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH) ) - mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" ); - if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" ); + if( use_ret == -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "CAMELLIA - Bad input data" ); if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" ); #endif /* MBEDTLS_CAMELLIA_C */ From 4fb258a868f6e5566b982d5fa2fe273721942edb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 16:09:15 +0000 Subject: [PATCH 148/415] Remove mentioning of deprecated error codes --- include/mbedtls/aria.h | 6 +++--- include/mbedtls/blowfish.h | 4 ++-- include/mbedtls/camellia.h | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index ab6e8e5d3..61987507f 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -111,7 +111,7 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ); *
            • 192 bits
              • *
            • 256 bits
            * - * \return \c 0 on success or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + * \return \c 0 on success or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA * on failure. */ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, @@ -128,7 +128,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, *
          • 192 bits
            • *
          • 256 bits
          * - * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH on failure. + * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA on failure. */ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, const unsigned char *key, @@ -190,7 +190,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, * \param input The buffer holding the input data. * \param output The buffer holding the output data. * - * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH + * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA * on failure. */ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 0f192aa3a..6062cd0b4 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -95,7 +95,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); * \param key encryption key * \param keybits must be between 32 and 448 bits * - * \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH + * \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA */ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -137,7 +137,7 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or - * MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH + * MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA */ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, int mode, diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index af3ef8868..93987bf70 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -91,7 +91,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); * \param key encryption key * \param keybits must be 128, 192 or 256 * - * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH + * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA */ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -103,7 +103,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c * \param key decryption key * \param keybits must be 128, 192 or 256 * - * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH + * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA */ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -145,7 +145,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or - * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH + * MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA */ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, int mode, @@ -180,7 +180,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or - * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH + * MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. */ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, int mode, From 9dbefa1793e492b7e4e854a00717375efb4cf9c2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 22:49:13 +0000 Subject: [PATCH 149/415] Fix conflict between constant deprecation and check-names.sh The previous introduction of constant deprecation macros in platform_util.h lead to failure of tests/scrips/check-names.sh because the regular expressions in the latter choked on the brackets in the part `__attribute__((deprecated))` of the definition of the helper type `mbedtls_deprecated_{numeric|string}_constant_t`. Postponing any further study and potential robustness improvements in check-names.sh to another time, this commit circumvents this problem by temporarily abbreviating `__attribute__((deprecated))` as `MBEDTLS_DEPRECATED`, which doesn't lead to problems with check-names.sh. --- include/mbedtls/platform_util.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 9da6f0fa0..bdf92529f 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -44,18 +44,18 @@ extern "C" { /* Internal helper macros for deprecating API constants. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) -/* Deliberately don't (yet) define MBEDTLS_DEPRECATED here to avoid - * conflict with other headers which define and use it, too. - * We might want to move all these definitions here at some point - * for uniformity. */ -__attribute__((deprecated)) -typedef char const * mbedtls_deprecated_string_constant_t; +/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here + * to avoid conflict with other headers which define and use + * it, too. We might want to move all these definitions here at + * some point for uniformity. */ +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t; #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ ( (mbedtls_deprecated_string_constant_t) ( VAL ) ) - __attribute__((deprecated)) -typedef int mbedtls_deprecated_numeric_constant_t; +MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \ ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) ) +#undef MBEDTLS_DEPRECATED #else /* MBEDTLS_DEPRECATED_WARNING */ #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL From 938f9e9bdbff3e0cbb1f1f62520b72f543cc8b33 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 09:40:25 +0000 Subject: [PATCH 150/415] Undo deprecation of MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH Merging MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH and MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH is an API break. --- ChangeLog | 6 ++---- include/mbedtls/camellia.h | 3 ++- include/mbedtls/error.h | 2 +- library/camellia.c | 2 +- library/error.c | 2 ++ tests/suites/test_suite_camellia.data | 4 ++-- 6 files changed, 10 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7a298ad27..5a569a389 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,10 +35,8 @@ API Changes - MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH - MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH in favour of a new single error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. - * Deprecate the CAMELLIA error constants - - MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH - - MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH - in favour of a new single error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. + * Deprecate the CAMELLIA error MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH + in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. * Deprecate the Blowfish error constants - MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH - MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 93987bf70..e52461281 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -40,10 +40,11 @@ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 ) -#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0026 ) #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */ +#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ + /* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index a8f587ca6..c4883be65 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -54,7 +54,7 @@ * BLOWFISH 2 0x0016-0x0016 0x0017-0x0017 * THREADING 3 0x001A-0x001E * AES 5 0x0020-0x0022 0x0021-0x0025 - * CAMELLIA 2 0x0024-0x0024 0x0027-0x0027 + * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 * XTEA 2 0x0028-0x0028 0x0029-0x0029 * BASE64 2 0x002A-0x002C * OID 1 0x002E-0x002E 0x000B-0x000B diff --git a/library/camellia.c b/library/camellia.c index 2fe0b7758..97c9f20d0 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -562,7 +562,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, unsigned char temp[16]; if( length % 16 ) - return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); if( mode == MBEDTLS_CAMELLIA_DECRYPT ) { diff --git a/library/error.c b/library/error.c index da1d5d494..80f4948b9 100644 --- a/library/error.c +++ b/library/error.c @@ -679,6 +679,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_CAMELLIA_C) if( use_ret == -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Bad input data" ); + if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) ) + mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" ); if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" ); #endif /* MBEDTLS_CAMELLIA_C */ diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data index efa786534..190632ed3 100644 --- a/tests/suites/test_suite_camellia.data +++ b/tests/suites/test_suite_camellia.data @@ -191,10 +191,10 @@ Camellia-ECB Decrypt (Invalid key length) camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia-256-CBC Encrypt (Invalid input length) -camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA +camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH Camellia-256-CBC Decrypt (Invalid input length) -camellia_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA +camellia_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH Camellia Selftest depends_on:MBEDTLS_SELF_TEST From a034369eca145b9cdf132938d552ffcf812cd0c6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 09:42:58 +0000 Subject: [PATCH 151/415] Undo deprecation of MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH --- ChangeLog | 6 ++---- include/mbedtls/aria.h | 3 ++- include/mbedtls/error.h | 2 +- library/aria.c | 2 +- library/error.c | 2 ++ 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5a569a389..42e3f9420 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,10 +31,8 @@ API Changes mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() * Extend ECDH interface to enable alternative implementations. - * Deprecate the ARIA error constants - - MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH - - MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH - in favour of a new single error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. + * Deprecate the ARIA error MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + in favour of a new generic error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. * Deprecate the CAMELLIA error MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. * Deprecate the Blowfish error constants diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 61987507f..9e981d92c 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -50,10 +50,11 @@ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C ) -#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005E ) #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */ +#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ + /* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used. */ #define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index c4883be65..56042c90c 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -63,7 +63,7 @@ * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F * NET 13 0x0042-0x0052 0x0043-0x0049 - * ARIA 3 0x0058-0x005C + * ARIA 4 0x0058-0x005E * ASN1 7 0x0060-0x006C * CMAC 1 0x007A-0x007A * PBKDF2 1 0x007C-0x007C diff --git a/library/aria.c b/library/aria.c index 9763ca6ed..6d87941c1 100644 --- a/library/aria.c +++ b/library/aria.c @@ -613,7 +613,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE]; if( length % MBEDTLS_ARIA_BLOCKSIZE ) - return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH ); if( mode == MBEDTLS_ARIA_DECRYPT ) { diff --git a/library/error.c b/library/error.c index 80f4948b9..a70db689d 100644 --- a/library/error.c +++ b/library/error.c @@ -620,6 +620,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_ARIA_C) if( use_ret == -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) ) mbedtls_snprintf( buf, buflen, "ARIA - Bad input data" ); + if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) ) + mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" ); if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "ARIA - Feature not available. For example, an unsupported ARIA key size" ); if( use_ret == -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED) ) From 6640b0d9a3d880ca4c90832efcdff9ac0ca8d488 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 09:45:17 +0000 Subject: [PATCH 152/415] Undo deprecation of MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH --- ChangeLog | 6 ++---- include/mbedtls/blowfish.h | 3 ++- include/mbedtls/error.h | 2 +- library/blowfish.c | 2 +- library/error.c | 2 ++ tests/suites/test_suite_blowfish.data | 4 ++-- 6 files changed, 10 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 42e3f9420..7422f02d4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,10 +35,8 @@ API Changes in favour of a new generic error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. * Deprecate the CAMELLIA error MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. - * Deprecate the Blowfish error constants - - MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH - - MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH - in favour of a new single error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. + * Deprecate the Blowfish error MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH + in favour of a new generic error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 6062cd0b4..ab4fc2316 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -44,10 +44,11 @@ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 ) -#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0018 ) #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */ +#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ + /* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 56042c90c..0c3888987 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -51,7 +51,7 @@ * Module Nr Codes assigned * MPI 7 0x0002-0x0010 * GCM 3 0x0012-0x0014 0x0013-0x0013 - * BLOWFISH 2 0x0016-0x0016 0x0017-0x0017 + * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 * THREADING 3 0x001A-0x001E * AES 5 0x0020-0x0022 0x0021-0x0025 * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 diff --git a/library/blowfish.c b/library/blowfish.c index e42bd2b2e..b3448c20b 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -265,7 +265,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE]; if( length % MBEDTLS_BLOWFISH_BLOCKSIZE ) - return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH ); if( mode == MBEDTLS_BLOWFISH_DECRYPT ) { diff --git a/library/error.c b/library/error.c index a70db689d..3be4175cc 100644 --- a/library/error.c +++ b/library/error.c @@ -674,6 +674,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_BLOWFISH_C) if( use_ret == -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Bad input data" ); + if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) ) + mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" ); if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" ); #endif /* MBEDTLS_BLOWFISH_C */ diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data index a39f8754a..d4e8791c1 100644 --- a/tests/suites/test_suite_blowfish.data +++ b/tests/suites/test_suite_blowfish.data @@ -290,10 +290,10 @@ BLOWFISH-CBC Decrypt blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC":"37363534333231204e6f77206973207468652074696d6520666f722000000000":0 BLOWFISH-CBC Encrypt -blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F7220000000":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA +blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F7220000000":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH BLOWFISH-CBC Decrypt -blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC00":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA +blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC00":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH BLOWFISH-CFB Encrypt blowfish_encrypt_cfb64:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000":"e73214a2822139caf26ecf6d2eb9e76e3da3de04d1517200519d57a6c3" From af0c6cb9e0ad58b61b7ceae4cfe1994ce3612311 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Dec 2018 12:02:52 +0100 Subject: [PATCH 153/415] Fix missing guard on XTS function in tests --- tests/suites/test_suite_aes.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 1832f2db4..131565060 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -402,7 +402,9 @@ void aes_valid_param( ) { /* These calls accept NULL */ TEST_VALID_PARAM( mbedtls_aes_free( NULL ) ); +#if defined(MBEDTLS_CIPHER_MODE_XTS) TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) ); +#endif } /* END_CASE */ From 68e3dff3f1924f308610d32253eb34ccb78ba8be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 12:48:04 +0100 Subject: [PATCH 154/415] Add parameter validation XTS setkey functions --- include/mbedtls/aes.h | 4 ++++ library/aes.c | 6 ++++++ tests/suites/test_suite_aes.function | 28 ++++++++++++++++++++-------- 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 11edc0fab..197d4db10 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -197,8 +197,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, * sets the encryption key. * * \param ctx The AES XTS context to which the key should be bound. + * It must be initialized. * \param key The encryption key. This is comprised of the XTS key1 * concatenated with the XTS key2. + * This must be a readable buffer of size \p keybits bits. * \param keybits The size of \p key passed in bits. Valid options are: *
          • 256 bits (each of key1 and key2 is a 128-bit key)
            • *
          • 512 bits (each of key1 and key2 is a 256-bit key)
          @@ -215,8 +217,10 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, * sets the decryption key. * * \param ctx The AES XTS context to which the key should be bound. + * It must be initialized. * \param key The decryption key. This is comprised of the XTS key1 * concatenated with the XTS key2. + * This must be a readable buffer of size \p keybits bits. * \param keybits The size of \p key passed in bits. Valid options are: *
          • 256 bits (each of key1 and key2 is a 128-bit key)
            • *
          • 512 bits (each of key1 and key2 is a 256-bit key)
          diff --git a/library/aes.c b/library/aes.c index cc1e5ceb4..4d9a56a5c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -771,6 +771,9 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, const unsigned char *key1, *key2; unsigned int key1bits, key2bits; + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( key != NULL ); + ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits, &key2, &key2bits ); if( ret != 0 ) @@ -793,6 +796,9 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, const unsigned char *key1, *key2; unsigned int key1bits, key2bits; + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( key != NULL ); + ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits, &key2, &key2bits ); if( ret != 0 ) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 131565060..576e5be08 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -215,7 +215,7 @@ void aes_crypt_xts_size( int size, int retval ) void aes_crypt_xts_keysize( int size, int retval ) { mbedtls_aes_xts_context ctx; - const unsigned char *key = NULL; + const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; size_t key_len = size; mbedtls_aes_xts_init( &ctx ); @@ -374,26 +374,38 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void aes_invalid_param( ) { - mbedtls_aes_context dummy_ctx; + mbedtls_aes_context aes_ctx; +#if defined(MBEDTLS_CIPHER_MODE_XTS) + mbedtls_aes_xts_context xts_ctx; +#endif const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); - +#if defined(MBEDTLS_CIPHER_MODE_XTS) TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) ); +#endif - /* mbedtls_aes_setkey_enc() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_setkey_enc( NULL, key, 128 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_setkey_enc( &dummy_ctx, NULL, 128 ) ); + mbedtls_aes_setkey_enc( &aes_ctx, NULL, 128 ) ); - /* mbedtls_aes_setkey_dec() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_setkey_dec( NULL, key, 128 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_setkey_dec( &aes_ctx, NULL, 128 ) ); + +#if defined(MBEDTLS_CIPHER_MODE_XTS) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_xts_setkey_enc( NULL, key, 128 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_xts_setkey_enc( &xts_ctx, NULL, 128 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_setkey_dec( &dummy_ctx, NULL, 128 ) ); + mbedtls_aes_xts_setkey_dec( NULL, key, 128 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) ); +#endif } /* END_CASE */ From 1aca2605713e3242f72297932409dd58ecfb782f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 12:56:55 +0100 Subject: [PATCH 155/415] Add parameter validation for mbedtls_aes_crypt_ecb() --- include/mbedtls/aes.h | 7 +++++-- library/aes.c | 6 ++++++ tests/suites/test_suite_aes.function | 16 ++++++++++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 197d4db10..90d5bba26 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -246,10 +246,13 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, * call to this API with the same context. * * \param ctx The AES context to use for encryption or decryption. + * It must be initialized and bound to a key. * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * #MBEDTLS_AES_DECRYPT. - * \param input The 16-Byte buffer holding the input data. - * \param output The 16-Byte buffer holding the output data. + * \param input The buffer holding the input data. + * It must be readable and at least 16 Bytes long. + * \param output The buffer where the output data will be written. + * It must be writeable and at least 16 Bytes long. * \return \c 0 on success. */ diff --git a/library/aes.c b/library/aes.c index 4d9a56a5c..9f2074483 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1006,6 +1006,12 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) { + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( input != NULL ); + AES_VALIDATE_RET( output != NULL ); + AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT ); + #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) ) return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) ); diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 576e5be08..0d0e51519 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -379,6 +379,8 @@ void aes_invalid_param( ) mbedtls_aes_xts_context xts_ctx; #endif const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; + const unsigned char in[16] = { 0 }; + unsigned char out[16]; TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); #if defined(MBEDTLS_CIPHER_MODE_XTS) @@ -406,6 +408,20 @@ void aes_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) ); #endif + + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ecb( NULL, + MBEDTLS_AES_ENCRYPT, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ecb( &aes_ctx, + 42, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ecb( &aes_ctx, + MBEDTLS_AES_ENCRYPT, NULL, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ecb( &aes_ctx, + MBEDTLS_AES_ENCRYPT, in, NULL ) ); } /* END_CASE */ From 3178d1a997b4a2c7b706f1537005f8e2b54a4fa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 13:05:00 +0100 Subject: [PATCH 156/415] Add param validation for mbedtls_aes_crypt_cbc() --- include/mbedtls/aes.h | 6 +++- library/aes.c | 8 ++++++ tests/suites/test_suite_aes.function | 41 +++++++++++++++++++++++++-- tests/suites/test_suite_aes.rest.data | 8 +++--- 4 files changed, 56 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 90d5bba26..0f8934f72 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -275,7 +275,7 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called * before the first call to this API with the same context. * - * \note This function operates on aligned blocks, that is, the input size + * \note This function operates on full blocks, that is, the input size * must be a multiple of the AES block size of 16 Bytes. * * \note Upon exit, the content of the IV is updated so that you can @@ -287,13 +287,17 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, * * * \param ctx The AES context to use for encryption or decryption. + * It must be initialized and bound to a key. * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * #MBEDTLS_AES_DECRYPT. * \param length The length of the input data in Bytes. This must be a * multiple of the block size (16 Bytes). * \param iv Initialization vector (updated after use). + * It must be a readable and writeable buffer of 16 Bytes. * \param input The buffer holding the input data. + * It must be readable and of size \p length. * \param output The buffer holding the output data. + * It must be writeable and of size \p length. * * \return \c 0 on success. * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH diff --git a/library/aes.c b/library/aes.c index 9f2074483..2da86c713 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1049,6 +1049,14 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, int i; unsigned char temp[16]; + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT ); + AES_VALIDATE_RET( iv != NULL ); + AES_VALIDATE_RET( input != NULL ); + AES_VALIDATE_RET( output != NULL ); + + if( length % 16 ) return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 0d0e51519..d21a41dd5 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -372,7 +372,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void aes_invalid_param( ) +void aes_check_params( ) { mbedtls_aes_context aes_ctx; #if defined(MBEDTLS_CIPHER_MODE_XTS) @@ -422,17 +422,54 @@ void aes_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, in, NULL ) ); + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cbc( NULL, + MBEDTLS_AES_ENCRYPT, 16, + out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cbc( &aes_ctx, + 42, 16, + out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cbc( &aes_ctx, + MBEDTLS_AES_ENCRYPT, 16, + NULL, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cbc( &aes_ctx, + MBEDTLS_AES_ENCRYPT, 16, + out, NULL, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cbc( &aes_ctx, + MBEDTLS_AES_ENCRYPT, 16, + out, in, NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CBC */ } /* END_CASE */ /* BEGIN_CASE */ -void aes_valid_param( ) +void aes_misc_params( ) { + mbedtls_aes_context aes_ctx; + const unsigned char in[16] = { 0 }; + unsigned char out[16]; + /* These calls accept NULL */ TEST_VALID_PARAM( mbedtls_aes_free( NULL ) ); #if defined(MBEDTLS_CIPHER_MODE_XTS) TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) ); #endif + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT, + 15, out, in, out ) + == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); + TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT, + 17, out, in, out ) + == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); +#endif + } /* END_CASE */ diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data index a5d843de4..6a76b43eb 100644 --- a/tests/suites/test_suite_aes.rest.data +++ b/tests/suites/test_suite_aes.rest.data @@ -10,11 +10,11 @@ aes_encrypt_cbc:"000000000000000000000000000000000000000000000000000000000000000 AES-256-CBC Decrypt (Invalid input length) aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -AES - Invalid parameters -aes_invalid_param: +AES - Optional Parameter Validation (MBEDTLS_CHECK_PARAMS) +aes_check_params: -AES - Valid parameters -aes_valid_param: +AES - Mandatory Parameter Validation and Valid Parameters +aes_misc_params: AES Selftest depends_on:MBEDTLS_SELF_TEST From 191af1313ae192c8f0a9bf5eb3c892eefa42605f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Dec 2018 10:15:30 +0100 Subject: [PATCH 157/415] Add param validation for mbedtls_aes_crypt_xts() --- include/mbedtls/aes.h | 1 + library/aes.c | 6 ++++ tests/suites/test_suite_aes.function | 52 +++++++++++++++++++++++----- 3 files changed, 51 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 0f8934f72..1bfa434c0 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -325,6 +325,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. * * \param ctx The AES XTS context to use for AES XTS operations. + * It must be initialized and bound to a key. * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * #MBEDTLS_AES_DECRYPT. * \param length The length of a data unit in bytes. This can be any diff --git a/library/aes.c b/library/aes.c index 2da86c713..c15022b91 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1182,6 +1182,12 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, unsigned char prev_tweak[16]; unsigned char tmp[16]; + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT ); + AES_VALIDATE_RET( input != NULL ); + AES_VALIDATE_RET( output != NULL ); + /* Data units must be at least 16 bytes long. */ if( length < 16 ) return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index d21a41dd5..bcffe37b6 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -194,8 +194,8 @@ exit: void aes_crypt_xts_size( int size, int retval ) { mbedtls_aes_xts_context ctx; - const unsigned char *src = NULL; - unsigned char *output = NULL; + const unsigned char src[16] = { 0 }; + unsigned char output[16]; unsigned char data_unit[16]; size_t length = size; @@ -203,10 +203,8 @@ void aes_crypt_xts_size( int size, int retval ) memset( data_unit, 0x00, sizeof( data_unit ) ); - /* Note that this function will most likely crash on failure, as NULL - * parameters will be used. In the passing case, the length check in - * mbedtls_aes_crypt_xts() will prevent any accesses to parameters by - * exiting the function early. */ + /* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as + * otherwise we wouldn't get to the size check we're interested in. */ TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval ); } /* END_CASE */ @@ -445,6 +443,29 @@ void aes_check_params( ) MBEDTLS_AES_ENCRYPT, 16, out, in, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_XTS) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_xts( NULL, + MBEDTLS_AES_ENCRYPT, 16, + in, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_xts( &xts_ctx, + 42, 16, + in, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_xts( &xts_ctx, + MBEDTLS_AES_ENCRYPT, 16, + NULL, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_xts( &xts_ctx, + MBEDTLS_AES_ENCRYPT, 16, + in, NULL, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_xts( &xts_ctx, + MBEDTLS_AES_ENCRYPT, 16, + in, in, NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_XTS */ } /* END_CASE */ @@ -452,6 +473,9 @@ void aes_check_params( ) void aes_misc_params( ) { mbedtls_aes_context aes_ctx; +#if defined(MBEDTLS_CIPHER_MODE_XTS) + mbedtls_aes_xts_context xts_ctx; +#endif const unsigned char in[16] = { 0 }; unsigned char out[16]; @@ -463,13 +487,25 @@ void aes_misc_params( ) #if defined(MBEDTLS_CIPHER_MODE_CBC) TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT, - 15, out, in, out ) + 15, + out, in, out ) == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT, - 17, out, in, out ) + 17, + out, in, out ) == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); #endif +#if defined(MBEDTLS_CIPHER_MODE_XTS) + TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT, + 15, + in, in, out ) + == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); + TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT, + (1 << 24) + 1, + in, in, out ) + == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); +#endif } /* END_CASE */ From 1677cca54b51f0c82c6ec24825443ae0fc592a1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Dec 2018 10:27:13 +0100 Subject: [PATCH 158/415] Add parameter validation for AES-CFB functions --- include/mbedtls/aes.h | 9 +++++ library/aes.c | 18 +++++++++- tests/suites/test_suite_aes.function | 50 ++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 1bfa434c0..4cc4d143d 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -380,13 +380,18 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, * * * \param ctx The AES context to use for encryption or decryption. + * It must be initialized and bound to a key. * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * #MBEDTLS_AES_DECRYPT. * \param length The length of the input data. * \param iv_off The offset in IV (updated after use). + * It must point to a valid \c size_t. * \param iv The initialization vector (updated after use). + * It must be a readable and writeable buffer of 16 Bytes. * \param input The buffer holding the input data. + * It must be readable and of size \p length. * \param output The buffer holding the output data. + * It must be writeable and of size \p length. * * \return \c 0 on success. */ @@ -421,12 +426,16 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, * * * \param ctx The AES context to use for encryption or decryption. + * It must be initialized and bound to a key. * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * #MBEDTLS_AES_DECRYPT * \param length The length of the input data. * \param iv The initialization vector (updated after use). + * It must be a readable and writeable buffer of 16 Bytes. * \param input The buffer holding the input data. + * It must be readable and of size \p length. * \param output The buffer holding the output data. + * It must be writeable and of size \p length. * * \return \c 0 on success. */ diff --git a/library/aes.c b/library/aes.c index c15022b91..b70529011 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1287,7 +1287,17 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, unsigned char *output ) { int c; - size_t n = *iv_off; + size_t n; + + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT ); + AES_VALIDATE_RET( iv_off != NULL ); + AES_VALIDATE_RET( iv != NULL ); + AES_VALIDATE_RET( input != NULL ); + AES_VALIDATE_RET( output != NULL ); + + n = *iv_off; if( mode == MBEDTLS_AES_DECRYPT ) { @@ -1334,6 +1344,12 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, unsigned char c; unsigned char ov[17]; + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT ); + AES_VALIDATE_RET( iv != NULL ); + AES_VALIDATE_RET( input != NULL ); + AES_VALIDATE_RET( output != NULL ); while( length-- ) { memcpy( ov, iv, 16 ); diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index bcffe37b6..f581cbe7f 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -379,6 +379,7 @@ void aes_check_params( ) const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; const unsigned char in[16] = { 0 }; unsigned char out[16]; + size_t size; TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); #if defined(MBEDTLS_CIPHER_MODE_XTS) @@ -466,6 +467,55 @@ void aes_check_params( ) MBEDTLS_AES_ENCRYPT, 16, in, in, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_XTS */ + +#if defined(MBEDTLS_CIPHER_MODE_CFB) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb128( NULL, + MBEDTLS_AES_ENCRYPT, 16, + &size, out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb128( &aes_ctx, + 42, 16, + &size, out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb128( &aes_ctx, + MBEDTLS_AES_ENCRYPT, 16, + NULL, out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb128( &aes_ctx, + MBEDTLS_AES_ENCRYPT, 16, + &size, NULL, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb128( &aes_ctx, + MBEDTLS_AES_ENCRYPT, 16, + &size, out, NULL, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb128( &aes_ctx, + MBEDTLS_AES_ENCRYPT, 16, + &size, out, in, NULL ) ); + + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb8( NULL, + MBEDTLS_AES_ENCRYPT, 16, + out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb8( &aes_ctx, + 42, 16, + out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb8( &aes_ctx, + MBEDTLS_AES_ENCRYPT, 16, + NULL, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb8( &aes_ctx, + MBEDTLS_AES_ENCRYPT, 16, + out, NULL, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb8( &aes_ctx, + MBEDTLS_AES_ENCRYPT, 16, + out, in, NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CFB */ } /* END_CASE */ From 8e41eb718727b7bdfcd8fb96afa412d98a9267ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Dec 2018 11:00:56 +0100 Subject: [PATCH 159/415] Add parameter validation for AES-OFB --- include/mbedtls/aes.h | 5 +++++ library/aes.c | 10 +++++++++- tests/suites/test_suite_aes.function | 18 ++++++++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 4cc4d143d..93522e6ab 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -480,11 +480,16 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * will compromise security. * * \param ctx The AES context to use for encryption or decryption. + * It must be initialized and bound to a key. * \param length The length of the input data. * \param iv_off The offset in IV (updated after use). + * It must point to a valid \c size_t. * \param iv The initialization vector (updated after use). + * It must be a readable and writeable buffer of 16 Bytes. * \param input The buffer holding the input data. + * It must be readable and of size \p length. * \param output The buffer holding the output data. + * It must be writeable and of size \p length. * * \return \c 0 on success. */ diff --git a/library/aes.c b/library/aes.c index b70529011..52fc74c47 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1382,7 +1382,15 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, unsigned char *output ) { int ret = 0; - size_t n = *iv_off; + size_t n; + + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( iv_off != NULL ); + AES_VALIDATE_RET( iv != NULL ); + AES_VALIDATE_RET( input != NULL ); + AES_VALIDATE_RET( output != NULL ); + + n = *iv_off; while( length-- ) { diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index f581cbe7f..d585ffbc8 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -516,6 +516,24 @@ void aes_check_params( ) MBEDTLS_AES_ENCRYPT, 16, out, in, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_OFB) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ofb( NULL, 16, + &size, out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ofb( &aes_ctx, 16, + NULL, out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ofb( &aes_ctx, 16, + &size, NULL, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ofb( &aes_ctx, 16, + &size, out, NULL, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ofb( &aes_ctx, 16, + &size, out, in, NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_OFB */ } /* END_CASE */ From 2bc535be86e4833c3932457317a207df732cb8e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Dec 2018 11:08:36 +0100 Subject: [PATCH 160/415] Add parameter validation for AES-CTR --- include/mbedtls/aes.h | 6 ++++++ library/aes.c | 11 ++++++++++- tests/suites/test_suite_aes.function | 21 +++++++++++++++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 93522e6ab..ae80e9df2 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -561,15 +561,21 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, * securely discarded as soon as it's no longer needed. * * \param ctx The AES context to use for encryption or decryption. + * It must be initialized and bound to a key. * \param length The length of the input data. * \param nc_off The offset in the current \p stream_block, for * resuming within the current cipher stream. The * offset pointer should be 0 at the start of a stream. + * It must point to a valid \c size_t. * \param nonce_counter The 128-bit nonce and counter. + * It must be a readable-writeable buffer of 16 Bytes. * \param stream_block The saved stream block for resuming. This is * overwritten by the function. + * It must be a readable-writeable buffer of 16 Bytes. * \param input The buffer holding the input data. + * It must be readable and of size \p length. * \param output The buffer holding the output data. + * It must be writeable and of size \p length. * * \return \c 0 on success. */ diff --git a/library/aes.c b/library/aes.c index 52fc74c47..818c5991b 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1425,7 +1425,16 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, unsigned char *output ) { int c, i; - size_t n = *nc_off; + size_t n; + + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( nc_off != NULL ); + AES_VALIDATE_RET( nonce_counter != NULL ); + AES_VALIDATE_RET( stream_block != NULL ); + AES_VALIDATE_RET( input != NULL ); + AES_VALIDATE_RET( output != NULL ); + + n = *nc_off; if ( n > 0x0F ) return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index d585ffbc8..07040e590 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -534,6 +534,27 @@ void aes_check_params( ) mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_OFB */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ctr( NULL, 16, &size, out, + out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ctr( &aes_ctx, 16, NULL, out, + out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, NULL, + out, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out, + NULL, in, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out, + out, NULL, out ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out, + out, in, NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CTR */ } /* END_CASE */ From ad54c49e750ddfa8f75059cc9fc06018d3670582 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Dec 2018 11:15:26 +0100 Subject: [PATCH 161/415] Document AES accelerator functions as internal --- include/mbedtls/aes.h | 4 ++-- include/mbedtls/aesni.h | 46 ++++++++++++++++++++++++++++----------- include/mbedtls/padlock.h | 34 +++++++++++++++++++---------- 3 files changed, 58 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index ae80e9df2..d21427e7d 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -628,7 +628,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \brief Deprecated internal AES block encryption function * without return value. * - * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0. + * \deprecated Superseded by mbedtls_internal_aes_encrypt() in 2.5.0. * * \param ctx The AES context to use for encryption. * \param input Plaintext block. @@ -642,7 +642,7 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, * \brief Deprecated internal AES block decryption function * without return value. * - * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0. + * \deprecated Superseded by mbedtls_internal_aes_decrypt() in 2.5.0. * * \param ctx The AES context to use for decryption. * \param input Ciphertext block. diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h index 746baa0e1..b490cbebf 100644 --- a/include/mbedtls/aesni.h +++ b/include/mbedtls/aesni.h @@ -2,6 +2,9 @@ * \file aesni.h * * \brief AES-NI for hardware AES acceleration on some Intel processors + * + * \warning These functions are only for internal use by other library + * functions; you must not call them directly. */ /* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved @@ -42,7 +45,10 @@ extern "C" { #endif /** - * \brief AES-NI features detection routine + * \brief Internal AES-NI features detection routine + * + * \note This function is only for internal use by other library + * functions; you must not call it directly. * * \param what The feature to detect * (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL) @@ -52,7 +58,10 @@ extern "C" { int mbedtls_aesni_has_support( unsigned int what ); /** - * \brief AES-NI AES-ECB block en(de)cryption + * \brief Internal AES-NI AES-ECB block en(de)cryption + * + * \note This function is only for internal use by other library + * functions; you must not call it directly. * * \param ctx AES context * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT @@ -62,12 +71,15 @@ int mbedtls_aesni_has_support( unsigned int what ); * \return 0 on success (cannot fail) */ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); + int mode, + const unsigned char input[16], + unsigned char output[16] ); /** - * \brief GCM multiplication: c = a * b in GF(2^128) + * \brief Internal GCM multiplication: c = a * b in GF(2^128) + * + * \note This function is only for internal use by other library + * functions; you must not call it directly. * * \param c Result * \param a First operand @@ -77,21 +89,29 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, * elements of GF(2^128) as per the GCM spec. */ void mbedtls_aesni_gcm_mult( unsigned char c[16], - const unsigned char a[16], - const unsigned char b[16] ); + const unsigned char a[16], + const unsigned char b[16] ); /** - * \brief Compute decryption round keys from encryption round keys + * \brief Internal round key inversion. + * Compute decryption round keys from encryption round keys + * + * \note This function is only for internal use by other library + * functions; you must not call it directly. * * \param invkey Round keys for the equivalent inverse cipher * \param fwdkey Original round keys (for encryption) * \param nr Number of rounds (that is, number of round keys minus one) */ void mbedtls_aesni_inverse_key( unsigned char *invkey, - const unsigned char *fwdkey, int nr ); + const unsigned char *fwdkey, + int nr ); /** - * \brief Perform key expansion (for encryption) + * \brief Internal key expansion (for encryption) + * + * \note This function is only for internal use by other library + * functions; you must not call it directly. * * \param rk Destination buffer where the round keys are written * \param key Encryption key @@ -100,8 +120,8 @@ void mbedtls_aesni_inverse_key( unsigned char *invkey, * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH */ int mbedtls_aesni_setkey_enc( unsigned char *rk, - const unsigned char *key, - size_t bits ); + const unsigned char *key, + size_t bits ); #ifdef __cplusplus } diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h index 677936ebf..95e2bfce1 100644 --- a/include/mbedtls/padlock.h +++ b/include/mbedtls/padlock.h @@ -3,6 +3,9 @@ * * \brief VIA PadLock ACE for HW encryption/decryption supported by some * processors + * + * \warning These functions are only for internal use by other library + * functions; you must not call them directly. */ /* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved @@ -57,7 +60,10 @@ extern "C" { #endif /** - * \brief PadLock detection routine + * \brief Internal PadLock detection routine + * + * \note This function is only for internal use by other library + * functions; you must not call it directly. * * \param feature The feature to detect * @@ -66,7 +72,10 @@ extern "C" { int mbedtls_padlock_has_support( int feature ); /** - * \brief PadLock AES-ECB block en(de)cryption + * \brief Internal PadLock AES-ECB block en(de)cryption + * + * \note This function is only for internal use by other library + * functions; you must not call it directly. * * \param ctx AES context * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT @@ -76,12 +85,15 @@ int mbedtls_padlock_has_support( int feature ); * \return 0 if success, 1 if operation failed */ int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); + int mode, + const unsigned char input[16], + unsigned char output[16] ); /** - * \brief PadLock AES-CBC buffer en(de)cryption + * \brief Internal PadLock AES-CBC buffer en(de)cryption + * + * \note This function is only for internal use by other library + * functions; you must not call it directly. * * \param ctx AES context * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT @@ -93,11 +105,11 @@ int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, * \return 0 if success, 1 if operation failed */ int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); #ifdef __cplusplus } From b66e7dbcc1063c7b9df4ebed4e309662b7cac3d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Dec 2018 09:57:18 +0100 Subject: [PATCH 162/415] Fix some documentation markup/wording issues --- include/mbedtls/aes.h | 54 +++++++++++++++++++-------------------- include/mbedtls/aesni.h | 14 +++++----- include/mbedtls/padlock.h | 4 +-- 3 files changed, 36 insertions(+), 36 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index d21427e7d..b42e564ef 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -250,9 +250,9 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * #MBEDTLS_AES_DECRYPT. * \param input The buffer holding the input data. - * It must be readable and at least 16 Bytes long. + * It must be readable and at least \c 16 Bytes long. * \param output The buffer where the output data will be written. - * It must be writeable and at least 16 Bytes long. + * It must be writeable and at least \c 16 Bytes long. * \return \c 0 on success. */ @@ -276,7 +276,7 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, * before the first call to this API with the same context. * * \note This function operates on full blocks, that is, the input size - * must be a multiple of the AES block size of 16 Bytes. + * must be a multiple of the AES block size of \c 16 Bytes. * * \note Upon exit, the content of the IV is updated so that you can * call the same function again on the next @@ -291,13 +291,13 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * #MBEDTLS_AES_DECRYPT. * \param length The length of the input data in Bytes. This must be a - * multiple of the block size (16 Bytes). + * multiple of the block size (\c 16 Bytes). * \param iv Initialization vector (updated after use). - * It must be a readable and writeable buffer of 16 Bytes. + * It must be a readable and writeable buffer of \c 16 Bytes. * \param input The buffer holding the input data. - * It must be readable and of size \p length. + * It must be readable and of size \p length Bytes. * \param output The buffer holding the output data. - * It must be writeable and of size \p length. + * It must be writeable and of size \p length Bytes. * * \return \c 0 on success. * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH @@ -328,7 +328,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, * It must be initialized and bound to a key. * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * #MBEDTLS_AES_DECRYPT. - * \param length The length of a data unit in bytes. This can be any + * \param length The length of a data unit in Bytes. This can be any * length between 16 bytes and 2^24 bytes inclusive * (between 1 and 2^20 block cipher blocks). * \param data_unit The address of the data unit encoded as an array of 16 @@ -336,15 +336,15 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, * is typically the index of the block device sector that * contains the data. * \param input The buffer holding the input data (which is an entire - * data unit). This function reads \p length bytes from \p + * data unit). This function reads \p length Bytes from \p * input. * \param output The buffer holding the output data (which is an entire - * data unit). This function writes \p length bytes to \p + * data unit). This function writes \p length Bytes to \p * output. * * \return \c 0 on success. * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is - * smaller than an AES block in size (16 bytes) or if \p + * smaller than an AES block in size (16 Bytes) or if \p * length is larger than 2^20 blocks (16 MiB). */ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, @@ -383,15 +383,15 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, * It must be initialized and bound to a key. * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * #MBEDTLS_AES_DECRYPT. - * \param length The length of the input data. + * \param length The length of the input data in Bytes. * \param iv_off The offset in IV (updated after use). * It must point to a valid \c size_t. * \param iv The initialization vector (updated after use). - * It must be a readable and writeable buffer of 16 Bytes. + * It must be a readable and writeable buffer of \c 16 Bytes. * \param input The buffer holding the input data. - * It must be readable and of size \p length. + * It must be readable and of size \p length Bytes. * \param output The buffer holding the output data. - * It must be writeable and of size \p length. + * It must be writeable and of size \p length Bytes. * * \return \c 0 on success. */ @@ -431,11 +431,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, * #MBEDTLS_AES_DECRYPT * \param length The length of the input data. * \param iv The initialization vector (updated after use). - * It must be a readable and writeable buffer of 16 Bytes. + * It must be a readable and writeable buffer of \c 16 Bytes. * \param input The buffer holding the input data. - * It must be readable and of size \p length. + * It must be readable and of size \p length Bytes. * \param output The buffer holding the output data. - * It must be writeable and of size \p length. + * It must be writeable and of size \p length Bytes. * * \return \c 0 on success. */ @@ -485,11 +485,11 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * \param iv_off The offset in IV (updated after use). * It must point to a valid \c size_t. * \param iv The initialization vector (updated after use). - * It must be a readable and writeable buffer of 16 Bytes. + * It must be a readable and writeable buffer of \c 16 Bytes. * \param input The buffer holding the input data. - * It must be readable and of size \p length. + * It must be readable and of size \p length Bytes. * \param output The buffer holding the output data. - * It must be writeable and of size \p length. + * It must be writeable and of size \p length Bytes. * * \return \c 0 on success. */ @@ -568,14 +568,14 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, * offset pointer should be 0 at the start of a stream. * It must point to a valid \c size_t. * \param nonce_counter The 128-bit nonce and counter. - * It must be a readable-writeable buffer of 16 Bytes. + * It must be a readable-writeable buffer of \c 16 Bytes. * \param stream_block The saved stream block for resuming. This is * overwritten by the function. - * It must be a readable-writeable buffer of 16 Bytes. + * It must be a readable-writeable buffer of \c 16 Bytes. * \param input The buffer holding the input data. - * It must be readable and of size \p length. + * It must be readable and of size \p length Bytes. * \param output The buffer holding the output data. - * It must be writeable and of size \p length. + * It must be writeable and of size \p length Bytes. * * \return \c 0 on success. */ @@ -628,7 +628,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \brief Deprecated internal AES block encryption function * without return value. * - * \deprecated Superseded by mbedtls_internal_aes_encrypt() in 2.5.0. + * \deprecated Superseded by mbedtls_internal_aes_encrypt() * * \param ctx The AES context to use for encryption. * \param input Plaintext block. @@ -642,7 +642,7 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, * \brief Deprecated internal AES block decryption function * without return value. * - * \deprecated Superseded by mbedtls_internal_aes_decrypt() in 2.5.0. + * \deprecated Superseded by mbedtls_internal_aes_decrypt() * * \param ctx The AES context to use for decryption. * \param input Ciphertext block. diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h index b490cbebf..0196f49b8 100644 --- a/include/mbedtls/aesni.h +++ b/include/mbedtls/aesni.h @@ -3,8 +3,8 @@ * * \brief AES-NI for hardware AES acceleration on some Intel processors * - * \warning These functions are only for internal use by other library - * functions; you must not call them directly. + * \warning These functions are only for internal use by other library + * functions; you must not call them directly. */ /* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved @@ -45,7 +45,7 @@ extern "C" { #endif /** - * \brief Internal AES-NI features detection routine + * \brief Internal function to detect the AES-NI feature in CPUs. * * \note This function is only for internal use by other library * functions; you must not call it directly. @@ -58,7 +58,7 @@ extern "C" { int mbedtls_aesni_has_support( unsigned int what ); /** - * \brief Internal AES-NI AES-ECB block en(de)cryption + * \brief Internal AES-NI AES-ECB block encryption and decryption * * \note This function is only for internal use by other library * functions; you must not call it directly. @@ -93,8 +93,8 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16], const unsigned char b[16] ); /** - * \brief Internal round key inversion. - * Compute decryption round keys from encryption round keys + * \brief Internal round key inversion. This function computes + * decryption round keys from the encryption round keys. * * \note This function is only for internal use by other library * functions; you must not call it directly. @@ -108,7 +108,7 @@ void mbedtls_aesni_inverse_key( unsigned char *invkey, int nr ); /** - * \brief Internal key expansion (for encryption) + * \brief Internal key expansion for encryption * * \note This function is only for internal use by other library * functions; you must not call it directly. diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h index 95e2bfce1..7a5d083a9 100644 --- a/include/mbedtls/padlock.h +++ b/include/mbedtls/padlock.h @@ -4,8 +4,8 @@ * \brief VIA PadLock ACE for HW encryption/decryption supported by some * processors * - * \warning These functions are only for internal use by other library - * functions; you must not call them directly. + * \warning These functions are only for internal use by other library + * functions; you must not call them directly. */ /* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved From ab6b9758d6b1431e4adc4bc8852540c5515e72af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Dec 2018 09:58:18 +0100 Subject: [PATCH 163/415] Improve constant naming in test functions --- tests/suites/test_suite_aes.function | 52 +++++++++++++++------------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 07040e590..3762ba4ec 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -380,6 +380,8 @@ void aes_check_params( ) const unsigned char in[16] = { 0 }; unsigned char out[16]; size_t size; + const int valid_mode = MBEDTLS_AES_ENCRYPT; + const int invalid_mode = 42; TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); #if defined(MBEDTLS_CIPHER_MODE_XTS) @@ -411,109 +413,109 @@ void aes_check_params( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_ecb( NULL, - MBEDTLS_AES_ENCRYPT, in, out ) ); + valid_mode, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_ecb( &aes_ctx, - 42, in, out ) ); + invalid_mode, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_ecb( &aes_ctx, - MBEDTLS_AES_ENCRYPT, NULL, out ) ); + valid_mode, NULL, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_ecb( &aes_ctx, - MBEDTLS_AES_ENCRYPT, in, NULL ) ); + valid_mode, in, NULL ) ); #if defined(MBEDTLS_CIPHER_MODE_CBC) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cbc( NULL, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, out, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cbc( &aes_ctx, - 42, 16, + invalid_mode, 16, out, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cbc( &aes_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, NULL, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cbc( &aes_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, out, NULL, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cbc( &aes_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, out, in, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_XTS) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_xts( NULL, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, in, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_xts( &xts_ctx, - 42, 16, + invalid_mode, 16, in, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_xts( &xts_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, NULL, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_xts( &xts_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, in, NULL, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_xts( &xts_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, in, in, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_XTS */ #if defined(MBEDTLS_CIPHER_MODE_CFB) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cfb128( NULL, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, &size, out, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cfb128( &aes_ctx, - 42, 16, + invalid_mode, 16, &size, out, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cfb128( &aes_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, NULL, out, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cfb128( &aes_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, &size, NULL, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cfb128( &aes_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, &size, out, NULL, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cfb128( &aes_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, &size, out, in, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cfb8( NULL, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, out, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cfb8( &aes_ctx, - 42, 16, + invalid_mode, 16, out, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cfb8( &aes_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, NULL, in, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cfb8( &aes_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, out, NULL, out ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_crypt_cfb8( &aes_ctx, - MBEDTLS_AES_ENCRYPT, 16, + valid_mode, 16, out, in, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CFB */ From eb6d3968b16210954c772510c6eafefeb381ea5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Dec 2018 09:59:35 +0100 Subject: [PATCH 164/415] Fix some whitespace issues in aes.c --- library/aes.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/library/aes.c b/library/aes.c index 818c5991b..e48a2a6ec 100644 --- a/library/aes.c +++ b/library/aes.c @@ -575,7 +575,6 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, { aes_gen_tables(); aes_init_done = 1; - } #endif @@ -1002,9 +1001,9 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, * AES-ECB block encryption/decryption */ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) + int mode, + const unsigned char input[16], + unsigned char output[16] ) { AES_VALIDATE_RET( ctx != NULL ); AES_VALIDATE_RET( input != NULL ); @@ -1056,7 +1055,6 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, AES_VALIDATE_RET( input != NULL ); AES_VALIDATE_RET( output != NULL ); - if( length % 16 ) return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); @@ -1335,11 +1333,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, * AES-CFB8 buffer encryption/decryption */ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) { unsigned char c; unsigned char ov[17]; From 998a358529faac5b6bfded2d79590bdf2d610579 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Dec 2018 10:03:13 +0100 Subject: [PATCH 165/415] Make a check more explicit in aes.c The check was already done later when calling ECB, (as evidenced by the tests passing, which have a call with data_unit set to NULL), but it's more readable to have it here too, and more helpful when debugging. --- library/aes.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/aes.c b/library/aes.c index e48a2a6ec..f6dc9963e 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1183,6 +1183,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, AES_VALIDATE_RET( ctx != NULL ); AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || mode == MBEDTLS_AES_DECRYPT ); + AES_VALIDATE_RET( data_unit != NULL ); AES_VALIDATE_RET( input != NULL ); AES_VALIDATE_RET( output != NULL ); From 5b89c0927366631597ab9a48f430ffd6c603846a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Dec 2018 10:03:30 +0100 Subject: [PATCH 166/415] Add check for iv_off in AES-CFB128 and AES-OFB The check is mandatory as skipping it results in buffer overread of arbitrary size. --- library/aes.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/aes.c b/library/aes.c index f6dc9963e..1c743f95d 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1298,6 +1298,9 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, n = *iv_off; + if( n > 16 ) + return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + if( mode == MBEDTLS_AES_DECRYPT ) { while( length-- ) @@ -1391,6 +1394,9 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, n = *iv_off; + if( n > 16 ) + return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + while( length-- ) { if( n == 0 ) From e55e103bfe31855aa2a35212f4c670371b384b2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Dec 2018 12:09:02 +0100 Subject: [PATCH 167/415] Fix off-by-one in iv_off check and add tests --- library/aes.c | 4 ++-- tests/suites/test_suite_aes.function | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/library/aes.c b/library/aes.c index 1c743f95d..0543cd781 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1298,7 +1298,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, n = *iv_off; - if( n > 16 ) + if( n > 15 ) return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); if( mode == MBEDTLS_AES_DECRYPT ) @@ -1394,7 +1394,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, n = *iv_off; - if( n > 16 ) + if( n > 15 ) return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); while( length-- ) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 3762ba4ec..f74183d8e 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -569,6 +569,7 @@ void aes_misc_params( ) #endif const unsigned char in[16] = { 0 }; unsigned char out[16]; + size_t size; /* These calls accept NULL */ TEST_VALID_PARAM( mbedtls_aes_free( NULL ) ); @@ -597,6 +598,19 @@ void aes_misc_params( ) in, in, out ) == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); #endif + +#if defined(MBEDTLS_CIPHER_MODE_CFB) + size = 16; + TEST_ASSERT( mbedtls_aes_crypt_cfb128( &aes_ctx, MBEDTLS_AES_ENCRYPT, 16, + &size, out, in, out ) + == MBEDTLS_ERR_AES_BAD_INPUT_DATA ); +#endif + +#if defined(MBEDTLS_CIPHER_MODE_OFB) + size = 16; + TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out ) + == MBEDTLS_ERR_AES_BAD_INPUT_DATA ); +#endif } /* END_CASE */ From f7c43b3145b2952a0bc0e5fe4584df4bf47fe67e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 9 Dec 2018 19:12:19 +0000 Subject: [PATCH 168/415] Add parameter validation to SHA-1 --- ChangeLog | 2 ++ include/mbedtls/sha1.h | 1 + library/sha1.c | 24 ++++++++++++++++++++++++ 3 files changed, 27 insertions(+) diff --git a/ChangeLog b/ChangeLog index 66a8ce92f..39bfa795e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,8 @@ API Changes mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() * Extend ECDH interface to enable alternative implementations. + * Add validation checks for input parameters to functions in the SHA-1 + module. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index bcaeab5eb..96da3feee 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -42,6 +42,7 @@ /* MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ +#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073 /**< Invalid input data. */ #ifdef __cplusplus extern "C" { diff --git a/library/sha1.c b/library/sha1.c index bab6087c4..e9521e391 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -71,8 +71,15 @@ } #endif +#define MBEDTLS_SHA1_VALIDATE_RET(cond) \ + MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, cond ) + +#define MBEDTLS_SHA1_VALIDATE(cond) MBEDTLS_VALIDATE( cond ) + void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) { + MBEDTLS_SHA1_VALIDATE( ctx != NULL ); + memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); } @@ -87,6 +94,9 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) void mbedtls_sha1_clone( mbedtls_sha1_context *dst, const mbedtls_sha1_context *src ) { + MBEDTLS_SHA1_VALIDATE( dst != NULL ); + MBEDTLS_SHA1_VALIDATE( src != NULL ); + *dst = *src; } @@ -95,6 +105,8 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, */ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) { + MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL ); + ctx->total[0] = 0; ctx->total[1] = 0; @@ -120,6 +132,9 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, { uint32_t temp, W[16], A, B, C, D, E; + MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA1_VALIDATE_RET( (const unsigned char *)data != NULL ); + GET_UINT32_BE( W[ 0], data, 0 ); GET_UINT32_BE( W[ 1], data, 4 ); GET_UINT32_BE( W[ 2], data, 8 ); @@ -297,6 +312,9 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, if( ilen == 0 ) return( 0 ); + MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA1_VALIDATE_RET( input != NULL ); + left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -352,6 +370,9 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, uint32_t used; uint32_t high, low; + MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); + /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length */ @@ -420,6 +441,9 @@ int mbedtls_sha1_ret( const unsigned char *input, int ret; mbedtls_sha1_context ctx; + MBEDTLS_SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); + MBEDTLS_SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); + mbedtls_sha1_init( &ctx ); if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 ) From a685d4f28dce5ad6aeba3308514b8a5b6008ca0b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 9 Dec 2018 19:13:01 +0000 Subject: [PATCH 169/415] Add MBEDTLS_ERR_SHA1_BAD_INPUT_DATA to error.{h,c} --- include/mbedtls/error.h | 2 +- library/error.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 0c3888987..57bbfeb6e 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -74,7 +74,7 @@ * MD4 1 0x002D-0x002D * MD5 1 0x002F-0x002F * RIPEMD160 1 0x0031-0x0031 - * SHA1 1 0x0035-0x0035 + * SHA1 1 0x0035-0x0035 0x0073-0x0073 * SHA256 1 0x0037-0x0037 * SHA512 1 0x0039-0x0039 * CHACHA20 3 0x0051-0x0055 diff --git a/library/error.c b/library/error.c index eabee9e21..564490e58 100644 --- a/library/error.c +++ b/library/error.c @@ -855,6 +855,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_SHA1_C) if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" ); + if( use_ret == -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "SHA1 - Invalid input data" ); #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) From c523e011e0faeb6b4cd784a2c18c4b669de535fb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 10 Dec 2018 10:11:47 +0000 Subject: [PATCH 170/415] Document valid function params for SHA-1 functions --- include/mbedtls/sha1.h | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 96da3feee..2d47f5309 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -42,7 +42,7 @@ /* MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ -#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073 /**< Invalid input data. */ +#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073 /**< SHA-1 input data was malformed. */ #ifdef __cplusplus extern "C" { @@ -80,6 +80,7 @@ mbedtls_sha1_context; * stronger message digests instead. * * \param ctx The SHA-1 context to initialize. + * Must not be \c NULL. * */ void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); @@ -104,7 +105,9 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); * stronger message digests instead. * * \param dst The SHA-1 context to clone to. + * Must not be \c NULL. * \param src The SHA-1 context to clone from. + * Must not be \c NULL. * */ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, @@ -118,6 +121,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * stronger message digests instead. * * \param ctx The SHA-1 context to initialize. + * Must not be \c NULL. * * \return \c 0 on success. * @@ -133,7 +137,9 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); * stronger message digests instead. * * \param ctx The SHA-1 context. + * Must not be \c NULL. * \param input The buffer holding the input data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * * \return \c 0 on success. @@ -151,7 +157,9 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, * stronger message digests instead. * * \param ctx The SHA-1 context. + * Must not be \c NULL. * \param output The SHA-1 checksum result. + * Must not be \c NULL. * * \return \c 0 on success. */ @@ -166,7 +174,9 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, * stronger message digests instead. * * \param ctx The SHA-1 context. + * Must not be \c NULL. * \param data The data block being processed. + * Must not be \c NULL. * * \return \c 0 on success. * @@ -190,6 +200,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0. * * \param ctx The SHA-1 context to initialize. + * Must not be \c NULL. * */ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); @@ -205,7 +216,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0. * * \param ctx The SHA-1 context. + * Must not be \c NULL. * \param input The buffer holding the input data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * */ @@ -224,7 +237,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0. * * \param ctx The SHA-1 context. + * Must not be \c NULL. * \param output The SHA-1 checksum result. + * Must not be \c NULL. * */ MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, @@ -240,7 +255,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0. * * \param ctx The SHA-1 context. + * Must not be \c NULL. * \param data The data block being processed. + * Must not be \c NULL. * */ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, @@ -263,8 +280,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, * stronger message digests instead. * * \param input The buffer holding the input data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * \param output The SHA-1 checksum result. + * Must not be \c NULL. * * \return \c 0 on success. * @@ -295,8 +314,10 @@ int mbedtls_sha1_ret( const unsigned char *input, * \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0 * * \param input The buffer holding the input data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * \param output The SHA-1 checksum result. + * Must not be \c NULL. * */ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, From 5359ca8a549a1ee2b99048cd56590fd355af9009 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 11:11:18 +0000 Subject: [PATCH 171/415] Improve SHA-1 documentation --- include/mbedtls/sha1.h | 88 +++++++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 2d47f5309..801759af3 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -80,7 +80,7 @@ mbedtls_sha1_context; * stronger message digests instead. * * \param ctx The SHA-1 context to initialize. - * Must not be \c NULL. + * This must not be \c NULL. * */ void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); @@ -92,7 +92,10 @@ void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param ctx The SHA-1 context to clear. + * \param ctx The SHA-1 context to clear. This may be \c NULL, + * in which case this function does nothing. If it is + * not \c NULL, it must point to an initialized + * SHA-1 context. * */ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); @@ -104,10 +107,8 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param dst The SHA-1 context to clone to. - * Must not be \c NULL. - * \param src The SHA-1 context to clone from. - * Must not be \c NULL. + * \param dst The SHA-1 context to clone to. This must be initialized. + * \param src The SHA-1 context to clone from. This must be initialized. * */ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, @@ -120,10 +121,10 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param ctx The SHA-1 context to initialize. - * Must not be \c NULL. + * \param ctx The SHA-1 context to initialize. This must be initialized. * * \return \c 0 on success. + * \return A negative error code on failure. * */ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); @@ -136,13 +137,15 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param ctx The SHA-1 context. - * Must not be \c NULL. + * \param ctx The SHA-1 context. This must be initialized + * and have a hash operation started. * \param input The buffer holding the input data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. + * This must be a readable buffer of length \p ilen Bytes. + * It may be \c NULL if \p ilen is zero. + * \param ilen The length of the input data \p input in Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, @@ -156,12 +159,14 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param ctx The SHA-1 context. - * Must not be \c NULL. - * \param output The SHA-1 checksum result. - * Must not be \c NULL. + * \param ctx The SHA-1 context to use. This must be initialized and + * have a hash operation started. + * This must not be \c NULL. + * \param output The SHA-1 checksum result. This must be a writable + * buffer of length \c 20 Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ); @@ -173,12 +178,13 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param ctx The SHA-1 context. - * Must not be \c NULL. - * \param data The data block being processed. - * Must not be \c NULL. + * \param ctx The SHA-1 context to use. This must be initialized and + * have a hash operation started. + * \param data The data block being processed. This must be a + * readable buffer of length \c 64 Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. * */ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, @@ -199,8 +205,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, * * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0. * - * \param ctx The SHA-1 context to initialize. - * Must not be \c NULL. + * \param ctx The SHA-1 context to initialize. This must be initialized. * */ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); @@ -215,11 +220,12 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); * * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0. * - * \param ctx The SHA-1 context. - * Must not be \c NULL. + * \param ctx The SHA-1 context. THis must be initialized and + * have a hash operation started. * \param input The buffer holding the input data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. + * This must be a readable buffer of length \p ilen Bytes. + * It may be \c NULL if \p ilen is zero. + * \param ilen The length of the input data \p input in Bytes. * */ MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, @@ -236,11 +242,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, * * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0. * - * \param ctx The SHA-1 context. - * Must not be \c NULL. + * \param ctx The SHA-1 context. This must be initialized and + * have a hash operation started. * \param output The SHA-1 checksum result. - * Must not be \c NULL. - * + * This must be a writable buffer of length \c 20 Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ); @@ -254,10 +259,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, * * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0. * - * \param ctx The SHA-1 context. - * Must not be \c NULL. + * \param ctx The SHA-1 context. This must be initialized and + * have a hash operation started. * \param data The data block being processed. - * Must not be \c NULL. + * This must be a readable buffer of length \c 64 bytes. * */ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, @@ -280,12 +285,14 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, * stronger message digests instead. * * \param input The buffer holding the input data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. + * This must be a readable buffer of length \p ilen Bytes. + * It may be \c NULL if \p ilen is zero. + * \param ilen The length of the input data \p input in Bytes. * \param output The SHA-1 checksum result. - * Must not be \c NULL. + * This must be a writable buffer of length \c 20 Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. * */ int mbedtls_sha1_ret( const unsigned char *input, @@ -314,10 +321,11 @@ int mbedtls_sha1_ret( const unsigned char *input, * \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0 * * \param input The buffer holding the input data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. - * \param output The SHA-1 checksum result. - * Must not be \c NULL. + * This must be a readable buffer of length \p ilen Bytes. + * It may be \c NULL if \p ilen is zero. + * \param ilen The length of the input data \p input in Bytes. + * \param output The SHA-1 checksum result. This must be a writable + * buffer of size \c 20 Bytes. * */ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, From 0e24473b943792706a4ac669ac16d6444615c2a6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 11:22:55 +0000 Subject: [PATCH 172/415] Test parameter validation in SHA-1 module --- tests/suites/test_suite_shax.data | 6 ++++ tests/suites/test_suite_shax.function | 47 +++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index ee8074dc0..5bd70af8a 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -1,3 +1,9 @@ +SHA-1 - Valid parameters +sha1_valid_param: + +SHA-1 - Invalid parameters +sha1_invalid_param: + # Test the operation of SHA-1 and SHA-2 SHA-1 Test Vector NIST CAVS #1 depends_on:MBEDTLS_SHA1_C diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 147ae0e1f..263759d29 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -4,6 +4,53 @@ #include "mbedtls/sha512.h" /* END_HEADER */ +/* BEGIN_CASE */ +void sha1_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_sha1_free( NULL ) ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void sha1_invalid_param( ) +{ + mbedtls_sha1_context ctx; + unsigned char buf[64] = { 0 }; + size_t const buflen = sizeof( buf ); + + TEST_INVALID_PARAM( mbedtls_sha1_init( NULL ) ); + + TEST_INVALID_PARAM( mbedtls_sha1_clone( NULL, &ctx ) ); + TEST_INVALID_PARAM( mbedtls_sha1_clone( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, + mbedtls_sha1_starts_ret( NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, + mbedtls_sha1_update_ret( NULL, buf, buflen ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, + mbedtls_sha1_update_ret( &ctx, NULL, buflen ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, + mbedtls_sha1_finish_ret( NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, + mbedtls_sha1_finish_ret( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, + mbedtls_internal_sha1_process( NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, + mbedtls_internal_sha1_process( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, + mbedtls_sha1_ret( NULL, buflen, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, + mbedtls_sha1_ret( buf, buflen, NULL ) ); + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */ void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string ) { From b3906d8829a44b850bd8b908f03b546d6a65aa6a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 11:35:00 +0000 Subject: [PATCH 173/415] Minor fixes to implementation of SHA1 parameter validation --- library/sha1.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/sha1.c b/library/sha1.c index e9521e391..0eaedcfe6 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -72,9 +72,9 @@ #endif #define MBEDTLS_SHA1_VALIDATE_RET(cond) \ - MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, cond ) + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA ) -#define MBEDTLS_SHA1_VALIDATE(cond) MBEDTLS_VALIDATE( cond ) +#define MBEDTLS_SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) { @@ -309,12 +309,12 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, size_t fill; uint32_t left; + MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); + if( ilen == 0 ) return( 0 ); - MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA1_VALIDATE_RET( input != NULL ); - left = ctx->total[0] & 0x3F; fill = 64 - left; From 79e593f617e8862b0d5991ef048f3c57313d3c8c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 9 Dec 2018 20:41:20 +0000 Subject: [PATCH 174/415] Add parameter validation to SHA-256 module --- ChangeLog | 2 ++ include/mbedtls/error.h | 2 +- include/mbedtls/sha256.h | 1 + library/sha256.c | 23 +++++++++++++++++++++++ 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 66a8ce92f..5d6e40831 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,8 @@ API Changes mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() * Extend ECDH interface to enable alternative implementations. + * Add validation checks for input parameters to functions in the SHA-256 + module. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 0c3888987..5f6e8efb9 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -75,7 +75,7 @@ * MD5 1 0x002F-0x002F * RIPEMD160 1 0x0031-0x0031 * SHA1 1 0x0035-0x0035 - * SHA256 1 0x0037-0x0037 + * SHA256 1 0x0037-0x0037 0x0074-0x0074 * SHA512 1 0x0039-0x0039 * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 47a31e83a..bd323dd5b 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -38,6 +38,7 @@ /* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ +#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< Invalid input data. */ #ifdef __cplusplus extern "C" { diff --git a/library/sha256.c b/library/sha256.c index dbb4a8986..2f1968530 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -74,8 +74,14 @@ do { \ } while( 0 ) #endif +#define MBEDTLS_SHA256_VALIDATE_RET(cond) \ + MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, cond ) +#define MBEDTLS_SHA256_VALIDATE(cond) MBEDTLS_VALIDATE( cond ) + void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { + MBEDTLS_SHA256_VALIDATE( ctx != NULL ); + memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); } @@ -90,6 +96,9 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ) { + MBEDTLS_SHA256_VALIDATE( dst != NULL ); + MBEDTLS_SHA256_VALIDATE( src != NULL ); + *dst = *src; } @@ -98,6 +107,8 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, */ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) { + MBEDTLS_SHA256_VALIDATE( ctx != NULL ); + ctx->total[0] = 0; ctx->total[1] = 0; @@ -192,6 +203,9 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, uint32_t A[8]; unsigned int i; + MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( (const unsigned char *)data != NULL ); + for( i = 0; i < 8; i++ ) A[i] = ctx->state[i]; @@ -266,6 +280,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, if( ilen == 0 ) return( 0 ); + MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( input != NULL ); + left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -321,6 +338,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, uint32_t used; uint32_t high, low; + MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length */ @@ -395,6 +415,9 @@ int mbedtls_sha256_ret( const unsigned char *input, int ret; mbedtls_sha256_context ctx; + MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + mbedtls_sha256_init( &ctx ); if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 ) From 9e76c0e77f696f7bb9d0220c002e82080f502b03 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 9 Dec 2018 20:42:05 +0000 Subject: [PATCH 175/415] Add MBEDTLS_ERR_SHA256_BAD_INPUT_DATA to error.{h,c} --- library/error.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/error.c b/library/error.c index eabee9e21..701c7920f 100644 --- a/library/error.c +++ b/library/error.c @@ -860,6 +860,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_SHA256_C) if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" ); + if( use_ret == -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "SHA256 - Invalid input data" ); #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) From 0152f1e948a9d81c22a7a1524efb5d973b1beed6 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 10 Dec 2018 10:22:27 +0000 Subject: [PATCH 176/415] Document valid function params for SHA-256 functions --- include/mbedtls/sha256.h | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index bd323dd5b..8d90ca01c 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -38,7 +38,7 @@ /* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ -#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< Invalid input data. */ +#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< SHA-256 input data was malformed. */ #ifdef __cplusplus extern "C" { @@ -73,6 +73,7 @@ mbedtls_sha256_context; * \brief This function initializes a SHA-256 context. * * \param ctx The SHA-256 context to initialize. + * Must not be \c NULL. */ void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); @@ -87,7 +88,9 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); * \brief This function clones the state of a SHA-256 context. * * \param dst The destination context. + * Must not be \c NULL. * \param src The context to clone. + * Must not be \c NULL. */ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ); @@ -97,6 +100,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * calculation. * * \param ctx The context to initialize. + * Must not be \c NULL. * \param is224 Determines which function to use: * 0: Use SHA-256, or 1: Use SHA-224. * @@ -109,7 +113,9 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * SHA-256 checksum calculation. * * \param ctx The SHA-256 context. + * Must not be \c NULL. * \param input The buffer holding the data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * * \return \c 0 on success. @@ -123,7 +129,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * the result to the output buffer. * * \param ctx The SHA-256 context. + * Must not be \c NULL. * \param output The SHA-224 or SHA-256 checksum result. + * Must not be \c NULL. * * \return \c 0 on success. */ @@ -136,7 +144,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, * internal use only. * * \param ctx The SHA-256 context. + * Must not be \c NULL. * \param data The buffer holding one block of data. + * Must not be \c NULL. * * \return \c 0 on success. */ @@ -157,6 +167,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0. * * \param ctx The context to initialize. + * Must not be \c NULL. * \param is224 Determines which function to use: * 0: Use SHA-256, or 1: Use SHA-224. */ @@ -170,7 +181,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0. * * \param ctx The SHA-256 context to initialize. + * Must not be \c NULL. * \param input The buffer holding the data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. */ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, @@ -184,7 +197,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0. * * \param ctx The SHA-256 context. + * Must not be \c NULL. * \param output The SHA-224 or SHA-256 checksum result. + * Must not be \c NULL. */ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); @@ -197,7 +212,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0. * * \param ctx The SHA-256 context. + * Must not be \c NULL. * \param data The buffer holding one block of data. + * Must not be \c NULL. */ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); @@ -216,8 +233,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, * output = SHA-256(input buffer). * * \param input The buffer holding the input data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * \param output The SHA-224 or SHA-256 checksum result. + * Must not be \c NULL. * \param is224 Determines which function to use: * 0: Use SHA-256, or 1: Use SHA-224. */ @@ -246,8 +265,10 @@ int mbedtls_sha256_ret( const unsigned char *input, * \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0. * * \param input The buffer holding the data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * \param output The SHA-224 or SHA-256 checksum result. + * Must not be \c NULL. * \param is224 Determines which function to use: * 0: Use SHA-256, or 1: Use SHA-224. */ From 488d9309fc4f74f9bbdd666cc9bf89c8c9d7c8ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Dec 2018 13:05:49 +0100 Subject: [PATCH 177/415] Fix unused param warnings in test function --- tests/suites/test_suite_aes.function | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index f74183d8e..da8c1e935 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -563,13 +563,21 @@ void aes_check_params( ) /* BEGIN_CASE */ void aes_misc_params( ) { +#if defined(MBEDTLS_CIPHER_MODE_CBC) || \ + defined(MBEDTLS_CIPHER_MODE_XTS) || \ + defined(MBEDTLS_CIPHER_MODE_CFB) || \ + defined(MBEDTLS_CIPHER_MODE_OFB) mbedtls_aes_context aes_ctx; + const unsigned char in[16] = { 0 }; + unsigned char out[16]; +#endif #if defined(MBEDTLS_CIPHER_MODE_XTS) mbedtls_aes_xts_context xts_ctx; #endif - const unsigned char in[16] = { 0 }; - unsigned char out[16]; +#if defined(MBEDTLS_CIPHER_MODE_CFB) || \ + defined(MBEDTLS_CIPHER_MODE_OFB) size_t size; +#endif /* These calls accept NULL */ TEST_VALID_PARAM( mbedtls_aes_free( NULL ) ); From 03f2ffa7bcb38f62cb234ce65c6034cbac3e13ce Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 12:45:06 +0000 Subject: [PATCH 178/415] Undo documentation change in ARIA, Blowfish, Camellia modules --- include/mbedtls/aria.h | 2 +- include/mbedtls/blowfish.h | 2 +- include/mbedtls/camellia.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 9e981d92c..c80c9fd26 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -191,7 +191,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, * \param input The buffer holding the input data. * \param output The buffer holding the output data. * - * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA + * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH * on failure. */ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index ab4fc2316..922d8f82e 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -138,7 +138,7 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or - * MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA + * MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH */ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, int mode, diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index e52461281..0a02335ac 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -146,7 +146,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or - * MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA + * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH */ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, int mode, From ebffa7995bc17a71f7bc068a4afbade976485e9d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Dec 2018 15:07:50 +0000 Subject: [PATCH 179/415] Document parameter preconditions in ECP module --- include/mbedtls/ecp.h | 370 +++++++++++++++++++++++++++--------------- 1 file changed, 239 insertions(+), 131 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 1c372980e..9f4c3e55c 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -497,24 +497,37 @@ void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ); /** * \brief This function frees the components of an ECP group. - * \param grp The group to free. + * + * \param grp The group to free. This may be \c NULL, in which + * case this function is a no-op. If it is not \c NULL, + * it must point to an initialized ECP group. */ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); /** * \brief This function frees the components of a key pair. - * \param key The key pair to free. + * + * \param key The key pair to free. This may be \c NULL, in which + * case this function is a no-op. If it is not \c NULL, + * it must point to an initialized ECP key pair. */ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); #if defined(MBEDTLS_ECP_RESTARTABLE) /** - * \brief Initialize a restart context + * \brief Initialize a restart context. + * + * \param ctx The restart context to initialize. This must + * not be \c NULL. */ void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ); /** - * \brief Free the components of a restart context + * \brief Free the components of a restart context. + * + * \param ctx The restart context to free. This may be \c NULL, in which + * case this function is a no-op. If it is not \c NULL, + * it must point to an initialized restart context. */ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ); #endif /* MBEDTLS_ECP_RESTARTABLE */ @@ -523,11 +536,12 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ); * \brief This function copies the contents of point \p Q into * point \p P. * - * \param P The destination point. - * \param Q The source point. + * \param P The destination point. This must be initialized. + * \param Q The source point. This must be initialized. * * \return \c 0 on success. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. + * \return Another negative error code for other kinds of failure. */ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); @@ -535,31 +549,35 @@ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); * \brief This function copies the contents of group \p src into * group \p dst. * - * \param dst The destination group. - * \param src The source group. + * \param dst The destination group. This must be initialized. + * \param src The source group. This must be initialized. * * \return \c 0 on success. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. + * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ); +int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, + const mbedtls_ecp_group *src ); /** - * \brief This function sets a point to zero. + * \brief This function sets a point to the point at infinity. * - * \param pt The point to set. + * \param pt The point to set. This must be initialized. * * \return \c 0 on success. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. + * \return Another negative error code on other kinds of failure. */ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); /** - * \brief This function checks if a point is zero. + * \brief This function checks if a point is the point at infinity. * - * \param pt The point to test. + * \param pt The point to test. This must be initialized. * * \return \c 1 if the point is zero. * \return \c 0 if the point is non-zero. + * \return A negative error code on failure. */ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); @@ -569,8 +587,8 @@ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); * \note This assumes that the points are normalized. Otherwise, * they may compare as "not equal" even if they are. * - * \param P The first point to compare. - * \param Q The second point to compare. + * \param P The first point to compare. This must be initialized. + * \param Q The second point to compare. This must be initialized. * * \return \c 0 if the points are equal. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal. @@ -582,7 +600,7 @@ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, * \brief This function imports a non-zero point from two ASCII * strings. * - * \param P The destination point. + * \param P The destination point. This must be initialized. * \param radix The numeric base of the input. * \param x The first affine coordinate, as a null-terminated string. * \param y The second affine coordinate, as a null-terminated string. @@ -597,15 +615,21 @@ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, * \brief This function exports a point into unsigned binary data. * * \param grp The group to which the point should belong. - * \param P The point to export. - * \param format The point format. Should be an \c MBEDTLS_ECP_PF_XXX macro. - * \param olen The length of the output. - * \param buf The output buffer. - * \param buflen The length of the output buffer. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param P The point to export. This must be initialized. + * \param format The point format. This must be either + * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED. + * \param olen The address at which to store the length of + * the output in Bytes. + * \param buf The output buffer. This must be a writable buffer + * of length \p buflen Bytes. + * \param buflen The length of the output buffer \p buf in Bytes. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA - * or #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure. + * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer + * is too small to hold the point. + * \return Another negative error code on other kinds of failure. */ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, int format, size_t *olen, @@ -619,19 +643,23 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ * for that. * * \param grp The group to which the point should belong. - * \param P The point to import. - * \param buf The input buffer. - * \param ilen The length of the input. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param P The destination context to import the point to. + * This must be initialized. + * \param buf The input buffer. This must be a readable buffer + * of length \p ilen Bytes. + * \param ilen The length of the input buffer \p buf in Bytes. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format * is not implemented. - * */ -int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, - const unsigned char *buf, size_t ilen ); +int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, + mbedtls_ecp_point *P, + const unsigned char *buf, size_t ilen ); /** * \brief This function imports a point from a TLS ECPoint record. @@ -639,7 +667,9 @@ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_poi * \note On function return, \p *buf is updated to point immediately * after the ECPoint record. * - * \param grp The ECP group used. + * \param grp The ECP group to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). * \param pt The destination point. * \param buf The address of the pointer to the start of the input buffer. * \param len The length of the buffer. @@ -649,99 +679,122 @@ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_poi * failure. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ -int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, - const unsigned char **buf, size_t len ); +int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt, + const unsigned char **buf, size_t len ); /** - * \brief This function exports a point as a TLS ECPoint record. + * \brief This function exports a point as a TLS ECPoint record + * defined in RFC 4492, Section 5.4. * - * \param grp The ECP group used. - * \param pt The point format to export to. The point format is an - * \c MBEDTLS_ECP_PF_XXX constant. - * \param format The export format. - * \param olen The length of the data written. - * \param buf The buffer to write to. - * \param blen The length of the buffer. + * \param grp The ECP group to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param pt The point to be exported. This must be initialized. + * \param format The point format to use. This must be either + * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED. + * \param olen The address at which to store the length in Bytes + * of the data written. + * \param buf The target buffer. This must be a writable buffer of + * length \p blen Bytes. + * \param blen The length of the target buffer \p buf in Bytes. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA or - * #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid. + * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer + * is too small to hold the exported point. + * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, - int format, size_t *olen, - unsigned char *buf, size_t blen ); +int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *pt, + int format, size_t *olen, + unsigned char *buf, size_t blen ); /** - * \brief This function sets a group using standardized domain parameters. + * \brief This function sets up an ECP group context + * from a standardized set of domain parameters. * * \note The index should be a value of the NamedCurve enum, * as defined in RFC-4492: Elliptic Curve Cryptography * (ECC) Cipher Suites for Transport Layer Security (TLS), * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro. * - * \param grp The destination group. + * \param grp The group context to setup. This must be initialized. * \param id The identifier of the domain parameter set to load. * - * \return \c 0 on success, - * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups. - + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't + * correspond to a known group. + * \return Another negative error code on other kinds of failure. */ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); /** - * \brief This function sets a group from a TLS ECParameters record. + * \brief This function sets up an ECP group context from a TLS + * ECParameters record as defined in RFC 4492, Section 5.4. * - * \note \p buf is updated to point right after the ECParameters - * record on exit. + * \note The read pointer \p buf is updated to point right after + * the ECParameters record on exit. * - * \param grp The destination group. + * \param grp The group context to setup. This must be initialized. * \param buf The address of the pointer to the start of the input buffer. - * \param len The length of the buffer. + * \param len The length of the input buffer \c *buf in Bytes. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization - * failure. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not - * recognised. + * recognized. + * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ); +int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, + const unsigned char **buf, size_t len ); /** - * \brief This function reads a group from a TLS ECParameters record. + * \brief This function extracts an elliptic curve group ID from a + * TLS ECParameters record as defined in RFC 4492, Section 5.4. * - * \note \p buf is updated to point right after the ECParameters - * record on exit. + * \note The read pointer \p buf is updated to point right after + * the ECParameters record on exit. * - * \param grp Output parameter to hold the group id. + * \param grp The address at which to store the group id. + * This must not be \c NULL. * \param buf The address of the pointer to the start of the input buffer. - * \param len The length of the buffer. + * \param len The length of the input buffer \c *buf in Bytes. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not - * recognised. + * recognized. + * \return Another negative error code on other kinds of failure. */ int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, - const unsigned char **buf, size_t len ); + const unsigned char **buf, + size_t len ); /** - * \brief This function writes the TLS ECParameters record for a group. + * \brief This function exports an elliptic curve as a TLS + * ECParameters record as defined in RFC 4492, Section 5.4. * - * \param grp The ECP group used. - * \param olen The number of Bytes written. - * \param buf The buffer to write to. - * \param blen The length of the buffer. + * \param grp The ECP group to be exported. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param olen The address at which to store the number of Bytes written. + * This must not be \c NULL. + * \param buf The buffer to write to. This must be a writable buffer + * of length \p blen Bytes. + * \param blen The length of the output buffer \p buf in Bytes. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure. + * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output + * buffer is too small to hold the exported group. + * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, - unsigned char *buf, size_t blen ); +int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, + size_t *olen, + unsigned char *buf, size_t blen ); /** - * \brief This function performs multiplication of a point by - * an integer: \p R = \p m * \p P. + * \brief This function performs a scalaar multiplication of a point + * by an integer: \p R = \p m * \p P. * * It is not thread-safe to use same group in multiple threads. * @@ -755,17 +808,22 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, * targeting these results. We recommend always providing * a non-NULL \p f_rng. The overhead is negligible. * - * \param grp The ECP group. - * \param R The destination point. - * \param m The integer by which to multiply. - * \param P The point to multiply. - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * \param grp The ECP group to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param R The point in which to store the result of the calculation. + * This must be initialized. + * \param m The integer by which to multiply. This must be initialized. + * \param P The point to multiply. This must be initialized. + * \param f_rng The RNG function. This may be \c NULL if randomization + * of intermediate results isn't desired (discouraged). + * \param p_rng The RNG context to be passed to \p p_rng. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private * key, or \p P is not a valid public key. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. + * \return Another negative error code on other kinds of failure. */ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, @@ -781,12 +839,16 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * it can return early and restart according to the limit set * with \c mbedtls_ecp_set_max_ops() to reduce blocking. * - * \param grp The ECP group. - * \param R The destination point. - * \param m The integer by which to multiply. - * \param P The point to multiply. - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * \param grp The ECP group to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param R The point in which to store the result of the calculation. + * This must be initialized. + * \param m The integer by which to multiply. This must be initialized. + * \param P The point to multiply. This must be initialized. + * \param f_rng The RNG function. This may be \c NULL if randomization + * of intermediate results isn't desired (discouraged). + * \param p_rng The RNG context to be passed to \p p_rng. * \param rs_ctx The restart context (NULL disables restart). * * \return \c 0 on success. @@ -795,6 +857,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). + * \return Another negative error code on other kinds of failure. */ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, @@ -810,18 +873,25 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \note In contrast to mbedtls_ecp_mul(), this function does not * guarantee a constant execution flow and timing. * - * \param grp The ECP group. - * \param R The destination point. + * \param grp The ECP group to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param R The point in which to store the result of the calculation. + * This must be initialized. * \param m The integer by which to multiply \p P. - * \param P The point to multiply by \p m. + * This must be initialized. + * \param P The point to multiply by \p m. This must be initialized. * \param n The integer by which to multiply \p Q. + * This must be initialized. * \param Q The point to be multiplied by \p n. + * This must be initialized. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not * valid private keys, or \p P or \p Q are not valid public * keys. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. + * \return Another negative error code on other kinds of failure. */ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, @@ -838,12 +908,18 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * but it can return early and restart according to the limit * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. * - * \param grp The ECP group. - * \param R The destination point. + * \param grp The ECP group to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param R The point in which to store the result of the calculation. + * This must be initialized. * \param m The integer by which to multiply \p P. - * \param P The point to multiply by \p m. + * This must be initialized. + * \param P The point to multiply by \p m. This must be initialized. * \param n The integer by which to multiply \p Q. + * This must be initialized. * \param Q The point to be multiplied by \p n. + * This must be initialized. * \param rs_ctx The restart context (NULL disables restart). * * \return \c 0 on success. @@ -853,6 +929,7 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). + * \return Another negative error code on other kinds of failure. */ int mbedtls_ecp_muladd_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, @@ -877,38 +954,51 @@ int mbedtls_ecp_muladd_restartable( * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * - * \param grp The curve the point should lie on. - * \param pt The point to check. + * \param grp The ECP group the point should belong to. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param pt The point to check. This must be initialized. * * \return \c 0 if the point is a valid public key. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not + * a valid public key for the given curve. + * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ); +int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *pt ); /** - * \brief This function checks that an \p mbedtls_mpi is a valid private - * key for this curve. + * \brief This function checks that an \p mbedtls_mpi is a + * valid private key for this curve. * * \note This function uses bare components rather than an * ::mbedtls_ecp_keypair structure to ease use with other * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * - * \param grp The group used. - * \param d The integer to check. + * \param grp The ECP group the private key should belong to. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param d The integer to check. This must be initialized. * * \return \c 0 if the point is a valid private key. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid + * private key for the given curve. + * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ); +int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, + const mbedtls_mpi *d ); /** * \brief This function generates a private key. * - * \param grp The ECP group. - * \param d The destination MPI (secret part). - * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param grp The ECP group to generate a private key for. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param d The destination MPI (secret part). This must be initialized. + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG parameter to be passed to \p f_rng. This may be + * \c NULL if \p f_rng doesn't need a context argument. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code @@ -928,22 +1018,29 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * - * \param grp The ECP group. - * \param G The chosen base point. + * \param grp The ECP group to generate a key pair for. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param G The base point to use. This must be initialized + * and belong to \p grp. It replaces the default base + * point \c grp->G used by mbedtls_ecp_gen_keypair(). * \param d The destination MPI (secret part). + * This must be initialized. * \param Q The destination point (public part). - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * This must be initialized. + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may + * be \c NULL if \p f_rng doesn't need a context argument. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, - const mbedtls_ecp_point *G, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); + const mbedtls_ecp_point *G, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); /** * \brief This function generates an ECP keypair. @@ -953,34 +1050,42 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * - * \param grp The ECP group. + * \param grp The ECP group to generate a key pair for. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). * \param d The destination MPI (secret part). + * This must be initialized. * \param Q The destination point (public part). - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * This must be initialized. + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may + * be \c NULL if \p f_rng doesn't need a context argument. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ -int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, + mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); /** * \brief This function generates an ECP key. * * \param grp_id The ECP group identifier. - * \param key The destination key. - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * \param key The destination key. This must be initialized. + * \param f_rng The RNG function to use. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may + * be \c NULL if \p f_rng doesn't need a context argument. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); /** * \brief This function checks that the keypair objects @@ -988,16 +1093,19 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, * same public point, and that the private key in * \p prv is consistent with the public key. * - * \param pub The keypair structure holding the public key. - * If it contains a private key, that part is ignored. + * \param pub The keypair structure holding the public key. This + * must be initialized. If it contains a private key, that + * part is ignored. * \param prv The keypair structure holding the full keypair. + * This must be initialized. * * \return \c 0 on success, meaning that the keys are valid and match. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match. * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX * error code on calculation failure. */ -int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ); +int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, + const mbedtls_ecp_keypair *prv ); #if defined(MBEDTLS_SELF_TEST) From 4f8e8e5805d8ed09efa79cc4dea537b31a22bb68 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Dec 2018 15:08:03 +0000 Subject: [PATCH 180/415] Implement parameter validation for ECP module --- library/ecp.c | 140 ++++++++++++++++++++++++++++++++++++------- library/ecp_curves.c | 8 +++ 2 files changed, 125 insertions(+), 23 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 7fefb4c16..229b28eaf 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -86,6 +86,12 @@ #if !defined(MBEDTLS_ECP_ALT) +/* Parameter validation macros based on platform_util.h */ +#define ECP_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) +#define ECP_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -268,6 +274,8 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, mbedtls_ecp_restart_ctx *rs_ctx, unsigned ops ) { + ECP_VALIDATE_RET( grp != NULL ); + if( rs_ctx != NULL && ecp_max_ops != 0 ) { /* scale depending on curve size: the chosen reference is 256-bit, @@ -526,8 +534,7 @@ static inline ecp_curve_type ecp_get_type( const mbedtls_ecp_group *grp ) */ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ) { - if( pt == NULL ) - return; + ECP_VALIDATE( pt != NULL ); mbedtls_mpi_init( &pt->X ); mbedtls_mpi_init( &pt->Y ); @@ -539,8 +546,7 @@ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ) */ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) { - if( grp == NULL ) - return; + ECP_VALIDATE( grp != NULL ); grp->id = MBEDTLS_ECP_DP_NONE; mbedtls_mpi_init( &grp->P ); @@ -564,8 +570,7 @@ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) */ void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ) { - if( key == NULL ) - return; + ECP_VALIDATE( key != NULL ); mbedtls_ecp_group_init( &key->grp ); mbedtls_mpi_init( &key->d ); @@ -633,6 +638,8 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ) int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) { int ret; + ECP_VALIDATE_RET( P != NULL ); + ECP_VALIDATE_RET( Q != NULL ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) ); @@ -647,7 +654,10 @@ cleanup: */ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ) { - return mbedtls_ecp_group_load( dst, src->id ); + ECP_VALIDATE_RET( dst != NULL ); + ECP_VALIDATE_RET( src != NULL ); + + return( mbedtls_ecp_group_load( dst, src->id ) ); } /* @@ -656,6 +666,7 @@ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ) { int ret; + ECP_VALIDATE_RET( pt != NULL ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) ); @@ -670,6 +681,8 @@ cleanup: */ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ) { + ECP_VALIDATE_RET( pt != NULL ); + return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 ); } @@ -679,6 +692,9 @@ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ) int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) { + ECP_VALIDATE_RET( P != NULL ); + ECP_VALIDATE_RET( Q != NULL ); + if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 && mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 && mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 ) @@ -696,6 +712,9 @@ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, const char *x, const char *y ) { int ret; + ECP_VALIDATE_RET( P != NULL ); + ECP_VALIDATE_RET( x != NULL ); + ECP_VALIDATE_RET( y != NULL ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) ); @@ -708,16 +727,19 @@ cleanup: /* * Export a point into unsigned binary data (SEC1 2.3.3) */ -int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, - int format, size_t *olen, - unsigned char *buf, size_t buflen ) +int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *P, + int format, size_t *olen, + unsigned char *buf, size_t buflen ) { int ret = 0; size_t plen; - - if( format != MBEDTLS_ECP_PF_UNCOMPRESSED && - format != MBEDTLS_ECP_PF_COMPRESSED ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( P != NULL ); + ECP_VALIDATE_RET( olen != NULL ); + ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED || + format == MBEDTLS_ECP_PF_COMPRESSED ); /* * Common case: P == 0 @@ -764,11 +786,15 @@ cleanup: /* * Import a point from unsigned binary data (SEC1 2.3.4) */ -int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, - const unsigned char *buf, size_t ilen ) +int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt, + const unsigned char *buf, size_t ilen ) { int ret; size_t plen; + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( pt != NULL ); + ECP_VALIDATE_RET( buf != NULL ); if( ilen < 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); @@ -803,11 +829,16 @@ cleanup: * opaque point <1..2^8-1>; * } ECPoint; */ -int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, - const unsigned char **buf, size_t buf_len ) +int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt, + const unsigned char **buf, size_t buf_len ) { unsigned char data_len; const unsigned char *buf_start; + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( pt != NULL ); + ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET( *buf != NULL ); /* * We must have at least two bytes (1 for length, at least one for data) @@ -825,7 +856,7 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point buf_start = *buf; *buf += data_len; - return mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ); + return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) ); } /* @@ -839,6 +870,12 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp unsigned char *buf, size_t blen ) { int ret; + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( pt != NULL ); + ECP_VALIDATE_RET( olen != NULL ); + ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED || + format == MBEDTLS_ECP_PF_COMPRESSED ); /* * buffer length must be at least one, for our length byte @@ -867,11 +904,14 @@ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, { int ret; mbedtls_ecp_group_id grp_id; + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET( *buf != NULL ); if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 ) return( ret ); - return mbedtls_ecp_group_load( grp, grp_id ); + return( mbedtls_ecp_group_load( grp, grp_id ) ); } /* @@ -883,6 +923,9 @@ int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, { uint16_t tls_id; const mbedtls_ecp_curve_info *curve_info; + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET( *buf != NULL ); /* * We expect at least three bytes (see below) @@ -918,6 +961,9 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen ) { const mbedtls_ecp_curve_info *curve_info; + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET( olen != NULL ); if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); @@ -2276,6 +2322,10 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; #endif + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( R != NULL ); + ECP_VALIDATE_RET( m != NULL ); + ECP_VALIDATE_RET( P != NULL ); #if defined(MBEDTLS_ECP_RESTARTABLE) /* reset ops count for this call if top-level */ @@ -2333,6 +2383,10 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( R != NULL ); + ECP_VALIDATE_RET( m != NULL ); + ECP_VALIDATE_RET( P != NULL ); return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) ); } @@ -2435,6 +2489,12 @@ int mbedtls_ecp_muladd_restartable( #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; #endif + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( R != NULL ); + ECP_VALIDATE_RET( m != NULL ); + ECP_VALIDATE_RET( P != NULL ); + ECP_VALIDATE_RET( n != NULL ); + ECP_VALIDATE_RET( Q != NULL ); if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS ) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); @@ -2517,6 +2577,12 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q ) { + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( R != NULL ); + ECP_VALIDATE_RET( m != NULL ); + ECP_VALIDATE_RET( P != NULL ); + ECP_VALIDATE_RET( n != NULL ); + ECP_VALIDATE_RET( Q != NULL ); return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) ); } @@ -2539,8 +2605,12 @@ static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_ /* * Check that a point is valid as a public key */ -int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) +int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *pt ) { + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( pt != NULL ); + /* Must use affine coordinates */ if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 ) return( MBEDTLS_ERR_ECP_INVALID_KEY ); @@ -2559,8 +2629,12 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po /* * Check that an mbedtls_mpi is valid as a private key */ -int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ) +int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, + const mbedtls_mpi *d ) { + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( d != NULL ); + #if defined(ECP_MONTGOMERY) if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) { @@ -2601,7 +2675,13 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, void *p_rng ) { int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - size_t n_size = ( grp->nbits + 7 ) / 8; + size_t n_size; + + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( d != NULL ); + ECP_VALIDATE_RET( f_rng != NULL ); + + n_size = ( grp->nbits + 7 ) / 8; #if defined(ECP_MONTGOMERY) if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) @@ -2680,6 +2760,11 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, void *p_rng ) { int ret; + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( d != NULL ); + ECP_VALIDATE_RET( G != NULL ); + ECP_VALIDATE_RET( Q != NULL ); + ECP_VALIDATE_RET( f_rng != NULL ); MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) ); @@ -2696,6 +2781,11 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( d != NULL ); + ECP_VALIDATE_RET( Q != NULL ); + ECP_VALIDATE_RET( f_rng != NULL ); + return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) ); } @@ -2706,6 +2796,8 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret; + ECP_VALIDATE_RET( key != NULL ); + ECP_VALIDATE_RET( f_rng != NULL ); if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 ) return( ret ); @@ -2721,6 +2813,8 @@ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ec int ret; mbedtls_ecp_point Q; mbedtls_ecp_group grp; + ECP_VALIDATE_RET( pub != NULL ); + ECP_VALIDATE_RET( prv != NULL ); if( pub->grp.id == MBEDTLS_ECP_DP_NONE || pub->grp.id != prv->grp.id || diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 68e2441ae..731621dc3 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -28,11 +28,18 @@ #if defined(MBEDTLS_ECP_C) #include "mbedtls/ecp.h" +#include "mbedtls/platform_util.h" #include #if !defined(MBEDTLS_ECP_ALT) +/* Parameter validation macros based on platform_util.h */ +#define ECP_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) +#define ECP_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline @@ -746,6 +753,7 @@ cleanup: */ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ) { + ECP_VALIDATE_RET( grp != NULL ); mbedtls_ecp_group_free( grp ); grp->id = id; From 12dff0352b5ede23986e835561544ad09effde7e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Dec 2018 15:08:13 +0000 Subject: [PATCH 181/415] Test parameter validation for ECP module --- tests/suites/test_suite_ecp.data | 7 +- tests/suites/test_suite_ecp.function | 309 +++++++++++++++++++++++++++ 2 files changed, 312 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 321a1b497..1b46306fa 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1,3 +1,6 @@ +ECP invalid params +ecp_invalid_param: + ECP curve info #1 depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED mbedtls_ecp_curve_info:MBEDTLS_ECP_DP_BP512R1:28:512:"brainpoolP512r1" @@ -46,10 +49,6 @@ ECP check pubkey Koblitz #2 (coordinate not affine) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_check_pub:MBEDTLS_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"101":MBEDTLS_ERR_ECP_INVALID_KEY -ECP write binary #0 (zero, bad format) -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED -ecp_write_binary:MBEDTLS_ECP_DP_SECP192R1:"01":"01":"00":ECP_PF_UNKNOWN:"00":1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA - ECP write binary #1 (zero, uncompressed, buffer just fits) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecp_write_binary:MBEDTLS_ECP_DP_SECP192R1:"01":"01":"00":MBEDTLS_ECP_PF_UNCOMPRESSED:"00":1:0 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 65c487ef8..94ba8cbe0 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -13,6 +13,315 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void ecp_invalid_param( ) +{ + mbedtls_ecp_group grp; + mbedtls_ecp_keypair kp; + mbedtls_ecp_point P; + mbedtls_mpi m; + const char *x = "deadbeef"; + int valid_fmt = MBEDTLS_ECP_PF_UNCOMPRESSED; + int invalid_fmt = 42; + size_t olen; + unsigned char buf[42] = { 0 }; + const unsigned char *null_buf = NULL; + mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1; + + TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) ); + TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) ); + TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) ); + + TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) ); + TEST_VALID_PARAM( mbedtls_ecp_keypair_free( NULL ) ); + TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + TEST_INVALID_PARAM( mbedtls_ecp_restart_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_ecp_restart_free( NULL ) ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_copy( NULL, &P ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_copy( &P, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_group_copy( NULL, &grp ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_group_copy( &grp, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_set_zero( NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_is_zero( NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_cmp( NULL, &P ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_cmp( &P, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_read_string( NULL, 2, + x, x ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_read_string( &P, 2, + NULL, x ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_read_string( &P, 2, + x, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_write_binary( NULL, &P, + valid_fmt, + &olen, + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_write_binary( &grp, NULL, + valid_fmt, + &olen, + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_write_binary( &grp, &P, + invalid_fmt, + &olen, + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_write_binary( &grp, &P, + valid_fmt, + NULL, + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_write_binary( &grp, &P, + valid_fmt, + &olen, + NULL, sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_read_binary( NULL, &P, buf, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_read_binary( &grp, NULL, buf, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_point_read_binary( &grp, &P, NULL, + sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_read_point( NULL, &P, + (const unsigned char **) &buf, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_read_point( &grp, NULL, + (const unsigned char **) &buf, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_read_point( &grp, &P, &null_buf, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_read_point( &grp, &P, NULL, + sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_write_point( NULL, &P, + valid_fmt, + &olen, + buf, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_write_point( &grp, NULL, + valid_fmt, + &olen, + buf, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_write_point( &grp, &P, + invalid_fmt, + &olen, + buf, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_write_point( &grp, &P, + valid_fmt, + NULL, + buf, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_write_point( &grp, &P, + valid_fmt, + &olen, + NULL, + sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_group_load( NULL, valid_group ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_read_group( NULL, + (const unsigned char **) &buf, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_read_group( &grp, NULL, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_read_group( &grp, &null_buf, + sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_read_group_id( NULL, + (const unsigned char **) &buf, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_read_group_id( &valid_group, NULL, + sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_read_group_id( &valid_group, + &null_buf, + sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_write_group( NULL, &olen, + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_write_group( &grp, NULL, + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_tls_write_group( &grp, &olen, + NULL, sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_mul( NULL, &P, &m, &P, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_mul( &grp, NULL, &m, &P, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_mul( &grp, &P, NULL, &P, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_mul( &grp, &P, &m, NULL, + rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_mul_restartable( NULL, &P, &m, &P, + rnd_std_rand, NULL , NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P, + rnd_std_rand, NULL , NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P, + rnd_std_rand, NULL , NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL, + rnd_std_rand, NULL , NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd( NULL, &P, &m, &P, + &m, &P ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd( &grp, NULL, &m, &P, + &m, &P ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd( &grp, &P, NULL, &P, + &m, &P ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd( &grp, &P, &m, NULL, + &m, &P ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd( &grp, &P, &m, &P, + NULL, &P ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd( &grp, &P, &m, &P, + &m, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd_restartable( NULL, &P, &m, &P, + &m, &P, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd_restartable( &grp, NULL, &m, &P, + &m, &P, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd_restartable( &grp, &P, NULL, &P, + &m, &P, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd_restartable( &grp, &P, &m, NULL, + &m, &P, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P, + NULL, &P, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P, + &m, NULL, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_check_pubkey( NULL, &P ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_check_pubkey( &grp, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_check_privkey( NULL, &m ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_check_privkey( &grp, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_keypair_base( NULL, &P, + &m, &P, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_keypair_base( &grp, NULL, + &m, &P, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_keypair_base( &grp, &P, + NULL, &P, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_keypair_base( &grp, &P, + &m, NULL, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_keypair_base( &grp, &P, + &m, &P, + NULL, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_keypair( NULL, + &m, &P, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_keypair( &grp, + NULL, &P, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_keypair( &grp, + &m, NULL, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_keypair( &grp, + &m, &P, + NULL, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_key( valid_group, NULL, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_key( valid_group, &kp, + NULL, NULL ) ); + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_ecp_curve_info( int id, int tls_id, int size, char * name ) { From 5edcfa529fed02a77b529e533e218520d4f97799 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 12:49:55 +0000 Subject: [PATCH 182/415] Improve ECP documentation --- include/mbedtls/ecp.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 9f4c3e55c..06a3ce575 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -621,7 +621,7 @@ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, * \param format The point format. This must be either * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED. * \param olen The address at which to store the length of - * the output in Bytes. + * the output in Bytes. This must not be \c NULL. * \param buf The output buffer. This must be a writable buffer * of length \p buflen Bytes. * \param buflen The length of the output buffer \p buf in Bytes. @@ -793,7 +793,7 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, unsigned char *buf, size_t blen ); /** - * \brief This function performs a scalaar multiplication of a point + * \brief This function performs a scalar multiplication of a point * by an integer: \p R = \p m * \p P. * * It is not thread-safe to use same group in multiple threads. From 57b684f9d1032ff437cca48c73f14d7bea7e244d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 12:50:02 +0000 Subject: [PATCH 183/415] Add separate test for xxx_free() functions in ECP module --- tests/suites/test_suite_ecp.data | 3 +++ tests/suites/test_suite_ecp.function | 21 ++++++++++++++++----- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 1b46306fa..30d5ec6f1 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1,3 +1,6 @@ +ECP valid params +ecp_valid_param: + ECP invalid params ecp_invalid_param: diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 94ba8cbe0..49ab870ac 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -13,6 +13,22 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void ecp_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) ); + TEST_VALID_PARAM( mbedtls_ecp_keypair_free( NULL ) ); + TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + TEST_VALID_PARAM( mbedtls_ecp_restart_free( NULL ) ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void ecp_invalid_param( ) { @@ -32,13 +48,8 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) ); TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) ); - TEST_VALID_PARAM( mbedtls_ecp_keypair_free( NULL ) ); - TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) ); - #if defined(MBEDTLS_ECP_RESTARTABLE) TEST_INVALID_PARAM( mbedtls_ecp_restart_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_ecp_restart_free( NULL ) ); #endif /* MBEDTLS_ECP_RESTARTABLE */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, From 486f1b33d72f960f7cb8b9fbd36d992a26697692 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 13:00:34 +0000 Subject: [PATCH 184/415] Improve wording in ECP documentation --- include/mbedtls/ecp.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 06a3ce575..de3a343cb 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -499,8 +499,8 @@ void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ); * \brief This function frees the components of an ECP group. * * \param grp The group to free. This may be \c NULL, in which - * case this function is a no-op. If it is not \c NULL, - * it must point to an initialized ECP group. + * case this function returns immediately. If it is not + * \c NULL, it must point to an initialized ECP group. */ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); @@ -508,8 +508,8 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); * \brief This function frees the components of a key pair. * * \param key The key pair to free. This may be \c NULL, in which - * case this function is a no-op. If it is not \c NULL, - * it must point to an initialized ECP key pair. + * case this function returns immediately. If it is not + * \c NULL, it must point to an initialized ECP key pair. */ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); @@ -526,8 +526,8 @@ void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ); * \brief Free the components of a restart context. * * \param ctx The restart context to free. This may be \c NULL, in which - * case this function is a no-op. If it is not \c NULL, - * it must point to an initialized restart context. + * case this function returns immediately. If it is not + * \c NULL, it must point to an initialized restart context. */ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ); #endif /* MBEDTLS_ECP_RESTARTABLE */ From 9a46777d66db930363543ed39571b590ee64e4d8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Dec 2018 09:54:59 +0000 Subject: [PATCH 185/415] Document parameter preconditions in RSA module --- include/mbedtls/rsa.h | 503 +++++++++++++++++++++++++----------------- 1 file changed, 302 insertions(+), 201 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 406a317d4..fa1ef2d86 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -158,15 +158,16 @@ mbedtls_rsa_context; * making signatures, but can be overriden for verifying them. * If set to #MBEDTLS_MD_NONE, it is always overriden. * - * \param ctx The RSA context to initialize. - * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or - * #MBEDTLS_RSA_PKCS_V21. - * \param hash_id The hash identifier of #mbedtls_md_type_t type, if - * \p padding is #MBEDTLS_RSA_PKCS_V21. + * \param ctx The RSA context to initialize. This must not be \c NULL. + * \param padding The padding mode to use. This must be either + * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21. + * \param hash_id The hash identifier of ::bedtls_md_type_t type, if + * \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused + * otherwise. */ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, int padding, - int hash_id); + int hash_id ); /** * \brief This function imports a set of core parameters into an @@ -188,11 +189,11 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, * for the lifetime of the RSA context being set up. * * \param ctx The initialized RSA context to store the parameters in. - * \param N The RSA modulus, or NULL. - * \param P The first prime factor of \p N, or NULL. - * \param Q The second prime factor of \p N, or NULL. - * \param D The private exponent, or NULL. - * \param E The public exponent, or NULL. + * \param N The RSA modulus. This may be \c NULL. + * \param P The first prime factor of \p N. This may be \c NULL. + * \param Q The second prime factor of \p N. This may be \c NULL. + * \param D The private exponent. This may be \c NULL. + * \param E The public exponent. This may be \c NULL. * * \return \c 0 on success. * \return A non-zero error code on failure. @@ -222,16 +223,16 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * for the lifetime of the RSA context being set up. * * \param ctx The initialized RSA context to store the parameters in. - * \param N The RSA modulus, or NULL. - * \param N_len The Byte length of \p N, ignored if \p N == NULL. - * \param P The first prime factor of \p N, or NULL. - * \param P_len The Byte length of \p P, ignored if \p P == NULL. - * \param Q The second prime factor of \p N, or NULL. - * \param Q_len The Byte length of \p Q, ignored if \p Q == NULL. - * \param D The private exponent, or NULL. - * \param D_len The Byte length of \p D, ignored if \p D == NULL. - * \param E The public exponent, or NULL. - * \param E_len The Byte length of \p E, ignored if \p E == NULL. + * \param N The RSA modulus. This may be \c NULL. + * \param N_len The Byte length of \p N; it is ignored if \p N == NULL. + * \param P The first prime factor of \p N. This may be \c NULL. + * \param P_len The Byte length of \p P; it ns ignored if \p P == NULL. + * \param Q The second prime factor of \p N. This may be \c NULL. + * \param Q_len The Byte length of \p Q; it is ignored if \p Q == NULL. + * \param D The private exponent. This may be \c NULL. + * \param D_len The Byte length of \p D; it is ignored if \p D == NULL. + * \param E The public exponent. This may be \c NULL. + * \param E_len The Byte length of \p E; it is ignored if \p E == NULL. * * \return \c 0 on success. * \return A non-zero error code on failure. @@ -299,11 +300,16 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); * the RSA context stays intact and remains usable. * * \param ctx The initialized RSA context. - * \param N The MPI to hold the RSA modulus, or NULL. - * \param P The MPI to hold the first prime factor of \p N, or NULL. - * \param Q The MPI to hold the second prime factor of \p N, or NULL. - * \param D The MPI to hold the private exponent, or NULL. - * \param E The MPI to hold the public exponent, or NULL. + * \param N The MPI to hold the RSA modulus. + * This may be \c NULL if this field need not be exported. + * \param P The MPI to hold the first prime factor of \p N. + * This may be \c NULL if this field need not be exported. + * \param Q The MPI to hold the second prime factor of \p N. + * This may be \c NULL if this field need not be exported. + * \param D The MPI to hold the private exponent. + * This may be \c NULL if this field need not be exported. + * \param E The MPI to hold the public exponent. + * This may be \c NULL if this field need not be exported. * * \return \c 0 on success. * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the @@ -341,17 +347,20 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * buffer pointers are NULL. * * \param ctx The initialized RSA context. - * \param N The Byte array to store the RSA modulus, or NULL. + * \param N The Byte array to store the RSA modulus, + * or \c NULL if this field need not be exported. * \param N_len The size of the buffer for the modulus. - * \param P The Byte array to hold the first prime factor of \p N, or - * NULL. + * \param P The Byte array to hold the first prime factor of \p N, + * or \c NULL if this field need not be exported. * \param P_len The size of the buffer for the first prime factor. - * \param Q The Byte array to hold the second prime factor of \p N, or - * NULL. + * \param Q The Byte array to hold the second prime factor of \p N, + * or \c NULL if this field need not be exported. * \param Q_len The size of the buffer for the second prime factor. - * \param D The Byte array to hold the private exponent, or NULL. + * \param D The Byte array to hold the private exponent, + * or \c NULL if this field need not be exported. * \param D_len The size of the buffer for the private exponent. - * \param E The Byte array to hold the public exponent, or NULL. + * \param E The Byte array to hold the public exponent, + * or \c NULL if this field need not be exported. * \param E_len The size of the buffer for the public exponent. * * \return \c 0 on success. @@ -375,9 +384,12 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, * mbedtls_rsa_deduce_opt(). * * \param ctx The initialized RSA context. - * \param DP The MPI to hold D modulo P-1, or NULL. - * \param DQ The MPI to hold D modulo Q-1, or NULL. - * \param QP The MPI to hold modular inverse of Q modulo P, or NULL. + * \param DP The MPI to hold \c D modulo `P-1`, + * or \c NULL if it need not be exported. + * \param DQ The MPI to hold \c D modulo `Q-1`, + * or \c NULL if it need not be exported. + * \param QP The MPI to hold modular inverse of \c Q modulo \c P, + * or \c NULL if it need not be exported. * * \return \c 0 on success. * \return A non-zero error code on failure. @@ -390,13 +402,13 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, * \brief This function sets padding for an already initialized RSA * context. See mbedtls_rsa_init() for details. * - * \param ctx The RSA context to be set. - * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or - * #MBEDTLS_RSA_PKCS_V21. + * \param ctx The initialized RSA context to be configured. + * \param padding The padding mode to use. This must be either + * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21. * \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier. */ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, - int hash_id); + int hash_id ); /** * \brief This function retrieves the length of RSA modulus in Bytes. @@ -414,11 +426,13 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * \note mbedtls_rsa_init() must be called before this function, * to set up the RSA context. * - * \param ctx The RSA context used to hold the key. - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * \param ctx The initialized RSA context used to hold the key. + * \param f_rng The RNG function to be used for key generation. + * This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. + * This may be \c NULL if \p f_rng doesn't need a context. * \param nbits The size of the public key in bits. - * \param exponent The public exponent. For example, 65537. + * \param exponent The public exponent to use. For example, \c 65537. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -436,7 +450,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, * enough information is present to perform an RSA public key * operation using mbedtls_rsa_public(). * - * \param ctx The RSA context to check. + * \param ctx The initialized RSA context to check. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -475,7 +489,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * parameters, which goes beyond what is effectively checkable * by the library.
        * - * \param ctx The RSA context to check. + * \param ctx The initialized RSA context to check. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -487,8 +501,8 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); * * It checks each of the contexts, and makes sure they match. * - * \param pub The RSA context holding the public key. - * \param prv The RSA context holding the private key. + * \param pub The initialized RSA context holding the public key. + * \param prv The initialized RSA context holding the private key. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -499,18 +513,19 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, /** * \brief This function performs an RSA public key operation. * + * \param ctx The initialized RSA context to use. + * \param input The input buffer. This must be a readable buffer + * of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. + * \param output The output buffer. This must be a writable buffer + * of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. + * * \note This function does not handle message padding. * * \note Make sure to set \p input[0] = 0 or ensure that * input is smaller than \p N. * - * \note The input and output buffers must be large - * enough. For example, 128 Bytes if RSA-1024 is used. - * - * \param ctx The RSA context. - * \param input The input buffer. - * \param output The output buffer. - * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ @@ -521,9 +536,6 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, /** * \brief This function performs an RSA private key operation. * - * \note The input and output buffers must be large - * enough. For example, 128 Bytes if RSA-1024 is used. - * * \note Blinding is used if and only if a PRNG is provided. * * \note If blinding is used, both the base of exponentation @@ -535,11 +547,18 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * Future versions of the library may enforce the presence * of a PRNG. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for blinding. - * \param p_rng The RNG context. - * \param input The input buffer. - * \param output The output buffer. + * \param ctx The initialized RSA context to use. + * \param f_rng The RNG function, used for blinding. It is discouraged + * and deprecated to pass \c NULL here, in which case + * blinding will be omitted. + * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL + * if \p f_rng is \c NULL or if \p f_rng doesn't need a context. + * \param input The input buffer. This must be a readable buffer + * of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. + * \param output The output buffer. This must be a writable buffer + * of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -558,9 +577,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 encryption * operation using the \p mode from the context. * - * \note The input and output buffers must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library * are likely to remove the \p mode argument and have it @@ -570,14 +586,22 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1 - * encoding, and #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param ilen The length of the plaintext. - * \param input The buffer holding the data to encrypt. - * \param output The buffer used to hold the ciphertext. + * \param ctx The initialized RSA context to use. + * \param f_rng This is the RNG function used to generate the + * PKCS#1 v2.1 padding encoding if \p mode is + * #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. May be + * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't + * need a context argument. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ilen The length of the plaintext in Bytes. + * \param input The input data to encrypt. This must be a readable + * buffer of size \p ilen Bytes. It may be \c NULL if + * `ilen == 0`. + * \param output The output buffer. This must be a writable buffer + * of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -593,9 +617,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 encryption operation * (RSAES-PKCS1-v1_5-ENCRYPT). * - * \note The output buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library * are likely to remove the \p mode argument and have it @@ -605,14 +626,21 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for padding and - * #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param ilen The length of the plaintext. - * \param input The buffer holding the data to encrypt. - * \param output The buffer used to hold the ciphertext. + * \param ctx The initialized RSA context to use. + * \param f_rng The RNG function, needed for padding generation if + * \p mode is #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. This may + * be \c NULL if \p f_rng is \c NULL or if \p f_rng + * doesn't need a context argument. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ilen The length of the plaintext in Bytes. + * \param input The input data to encrypt. This must be a readable + * buffer of size \p ilen Bytes. It may be \c NULL if + * `ilen == 0`. + * \param output The output buffer. This must be a writable buffer + * of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -640,16 +668,25 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for padding and PKCS#1 v2.1 - * encoding and #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ctx The initnialized RSA context to use. + * \param f_rng The RNG function, needed for padding and PKCS#1 v2.1 + * encoding if \p mode is #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. This may + * be \c NULL if \p f_rng is \c NULL or if \p f_rng + * doesn't need a context argument. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param label The buffer holding the custom label to use. - * \param label_len The length of the label. - * \param ilen The length of the plaintext. - * \param input The buffer holding the data to encrypt. - * \param output The buffer used to hold the ciphertext. + * This must be a readable buffer of length \p label_len + * Bytes. It may be \c NULL if \p label_len is \c 0. + * \param label_len The length of the label in Bytes. + * \param ilen The length of the plaintext buffer \p input in Bytes. + * \param input The input data to encrypt. This must be a readable + * buffer of size \p ilen Bytes. It may be \c NULL if + * `ilen == 0`. + * \param output The output buffer. This must be a writable buffer + * of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -677,9 +714,6 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * hold the decryption of the particular ciphertext provided, * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \note The input buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library * are likely to remove the \p mode argument and have it @@ -689,14 +723,20 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param olen The length of the plaintext. - * \param input The buffer holding the encrypted data. - * \param output The buffer used to hold the plaintext. - * \param output_max_len The maximum length of the output buffer. + * \param ctx The initialized RSA context to use. + * \param f_rng The RNG function. This is needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param olen The address at which to store the length of + * the plaintext. This must not be \c NULL. + * \param input The ciphertext buffer. This must be a readable buffer + * of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. + * \param output The buffer used to hold the plaintext. This must + * be a writable buffer of length \p output_max_len Bytes. + * \param output_max_len The maximum length of the output buffer. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -720,9 +760,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * hold the decryption of the particular ciphertext provided, * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \note The input buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library * are likely to remove the \p mode argument and have it @@ -732,14 +769,20 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param olen The length of the plaintext. - * \param input The buffer holding the encrypted data. - * \param output The buffer to hold the plaintext. - * \param output_max_len The maximum length of the output buffer. + * \param ctx The initialized RSA context to use. + * \param f_rng The RNG function. This is needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param olen The address at which to store the length of + * the plaintext. This must not be \c NULL. + * \param input The ciphertext buffer. This must be a readable buffer + * of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. + * \param output The buffer used to hold the plaintext. This must + * be a writable buffer of length \p output_max_len Bytes. + * \param output_max_len The maximum length of the output buffer. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -765,9 +808,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * ciphertext provided, the function returns * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \note The input buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library * are likely to remove the \p mode argument and have it @@ -777,16 +817,24 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ctx The initialized RSA context to use. + * \param f_rng The RNG function. This is needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param label The buffer holding the custom label to use. - * \param label_len The length of the label. - * \param olen The length of the plaintext. - * \param input The buffer holding the encrypted data. - * \param output The buffer to hold the plaintext. - * \param output_max_len The maximum length of the output buffer. + * This must be a readable buffer of length \p label_len + * Bytes. It may be \c NULL if \p label_len is \c 0. + * \param label_len The length of the label in Bytes. + * \param olen The address at which to store the length of + * the plaintext. This must not be \c NULL. + * \param input The ciphertext buffer. This must be a readable buffer + * of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. + * \param output The buffer used to hold the plaintext. This must + * be a writable buffer of length \p output_max_len Bytes. + * \param output_max_len The maximum length of the output buffer. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -824,16 +872,25 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for - * #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ctx The initialized RSA context to use. + * \param f_rng The RNG function. It is needed for PKCS#1 v2.1 encoding + * and for \p mode set to #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL + * if \p f_rng is \c NULL or doesn't need a context argument. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer to hold the ciphertext. + * \param hashlen The length of the message digest. + * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest or raw data. + * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable + * buffer of length \p hashlen Bytes. If \p md_alg is not + * #MBEDTLS_MD_NONE, it must be a readable buffer of length + * the size of the hash corresponding to \p md_alg. + * \param sig The buffer to hold the signature. This must be a writable + * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. * * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -851,9 +908,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 signature * operation (RSASSA-PKCS1-v1_5-SIGN). * - * \note The \p sig buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library * are likely to remove the \p mode argument and have it @@ -863,15 +917,25 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ctx The initialized RSA context to use. + * \param f_rng The RNG function. It is needed for PKCS#1 v2.1 encoding + * and for \p mode set to #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL + * if \p f_rng is \c NULL or doesn't need a context argument. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer to hold the ciphertext. + * \param hashlen The length of the message digest. + * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest or raw data. + * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable + * buffer of length \p hashlen Bytes. If \p md_alg is not + * #MBEDTLS_MD_NONE, it must be a readable buffer of length + * the size of the hash corresponding to \p md_alg. + * \param sig The buffer to hold the signature. This must be a writable + * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. * * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -889,9 +953,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v2.1 PSS signature * operation (RSASSA-PSS-SIGN). * - * \note The \p sig buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * * \note The \p hash_id in the RSA context is the one used for the * encoding. \p md_alg in the function call is the type of hash * that is encoded. According to RFC-3447: Public-Key @@ -918,16 +979,24 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for - * #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ctx The initialized RSA context to use. + * \param f_rng The RNG function. It must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL + * if \p f_rng doesn't need a context argument. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer to hold the ciphertext. + * \param hashlen The length of the message digest. + * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest or raw data. + * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable + * buffer of length \p hashlen Bytes. If \p md_alg is not + * #MBEDTLS_MD_NONE, it must be a readable buffer of length + * the size of the hash corresponding to \p md_alg. + * \param sig The buffer to hold the signature. This must be a writable + * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. * * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -948,9 +1017,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * This is the generic wrapper for performing a PKCS#1 * verification using the mode from the context. * - * \note The \p sig buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * * \note For PKCS#1 v2.1 encoding, see comments on * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and * \p hash_id. @@ -964,15 +1030,25 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA public key context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ctx The initialized RSA public key context to use. + * \param f_rng The RNG function to use. This is only needed if + * \p mode is #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer holding the ciphertext. + * \param hashlen The length of the message digest. + * This is only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest or raw data. + * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable + * buffer of length \p hashlen Bytes. If \p md_alg is not + * #MBEDTLS_MD_NONE, it must be a readable buffer of length + * the size of the hash corresponding to \p md_alg. + * \param sig The buffer holding the signature. This must be a readable + * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. * * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -990,9 +1066,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 verification * operation (RSASSA-PKCS1-v1_5-VERIFY). * - * \note The \p sig buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library * are likely to remove the \p mode argument and have it @@ -1002,15 +1075,25 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA public key context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ctx The initialized RSA public key context to use. + * \param f_rng The RNG function to use. This is only needed if + * \p mode is #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer holding the ciphertext. + * \param hashlen The length of the message digest. + * This is only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest or raw data. + * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable + * buffer of length \p hashlen Bytes. If \p md_alg is not + * #MBEDTLS_MD_NONE, it must be a readable buffer of length + * the size of the hash corresponding to \p md_alg. + * \param sig The buffer holding the signature. This must be a readable + * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. * * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -1031,9 +1114,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * The hash function for the MGF mask generating function * is that specified in the RSA context. * - * \note The \p sig buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * * \note The \p hash_id in the RSA context is the one used for the * verification. \p md_alg in the function call is the type of * hash that is verified. According to RFC-3447: Public-Key @@ -1051,15 +1131,25 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * - * \param ctx The RSA public key context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ctx The initialized RSA public key context to use. + * \param f_rng The RNG function to use. This is only needed if + * \p mode is #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer holding the ciphertext. + * \param hashlen The length of the message digest. + * This is only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest or raw data. + * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable + * buffer of length \p hashlen Bytes. If \p md_alg is not + * #MBEDTLS_MD_NONE, it must be a readable buffer of length + * the size of the hash corresponding to \p md_alg. + * \param sig The buffer holding the signature. This must be a readable + * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. * * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -1085,19 +1175,28 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * * \note The \p hash_id in the RSA context is ignored. * - * \param ctx The RSA public key context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG context. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ctx The initialized RSA public key context to use. + * \param f_rng The RNG function to use. This is only needed if + * \p mode is #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \param mode The mode of operation. This must be either + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is - * #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param mgf1_hash_id The message digest used for mask generation. - * \param expected_salt_len The length of the salt used in padding. Use - * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length. - * \param sig The buffer holding the ciphertext. + * \param hashlen The length of the message digest. + * This is only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest or raw data. + * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable + * buffer of length \p hashlen Bytes. If \p md_alg is not + * #MBEDTLS_MD_NONE, it must be a readable buffer of length + * the size of the hash corresponding to \p md_alg. + * \param mgf1_hash_id The message digest used for mask generation. + * \param expected_salt_len The length of the salt used in padding. Use + * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length. + * \param sig The buffer holding the signature. This must be a readable + * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes + * for an 1024-bit RSA modulus. * * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -1116,8 +1215,8 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, /** * \brief This function copies the components of an RSA context. * - * \param dst The destination context. - * \param src The source context. + * \param dst The destination context. This must be initialized. + * \param src The source context. This must be initialized. * * \return \c 0 on success. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. @@ -1127,7 +1226,9 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) /** * \brief This function frees the components of an RSA key. * - * \param ctx The RSA Context to free. + * \param ctx The RSA context to free. May be \c NULL, in which case + * this function is a no-op. If it is not \c NULL, it must + * point to an initialized MPI. */ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); From ddeeed7d1bac12d97a5671b664dc114ac321589a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Dec 2018 18:07:00 +0000 Subject: [PATCH 186/415] Implement parameter validation for RSA module --- library/rsa.c | 195 +++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 170 insertions(+), 25 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 0a533d42d..603db092c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -71,6 +71,12 @@ #if !defined(MBEDTLS_RSA_ALT) +/* Parameter validation macros */ +#define RSA_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) +#define RSA_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #if defined(MBEDTLS_PKCS1_V15) /* constant-time buffer comparison */ static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) @@ -93,6 +99,7 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *D, const mbedtls_mpi *E ) { int ret; + RSA_VALIDATE_RET( ctx != NULL ); if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) || ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) || @@ -117,6 +124,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, unsigned char const *E, size_t E_len ) { int ret = 0; + RSA_VALIDATE_RET( ctx != NULL ); if( N != NULL ) { @@ -240,12 +248,16 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) { int ret = 0; + int have_N, have_P, have_Q, have_D, have_E; + int n_missing, pq_missing, d_missing, is_pub, is_priv; - const int have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 ); - const int have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 ); - const int have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 ); - const int have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 ); - const int have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 ); + RSA_VALIDATE_RET( ctx != NULL ); + + have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 ); + have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 ); + have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 ); + have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 ); + have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 ); /* * Check whether provided parameters are enough @@ -257,13 +269,13 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) * */ - const int n_missing = have_P && have_Q && have_D && have_E; - const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E; - const int d_missing = have_P && have_Q && !have_D && have_E; - const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E; + n_missing = have_P && have_Q && have_D && have_E; + pq_missing = have_N && !have_P && !have_Q && have_D && have_E; + d_missing = have_P && have_Q && !have_D && have_E; + is_pub = have_N && !have_P && !have_Q && !have_D && have_E; /* These three alternatives are mutually exclusive */ - const int is_priv = n_missing || pq_missing || d_missing; + is_priv = n_missing || pq_missing || d_missing; if( !is_priv && !is_pub ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -336,9 +348,11 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, unsigned char *E, size_t E_len ) { int ret = 0; + int is_priv; + RSA_VALIDATE_RET( ctx != NULL ); /* Check if key is private or public */ - const int is_priv = + is_priv = mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && @@ -379,9 +393,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, mbedtls_mpi *D, mbedtls_mpi *E ) { int ret; + int is_priv; + RSA_VALIDATE_RET( ctx != NULL ); /* Check if key is private or public */ - int is_priv = + is_priv = mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && @@ -421,9 +437,11 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) { int ret; + int is_priv; + RSA_VALIDATE_RET( ctx != NULL ); /* Check if key is private or public */ - int is_priv = + is_priv = mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && @@ -459,6 +477,10 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, int padding, int hash_id ) { + RSA_VALIDATE( ctx != NULL ); + RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 || + padding == MBEDTLS_RSA_PKCS_V21 ); + memset( ctx, 0, sizeof( mbedtls_rsa_context ) ); mbedtls_rsa_set_padding( ctx, padding, hash_id ); @@ -471,8 +493,13 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, /* * Set padding for an existing RSA context */ -void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id ) +void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, + int hash_id ) { + RSA_VALIDATE( ctx != NULL ); + RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 || + padding == MBEDTLS_RSA_PKCS_V21 ); + ctx->padding = padding; ctx->hash_id = hash_id; } @@ -503,11 +530,10 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int ret; mbedtls_mpi H, G, L; int prime_quality = 0; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( f_rng != NULL ); - if( f_rng == NULL || nbits < 128 || exponent < 3 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - - if( nbits % 2 ) + if( nbits < 128 || exponent < 3 || nbits % 2 != 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); /* @@ -612,6 +638,8 @@ cleanup: */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) { + RSA_VALIDATE_RET( ctx != NULL ); + if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); @@ -635,6 +663,8 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) { + RSA_VALIDATE_RET( ctx != NULL ); + if( mbedtls_rsa_check_pubkey( ctx ) != 0 || rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 ) { @@ -664,6 +694,9 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ) { + RSA_VALIDATE_RET( pub != NULL ); + RSA_VALIDATE_RET( prv != NULL ); + if( mbedtls_rsa_check_pubkey( pub ) != 0 || mbedtls_rsa_check_privkey( prv ) != 0 ) { @@ -689,6 +722,9 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, int ret; size_t olen; mbedtls_mpi T; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( input != NULL ); + RSA_VALIDATE_RET( output != NULL ); if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -831,6 +867,10 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * checked result; should be the same in the end. */ mbedtls_mpi I, C; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( input != NULL ); + RSA_VALIDATE_RET( output != NULL ); + if( rsa_check_context( ctx, 1 /* private key checks */, f_rng != NULL /* blinding y/n */ ) != 0 ) { @@ -1091,6 +1131,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( output != NULL ); + RSA_VALIDATE_RET( ilen == 0 || input != NULL ); + RSA_VALIDATE_RET( label_len == 0 || label != NULL ); + if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1167,6 +1214,12 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int ret; unsigned char *p = output; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( output != NULL ); + RSA_VALIDATE_RET( ilen == 0 || input != NULL ); + if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1229,6 +1282,12 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, const unsigned char *input, unsigned char *output ) { + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( output != NULL ); + RSA_VALIDATE_RET( ilen == 0 || input != NULL ); + switch( ctx->padding ) { #if defined(MBEDTLS_PKCS1_V15) @@ -1271,6 +1330,14 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); + RSA_VALIDATE_RET( label_len == 0 || label != NULL ); + RSA_VALIDATE_RET( input != NULL ); + RSA_VALIDATE_RET( olen != NULL ); + /* * Parameters sanity checks */ @@ -1490,11 +1557,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, size_t output_max_len ) { int ret; - size_t ilen = ctx->len; - size_t i; - size_t plaintext_max_size = ( output_max_len > ilen - 11 ? - ilen - 11 : - output_max_len ); + size_t ilen, i, plaintext_max_size; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; /* The following variables take sensitive values: their value must * not leak into the observable behavior of the function other than @@ -1512,6 +1575,18 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, size_t plaintext_size = 0; unsigned output_too_large; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); + RSA_VALIDATE_RET( input != NULL ); + RSA_VALIDATE_RET( olen != NULL ); + + ilen = ctx->len; + plaintext_max_size = ( output_max_len > ilen - 11 ? + ilen - 11 : + output_max_len ); + if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1647,6 +1722,13 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, unsigned char *output, size_t output_max_len) { + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); + RSA_VALIDATE_RET( input != NULL ); + RSA_VALIDATE_RET( olen != NULL ); + switch( ctx->padding ) { #if defined(MBEDTLS_PKCS1_V15) @@ -1688,6 +1770,13 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, size_t msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && + hashlen == 0 ) || + hash != NULL ); + RSA_VALIDATE_RET( sig != NULL ); if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1935,6 +2024,14 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int ret; unsigned char *sig_try = NULL, *verif = NULL; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && + hashlen == 0 ) || + hash != NULL ); + RSA_VALIDATE_RET( sig != NULL ); + if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -2004,6 +2101,14 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, const unsigned char *hash, unsigned char *sig ) { + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && + hashlen == 0 ) || + hash != NULL ); + RSA_VALIDATE_RET( sig != NULL ); + switch( ctx->padding ) { #if defined(MBEDTLS_PKCS1_V15) @@ -2050,6 +2155,14 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, mbedtls_md_context_t md_ctx; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( sig != NULL ); + RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && + hashlen == 0 ) || + hash != NULL ); + if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -2178,7 +2291,16 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, const unsigned char *hash, const unsigned char *sig ) { - mbedtls_md_type_t mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE ) + mbedtls_md_type_t mgf1_hash_id; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( sig != NULL ); + RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && + hashlen == 0 ) || + hash != NULL ); + + mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE ) ? (mbedtls_md_type_t) ctx->hash_id : md_alg; @@ -2204,9 +2326,19 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, const unsigned char *sig ) { int ret = 0; - const size_t sig_len = ctx->len; + size_t sig_len; unsigned char *encoded = NULL, *encoded_expected = NULL; + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( sig != NULL ); + RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && + hashlen == 0 ) || + hash != NULL ); + + sig_len = ctx->len; + if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -2276,6 +2408,14 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, const unsigned char *hash, const unsigned char *sig ) { + RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC ); + RSA_VALIDATE_RET( sig != NULL ); + RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && + hashlen == 0 ) || + hash != NULL ); + switch( ctx->padding ) { #if defined(MBEDTLS_PKCS1_V15) @@ -2301,6 +2441,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) { int ret; + RSA_VALIDATE_RET( dst != NULL ); + RSA_VALIDATE_RET( src != NULL ); dst->ver = src->ver; dst->len = src->len; @@ -2340,6 +2482,9 @@ cleanup: */ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) { + if( ctx == NULL ) + return; + mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf ); mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D ); mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P ); From 046d2024c5065cf169ddda3537fbbbb9e8ad4d35 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Dec 2018 18:07:09 +0000 Subject: [PATCH 187/415] Test parameter validation for RSA module --- tests/suites/test_suite_rsa.data | 15 +- tests/suites/test_suite_rsa.function | 403 +++++++++++++++++++++++++++ 2 files changed, 406 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index e49515165..a25d61c85 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,3 +1,6 @@ +RSA parameter validation +rsa_invalid_param: + RSA PKCS1 Verify v1.5 CAVS #1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 # Good padding but wrong hash @@ -255,12 +258,6 @@ RSA PKCS1 Sign #9 Verify (Invalid Digest type) depends_on:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSA PKCS1 Sign #8 (Invalid padding type) -mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2:MBEDTLS_MD_MD5:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_INVALID_PADDING - -RSA PKCS1 Sign #8 Verify (Invalid padding type) -mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":1:MBEDTLS_MD_MD5:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_INVALID_PADDING - RSA PKCS1 Encrypt #1 depends_on:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0c0b193ba4a5b4502bfacd1a9c2697da5510f3e3ab7274cf404418afd2c62c89b98d83bbc21c8c1bf1afe6d8bf40425e053e9c03e03a3be0edbe1eda073fade1cc286cc0305a493d98fe795634c3cad7feb513edb742d66d910c87d07f6b0055c3488bb262b5fd1ce8747af64801fb39d2d3a3e57086ffe55ab8d0a2ca86975629a0f85767a4990c532a7c2dab1647997ebb234d0b28a0008bfebfc905e7ba5b30b60566a5e0190417465efdbf549934b8f0c5c9f36b7c5b6373a47ae553ced0608a161b1b70dfa509375cf7a3598223a6d7b7a1d1a06ac74d345a9bb7c0e44c8388858a4f1d8115f2bd769ffa69020385fa286302c80e950f9e2751308666c":0 @@ -277,12 +274,6 @@ RSA PKCS1 Decrypt #2 (Data too small) depends_on:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_decrypt:"deadbeafcafedeadbeeffedcba9876":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA -RSA PKCS1 Encrypt #3 (Invalid padding mode) -mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":2:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_INVALID_PADDING - -RSA PKCS1 Decrypt #3 (Invalid padding mode) -mbedtls_rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING - RSA PKCS1 Decrypt #4 (Output buffer too small) depends_on:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":15:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index c43ef2050..fe70085f9 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -17,6 +17,409 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void rsa_invalid_param( ) +{ + mbedtls_rsa_context ctx; + const int valid_padding = MBEDTLS_RSA_PKCS_V21; + const int invalid_padding = 42; + const int valid_mode = MBEDTLS_RSA_PRIVATE; + const int invalid_mode = 42; + unsigned char buf[42] = { 0 }; + size_t olen; + + TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, 0, 0 ) ); + TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) ); + + /* No more variants because only the first argument must be non-NULL. */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_import( NULL, NULL, NULL, + NULL, NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_import_raw( NULL, + NULL, 0, + NULL, 0, + NULL, 0, + NULL, 0, + NULL, 0 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_complete( NULL ) ); + + /* No more variants because only the first argument must be non-NULL. */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_export( NULL, NULL, NULL, + NULL, NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_export( NULL, NULL, NULL, + NULL, NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_export_raw( NULL, + NULL, 0, + NULL, 0, + NULL, 0, + NULL, 0, + NULL, 0 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) ); + + TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL, + valid_padding, 0 ) ); + TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx, + invalid_padding, 0 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_gen_key( NULL, NULL, NULL, 0, 0 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_check_pubkey( NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_check_privkey( NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_check_pub_priv( NULL, &ctx ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_check_pub_priv( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_public( NULL, buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_public( &ctx, NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_public( &ctx, buf, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_private( NULL, NULL, NULL, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_private( &ctx, NULL, NULL, + NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_private( &ctx, NULL, NULL, + buf, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL, + valid_mode, + sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, + invalid_mode, + sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, + valid_mode, + sizeof( buf ), NULL, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, + valid_mode, + sizeof( buf ), buf, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL, + NULL, + valid_mode, + sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, + NULL, + invalid_mode, + sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, + NULL, + valid_mode, + sizeof( buf ), NULL, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, + NULL, + valid_mode, + sizeof( buf ), buf, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, + valid_mode, + buf, sizeof( buf ), + sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, + invalid_mode, + buf, sizeof( buf ), + sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, + valid_mode, + NULL, sizeof( buf ), + sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, + valid_mode, + buf, sizeof( buf ), + sizeof( buf ), NULL, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, + valid_mode, + buf, sizeof( buf ), + sizeof( buf ), buf, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL, + valid_mode, &olen, + buf, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, + invalid_mode, &olen, + buf, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, + valid_mode, NULL, + buf, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, + valid_mode, &olen, + NULL, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, + valid_mode, &olen, + buf, NULL, 42 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL, + NULL, + valid_mode, &olen, + buf, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, + NULL, + invalid_mode, &olen, + buf, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, + NULL, + valid_mode, NULL, + buf, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, + NULL, + valid_mode, &olen, + NULL, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, + NULL, + valid_mode, &olen, + buf, NULL, 42 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL, + valid_mode, + buf, sizeof( buf ), + &olen, + buf, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, + invalid_mode, + buf, sizeof( buf ), + &olen, + buf, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, + valid_mode, + NULL, sizeof( buf ), + NULL, + buf, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, + valid_mode, + buf, sizeof( buf ), + &olen, + NULL, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, + valid_mode, + buf, sizeof( buf ), + &olen, + buf, NULL, 42 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL, + valid_mode, + 0, sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, + invalid_mode, + 0, sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), NULL, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), buf, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, + valid_mode, + 0, sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, + invalid_mode, + 0, sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), NULL, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), buf, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, + valid_mode, + 0, sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, + invalid_mode, + 0, sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), NULL, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), buf, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, + valid_mode, + 0, sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + invalid_mode, + 0, sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), NULL, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), buf, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, + NULL, + valid_mode, + 0, sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, + NULL, + invalid_mode, + 0, sizeof( buf ), buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, + NULL, + valid_mode, + 0, sizeof( buf ), + NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, + NULL, + valid_mode, + 0, sizeof( buf ), buf, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL, + valid_mode, + 0, sizeof( buf ), + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, + invalid_mode, + 0, sizeof( buf ), + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), + NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), + buf, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL, + valid_mode, + 0, sizeof( buf ), + buf, + 0, 0, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, + invalid_mode, + 0, sizeof( buf ), + buf, + 0, 0, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), + NULL, 0, 0, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, + valid_mode, + 0, sizeof( buf ), + buf, 0, 0, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_copy( NULL, &ctx ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_copy( &ctx, NULL ) ); + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, int digest, int mod, int radix_P, char * input_P, From 385ce9159270134280b92716219579bcb6d561c8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Dec 2018 18:33:12 +0000 Subject: [PATCH 188/415] Minor improvements --- include/mbedtls/rsa.h | 96 +++++++++++++++++++++---------------------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index fa1ef2d86..276293c51 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -161,7 +161,7 @@ mbedtls_rsa_context; * \param ctx The RSA context to initialize. This must not be \c NULL. * \param padding The padding mode to use. This must be either * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21. - * \param hash_id The hash identifier of ::bedtls_md_type_t type, if + * \param hash_id The hash identifier of ::mbedtls_md_type_t type, if * \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused * otherwise. */ @@ -515,11 +515,11 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, * * \param ctx The initialized RSA context to use. * \param input The input buffer. This must be a readable buffer - * of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * \param output The output buffer. This must be a writable buffer - * of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \note This function does not handle message padding. * @@ -554,11 +554,11 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL * if \p f_rng is \c NULL or if \p f_rng doesn't need a context. * \param input The input buffer. This must be a readable buffer - * of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * \param output The output buffer. This must be a writable buffer - * of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -594,14 +594,14 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't * need a context argument. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if * `ilen == 0`. * \param output The output buffer. This must be a writable buffer - * of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -633,14 +633,14 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * be \c NULL if \p f_rng is \c NULL or if \p f_rng * doesn't need a context argument. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if * `ilen == 0`. * \param output The output buffer. This must be a writable buffer - * of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -675,7 +675,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * be \c NULL if \p f_rng is \c NULL or if \p f_rng * doesn't need a context argument. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param label The buffer holding the custom label to use. * This must be a readable buffer of length \p label_len * Bytes. It may be \c NULL if \p label_len is \c 0. @@ -685,8 +685,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * buffer of size \p ilen Bytes. It may be \c NULL if * `ilen == 0`. * \param output The output buffer. This must be a writable buffer - * of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -728,12 +728,12 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer - * of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * \param output The buffer used to hold the plaintext. This must * be a writable buffer of length \p output_max_len Bytes. * \param output_max_len The maximum length of the output buffer. @@ -774,12 +774,12 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer - * of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * \param output The buffer used to hold the plaintext. This must * be a writable buffer of length \p output_max_len Bytes. * \param output_max_len The maximum length of the output buffer. @@ -822,7 +822,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param label The buffer holding the custom label to use. * This must be a readable buffer of length \p label_len * Bytes. It may be \c NULL if \p label_len is \c 0. @@ -830,8 +830,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer - * of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * \param output The buffer used to hold the plaintext. This must * be a writable buffer of length \p output_max_len Bytes. * \param output_max_len The maximum length of the output buffer. @@ -878,7 +878,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng is \c NULL or doesn't need a context argument. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -889,8 +889,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * #MBEDTLS_MD_NONE, it must be a readable buffer of length * the size of the hash corresponding to \p md_alg. * \param sig The buffer to hold the signature. This must be a writable - * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -923,7 +923,7 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng is \c NULL or doesn't need a context argument. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -934,8 +934,8 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * #MBEDTLS_MD_NONE, it must be a readable buffer of length * the size of the hash corresponding to \p md_alg. * \param sig The buffer to hold the signature. This must be a writable - * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -984,7 +984,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -995,8 +995,8 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * #MBEDTLS_MD_NONE, it must be a readable buffer of length * the size of the hash corresponding to \p md_alg. * \param sig The buffer to hold the signature. This must be a writable - * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -1036,7 +1036,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1047,8 +1047,8 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * #MBEDTLS_MD_NONE, it must be a readable buffer of length * the size of the hash corresponding to \p md_alg. * \param sig The buffer holding the signature. This must be a readable - * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -1081,7 +1081,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1092,8 +1092,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * #MBEDTLS_MD_NONE, it must be a readable buffer of length * the size of the hash corresponding to \p md_alg. * \param sig The buffer holding the signature. This must be a readable - * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -1137,7 +1137,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1148,8 +1148,8 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * #MBEDTLS_MD_NONE, it must be a readable buffer of length * the size of the hash corresponding to \p md_alg. * \param sig The buffer holding the signature. This must be a readable - * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -1195,8 +1195,8 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \param expected_salt_len The length of the salt used in padding. Use * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length. * \param sig The buffer holding the signature. This must be a readable - * buffer of length \c ctx->len Bytes. For example, \c 128 Bytes - * for an 1024-bit RSA modulus. + * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes + * for an 2048-bit RSA modulus. * * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -1228,7 +1228,7 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) * * \param ctx The RSA context to free. May be \c NULL, in which case * this function is a no-op. If it is not \c NULL, it must - * point to an initialized MPI. + * point to an initialized RSA context. */ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); From 0118d4190aa71b8e1f5848d4f5c3a6c34abab2a4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 10:06:21 +0000 Subject: [PATCH 189/415] Document that RSA public exponent must be odd --- include/mbedtls/rsa.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 276293c51..0041dc5a6 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -433,6 +433,7 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * This may be \c NULL if \p f_rng doesn't need a context. * \param nbits The size of the public key in bits. * \param exponent The public exponent to use. For example, \c 65537. + * This must be odd. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. From f66f294e2e1f1b6b414deb3387750deaad76a183 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 13:30:08 +0000 Subject: [PATCH 190/415] Improve documentation in RSA module --- include/mbedtls/rsa.h | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 0041dc5a6..814376b34 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -433,7 +433,7 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * This may be \c NULL if \p f_rng doesn't need a context. * \param nbits The size of the public key in bits. * \param exponent The public exponent to use. For example, \c 65537. - * This must be odd. + * This must be odd and greater than \c 1. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -737,7 +737,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * for an 2048-bit RSA modulus. * \param output The buffer used to hold the plaintext. This must * be a writable buffer of length \p output_max_len Bytes. - * \param output_max_len The maximum length of the output buffer. + * \param output_max_len The length in Bytes of the output buffer \p output. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -783,7 +783,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * for an 2048-bit RSA modulus. * \param output The buffer used to hold the plaintext. This must * be a writable buffer of length \p output_max_len Bytes. - * \param output_max_len The maximum length of the output buffer. + * \param output_max_len The length in Bytes of the output buffer \p output. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -819,7 +819,10 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is needed for #MBEDTLS_RSA_PRIVATE. + * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, + * this is used for blinding and should be provided; see + * mbedtls_rsa_private() for more. If \p mode is + * #MBEDTLS_RSA_PUBLIC, it is ignored. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either @@ -835,7 +838,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * for an 2048-bit RSA modulus. * \param output The buffer used to hold the plaintext. This must * be a writable buffer of length \p output_max_len Bytes. - * \param output_max_len The maximum length of the output buffer. + * \param output_max_len The length in Bytes of the output buffer \p output. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. @@ -875,7 +878,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * * \param ctx The initialized RSA context to use. * \param f_rng The RNG function. It is needed for PKCS#1 v2.1 encoding - * and for \p mode set to #MBEDTLS_RSA_PRIVATE. + * and for \p mode set to #MBEDTLS_RSA_PRIVATE, and ignored + * otherwise. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng is \c NULL or doesn't need a context argument. * \param mode The mode of operation. This must be either @@ -919,8 +923,10 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. It is needed for PKCS#1 v2.1 encoding - * and for \p mode set to #MBEDTLS_RSA_PRIVATE. + * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, + * this is used for blinding and should be provided; see + * mbedtls_rsa_private() for more. If \p mode is + * #MBEDTLS_RSA_PUBLIC, it is ignored. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng is \c NULL or doesn't need a context argument. * \param mode The mode of operation. This must be either From a7ee00225bbf98bcacdd0422d9b054514ef3d0e2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 13:30:20 +0000 Subject: [PATCH 191/415] Test mbedtls_rsa_init() with invalid padding --- tests/suites/test_suite_rsa.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index fe70085f9..a0ab86cb9 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -28,7 +28,8 @@ void rsa_invalid_param( ) unsigned char buf[42] = { 0 }; size_t olen; - TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, 0, 0 ) ); + TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) ); + TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) ); TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) ); /* No more variants because only the first argument must be non-NULL. */ From 71cd6c7ba9c8c38a73f661bf5e4c4d1a721b0032 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 13:30:30 +0000 Subject: [PATCH 192/415] Remove duplicate test in RSA parameter validation test --- tests/suites/test_suite_rsa.function | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index a0ab86cb9..2da01efe4 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -48,9 +48,6 @@ void rsa_invalid_param( ) mbedtls_rsa_complete( NULL ) ); /* No more variants because only the first argument must be non-NULL. */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_export( NULL, NULL, NULL, - NULL, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_export( NULL, NULL, NULL, NULL, NULL, NULL ) ); From f04d923834765efc3d3738be603ee5f5ae67b495 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 13:30:42 +0000 Subject: [PATCH 193/415] Test mbedtls_rsa_gen_key() with NULL ctx/RNG separately --- tests/suites/test_suite_rsa.function | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 2da01efe4..60c13c84e 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -67,7 +67,11 @@ void rsa_invalid_param( ) invalid_padding, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_gen_key( NULL, NULL, NULL, 0, 0 ) ); + mbedtls_rsa_gen_key( NULL, rnd_std_rand, + NULL, 0, 0 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_gen_key( &ctx, NULL, + NULL, 0, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_check_pubkey( NULL ) ); From 05cf6dabb8eedcba65937e1505f85ac8f76c56d6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 13:33:37 +0000 Subject: [PATCH 194/415] Add missing test for mbedtls_rsa_pkcs1_sign() --- tests/suites/test_suite_rsa.function | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 60c13c84e..b004c9573 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -275,6 +275,12 @@ void rsa_invalid_param( ) valid_mode, 0, sizeof( buf ), buf, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, + valid_mode, + MBEDTLS_MD_SHA1, + 0, NULL, + buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, From 5bdfca926fecd1fcf2caa8e4ff5af43f35c9668c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 13:59:28 +0000 Subject: [PATCH 195/415] Further RSA documentation improvements --- include/mbedtls/rsa.h | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 814376b34..b87c79d66 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -725,7 +725,10 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is needed for #MBEDTLS_RSA_PRIVATE. + * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, + * this is used for blinding and should be provided; see + * mbedtls_rsa_private() for more. If \p mode is + * #MBEDTLS_RSA_PUBLIC, it is ignored. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either @@ -771,7 +774,10 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is needed for #MBEDTLS_RSA_PRIVATE. + * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, + * this is used for blinding and should be provided; see + * mbedtls_rsa_private() for more. If \p mode is + * #MBEDTLS_RSA_PUBLIC, it is ignored. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either @@ -877,9 +883,10 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. It is needed for PKCS#1 v2.1 encoding - * and for \p mode set to #MBEDTLS_RSA_PRIVATE, and ignored - * otherwise. + * \param f_rng The RNG function. If the padding mode is PKCS#1 v2.1 + * and \p mode is set to #MBEDTLS_RSA_PRIVATE, it is used for + * blinding and should be provided; see mbedtls_rsa_private(). + * It is ignored otherwise. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng is \c NULL or doesn't need a context argument. * \param mode The mode of operation. This must be either From b06f193d73e7c183a2f923e48d00e57932b83f93 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 14:04:28 +0000 Subject: [PATCH 196/415] Add missing cases to RSA parameter validation test --- tests/suites/test_suite_rsa.function | 37 ++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index b004c9573..89c84e8ca 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -302,6 +302,12 @@ void rsa_invalid_param( ) valid_mode, 0, sizeof( buf ), buf, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, + valid_mode, + MBEDTLS_MD_SHA1, + 0, NULL, + buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, @@ -323,6 +329,12 @@ void rsa_invalid_param( ) valid_mode, 0, sizeof( buf ), buf, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, + valid_mode, + MBEDTLS_MD_SHA1, + 0, NULL, + buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, @@ -344,6 +356,11 @@ void rsa_invalid_param( ) valid_mode, 0, sizeof( buf ), buf, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + valid_mode, + MBEDTLS_MD_SHA1, 0, NULL, + buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, @@ -369,6 +386,13 @@ void rsa_invalid_param( ) valid_mode, 0, sizeof( buf ), buf, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, + NULL, + valid_mode, + MBEDTLS_MD_SHA1, + 0, NULL, + buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL, @@ -390,6 +414,12 @@ void rsa_invalid_param( ) valid_mode, 0, sizeof( buf ), buf, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, + valid_mode, + MBEDTLS_MD_SHA1, + 0, NULL, + buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL, @@ -417,6 +447,13 @@ void rsa_invalid_param( ) 0, sizeof( buf ), buf, 0, 0, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, + valid_mode, + MBEDTLS_MD_SHA1, + 0, NULL, + 0, 0, + buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_copy( NULL, &ctx ) ); From e77ef2ad33fc5917e070eefd5a4687452c6548fb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 18:10:43 +0000 Subject: [PATCH 197/415] Document parameter preconditions in ECH module --- include/mbedtls/ecdh.h | 157 ++++++++++++++++++++++++++--------------- 1 file changed, 99 insertions(+), 58 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index cbd48414a..6f7ae7a22 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -149,11 +149,16 @@ mbedtls_ecdh_context; * * \see ecp.h * - * \param grp The ECP group. + * \param grp The ECP group to use. This must be initialized and have + * domain parameters loaded, for example through + * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group(). * \param d The destination MPI (private key). + * This must be initialized. * \param Q The destination point (public key). - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * This must be initialized. + * \param f_rng The RNG function to use. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL in case \p f_rng doesn't need a context argument. * * \return \c 0 on success. * \return Another \c MBEDTLS_ERR_ECP_XXX or @@ -176,12 +181,22 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp * countermeasures against side-channel attacks. * For more information, see mbedtls_ecp_mul(). * - * \param grp The ECP group. + * \param grp The ECP group to use. This must be initialized and have + * domain parameters loaded, for example through + * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group(). * \param z The destination MPI (shared secret). + * This must be initialized. * \param Q The public key from another party. + * This must be initialized. * \param d Our secret exponent (private key). - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * This must be initialized. + * \param f_rng The RNG function. This may be \c NULL if randomization + * of intermediate results during the ECP computations is + * not needed (discouraged). See the documentation of + * mbedtls_ecp_mul() for more. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng is \c NULL or doesn't need a + * context argument. * * \return \c 0 on success. * \return Another \c MBEDTLS_ERR_ECP_XXX or @@ -195,7 +210,7 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, /** * \brief This function initializes an ECDH context. * - * \param ctx The ECDH context to initialize. + * \param ctx The ECDH context to initialize. This must not be \c NULL. */ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ); @@ -210,39 +225,42 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ); * This is the first function used by a TLS server for ECDHE * ciphersuites. * - * \param ctx The ECDH context to set up. + * \param ctx The ECDH context to set up. This must be initialized. * \param grp_id The group id of the group to set up the context for. * * \return \c 0 on success. */ -int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ); +int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, + mbedtls_ecp_group_id grp_id ); /** * \brief This function frees a context. * - * \param ctx The context to free. + * \param ctx The context to free. This may be \c NULL, in which + * case this function does nothing. If it is not \c NULL, + * it must point to an initialized ECDH context. */ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); /** - * \brief This function generates a public key and a TLS - * ServerKeyExchange payload. + * \brief This function generates an EC key pair and exports its + * in the format used in a TLS ServerKeyExchange handshake + * message. * * This is the second function used by a TLS server for ECDHE * ciphersuites. (It is called after mbedtls_ecdh_setup().) * - * \note This function assumes that the ECP group (grp) of the - * \p ctx context has already been properly set, - * for example, using mbedtls_ecp_group_load(). - * * \see ecp.h * - * \param ctx The ECDH context. - * \param olen The number of characters written. - * \param buf The destination buffer. - * \param blen The length of the destination buffer. - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * \param ctx The ECDH context to use. This must be initialized + * and bound to a group, for example via mbedtls_ecdh_setup(). + * \param olen The address at which to store the number of Bytes written. + * \param buf The destination buffer. This must be a writable buffer of + * length \p blen Bytes. + * \param blen The length of the destination buffer \p buf in Bytes. + * \param f_rng The RNG function to use. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL in case \p f_rng doesn't need a context argument. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of @@ -255,24 +273,32 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ); /** - * \brief This function parses and processes a TLS ServerKeyExhange - * payload. + * \brief This function parses the ECDHE parameters in a + * TLS ServerKeyExchange handshake message. * - * This is the first function used by a TLS client for ECDHE - * ciphersuites. + * \note In a TLS handshake, this is the how the client + * sets up its ECDHE context from the server's public + * ECDHE key material. * * \see ecp.h * - * \param ctx The ECDH context. - * \param buf The pointer to the start of the input buffer. - * \param end The address for one Byte past the end of the buffer. + * \param ctx The ECDHE context to use. This must be initialized. + * \param p On input, *p must be the start of the input buffer. + * On output, *p is updated to point to the end of the data + * that has been read. On success, this is the first byte + * past the end of the ServerKeyExchange parameters. + * On error, this is the point at which an error has been + * detected, which is usually not useful except to debug + * failures. + * \param end The end of the input buffer. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, - const unsigned char **buf, const unsigned char *end ); + const unsigned char **buf, + const unsigned char *end ); /** * \brief This function sets up an ECDH context from an EC key. @@ -283,33 +309,40 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, * * \see ecp.h * - * \param ctx The ECDH context to set up. - * \param key The EC key to use. - * \param side Defines the source of the key: 1: Our key, or - * 0: The key of the peer. + * \param ctx The ECDH context to set up. This must be initialized. + * \param key The EC key to use. This must be initialized. + * \param side Defines the source of the key. Possible values are: + * - \c 1: The imported key is ours. + * - \c 0: The imported key is that of the peer. * * \return \c 0 on success. * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ -int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, - mbedtls_ecdh_side side ); +int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, + const mbedtls_ecp_keypair *key, + mbedtls_ecdh_side side ); /** - * \brief This function generates a public key and a TLS - * ClientKeyExchange payload. + * \brief This function generates a public key and exports it + * as a TLS ClientKeyExchange payload. * * This is the second function used by a TLS client for ECDH(E) * ciphersuites. * * \see ecp.h * - * \param ctx The ECDH context. - * \param olen The number of Bytes written. - * \param buf The destination buffer. - * \param blen The size of the destination buffer. - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * \param ctx The ECDH context to use. This must be initialized + * and bound to a group, the latter usually by + * mbedtls_ecdh_read_params(). + * \param olen The address at which to store the number of Bytes written. + * This must not be \c NULL. + * \param buf The destination buffer. This must be a writable buffer + * of lsength \p blen Bytes. + * \param blen The size of the destination buffer \p buf in Bytes. + * \param f_rng The RNG function to use. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL in case \p f_rng doesn't need a context argument. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of @@ -322,8 +355,8 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ); /** - * \brief This function parses and processes a TLS ClientKeyExchange - * payload. + * \brief This function parses and processes the ECDHE payload of a + * TLS ClientKeyExchange message. * * This is the third function used by a TLS server for ECDH(E) * ciphersuites. (It is called after mbedtls_ecdh_setup() and @@ -331,15 +364,17 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, * * \see ecp.h * - * \param ctx The ECDH context. - * \param buf The start of the input buffer. - * \param blen The length of the input buffer. + * \param ctx The ECDH context to use. This must be initialized + * and bound to a group, for example via mbedtls_ecdh_setup(). + * \param buf The pointer to the ClientKeyExchange payload. This must + * be a readable buffer of length \p blen Bytes. + * \param blen The length of the input buffer \p buf in Bytes. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, - const unsigned char *buf, size_t blen ); + const unsigned char *buf, size_t blen ); /** * \brief This function derives and exports the shared secret. @@ -352,13 +387,19 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, * For more information, see mbedtls_ecp_mul(). * * \see ecp.h - * - * \param ctx The ECDH context. - * \param olen The number of Bytes written. - * \param buf The destination buffer. - * \param blen The length of the destination buffer. - * \param f_rng The RNG function. - * \param p_rng The RNG context. + + * \param ctx The ECDH context to use. This must be initialized + * and have its own private key generated and the peer's + * public key imported. + * \param olen The address at which to store the total number of + * Bytes written on success. This must not be \c NULL. + * \param buf The buffer to write the generated shared key to. This + * must be a writable buffer of size \p blen Bytes. + * \param blen The length of the destination buffer \p buf in Bytes. + * \param f_rng The RNG function, for blinding purposes. This may + * b \c NULL if blinding isn't needed. + * \param p_rng The RNG context. This may be \c NULL if \p f_rng + * doesn't need a context argument. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of @@ -381,7 +422,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, * computations once enabled, except by free-ing the context, * which cancels possible in-progress operations. * - * \param ctx The ECDH context. + * \param ctx The ECDH context to use. This must be initialized. */ void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ); #endif /* MBEDTLS_ECP_RESTARTABLE */ From 91796d7471adba741e7eb8efdad47ea498c8e17e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 18:10:51 +0000 Subject: [PATCH 198/415] Implement parameter validation in ECDH module --- library/ecdh.c | 64 +++++++++++++++++++++++++++++++++----------------- 1 file changed, 43 insertions(+), 21 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index d68db8ac7..a8d6dbd83 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -35,9 +35,16 @@ #if defined(MBEDTLS_ECDH_C) #include "mbedtls/ecdh.h" +#include "mbedtls/platform_util.h" #include +/* Parameter validation macros based on platform_util.h */ +#define ECDH_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) +#define ECDH_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; #endif @@ -57,6 +64,10 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_restart_ctx *rs_ctx ) { int ret; + ECDH_VALIDATE_RET( grp != NULL ); + ECDH_VALIDATE_RET( d != NULL ); + ECDH_VALIDATE_RET( Q != NULL ); + ECDH_VALIDATE_RET( f_rng != NULL ); /* If multiplication is in progress, we already generated a privkey */ #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -78,6 +89,10 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { + ECDH_VALIDATE_RET( grp != NULL ); + ECDH_VALIDATE_RET( d != NULL ); + ECDH_VALIDATE_RET( Q != NULL ); + ECDH_VALIDATE_RET( f_rng != NULL ); return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) ); } #endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */ @@ -123,6 +138,10 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { + ECDH_VALIDATE_RET( grp != NULL ); + ECDH_VALIDATE_RET( Q != NULL ); + ECDH_VALIDATE_RET( d != NULL ); + ECDH_VALIDATE_RET( z != NULL ); return( ecdh_compute_shared_restartable( grp, z, Q, d, f_rng, p_rng, NULL ) ); } @@ -146,6 +165,8 @@ static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx ) */ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) { + ECDH_VALIDATE( ctx != NULL ); + #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) ecdh_init_internal( ctx ); mbedtls_ecp_point_init( &ctx->Vi ); @@ -181,8 +202,7 @@ static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx, */ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) { - if( ctx == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + ECDH_VALIDATE_RET( ctx != NULL ); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) return( ecdh_setup_internal( ctx, grp_id ) ); @@ -218,8 +238,7 @@ static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx ) */ void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ) { - if( ctx == NULL ) - return; + ECDH_VALIDATE_RET( ctx != NULL ); ctx->restart_enabled = 1; } @@ -318,9 +337,10 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int restart_enabled = 0; - - if( ctx == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + ECDH_VALIDATE_RET( ctx != NULL ); + ECDH_VALIDATE_RET( olen != NULL ); + ECDH_VALIDATE_RET( buf != NULL ); + ECDH_VALIDATE_RET( f_rng != NULL ); #if defined(MBEDTLS_ECP_RESTARTABLE) restart_enabled = ctx->restart_enabled; @@ -366,9 +386,10 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, { int ret; mbedtls_ecp_group_id grp_id; - - if( ctx == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + ECDH_VALIDATE_RET( ctx != NULL ); + ECDH_VALIDATE_RET( buf != NULL ); + ECDH_VALIDATE_RET( *buf != NULL ); + ECDH_VALIDATE_RET( end != NULL ); if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) ) != 0 ) @@ -420,9 +441,10 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, mbedtls_ecdh_side side ) { int ret; - - if( ctx == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + ECDH_VALIDATE_RET( ctx != NULL ); + ECDH_VALIDATE_RET( key != NULL ); + ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS || + side == MBEDTLS_ECDH_THEIRS ); if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 ) return( ret ); @@ -488,9 +510,9 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int restart_enabled = 0; - - if( ctx == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + ECDH_VALIDATE_RET( ctx != NULL ); + ECDH_VALIDATE_RET( olen != NULL ); + ECDH_VALIDATE_RET( buf != NULL ); #if defined(MBEDTLS_ECP_RESTARTABLE) restart_enabled = ctx->restart_enabled; @@ -535,8 +557,8 @@ static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx, int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, const unsigned char *buf, size_t blen ) { - if( ctx == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + ECDH_VALIDATE_RET( ctx != NULL ); + ECDH_VALIDATE_RET( buf != NULL ); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) return( ecdh_read_public_internal( ctx, buf, blen ) ); @@ -607,9 +629,9 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ) { int restart_enabled = 0; - - if( ctx == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + ECDH_VALIDATE_RET( ctx != NULL ); + ECDH_VALIDATE_RET( olen != NULL ); + ECDH_VALIDATE_RET( buf != NULL ); #if defined(MBEDTLS_ECP_RESTARTABLE) restart_enabled = ctx->restart_enabled; From 4c818483b2914567d180cb371d44326c408c5ef8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 18:32:22 +0000 Subject: [PATCH 199/415] Test parameter validation for ECDH module --- tests/suites/test_suite_ecdh.data | 6 ++ tests/suites/test_suite_ecdh.function | 142 ++++++++++++++++++++++++++ 2 files changed, 148 insertions(+) diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data index 89e5e3a80..fe24ed46a 100644 --- a/tests/suites/test_suite_ecdh.data +++ b/tests/suites/test_suite_ecdh.data @@ -1,3 +1,9 @@ +ECDH - Valid parameters +ecdh_valid_param: + +ECDH - Invalid parameters +ecdh_invalid_param: + ECDH primitive random #1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecdh_primitive_random:MBEDTLS_ECP_DP_SECP192R1 diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 7144763a2..08a1686e5 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -7,6 +7,148 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void ecdh_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_ecdh_free( NULL ) ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void ecdh_invalid_param( ) +{ + mbedtls_ecp_group grp; + mbedtls_ecdh_context ctx; + mbedtls_mpi m; + mbedtls_ecp_point P; + mbedtls_ecp_keypair kp; + size_t olen; + unsigned char buf[42] = { 0 }; + const unsigned char *buf_null = NULL; + size_t const buflen = sizeof( buf ); + int invalid_side = 42; + mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1; + + TEST_INVALID_PARAM( mbedtls_ecdh_init( NULL ) ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + TEST_INVALID_PARAM( mbedtls_ecdh_enable_restart( NULL ) ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_gen_public( NULL, &m, &P, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_gen_public( &grp, NULL, &P, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_gen_public( &grp, &m, NULL, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_gen_public( &grp, &m, &P, + NULL, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_compute_shared( NULL, &m, &P, &m, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL, + rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_setup( NULL, valid_grp ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_make_params( NULL, &olen, + buf, buflen, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_make_params( &ctx, NULL, + buf, buflen, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_make_params( &ctx, &olen, + NULL, buflen, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_make_params( &ctx, &olen, + buf, buflen, + NULL, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_read_params( NULL, + (const unsigned char**) &buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_read_params( &ctx, &buf_null, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_read_params( &ctx, NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_read_params( &ctx, + (const unsigned char**) &buf, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_get_params( NULL, &kp, + MBEDTLS_ECDH_OURS ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_get_params( &ctx, NULL, + MBEDTLS_ECDH_OURS ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_get_params( &ctx, &kp, + invalid_side ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_make_public( NULL, &olen, + buf, buflen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_make_public( &ctx, NULL, + buf, buflen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_make_public( &ctx, &olen, + NULL, buflen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_make_public( &ctx, &olen, + buf, buflen, + NULL, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_read_public( NULL, buf, buflen ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_read_public( &ctx, NULL, buflen ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen, + rnd_std_rand, + NULL ) ); + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE */ void ecdh_primitive_random( int id ) { From 60b65044ac5c0fd0b6320ada61d9cd5bf5d899cc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 22:59:13 +0000 Subject: [PATCH 200/415] Fix parameter name in documentation of ECDH module --- include/mbedtls/ecdh.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 6f7ae7a22..f17446c6d 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -283,9 +283,9 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, * \see ecp.h * * \param ctx The ECDHE context to use. This must be initialized. - * \param p On input, *p must be the start of the input buffer. - * On output, *p is updated to point to the end of the data - * that has been read. On success, this is the first byte + * \param buf On input, \c *buf must be the start of the input buffer. + * On output, \c *buf is updated to point to the end of the + * data that has been read. On success, this is the first byte * past the end of the ServerKeyExchange parameters. * On error, this is the point at which an error has been * detected, which is usually not useful except to debug From c4e5aa5746d95efc2b87ba1bfd35e5fbc58da05d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Dec 2018 17:09:27 +0000 Subject: [PATCH 201/415] Document parameter preconditions for ECJPAKE module --- include/mbedtls/ecjpake.h | 143 ++++++++++++++++++++++---------------- 1 file changed, 83 insertions(+), 60 deletions(-) diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 59d12f080..28e189a9f 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -92,28 +92,34 @@ typedef struct mbedtls_ecjpake_context #endif /* MBEDTLS_ECJPAKE_ALT */ /** - * \brief Initialize a context - * (just makes it ready for setup() or free()). + * \brief Initialize an ECJPAKE context. * - * \param ctx context to initialize + * \param ctx The ECJPAKE context to initialize. + * This must not be \c NULL. */ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); /** - * \brief Set up a context for use + * \brief Set up an ECJPAKE context for use. * * \note Currently the only values for hash/curve allowed by the - * standard are MBEDTLS_MD_SHA256/MBEDTLS_ECP_DP_SECP256R1. + * standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1. * - * \param ctx context to set up - * \param role Our role: client or server - * \param hash hash function to use (MBEDTLS_MD_XXX) - * \param curve elliptic curve identifier (MBEDTLS_ECP_DP_XXX) - * \param secret pre-shared secret (passphrase) - * \param len length of the shared secret + * \param ctx The ECJPAKE context to set up. This must be initialized. + * \param role The role of the caller. This must be either + * #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER. + * \param hash The identifier of the hash function to use, + * for example #MBEDTLS_MD_SHA256. + * \param curve The identifier of the Telliptic curve to use, + * for example #MBEDTLS_ECP_SECP192k1. + * \param secret The pre-shared secret (passphrase). This must be + * a readable buffer of length \p len Bytes, but need + * only be valid for the duration of this call. It may + * be \c NULL if \p len is zero. + * \param len The length of the pre-shared secret \p secret. * - * \return 0 if successfull, - * a negative error code otherwise + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, mbedtls_ecjpake_role role, @@ -123,29 +129,34 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, size_t len ); /** - * \brief Check if a context is ready for use + * \brief Check if an ECJPAKE context is ready for use. * - * \param ctx Context to check + * \param ctx The ECJPAKE context to check. This must be + * initialized. * - * \return 0 if the context is ready for use, - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise + * \return \c 0 if the context is ready for use. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise. */ int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ); /** * \brief Generate and write the first round message * (TLS: contents of the Client/ServerHello extension, - * excluding extension type and length bytes) + * excluding extension type and length bytes). * - * \param ctx Context to use - * \param buf Buffer to write the contents to - * \param len Buffer size - * \param olen Will be updated with the number of bytes written - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param ctx The ECJPAKE context to use. This must be + * initialized and set up. + * \param buf The buffer to write the contents to. This must be a + * writable buffer of length \p len Bytes. + * \param len The length of \p buf in Bytes. + * \param olen The address at which to store the total number + * of Bytes written to \p buf. This must not be \c NULL. + * \param f_rng The RNG function to use. This must not be \c NULL. + * \param p_rng The RNG parameter to be passed to \p f_rng. This + * may be \c NULL if \p f_rng doesn't use a context. * - * \return 0 if successfull, - * a negative error code otherwise + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, @@ -155,14 +166,16 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, /** * \brief Read and process the first round message * (TLS: contents of the Client/ServerHello extension, - * excluding extension type and length bytes) + * excluding extension type and length bytes). * - * \param ctx Context to use - * \param buf Pointer to extension contents - * \param len Extension length + * \param ctx The ECJPAKE context to use. This must be initialized + * and set up. + * \param buf The buffer holding the first round message. This must + * be a readable buffer of length \p len Bytes. + * \param len The length in Bytes of \p buf. * - * \return 0 if successfull, - * a negative error code otherwise + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, const unsigned char *buf, @@ -170,17 +183,21 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, /** * \brief Generate and write the second round message - * (TLS: contents of the Client/ServerKeyExchange) + * (TLS: contents of the Client/ServerKeyExchange). * - * \param ctx Context to use - * \param buf Buffer to write the contents to - * \param len Buffer size - * \param olen Will be updated with the number of bytes written - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param ctx The ECJPAKE context to use. This must be initialized, + * set up, and already have performed round one. + * \param buf The buffer to write the round two contents to. + * This must be a writable buffer of length \p len Bytes. + * \param len The size of \p buf in Bytes. + * \param olen The address at which to store the total number of Bytes + * written to \p buf. This must not be \c NULL. + * \param f_rng The RNG function to use. This must not be \c NULL. + * \param p_rng The RNG parameter to be passed to \p f_rng. This + * may be \c NULL if \p f_rng doesn't use a context. * - * \return 0 if successfull, - * a negative error code otherwise + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, @@ -189,14 +206,16 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, /** * \brief Read and process the second round message - * (TLS: contents of the Client/ServerKeyExchange) + * (TLS: contents of the Client/ServerKeyExchange). * - * \param ctx Context to use - * \param buf Pointer to the message - * \param len Message length + * \param ctx The ECJPAKE context to use. This must be initialized + * and set up and have performed roudn one. + * \param buf The buffer holding the second round message. This must + * be a readable buffer of length \p len Bytes. + * \param len The length in Bytes of \p buf. * - * \return 0 if successfull, - * a negative error code otherwise + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, const unsigned char *buf, @@ -204,17 +223,21 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, /** * \brief Derive the shared secret - * (TLS: Pre-Master Secret) + * (TLS: Pre-Master Secret). * - * \param ctx Context to use - * \param buf Buffer to write the contents to - * \param len Buffer size - * \param olen Will be updated with the number of bytes written - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param ctx The ECJPAKE context to use. This must be initialized, + * set up and have performed both round one and two. + * \param buf The buffer to write the derived secret to. This must + * be a writable buffer of length \p len Bytes. + * \param len The length of \p buf in Bytes. + * \param olen The address at which to store the total number of Bytes + * written to \p buf. This must not be \c NULL. + * \param f_rng The RNG function to use. This must not be \c NULL. + * \param p_rng The RNG parameter to be passed to \p f_rng. This + * may be \c NULL if \p f_rng doesn't use a context. * - * \return 0 if successfull, - * a negative error code otherwise + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, @@ -222,14 +245,14 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, void *p_rng ); /** - * \brief Free a context's content + * \brief Free an ECJPAKE context. * - * \param ctx context to free + * \param ctx The ECJPAKE context to free. This may be \c NULL, + * in which case this function does nothing. If it is not + * \c NULL, it must point to an initialized ECJPAKE context. */ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); - - #if defined(MBEDTLS_SELF_TEST) /** From 71c8e1b8d8da454ad2de402ed6a95fe4c663c24e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Dec 2018 17:09:39 +0000 Subject: [PATCH 202/415] Implement parameter validation in ECJPAKE module --- library/ecjpake.c | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/library/ecjpake.c b/library/ecjpake.c index ec5a4007d..c5ab4cbba 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -33,11 +33,18 @@ #if defined(MBEDTLS_ECJPAKE_C) #include "mbedtls/ecjpake.h" +#include "mbedtls/platform_util.h" #include #if !defined(MBEDTLS_ECJPAKE_ALT) +/* Parameter validation macros based on platform_util.h */ +#define ECJPAKE_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) +#define ECJPAKE_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + /* * Convert a mbedtls_ecjpake_role to identifier string */ @@ -54,8 +61,7 @@ static const char * const ecjpake_id[] = { */ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ) { - if( ctx == NULL ) - return; + ECJPAKE_VALIDATE( ctx != NULL ); ctx->md_info = NULL; mbedtls_ecp_group_init( &ctx->grp ); @@ -105,6 +111,10 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, size_t len ) { int ret; + ECJPAKE_VALIDATE_RET( ctx != NULL ); + ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT || + role == MBEDTLS_ECJPAKE_SERVER ); + ECJPAKE_VALIDATE_RET( secret != NULL || len == 0 ); ctx->role = role; @@ -127,6 +137,8 @@ cleanup: */ int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ) { + ECJPAKE_VALIDATE_RET( ctx != NULL ); + if( ctx->md_info == NULL || ctx->grp.id == MBEDTLS_ECP_DP_NONE || ctx->s.p == NULL ) @@ -504,6 +516,9 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len ) { + ECJPAKE_VALIDATE_RET( ctx != NULL ); + ECJPAKE_VALIDATE_RET( buf != NULL ); + return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format, &ctx->grp.G, &ctx->Xp1, &ctx->Xp2, ID_PEER, @@ -518,6 +533,11 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { + ECJPAKE_VALIDATE_RET( ctx != NULL ); + ECJPAKE_VALIDATE_RET( buf != NULL ); + ECJPAKE_VALIDATE_RET( olen != NULL ); + ECJPAKE_VALIDATE_RET( f_rng != NULL ); + return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format, &ctx->grp.G, &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2, @@ -559,6 +579,8 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, const unsigned char *end = buf + len; mbedtls_ecp_group grp; mbedtls_ecp_point G; /* C: GB, S: GA */ + ECJPAKE_VALIDATE_RET( ctx != NULL ); + ECJPAKE_VALIDATE_RET( buf != NULL ); mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &G ); @@ -651,6 +673,10 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, unsigned char *p = buf; const unsigned char *end = buf + len; size_t ec_len; + ECJPAKE_VALIDATE_RET( ctx != NULL ); + ECJPAKE_VALIDATE_RET( buf != NULL ); + ECJPAKE_VALIDATE_RET( olen != NULL ); + ECJPAKE_VALIDATE_RET( f_rng != NULL ); mbedtls_ecp_point_init( &G ); mbedtls_ecp_point_init( &Xm ); @@ -726,6 +752,10 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, mbedtls_mpi m_xm2_s, one; unsigned char kx[MBEDTLS_ECP_MAX_BYTES]; size_t x_bytes; + ECJPAKE_VALIDATE_RET( ctx != NULL ); + ECJPAKE_VALIDATE_RET( buf != NULL ); + ECJPAKE_VALIDATE_RET( olen != NULL ); + ECJPAKE_VALIDATE_RET( f_rng != NULL ); *olen = mbedtls_md_get_size( ctx->md_info ); if( len < *olen ) From 491db772c38625c690694be6034ce5ff7cf7e67e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Dec 2018 17:18:03 +0000 Subject: [PATCH 203/415] Test parameter validation for ECJPAKE module --- tests/suites/test_suite_ecjpake.data | 3 + tests/suites/test_suite_ecjpake.function | 131 +++++++++++++++++++++++ 2 files changed, 134 insertions(+) diff --git a/tests/suites/test_suite_ecjpake.data b/tests/suites/test_suite_ecjpake.data index 1a772a965..84c99c985 100644 --- a/tests/suites/test_suite_ecjpake.data +++ b/tests/suites/test_suite_ecjpake.data @@ -1,3 +1,6 @@ +ECJPAKE parameter validation +ecjpake_invalid_param: + ECJPAKE selftest ecjpake_selftest: diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function index 9e4f7a371..d26729522 100644 --- a/tests/suites/test_suite_ecjpake.function +++ b/tests/suites/test_suite_ecjpake.function @@ -98,6 +98,137 @@ cleanup: * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void ecjpake_invalid_param( ) +{ + mbedtls_ecjpake_context ctx; + unsigned char buf[42] = { 0 }; + size_t olen; + size_t const len = sizeof( buf ); + mbedtls_ecjpake_role valid_role = MBEDTLS_ECJPAKE_SERVER; + mbedtls_ecjpake_role invalid_role = (mbedtls_ecjpake_role) 42; + mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; + mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP256R1; + + TEST_INVALID_PARAM( mbedtls_ecjpake_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_ecjpake_free( NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_setup( NULL, + valid_role, + valid_md, + valid_group, + buf, len ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_setup( &ctx, + invalid_role, + valid_md, + valid_group, + buf, len ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_setup( &ctx, + valid_role, + valid_md, + valid_group, + NULL, len ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_check( NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_one( NULL, + buf, len, + &olen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_one( &ctx, + NULL, len, + &olen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_one( &ctx, + buf, len, + NULL, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_one( &ctx, + buf, len, + &olen, + NULL, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_two( NULL, + buf, len, + &olen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_two( &ctx, + NULL, len, + &olen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_two( &ctx, + buf, len, + NULL, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_two( &ctx, + buf, len, + &olen, + NULL, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_read_round_one( NULL, + buf, len ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_read_round_one( &ctx, + NULL, len ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_read_round_two( NULL, + buf, len ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_read_round_two( &ctx, + NULL, len ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_derive_secret( NULL, + buf, len, + &olen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_derive_secret( &ctx, + NULL, len, + &olen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_derive_secret( &ctx, + buf, len, + NULL, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_derive_secret( &ctx, + buf, len, + &olen, + NULL, + NULL ) ); + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void ecjpake_selftest( ) { From 8ce3d939be5e3d53a5280f53aaaf411e8458b9a4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 23:01:35 +0000 Subject: [PATCH 204/415] Fix typo in documentation of ECJPAKE module --- include/mbedtls/ecjpake.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 28e189a9f..cf4ab87ad 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -111,7 +111,7 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); * \param hash The identifier of the hash function to use, * for example #MBEDTLS_MD_SHA256. * \param curve The identifier of the Telliptic curve to use, - * for example #MBEDTLS_ECP_SECP192k1. + * for example #MBEDTLS_ECP_DP_SECP192K1. * \param secret The pre-shared secret (passphrase). This must be * a readable buffer of length \p len Bytes, but need * only be valid for the duration of this call. It may From e2e509ca5df934a30cb71354b466226925d51ca4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Dec 2018 16:43:20 +0000 Subject: [PATCH 205/415] Document parameter preconditions in ECDSA module --- include/mbedtls/ecdsa.h | 225 ++++++++++++++++++++++++++-------------- 1 file changed, 149 insertions(+), 76 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 4057828d4..86f49449a 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -118,7 +118,8 @@ typedef void mbedtls_ecdsa_restart_ctx; * \brief This function computes the ECDSA signature of a * previously-hashed message. * - * \note The deterministic version is usually preferred. + * \note The deterministic version implemented in + * mbedtls_ecdsa_sign_det() is usually preferred. * * \note If the bitlength of the message hash is larger than the * bitlength of the group order, then the hash is truncated @@ -128,14 +129,22 @@ typedef void mbedtls_ecdsa_restart_ctx; * * \see ecp.h * - * \param grp The ECP group. - * \param r The first output integer. - * \param s The second output integer. - * \param d The private signing key. - * \param buf The message hash. - * \param blen The length of \p buf. - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * \param grp The context for the elliptic curve to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param r The MPI context in which to store the first part + * the signature. This must be initialized. + * \param s The MPI context in which to store the second part + * the signature. This must be initialized. + * \param d The private signing key. This must be initialized. + * \param buf The content to be signed. This is usually the hash of + * the original data to be signed. This must be a readable + * buffer of length \p blen Bytes. It may be \c NULL if + * \p blen is zero. + * \param blen The length of \p buf in Bytes. + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng doesn't need a context parameter. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX @@ -162,21 +171,29 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, * * \see ecp.h * - * \param grp The ECP group. - * \param r The first output integer. - * \param s The second output integer. - * \param d The private signing key. - * \param buf The message hash. - * \param blen The length of \p buf. - * \param md_alg The MD algorithm used to hash the message. + * \param grp The context for the elliptic curve to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param r The MPI context in which to store the first part + * the signature. This must be initialized. + * \param s The MPI context in which to store the second part + * the signature. This must be initialized. + * \param d The private signing key. This must be initialized + * and setup, for example through mbedtls_ecp_gen_privkey(). + * \param buf The hashed content to be signed. This must be a readable + * buffer of length \p blen Bytes. It may be \c NULL if + * \p blen is zero. + * \param blen The length of \p buf in Bytes. + * \param md_alg The hash algorithm used to hash the original data. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure. */ -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ); +int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, + mbedtls_mpi *s, const mbedtls_mpi *d, + const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg ); #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ /** @@ -191,12 +208,19 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi * * \see ecp.h * - * \param grp The ECP group. - * \param buf The message hash. - * \param blen The length of \p buf. - * \param Q The public key to use for verification. + * \param grp The ECP group to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param buf The hashed content that was signed. This must be a readable + * buffer of length \p blen Bytes. It may be \c NULL if + * \p blen is zero. + * \param blen The length of \p buf in Bytes. + * \param Q The public key to use for verification. This must be + * initialized and setup. * \param r The first integer of the signature. + * This must be initialized. * \param s The second integer of the signature. + * This must be initialized. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature @@ -205,8 +229,9 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi * error code on failure for any other reason. */ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s); + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, const mbedtls_mpi *r, + const mbedtls_mpi *s); /** * \brief This function computes the ECDSA signature and writes it @@ -223,11 +248,6 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, * of the Digital Signature Algorithm (DSA) and Elliptic * Curve Digital Signature Algorithm (ECDSA). * - * \note The \p sig buffer must be at least twice as large as the - * size of the curve used, plus 9. For example, 73 Bytes if - * a 256-bit curve is used. A buffer length of - * #MBEDTLS_ECDSA_MAX_LEN is always safe. - * * \note If the bitlength of the message hash is larger than the * bitlength of the group order, then the hash is truncated as * defined in Standards for Efficient Cryptography Group @@ -236,20 +256,32 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, * * \see ecp.h * - * \param ctx The ECDSA context. + * \param ctx The ECDSA context to use. This must be initialized + * and have a group and private key bound to it, for example + * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair(). * \param md_alg The message digest that was used to hash the message. - * \param hash The message hash. - * \param hlen The length of the hash. - * \param sig The buffer that holds the signature. - * \param slen The length of the signature written. - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * \param hash The message hash to be signed. This must be a readable + * buffer of length \p blen Bytes. + * \param hlen The length of the hash \p hash in Bytes. + * \param sig The buffer to which to write the signature. This must be a + * writable buffer of length at least twice as large as the + * size of the curve used, plus 9. For example, 73 Bytes if + * a 256-bit curve is used. A buffer length of + * #MBEDTLS_ECDSA_MAX_LEN is always safe. + * \param slen The address at which to store the actual length of + * the signature written. Must not be \c NULL. + * \param f_rng The RNG function. This must not be \c NULL if + * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise, + * it is unused and may be set to \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng is \c NULL or doesn't use a context. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, +int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, int (*f_rng)(void *, unsigned char *, size_t), @@ -265,15 +297,28 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t * but it can return early and restart according to the limit * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. * - * \param ctx The ECDSA context. + * \param ctx The ECDSA context to use. This must be initialized + * and have a group and private key bound to it, for example + * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair(). * \param md_alg The message digest that was used to hash the message. - * \param hash The message hash. - * \param hlen The length of the hash. - * \param sig The buffer that holds the signature. - * \param slen The length of the signature written. - * \param f_rng The RNG function. - * \param p_rng The RNG context. - * \param rs_ctx The restart context (NULL disables restart). + * \param hash The message hash to be signed. This must be a readable + * buffer of length \p blen Bytes. + * \param hlen The length of the hash \p hash in Bytes. + * \param sig The buffer to which to write the signature. This must be a + * writable buffer of length at least twice as large as the + * size of the curve used, plus 9. For example, 73 Bytes if + * a 256-bit curve is used. A buffer length of + * #MBEDTLS_ECDSA_MAX_LEN is always safe. + * \param slen The address at which to store the actual length of + * the signature written. Must not be \c NULL. + * \param f_rng The RNG function. This must not be \c NULL if + * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise, + * it is unused and may be set to \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng is \c NULL or doesn't use a context. + * \param rs_ctx The restart context to use. This may be \c NULL to disable + * restarting. If it is not \c NULL, it must point to an + * initialized restart context. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of @@ -309,11 +354,6 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, * \warning It is not thread-safe to use the same context in * multiple threads. * - * \note The \p sig buffer must be at least twice as large as the - * size of the curve used, plus 9. For example, 73 Bytes if a - * 256-bit curve is used. A buffer length of - * #MBEDTLS_ECDSA_MAX_LEN is always safe. - * * \note If the bitlength of the message hash is larger than the * bitlength of the group order, then the hash is truncated as * defined in Standards for Efficient Cryptography Group @@ -325,12 +365,20 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, * \deprecated Superseded by mbedtls_ecdsa_write_signature() in * Mbed TLS version 2.0 and later. * - * \param ctx The ECDSA context. - * \param hash The message hash. - * \param hlen The length of the hash. - * \param sig The buffer that holds the signature. - * \param slen The length of the signature written. - * \param md_alg The MD algorithm used to hash the message. + * \param ctx The ECDSA context to use. This must be initialized + * and have a group and private key bound to it, for example + * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair(). + * \param hash The message hash to be signed. This must be a readable + * buffer of length \p blen Bytes. + * \param hlen The length of the hash \p hash in Bytes. + * \param sig The buffer to which to write the signature. This must be a + * writable buffer of length at least twice as large as the + * size of the curve used, plus 9. For example, 73 Bytes if + * a 256-bit curve is used. A buffer length of + * #MBEDTLS_ECDSA_MAX_LEN is always safe. + * \param slen The address at which to store the actual length of + * the signature written. Must not be \c NULL. + * \param md_alg The message digest that was used to hash the message. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or @@ -355,11 +403,14 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, * * \see ecp.h * - * \param ctx The ECDSA context. - * \param hash The message hash. - * \param hlen The size of the hash. - * \param sig The signature to read and verify. - * \param slen The size of \p sig. + * \param ctx The ECDSA context to use. This must be initialized + * and have a group and public key bound to it. + * \param hash The message hash that was signed. This must be a readable + * buffer of length \p size Bytes. + * \param hlen The size of the hash \p hash. + * \param sig The signature to read and verify. This must be a readable + * buffer of length \p slen Bytes. + * \param slen The size of \p sig in Bytes. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. @@ -382,12 +433,17 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, * but it can return early and restart according to the limit * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. * - * \param ctx The ECDSA context. - * \param hash The message hash. - * \param hlen The size of the hash. - * \param sig The signature to read and verify. - * \param slen The size of \p sig. - * \param rs_ctx The restart context (NULL disables restart). + * \param ctx The ECDSA context to use. This must be initialized + * and have a group and public key bound to it. + * \param hash The message hash that was signed. This must be a readable + * buffer of length \p size Bytes. + * \param hlen The size of the hash \p hash. + * \param sig The signature to read and verify. This must be a readable + * buffer of length \p slen Bytes. + * \param slen The size of \p sig in Bytes. + * \param rs_ctx The restart context to use. This may be \c NULL to disable + * restarting. If it is not \c NULL, it must point to an + * initialized restart context. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. @@ -409,10 +465,12 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, * \see ecp.h * * \param ctx The ECDSA context to store the keypair in. + * This must be initialized. * \param gid The elliptic curve to use. One of the various * \c MBEDTLS_ECP_DP_XXX macros depending on configuration. - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * \param f_rng The RNG function to use. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng doesn't need a context argument. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. @@ -425,36 +483,51 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, * * \see ecp.h * - * \param ctx The ECDSA context to set. - * \param key The EC key to use. + * \param ctx The ECDSA context to set. This must be initialized. + * \param key The EC key to use. This must be initialized and hold + * a private-public key pair or a public key. In the former + * case, the ECDSA context may be used for signature creation + * after this call. In the latter case, it may be used for + * signature verification. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. */ -int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ); +int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, + const mbedtls_ecp_keypair *key ); /** * \brief This function initializes an ECDSA context. * * \param ctx The ECDSA context to initialize. + * This must not be \c NULL. */ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ); /** * \brief This function frees an ECDSA context. * - * \param ctx The ECDSA context to free. + * \param ctx The ECDSA context to free. This may be \c NULL, + * in which case this function does nothing. If it + * is not \c NULL, it must be initialized. */ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ); #if defined(MBEDTLS_ECP_RESTARTABLE) /** - * \brief Initialize a restart context + * \brief Initialize a restart context. + * + * \param ctx The restart context to initialize. + * This must not be \c NULL. */ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ); /** - * \brief Free the components of a restart context + * \brief Free the components of a restart context. + * + * \param ctx The restart context to free. This may be \c NULL, + * in which case this function does nothing. If it + * is not \c NULL, it must be initialized. */ void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ); #endif /* MBEDTLS_ECP_RESTARTABLE */ From 319ae11ab32c0e481bd82ca8c4c7d0b2b11a7c14 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Dec 2018 16:43:29 +0000 Subject: [PATCH 206/415] Implement parameter validation in ECDSA module --- library/ecdsa.c | 77 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 70 insertions(+), 7 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index a62c14cbe..1204ef994 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -50,6 +50,14 @@ #define mbedtls_free free #endif +#include "mbedtls/platform_util.h" + +/* Parameter validation macros based on platform_util.h */ +#define ECDSA_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) +#define ECDSA_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #if defined(MBEDTLS_ECP_RESTARTABLE) /* @@ -377,6 +385,13 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { + ECDSA_VALIDATE_RET( grp != NULL ); + ECDSA_VALIDATE_RET( r != NULL ); + ECDSA_VALIDATE_RET( s != NULL ); + ECDSA_VALIDATE_RET( d != NULL ); + ECDSA_VALIDATE_RET( f_rng != NULL ); + ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); + return( ecdsa_sign_restartable( grp, r, s, d, buf, blen, f_rng, p_rng, NULL ) ); } @@ -456,6 +471,12 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi const mbedtls_mpi *d, const unsigned char *buf, size_t blen, mbedtls_md_type_t md_alg ) { + ECDSA_VALIDATE_RET( grp != NULL ); + ECDSA_VALIDATE_RET( r != NULL ); + ECDSA_VALIDATE_RET( s != NULL ); + ECDSA_VALIDATE_RET( d != NULL ); + ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); + return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg, NULL ) ); } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ @@ -574,9 +595,17 @@ cleanup: * Verify ECDSA signature of hashed message */ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s) + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *r, + const mbedtls_mpi *s) { + ECDSA_VALIDATE_RET( grp != NULL ); + ECDSA_VALIDATE_RET( Q != NULL ); + ECDSA_VALIDATE_RET( r != NULL ); + ECDSA_VALIDATE_RET( s != NULL ); + ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); + return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) ); } #endif /* !MBEDTLS_ECDSA_VERIFY_ALT */ @@ -618,6 +647,10 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, { int ret; mbedtls_mpi r, s; + ECDSA_VALIDATE_RET( ctx != NULL ); + ECDSA_VALIDATE_RET( hash != NULL ); + ECDSA_VALIDATE_RET( sig != NULL ); + ECDSA_VALIDATE_RET( slen != NULL ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); @@ -652,12 +685,17 @@ cleanup: /* * Compute and write signature */ -int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { + ECDSA_VALIDATE_RET( ctx != NULL ); + ECDSA_VALIDATE_RET( hash != NULL ); + ECDSA_VALIDATE_RET( sig != NULL ); + ECDSA_VALIDATE_RET( slen != NULL ); return( mbedtls_ecdsa_write_signature_restartable( ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) ); } @@ -669,6 +707,10 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, unsigned char *sig, size_t *slen, mbedtls_md_type_t md_alg ) { + ECDSA_VALIDATE_RET( ctx != NULL ); + ECDSA_VALIDATE_RET( hash != NULL ); + ECDSA_VALIDATE_RET( sig != NULL ); + ECDSA_VALIDATE_RET( slen != NULL ); return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen, NULL, NULL ) ); } @@ -681,6 +723,9 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen ) { + ECDSA_VALIDATE_RET( ctx != NULL ); + ECDSA_VALIDATE_RET( hash != NULL ); + ECDSA_VALIDATE_RET( sig != NULL ); return( mbedtls_ecdsa_read_signature_restartable( ctx, hash, hlen, sig, slen, NULL ) ); } @@ -698,6 +743,9 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, const unsigned char *end = sig + slen; size_t len; mbedtls_mpi r, s; + ECDSA_VALIDATE_RET( ctx != NULL ); + ECDSA_VALIDATE_RET( hash != NULL ); + ECDSA_VALIDATE_RET( sig != NULL ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); @@ -752,6 +800,9 @@ cleanup: int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { + ECDSA_VALIDATE_RET( ctx != NULL ); + ECDSA_VALIDATE_RET( f_rng != NULL ); + return( mbedtls_ecp_group_load( &ctx->grp, gid ) || mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); } @@ -763,6 +814,8 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ) { int ret; + ECDSA_VALIDATE_RET( ctx != NULL ); + ECDSA_VALIDATE_RET( key != NULL ); if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 || ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 || @@ -779,6 +832,8 @@ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_ke */ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ) { + ECDSA_VALIDATE( ctx != NULL ); + mbedtls_ecp_keypair_init( ctx ); } @@ -787,6 +842,9 @@ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ) */ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ) { + if( ctx == NULL ) + return; + mbedtls_ecp_keypair_free( ctx ); } @@ -796,6 +854,8 @@ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ) */ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) { + ECDSA_VALIDATE( ctx != NULL ); + mbedtls_ecp_restart_init( &ctx->ecp ); ctx->ver = NULL; @@ -810,6 +870,9 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) */ void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ) { + if( ctx == NULL ) + return; + mbedtls_ecp_restart_free( &ctx->ecp ); ecdsa_restart_ver_free( ctx->ver ); From af05a90349be8a89eff630f9b4e6a10af6875ef9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Dec 2018 16:43:38 +0000 Subject: [PATCH 207/415] Test parameter validation in ECDSA module --- tests/suites/test_suite_ecdsa.data | 3 + tests/suites/test_suite_ecdsa.function | 222 +++++++++++++++++++++++++ 2 files changed, 225 insertions(+) diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index 7e6ec6c55..59e209b36 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -1,3 +1,6 @@ +ECDSA Parameter validation +ecdsa_invalid_param: + ECDSA primitive random #1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecdsa_prim_random:MBEDTLS_ECP_DP_SECP192R1 diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 71078329b..d091a354d 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -7,6 +7,228 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void ecdsa_invalid_param( ) +{ + mbedtls_ecdsa_context ctx; + mbedtls_ecp_keypair key; + mbedtls_ecp_group grp; + mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1; + mbedtls_ecp_point P; + mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; + mbedtls_mpi m; + size_t slen; + unsigned char buf[42] = { 0 }; + + TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_sign( NULL, &m, &m, &m, + buf, sizeof( buf ), + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_sign( &grp, NULL, &m, &m, + buf, sizeof( buf ), + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_sign( &grp, &m, NULL, &m, + buf, sizeof( buf ), + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_sign( &grp, &m, &m, NULL, + buf, sizeof( buf ), + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_sign( &grp, &m, &m, &m, + NULL, sizeof( buf ), + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_sign( &grp, &m, &m, &m, + buf, sizeof( buf ), + NULL, NULL ) ); + +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_sign_det( NULL, &m, &m, &m, + buf, sizeof( buf ), + valid_md ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_sign_det( &grp, NULL, &m, &m, + buf, sizeof( buf ), + valid_md ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_sign_det( &grp, &m, NULL, &m, + buf, sizeof( buf ), + valid_md ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_sign_det( &grp, &m, &m, NULL, + buf, sizeof( buf ), + valid_md ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_sign_det( &grp, &m, &m, &m, + NULL, sizeof( buf ), + valid_md ) ); +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_verify( NULL, + buf, sizeof( buf ), + &P, &m, &m ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_verify( &grp, + NULL, sizeof( buf ), + &P, &m, &m ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_verify( &grp, + buf, sizeof( buf ), + NULL, &m, &m ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_verify( &grp, + buf, sizeof( buf ), + &P, NULL, &m ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_verify( &grp, + buf, sizeof( buf ), + &P, &m, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature( NULL, + valid_md, + buf, sizeof( buf ), + buf, &slen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature( &ctx, + valid_md, + NULL, sizeof( buf ), + buf, &slen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature( &ctx, + valid_md, + buf, sizeof( buf ), + NULL, &slen, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature( &ctx, + valid_md, + buf, sizeof( buf ), + buf, NULL, + rnd_std_rand, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_restartable( NULL, + valid_md, + buf, sizeof( buf ), + buf, &slen, + rnd_std_rand, + NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_restartable( &ctx, + valid_md, + NULL, sizeof( buf ), + buf, &slen, + rnd_std_rand, + NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_restartable( &ctx, + valid_md, + buf, sizeof( buf ), + NULL, &slen, + rnd_std_rand, + NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_restartable( &ctx, + valid_md, + buf, sizeof( buf ), + buf, NULL, + rnd_std_rand, + NULL, NULL ) ); + +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_DEPRECATED_REMOVED) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_det( NULL, + buf, + sizeof( buf ), + buf, &slen, + valid_md ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_det( &ctx, + NULL, + sizeof( buf ), + buf, &slen, + valid_md ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_det( &ctx, + buf, + sizeof( buf ), + NULL, &slen, + valid_md ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_det( &ctx, + buf, + sizeof( buf ), + buf, NULL, + valid_md ) ); +#endif /* MBEDTLS_ECDSA_DETERMINISTIC && !MBEDTLS_DEPRECATED_REMOVED */ + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_read_signature( NULL, + buf, sizeof( buf ), + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_read_signature( &ctx, + NULL, sizeof( buf ), + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_read_signature( &ctx, + buf, sizeof( buf ), + NULL, sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_read_signature_restartable( NULL, + buf, sizeof( buf ), + buf, sizeof( buf ), + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_read_signature_restartable( &ctx, + NULL, sizeof( buf ), + buf, sizeof( buf ), + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_read_signature_restartable( &ctx, + buf, sizeof( buf ), + NULL, sizeof( buf ), + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_genkey( NULL, valid_group, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_genkey( &ctx, valid_group, + NULL, NULL ) ); + + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_from_keypair( NULL, &key ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_from_keypair( &ctx, NULL ) ); + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE */ void ecdsa_prim_random( int id ) { From a9020f210740d298b0ac0347f7bfed297aed7872 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 14:45:45 +0000 Subject: [PATCH 208/415] Clarify the need for a PRNG in various RSA operations --- include/mbedtls/rsa.h | 51 +++++++++++++++++++++++++------------------ 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index b87c79d66..5171fc971 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -588,9 +588,12 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng This is the RNG function used to generate the - * PKCS#1 v2.1 padding encoding if \p mode is - * #MBEDTLS_RSA_PRIVATE. + * \param f_rng The RNG to use. If PKCS#1 v2.1 padding encoding is + * used, this must be provided. Additionally, it is + * used for blinding if \p mode is #MBEDTLS_RSA_PRIVATE + * and should be provided in this case; see + * mbedtls_rsa_private() for more. It is ignored + * for PKCS#1 v1.5 padding with #MBEDTLS_RSA_PUBLIC. * \param p_rng The RNG context to be passed to \p f_rng. May be * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't * need a context argument. @@ -628,8 +631,10 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function, needed for padding generation if - * \p mode is #MBEDTLS_RSA_PRIVATE. + * \param f_rng The RNG function to use. It is needed for padding generation + * if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is + * #MBEDTLS_RSA_PRIVATE (discouraged), it is used for + * blinding and should be provided; see mbedtls_rsa_private(). * \param p_rng The RNG context to be passed to \p f_rng. This may * be \c NULL if \p f_rng is \c NULL or if \p f_rng * doesn't need a context argument. @@ -670,11 +675,10 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initnialized RSA context to use. - * \param f_rng The RNG function, needed for padding and PKCS#1 v2.1 - * encoding if \p mode is #MBEDTLS_RSA_PRIVATE. + * \param f_rng The RNG function to use. This is needed for padding + * generation and must be provided. * \param p_rng The RNG context to be passed to \p f_rng. This may - * be \c NULL if \p f_rng is \c NULL or if \p f_rng - * doesn't need a context argument. + * be \c NULL if \p f_rng doesn't need a context argument. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param label The buffer holding the custom label to use. @@ -883,10 +887,11 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. If the padding mode is PKCS#1 v2.1 - * and \p mode is set to #MBEDTLS_RSA_PRIVATE, it is used for - * blinding and should be provided; see mbedtls_rsa_private(). - * It is ignored otherwise. + * \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1, + * this must be provided. If the padding mode is PKCS#1 v1.5 and + * \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding + * and should be provided; see mbedtls_rsa_private() for more + * more. It is ignored otherwise. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng is \c NULL or doesn't need a context argument. * \param mode The mode of operation. This must be either @@ -1045,8 +1050,9 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. This is only needed if - * \p mode is #MBEDTLS_RSA_PRIVATE. + * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, + * this is used for blinding and should be provided; see + * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either @@ -1090,8 +1096,9 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. This is only needed if - * \p mode is #MBEDTLS_RSA_PRIVATE. + * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, + * this is used for blinding and should be provided; see + * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either @@ -1146,8 +1153,9 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. This is only needed if - * \p mode is #MBEDTLS_RSA_PRIVATE. + * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, + * this is used for blinding and should be provided; see + * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either @@ -1190,8 +1198,9 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \note The \p hash_id in the RSA context is ignored. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. This is only needed if - * \p mode is #MBEDTLS_RSA_PRIVATE. + * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, + * this is used for blinding and should be provided; see + * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either From b86e684ed4b694eb77fe3922d3597211e63bb929 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 14:46:04 +0000 Subject: [PATCH 209/415] Move/remove param validation in mbedtls_rsa_rsaes_pkcs1_v15_encrypt - The validity of the input and output parameters is checked by parameter validation. - A PRNG is required in public mode only (even though it's also recommended in private mode), so move the check to the corresponding branch. --- library/rsa.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 603db092c..154738ff7 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1223,10 +1223,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - // We don't check p_rng because it won't be dereferenced here - if( f_rng == NULL || input == NULL || output == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - olen = ctx->len; /* first comparison checks for overflow */ @@ -1238,6 +1234,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, *p++ = 0; if( mode == MBEDTLS_RSA_PUBLIC ) { + if( f_rng == NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + *p++ = MBEDTLS_RSA_CRYPT; while( nb_pad-- > 0 ) From ba519b94a58199c76462b228ab178eb82bb590e0 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 9 Dec 2018 20:58:36 +0000 Subject: [PATCH 210/415] Add parameter validation to SHA-512 module --- ChangeLog | 2 ++ include/mbedtls/error.h | 2 +- include/mbedtls/sha512.h | 1 + library/sha512.c | 23 +++++++++++++++++++++++ 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 66a8ce92f..1c2614a6f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,8 @@ API Changes mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() * Extend ECDH interface to enable alternative implementations. + * Add validation checks for input parameters to functions in the SHA-512 + module. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 0c3888987..851be1b6c 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -76,7 +76,7 @@ * RIPEMD160 1 0x0031-0x0031 * SHA1 1 0x0035-0x0035 * SHA256 1 0x0037-0x0037 - * SHA512 1 0x0039-0x0039 + * SHA512 1 0x0039-0x0039 0x0075-0x0075 * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B * CHACHAPOLY 2 0x0054-0x0056 diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 020f95de6..257e8d43f 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -37,6 +37,7 @@ /* MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */ +#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075 /**< Invalid input data. */ #ifdef __cplusplus extern "C" { diff --git a/library/sha512.c b/library/sha512.c index a9440e8af..7a99170c9 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -88,8 +88,14 @@ } #endif /* PUT_UINT64_BE */ +#define MBEDTLS_SHA512_VALIDATE_RET(cond) \ + MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, cond ) +#define MBEDTLS_SHA512_VALIDATE(cond) MBEDTLS_VALIDATE( cond ) + void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) { + MBEDTLS_SHA512_VALIDATE( ctx != NULL ); + memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); } @@ -104,6 +110,9 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) void mbedtls_sha512_clone( mbedtls_sha512_context *dst, const mbedtls_sha512_context *src ) { + MBEDTLS_SHA512_VALIDATE( dst != NULL ); + MBEDTLS_SHA512_VALIDATE( src != NULL ); + *dst = *src; } @@ -112,6 +121,8 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, */ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) { + MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); + ctx->total[0] = 0; ctx->total[1] = 0; @@ -209,6 +220,9 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, uint64_t temp1, temp2, W[80]; uint64_t A, B, C, D, E, F, G, H; + MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA512_VALIDATE_RET( (const unsigned char *)data != NULL ); + #define SHR(x,n) (x >> n) #define ROTR(x,n) (SHR(x,n) | (x << (64 - n))) @@ -297,6 +311,9 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, if( ilen == 0 ) return( 0 ); + MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA512_VALIDATE_RET( input != NULL ); + left = (unsigned int) (ctx->total[0] & 0x7F); fill = 128 - left; @@ -351,6 +368,9 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned used; uint64_t high, low; + MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); + /* * Add padding: 0x80 then 0x00 until 16 bytes remain for the length */ @@ -427,6 +447,9 @@ int mbedtls_sha512_ret( const unsigned char *input, int ret; mbedtls_sha512_context ctx; + MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); + MBEDTLS_SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); + mbedtls_sha512_init( &ctx ); if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 ) From 863d48396531855bbd0bd4544b8655976ac2f7ea Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 9 Dec 2018 20:58:52 +0000 Subject: [PATCH 211/415] Add MBEDTLS_ERR_SHA512_BAD_INPUT_DATA to error.{h,c} --- library/error.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/error.c b/library/error.c index eabee9e21..3251af06c 100644 --- a/library/error.c +++ b/library/error.c @@ -865,6 +865,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_SHA512_C) if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" ); + if( use_ret == -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "SHA512 - Invalid input data" ); #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_THREADING_C) From ff1052e6b074204e1aa7e449ad23f65de99ccfff Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 10 Dec 2018 10:28:10 +0000 Subject: [PATCH 212/415] Document valid function params for SHA-512 functions --- include/mbedtls/sha512.h | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 257e8d43f..28b499820 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -37,7 +37,7 @@ /* MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */ -#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075 /**< Invalid input data. */ +#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075 /**< SHA-512 input data was malformed. */ #ifdef __cplusplus extern "C" { @@ -72,6 +72,7 @@ mbedtls_sha512_context; * \brief This function initializes a SHA-512 context. * * \param ctx The SHA-512 context to initialize. + * Must not be \c NULL. */ void mbedtls_sha512_init( mbedtls_sha512_context *ctx ); @@ -86,7 +87,9 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ); * \brief This function clones the state of a SHA-512 context. * * \param dst The destination context. + * Must not be \c NULL. * \param src The context to clone. + * Must not be \c NULL. */ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, const mbedtls_sha512_context *src ); @@ -96,6 +99,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, * calculation. * * \param ctx The SHA-512 context to initialize. + * Must not be \c NULL. * \param is384 Determines which function to use: * 0: Use SHA-512, or 1: Use SHA-384. * @@ -108,7 +112,9 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); * SHA-512 checksum calculation. * * \param ctx The SHA-512 context. + * Must not be \c NULL. * \param input The buffer holding the input data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * * \return \c 0 on success. @@ -123,7 +129,9 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, * internal use only. * * \param ctx The SHA-512 context. + * Must not be \c NULL. * \param output The SHA-384 or SHA-512 checksum result. + * Must not be \c NULL. * * \return \c 0 on success. */ @@ -135,7 +143,9 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, * the ongoing SHA-512 computation. * * \param ctx The SHA-512 context. + * Must not be \c NULL. * \param data The buffer holding one block of data. + * Must not be \c NULL. * * \return \c 0 on success. */ @@ -154,6 +164,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0 * * \param ctx The SHA-512 context to initialize. + * Must not be \c NULL. * \param is384 Determines which function to use: * 0: Use SHA-512, or 1: Use SHA-384. */ @@ -167,7 +178,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0. * * \param ctx The SHA-512 context. + * Must not be \c NULL. * \param input The buffer holding the data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. */ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, @@ -181,7 +194,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0. * * \param ctx The SHA-512 context. + * Must not be \c NULL. * \param output The SHA-384 or SHA-512 checksum result. + * Must not be \c NULL. */ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ); @@ -194,7 +209,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0. * * \param ctx The SHA-512 context. + * Must not be \c NULL. * \param data The buffer holding one block of data. + * Must not be \c NULL. */ MBEDTLS_DEPRECATED void mbedtls_sha512_process( mbedtls_sha512_context *ctx, @@ -214,8 +231,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process( * output = SHA-512(input buffer). * * \param input The buffer holding the input data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * \param output The SHA-384 or SHA-512 checksum result. + * Must not be \c NULL. * \param is384 Determines which function to use: * 0: Use SHA-512, or 1: Use SHA-384. * @@ -245,8 +264,10 @@ int mbedtls_sha512_ret( const unsigned char *input, * \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0 * * \param input The buffer holding the data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * \param output The SHA-384 or SHA-512 checksum result. + * Must not be \c NULL. * \param is384 Determines which function to use: * 0: Use SHA-512, or 1: Use SHA-384. */ From b5c99f5c72d637ad9017e894381cb1875464dad5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 15:29:32 +0000 Subject: [PATCH 213/415] Improve documentation of SHA-512 parameter preconditions --- include/mbedtls/sha512.h | 113 +++++++++++++++++++++------------------ 1 file changed, 60 insertions(+), 53 deletions(-) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 28b499820..93f9646ea 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -71,25 +71,26 @@ mbedtls_sha512_context; /** * \brief This function initializes a SHA-512 context. * - * \param ctx The SHA-512 context to initialize. - * Must not be \c NULL. + * \param ctx The SHA-512 context to initialize. This must + * not be \c NULL. */ void mbedtls_sha512_init( mbedtls_sha512_context *ctx ); /** * \brief This function clears a SHA-512 context. * - * \param ctx The SHA-512 context to clear. + * \param ctx The SHA-512 context to clear. This may be \c NULL, + * in which case this function does nothing. If it + * is not \c NULL, it must point to an initialized + * SHA-512 context. */ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ); /** * \brief This function clones the state of a SHA-512 context. * - * \param dst The destination context. - * Must not be \c NULL. - * \param src The context to clone. - * Must not be \c NULL. + * \param dst The destination context. This must be initialized. + * \param src The context to clone. This must be initialized. */ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, const mbedtls_sha512_context *src ); @@ -98,12 +99,12 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, * \brief This function starts a SHA-384 or SHA-512 checksum * calculation. * - * \param ctx The SHA-512 context to initialize. - * Must not be \c NULL. - * \param is384 Determines which function to use: - * 0: Use SHA-512, or 1: Use SHA-384. + * \param ctx The SHA-512 context to use. This must be initialized. + * \param is384 Determines which function to use. This must be + * either \c for SHA-512, or \c 1 for SHA-384. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); @@ -111,13 +112,15 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); * \brief This function feeds an input buffer into an ongoing * SHA-512 checksum calculation. * - * \param ctx The SHA-512 context. - * Must not be \c NULL. - * \param input The buffer holding the input data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. + * \param ctx The SHA-512 context. This must be initialized + * and have a hash operation started. + * \param input The buffer holding the input data. This must + * be a readable buffer of length \p ilen Bytes. + * It must not be \c NULL. + * \param ilen The length of the input data \p input in Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, @@ -128,12 +131,13 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, * the result to the output buffer. This function is for * internal use only. * - * \param ctx The SHA-512 context. - * Must not be \c NULL. + * \param ctx The SHA-512 context. This must be initialized + * and have a hash operation started. * \param output The SHA-384 or SHA-512 checksum result. - * Must not be \c NULL. + * This must be a writable buffer of length \c 64 Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ); @@ -142,12 +146,13 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, * \brief This function processes a single data block within * the ongoing SHA-512 computation. * - * \param ctx The SHA-512 context. - * Must not be \c NULL. - * \param data The buffer holding one block of data. - * Must not be \c NULL. + * \param ctx The SHA-512 context. This must be initialized + * and have a hash operation started. + * \param data The buffer holding one block of data. This + * must be a readable buffer of length \c 128 Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ); @@ -163,10 +168,9 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, * * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0 * - * \param ctx The SHA-512 context to initialize. - * Must not be \c NULL. - * \param is384 Determines which function to use: - * 0: Use SHA-512, or 1: Use SHA-384. + * \param ctx The SHA-512 context to use. This must be initialized. + * \param is384 Determines which function to use. This must be either + * \c 0 for SHA-512 or \c 1 for SHA-384. */ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ); @@ -177,11 +181,11 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, * * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0. * - * \param ctx The SHA-512 context. - * Must not be \c NULL. - * \param input The buffer holding the data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. + * \param ctx The SHA-512 context. This must be initialized + * and have a hash operation started. + * \param input The buffer holding the data. This must be a readable + * buffer of length \p ilen Bytes. It must not be \c NULL. + * \param ilen The length of the input data \p input in Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, @@ -193,10 +197,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, * * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0. * - * \param ctx The SHA-512 context. - * Must not be \c NULL. - * \param output The SHA-384 or SHA-512 checksum result. - * Must not be \c NULL. + * \param ctx The SHA-512 context. This must be initialized + * and have a hash operation started. + * \param output The SHA-384 or SHA-512 checksum result. This must + * be a writable buffer of size \c 64 Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ); @@ -208,10 +212,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, * * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0. * - * \param ctx The SHA-512 context. - * Must not be \c NULL. - * \param data The buffer holding one block of data. - * Must not be \c NULL. + * \param ctx The SHA-512 context. This must be initialized and + * have a hash operation started. + * \param data The buffer holding one block of data. This must be + * a readable buffer of length \c 128 Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha512_process( mbedtls_sha512_context *ctx, @@ -230,15 +234,17 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process( * The SHA-512 result is calculated as * output = SHA-512(input buffer). * - * \param input The buffer holding the input data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. + * \param input The buffer holding the input data. This must be + * a readable buffer of length \p ilen Bytes. It + * must not be \c NULL. + * \param ilen The length of the input data \p input in Bytes. * \param output The SHA-384 or SHA-512 checksum result. - * Must not be \c NULL. - * \param is384 Determines which function to use: - * 0: Use SHA-512, or 1: Use SHA-384. + * This must be a writable buffer of length \c 64 Bytes. + * \param is384 Determines which function to use. This must be either + * \c 0 for SHA-512, or \c 1 for SHA-384. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha512_ret( const unsigned char *input, size_t ilen, @@ -263,13 +269,14 @@ int mbedtls_sha512_ret( const unsigned char *input, * * \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0 * - * \param input The buffer holding the data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. - * \param output The SHA-384 or SHA-512 checksum result. - * Must not be \c NULL. - * \param is384 Determines which function to use: - * 0: Use SHA-512, or 1: Use SHA-384. + * \param input The buffer holding the data. This must be a + * readable buffer of length \p ilen Bytes. It + * must not be \c NULL. + * \param ilen The length of the input data \p input in Bytes. + * \param output The SHA-384 or SHA-512 checksum result. This must + * be a writable buffer of length \c 64 Bytes. + * \param is384 Determines which function to use. This must be eiher + * \c 0 for SHA-512, or \c 1 for SHA-384. */ MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, size_t ilen, From b3c10b348bd99548c3263811508d3f41a74d7a7c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 11 Dec 2018 14:52:01 +0000 Subject: [PATCH 214/415] Add documentation on parameter preconditions to ChaChaPoly modules --- include/mbedtls/chacha20.h | 22 ++++++++------- include/mbedtls/chachapoly.h | 52 +++++++++++++++++------------------- include/mbedtls/poly1305.h | 34 ++++++++++++----------- 3 files changed, 55 insertions(+), 53 deletions(-) diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index 529f22d9c..14436d68c 100644 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -82,14 +82,15 @@ mbedtls_chacha20_context; * to \c mbedtls_chacha20_update(), and finally to * \c mbedtls_chacha20_free(). * - * \param ctx The ChaCha20 context to initialize. + * \param ctx The ChaCha20 context to initialize. Must not be \c NULL. */ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ); /** * \brief This function releases and clears the specified ChaCha20 context. * - * \param ctx The ChaCha20 context to clear. + * \param ctx The ChaCha20 context to clear. May be \c NULL, + * in which case this function is a no-op. */ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); @@ -102,6 +103,7 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); * \c mbedtls_chacha_update(). * * \param ctx The ChaCha20 context to which the key should be bound. + * Must be initialized. * \param key The encryption/decryption key. Must be 32 bytes in length. * * \return \c 0 on success. @@ -121,6 +123,7 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, * messages encrypted with the same nonce and key. * * \param ctx The ChaCha20 context to which the nonce should be bound. + * Must be initialized. * \param nonce The nonce. Must be 12 bytes in size. * \param counter The initial counter value. This is usually 0. * @@ -150,16 +153,16 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, * key and nonce. * * \param ctx The ChaCha20 context to use for encryption or decryption. + * Must be initialized. * \param size The length of the input data in bytes. * \param input The buffer holding the input data. - * This pointer can be NULL if size == 0. + * This pointer can be \c NULL if `size == 0`. * \param output The buffer holding the output data. * Must be able to hold \p size bytes. - * This pointer can be NULL if size == 0. + * This pointer can be \c NULL if `size == 0`. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or - * output pointers are NULL. + * \return A negative error code on failure. */ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, size_t size, @@ -185,14 +188,13 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, * \param counter The initial counter value. This is usually 0. * \param size The length of the input data in bytes. * \param input The buffer holding the input data. - * This pointer can be NULL if size == 0. + * This pointer can be \c NULL if `size == 0`. * \param output The buffer holding the output data. * Must be able to hold \p size bytes. - * This pointer can be NULL if size == 0. + * This pointer can be \c NULL if `size == 0`. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input, - * or output is NULL. + * \return A negative error code on failure. */ int mbedtls_chacha20_crypt( const unsigned char key[32], const unsigned char nonce[12], diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h index 7de6f4e8c..80d20e54a 100644 --- a/include/mbedtls/chachapoly.h +++ b/include/mbedtls/chachapoly.h @@ -115,27 +115,29 @@ mbedtls_chachapoly_context; * all previous outputs of \c mbedtls_chachapoly_update(), * otherwise you can now safely use the plaintext. * - * \param ctx The ChachaPoly context to initialize. + * \param ctx The ChachaPoly context to initialize. Must not be \c NULL. */ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ); /** - * \brief This function releases and clears the specified ChaCha20-Poly1305 context. + * \brief This function releases and clears the specified + * ChaCha20-Poly1305 context. * - * \param ctx The ChachaPoly context to clear. + * \param ctx The ChachaPoly context to clear. May be \c NULL, in which + * case this function is a no-op. */ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ); /** - * \brief This function sets the ChaCha20-Poly1305 symmetric encryption key. + * \brief This function sets the ChaCha20-Poly1305 + * symmetric encryption key. * * \param ctx The ChaCha20-Poly1305 context to which the key should be - * bound. + * bound. Must be initialized. * \param key The 256-bit (32 bytes) key. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA - * if \p ctx or \p key are NULL. + * \return A negative error code on failure. */ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, const unsigned char key[32] ); @@ -155,14 +157,13 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, * \warning Decryption with the piecewise API is discouraged, see the * warning on \c mbedtls_chachapoly_init(). * - * \param ctx The ChaCha20-Poly1305 context. + * \param ctx The ChaCha20-Poly1305 context. Must be initialized. * \param nonce The nonce/IV to use for the message. Must be 12 bytes. * \param mode The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or * #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning). * * \return \c 0 on success. - * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA - * if \p ctx or \p mac are NULL. + * \return A negative error code on failure. */ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, const unsigned char nonce[12], @@ -227,20 +228,19 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, * \warning Decryption with the piecewise API is discouraged, see the * warning on \c mbedtls_chachapoly_init(). * - * \param ctx The ChaCha20-Poly1305 context to use. + * \param ctx The ChaCha20-Poly1305 context to use. Must be initialized. * \param len The length (in bytes) of the data to encrypt or decrypt. * \param input The buffer containing the data to encrypt or decrypt. - * This pointer can be NULL if len == 0. - * \param output The buffer to where the encrypted or decrypted data is written. - * Must be able to hold \p len bytes. - * This pointer can be NULL if len == 0. + * This pointer can be \c NULL if `len == 0`. + * \param output The buffer to where the encrypted or decrypted data is + * written. Must be able to hold \p len bytes. + * This pointer can be \c NULL if `len == 0`. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA - * if \p ctx, \p input, or \p output are NULL. * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE * if the operation has not been started or has been * finished. + * \return Another negative error code on other kinds of failure. */ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, size_t len, @@ -251,18 +251,17 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, * \brief This function finished the ChaCha20-Poly1305 operation and * generates the MAC (authentication tag). * - * \param ctx The ChaCha20-Poly1305 context to use. + * \param ctx The ChaCha20-Poly1305 context to use. Must be initialized. * \param mac The buffer to where the 128-bit (16 bytes) MAC is written. * * \warning Decryption with the piecewise API is discouraged, see the * warning on \c mbedtls_chachapoly_init(). * * \return \c 0 on success. - * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA - * if \p ctx or \p mac are NULL. * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE * if the operation has not been started or has been * finished. + * \return Another negative error code on other kinds of failure. */ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, unsigned char mac[16] ); @@ -280,20 +279,20 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, * and key. * * \param ctx The ChaCha20-Poly1305 context to use (holds the key). + * Must be initialized. * \param length The length (in bytes) of the data to encrypt or decrypt. * \param nonce The 96-bit (12 bytes) nonce/IV to use. * \param aad The buffer containing the additional authenticated data (AAD). - * This pointer can be NULL if aad_len == 0. + * This pointer can be \c NULL if `aad_len == 0`. * \param aad_len The length (in bytes) of the AAD data to process. * \param input The buffer containing the data to encrypt or decrypt. - * This pointer can be NULL if ilen == 0. + * This pointer can be \c NULL if `ilen == 0`. * \param output The buffer to where the encrypted or decrypted data is written. - * This pointer can be NULL if ilen == 0. + * This pointer can be \c NULL if `ilen == 0`. * \param tag The buffer to where the computed 128-bit (16 bytes) MAC is written. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA - * if one or more of the required parameters are NULL. + * \return A negative error code on failure. */ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, size_t length, @@ -324,10 +323,9 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, * This pointer can be NULL if ilen == 0. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA - * if one or more of the required parameters are NULL. * \return #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED * if the data was not authentic. + * \return Another negative error code on other kinds of failure. */ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, size_t length, diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index b02f968b5..617958e11 100644 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -84,14 +84,15 @@ mbedtls_poly1305_context; * \c mbedtls_poly1305_finish(), then finally * \c mbedtls_poly1305_free(). * - * \param ctx The Poly1305 context to initialize. + * \param ctx The Poly1305 context to initialize. Must not be \c NULL. */ void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ); /** * \brief This function releases and clears the specified Poly1305 context. * - * \param ctx The Poly1305 context to clear. + * \param ctx The Poly1305 context to clear. May be \c NULL, in which + * case this function is a no-op. */ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ); @@ -102,11 +103,11 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ); * invocation of Poly1305. * * \param ctx The Poly1305 context to which the key should be bound. - * \param key The buffer containing the 256-bit key. + * Must be initialized. + * \param key The buffer containing the 32-byte (256-bit) key. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA - * if ctx or key are NULL. + * \return A negative error code on failure. */ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, const unsigned char key[32] ); @@ -120,13 +121,14 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, * It can be called repeatedly to process a stream of data. * * \param ctx The Poly1305 context to use for the Poly1305 operation. - * \param ilen The length of the input data (in bytes). Any value is accepted. + * Must be initialized. + * \param ilen The length of the input data (in bytes). + * Any value is accepted. * \param input The buffer holding the input data. - * This pointer can be NULL if ilen == 0. + * This pointer can be \c NULL if `ilen == 0`. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA - * if ctx or input are NULL. + * \return A negative error code on failure. */ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, const unsigned char *input, @@ -137,12 +139,12 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, * Authentication Code (MAC). * * \param ctx The Poly1305 context to use for the Poly1305 operation. + * Must be initialized. * \param mac The buffer to where the MAC is written. Must be big enough * to hold the 16-byte MAC. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA - * if ctx or mac are NULL. + * \return A negative error code on failure. */ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, unsigned char mac[16] ); @@ -154,16 +156,16 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, * \warning The key must be unique and unpredictable for each * invocation of Poly1305. * - * \param key The buffer containing the 256-bit key. - * \param ilen The length of the input data (in bytes). Any value is accepted. + * \param key The buffer containing the 32-byte (256-bit) key. + * \param ilen The length of the input data (in bytes). + * Any value is accepted. * \param input The buffer holding the input data. - * This pointer can be NULL if ilen == 0. + * This pointer can be \c NULL if `ilen == 0`. * \param mac The buffer to where the MAC is written. Must be big enough * to hold the 16-byte MAC. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA - * if key, input, or mac are NULL. + * \return A negative error code on failure. */ int mbedtls_poly1305_mac( const unsigned char key[32], const unsigned char *input, From 305e4e4f329128d029544d9cdb71a67f2259f030 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 11 Dec 2018 15:03:16 +0000 Subject: [PATCH 215/415] Implement parameter validation for ChaCha/Poly modules --- library/chacha20.c | 48 +++++++++---------- library/chachapoly.c | 107 +++++++++++++++++++++---------------------- library/poly1305.c | 46 +++++++++---------- 3 files changed, 96 insertions(+), 105 deletions(-) diff --git a/library/chacha20.c b/library/chacha20.c index d14a51e04..0757163e2 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -53,6 +53,12 @@ #define inline __inline #endif +/* Parameter validation macros */ +#define CHACHA20_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ) +#define CHACHA20_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #define BYTES_TO_U32_LE( data, offset ) \ ( (uint32_t) data[offset] \ | (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 ) \ @@ -181,14 +187,13 @@ static void chacha20_block( const uint32_t initial_state[16], void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ) { - if( ctx != NULL ) - { - mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) ); - mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) ); + CHACHA20_VALIDATE( ctx != NULL ); - /* Initially, there's no keystream bytes available */ - ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES; - } + mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) ); + mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) ); + + /* Initially, there's no keystream bytes available */ + ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES; } void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ) @@ -202,10 +207,8 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ) int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, const unsigned char key[32] ) { - if( ( ctx == NULL ) || ( key == NULL ) ) - { - return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - } + CHACHA20_VALIDATE_RET( ctx != NULL ); + CHACHA20_VALIDATE_RET( key != NULL ); /* ChaCha20 constants - the string "expand 32-byte k" */ ctx->state[0] = 0x61707865; @@ -230,10 +233,8 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, const unsigned char nonce[12], uint32_t counter ) { - if( ( ctx == NULL ) || ( nonce == NULL ) ) - { - return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - } + CHACHA20_VALIDATE_RET( ctx != NULL ); + CHACHA20_VALIDATE_RET( nonce != NULL ); /* Counter */ ctx->state[12] = counter; @@ -259,15 +260,9 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, size_t offset = 0U; size_t i; - if( ctx == NULL ) - { - return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - } - else if( ( size > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) ) - { - /* input and output pointers are allowed to be NULL only if size == 0 */ - return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - } + CHACHA20_VALIDATE_RET( ctx != NULL ); + CHACHA20_VALIDATE_RET( size == 0 || input != NULL ); + CHACHA20_VALIDATE_RET( size == 0 || output != NULL ); /* Use leftover keystream bytes, if available */ while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES ) @@ -332,6 +327,11 @@ int mbedtls_chacha20_crypt( const unsigned char key[32], mbedtls_chacha20_context ctx; int ret; + CHACHA20_VALIDATE_RET( key != NULL ); + CHACHA20_VALIDATE_RET( nonce != NULL ); + CHACHA20_VALIDATE_RET( data_len == 0 || input != NULL ); + CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL ); + mbedtls_chacha20_init( &ctx ); ret = mbedtls_chacha20_setkey( &ctx, key ); diff --git a/library/chachapoly.c b/library/chachapoly.c index 860f87765..ee5cc345e 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -44,6 +44,12 @@ #if !defined(MBEDTLS_CHACHAPOLY_ALT) +/* Parameter validation macros */ +#define CHACHAPOLY_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ) +#define CHACHAPOLY_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #define CHACHAPOLY_STATE_INIT ( 0 ) #define CHACHAPOLY_STATE_AAD ( 1 ) #define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */ @@ -90,39 +96,35 @@ static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx ) void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ) { - if( ctx != NULL ) - { - mbedtls_chacha20_init( &ctx->chacha20_ctx ); - mbedtls_poly1305_init( &ctx->poly1305_ctx ); - ctx->aad_len = 0U; - ctx->ciphertext_len = 0U; - ctx->state = CHACHAPOLY_STATE_INIT; - ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; - } + CHACHAPOLY_VALIDATE( ctx != NULL ); + + mbedtls_chacha20_init( &ctx->chacha20_ctx ); + mbedtls_poly1305_init( &ctx->poly1305_ctx ); + ctx->aad_len = 0U; + ctx->ciphertext_len = 0U; + ctx->state = CHACHAPOLY_STATE_INIT; + ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; } void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ) { if( ctx != NULL ) - { - mbedtls_chacha20_free( &ctx->chacha20_ctx ); - mbedtls_poly1305_free( &ctx->poly1305_ctx ); - ctx->aad_len = 0U; - ctx->ciphertext_len = 0U; - ctx->state = CHACHAPOLY_STATE_INIT; - ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; - } + return; + + mbedtls_chacha20_free( &ctx->chacha20_ctx ); + mbedtls_poly1305_free( &ctx->poly1305_ctx ); + ctx->aad_len = 0U; + ctx->ciphertext_len = 0U; + ctx->state = CHACHAPOLY_STATE_INIT; + ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; } int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, const unsigned char key[32] ) { int ret; - - if( ( ctx == NULL ) || ( key == NULL ) ) - { - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - } + CHACHAPOLY_VALIDATE_RET( ctx != NULL ); + CHACHAPOLY_VALIDATE_RET( key != NULL ); ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key ); @@ -135,11 +137,8 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, { int ret; unsigned char poly1305_key[64]; - - if( ( ctx == NULL ) || ( nonce == NULL ) ) - { - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - } + CHACHAPOLY_VALIDATE_RET( ctx != NULL ); + CHACHAPOLY_VALIDATE_RET( nonce != NULL ); /* Set counter = 0, will be update to 1 when generating Poly1305 key */ ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U ); @@ -176,16 +175,10 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, const unsigned char *aad, size_t aad_len ) { - if( ctx == NULL ) - { - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - } - else if( ( aad_len > 0U ) && ( aad == NULL ) ) - { - /* aad pointer is allowed to be NULL if aad_len == 0 */ - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - } - else if( ctx->state != CHACHAPOLY_STATE_AAD ) + CHACHAPOLY_VALIDATE_RET( ctx != NULL ); + CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); + + if( ctx->state != CHACHAPOLY_STATE_AAD ) { return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); } @@ -201,18 +194,12 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, unsigned char *output ) { int ret; + CHACHAPOLY_VALIDATE_RET( ctx != NULL ); + CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL ); + CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL ); - if( ctx == NULL ) - { - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - } - else if( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) ) - { - /* input and output pointers are allowed to be NULL if len == 0 */ - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - } - else if( ( ctx->state != CHACHAPOLY_STATE_AAD ) && - ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) ) + if( ( ctx->state != CHACHAPOLY_STATE_AAD ) && + ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) ) { return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); } @@ -257,12 +244,10 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, { int ret; unsigned char len_block[16]; + CHACHAPOLY_VALIDATE_RET( ctx != NULL ); + CHACHAPOLY_VALIDATE_RET( mac != NULL ); - if( ( ctx == NULL ) || ( mac == NULL ) ) - { - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - } - else if( ctx->state == CHACHAPOLY_STATE_INIT ) + if( ctx->state == CHACHAPOLY_STATE_INIT ) { return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); } @@ -350,6 +335,13 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, unsigned char *output, unsigned char tag[16] ) { + CHACHAPOLY_VALIDATE_RET( ctx != NULL ); + CHACHAPOLY_VALIDATE_RET( nonce != NULL ); + CHACHAPOLY_VALIDATE_RET( tag != NULL ); + CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); + CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL ); + CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL ); + return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, length, nonce, aad, aad_len, input, output, tag ) ); @@ -368,9 +360,12 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, unsigned char check_tag[16]; size_t i; int diff; - - if( tag == NULL ) - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); + CHACHAPOLY_VALIDATE_RET( ctx != NULL ); + CHACHAPOLY_VALIDATE_RET( nonce != NULL ); + CHACHAPOLY_VALIDATE_RET( tag != NULL ); + CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); + CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL ); + CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL ); if( ( ret = chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce, diff --git a/library/poly1305.c b/library/poly1305.c index e22d3afb6..c22a0a1ba 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -49,6 +49,12 @@ #define inline __inline #endif +/* Parameter validation macros */ +#define POLY1305_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ) +#define POLY1305_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #define POLY1305_BLOCK_SIZE_BYTES ( 16U ) #define BYTES_TO_U32_LE( data, offset ) \ @@ -276,27 +282,24 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx, void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ) { - if( ctx != NULL ) - { - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); - } + POLY1305_VALIDATE( ctx != NULL ); + + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); } void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ) { if( ctx != NULL ) - { - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); - } + return; + + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); } int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, const unsigned char key[32] ) { - if( ctx == NULL || key == NULL ) - { - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - } + POLY1305_VALIDATE_RET( ctx != NULL ); + POLY1305_VALIDATE_RET( key != NULL ); /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */ ctx->r[0] = BYTES_TO_U32_LE( key, 0 ) & 0x0FFFFFFFU; @@ -331,16 +334,8 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, size_t remaining = ilen; size_t queue_free_len; size_t nblocks; - - if( ctx == NULL ) - { - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - } - else if( ( ilen > 0U ) && ( input == NULL ) ) - { - /* input pointer is allowed to be NULL only if ilen == 0 */ - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - } + POLY1305_VALIDATE_RET( ctx != NULL ); + POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) ) { @@ -398,10 +393,8 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, unsigned char mac[16] ) { - if( ( ctx == NULL ) || ( mac == NULL ) ) - { - return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - } + POLY1305_VALIDATE_RET( ctx != NULL ); + POLY1305_VALIDATE_RET( mac != NULL ); /* Process any leftover data */ if( ctx->queue_len > 0U ) @@ -431,6 +424,9 @@ int mbedtls_poly1305_mac( const unsigned char key[32], { mbedtls_poly1305_context ctx; int ret; + POLY1305_VALIDATE_RET( key != NULL ); + POLY1305_VALIDATE_RET( mac != NULL ); + POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); mbedtls_poly1305_init( &ctx ); From ae2ff02ff107c78bc9cd60caa9f681f36a71c0af Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 11 Dec 2018 15:14:02 +0000 Subject: [PATCH 216/415] Add tests for ChaChaPoly parameter validation Parameter validation was previously performed and tested unconditionally for the ChaCha/Poly modules. This commit therefore only needs go guard the existing tests accordingly and use the appropriate test macros for parameter validation. --- tests/suites/test_suite_chacha20.function | 57 ++++--- tests/suites/test_suite_chachapoly.function | 161 +++++++++----------- tests/suites/test_suite_poly1305.function | 50 +++--- 3 files changed, 123 insertions(+), 145 deletions(-) diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index 669d91e79..23f6d9ec0 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -82,7 +82,7 @@ void chacha20_crypt( char *hex_key_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void chacha20_bad_params() { unsigned char key[32]; @@ -93,42 +93,37 @@ void chacha20_bad_params() size_t len = sizeof( src ); mbedtls_chacha20_context ctx; - mbedtls_chacha20_init( NULL ); - mbedtls_chacha20_free( NULL ); + TEST_INVALID_PARAM( mbedtls_chacha20_init( NULL ) ); - mbedtls_chacha20_init( &ctx ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, + mbedtls_chacha20_setkey( NULL, key ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, + mbedtls_chacha20_setkey( &ctx, NULL ) ); - TEST_ASSERT( mbedtls_chacha20_setkey( NULL, key ) - == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, NULL ) - == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, + mbedtls_chacha20_starts( NULL, nonce, counter ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, + mbedtls_chacha20_starts( &ctx, NULL, counter ) ); - TEST_ASSERT( mbedtls_chacha20_starts( NULL, nonce, counter ) - == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chacha20_starts( &ctx, NULL, counter ) - == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, + mbedtls_chacha20_update( NULL, 0, src, dst ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, + mbedtls_chacha20_update( &ctx, len, NULL, dst ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, + mbedtls_chacha20_update( &ctx, len, src, NULL ) ); - TEST_ASSERT( mbedtls_chacha20_update( NULL, 0, src, dst ) - == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chacha20_update( &ctx, len, NULL, dst ) - == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chacha20_update( &ctx, len, src, NULL ) - == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chacha20_update( &ctx, 0, NULL, NULL ) - == 0 ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, + mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, + mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, + mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, + mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL ) ); - mbedtls_chacha20_free( &ctx ); +exit: + return; - TEST_ASSERT( mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst ) - == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst ) - == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst ) - == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL ) - == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, 0, NULL, NULL ) - == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function index 95dfd8a91..51cc0abd8 100644 --- a/tests/suites/test_suite_chachapoly.function +++ b/tests/suites/test_suite_chachapoly.function @@ -118,7 +118,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void chachapoly_bad_params() { unsigned char key[32]; @@ -138,124 +138,113 @@ void chachapoly_bad_params() memset( output, 0x00, sizeof( output ) ); memset( mac, 0x00, sizeof( mac ) ); - mbedtls_chachapoly_init( NULL ); - mbedtls_chachapoly_free( NULL ); + TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) ); - mbedtls_chachapoly_init( &ctx ); + /* setkey */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_setkey( NULL, key ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_setkey( &ctx, NULL ) ); - TEST_ASSERT( mbedtls_chachapoly_setkey( NULL, key ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, NULL ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - - TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( NULL, + /* encrypt_and_tag */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_encrypt_and_tag( NULL, 0, nonce, aad, 0, - input, output, mac ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, + input, output, mac ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_encrypt_and_tag( &ctx, 0, NULL, aad, 0, - input, output, mac ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, + input, output, mac ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_encrypt_and_tag( &ctx, 0, nonce, NULL, aad_len, - input, output, mac ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, + input, output, mac ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_encrypt_and_tag( &ctx, input_len, nonce, aad, 0, - NULL, output, mac ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, + NULL, output, mac ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_encrypt_and_tag( &ctx, input_len, nonce, aad, 0, - input, NULL, mac ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, + input, NULL, mac ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_encrypt_and_tag( &ctx, 0, nonce, aad, 0, - input, output, NULL ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); + input, output, NULL ) ); - TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( NULL, + /* auth_decrypt */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_auth_decrypt( NULL, 0, nonce, aad, 0, - mac, input, output ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, + mac, input, output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_auth_decrypt( &ctx, 0, NULL, aad, 0, - mac, input, output ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, + mac, input, output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_auth_decrypt( &ctx, 0, nonce, NULL, aad_len, - mac, input, output ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, + mac, input, output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_auth_decrypt( &ctx, 0, nonce, aad, 0, - NULL, input, output ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, + NULL, input, output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_auth_decrypt( &ctx, input_len, nonce, aad, 0, - mac, NULL, output ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, + mac, NULL, output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_auth_decrypt( &ctx, input_len, nonce, aad, 0, - mac, input, NULL ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); + mac, input, NULL ) ); - TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, - 0, nonce, - aad, aad_len, - NULL, NULL, mac ) - == 0 ); - TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, - 0, nonce, - aad, aad_len, - mac, NULL, NULL ) - == 0 ); + /* starts */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_starts( NULL, nonce, + MBEDTLS_CHACHAPOLY_ENCRYPT ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_starts( &ctx, NULL, + MBEDTLS_CHACHAPOLY_ENCRYPT ) ); - TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, - input_len, nonce, - NULL, 0, - input, output, mac ) - == 0 ); - TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, - input_len, nonce, - NULL, 0, - mac, input, output ) - == 0 ); + /* update_aad */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_update_aad( NULL, aad, + aad_len ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_update_aad( &ctx, NULL, + aad_len ) ); - TEST_ASSERT( mbedtls_chachapoly_starts( NULL, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, NULL, MBEDTLS_CHACHAPOLY_ENCRYPT ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); + /* update */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_update( NULL, input_len, + input, output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_update( &ctx, input_len, + NULL, output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_update( &ctx, input_len, + input, NULL ) ); - TEST_ASSERT( mbedtls_chachapoly_update_aad( NULL, aad, aad_len ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, NULL, aad_len ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - - TEST_ASSERT( mbedtls_chachapoly_update( NULL, input_len, input, output ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, NULL, output ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, NULL ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - - TEST_ASSERT( mbedtls_chachapoly_finish( NULL, mac ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, NULL ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); + /* finish */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_finish( NULL, mac ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_chachapoly_finish( &ctx, NULL ) ); exit: - mbedtls_chachapoly_free( &ctx ); + return; } /* END_CASE */ diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index 62d2ad951..d4761fb60 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -88,7 +88,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void poly1305_bad_params() { unsigned char src[1]; @@ -97,38 +97,32 @@ void poly1305_bad_params() size_t src_len = sizeof( src ); mbedtls_poly1305_context ctx; - mbedtls_poly1305_init( NULL ); - mbedtls_poly1305_free( NULL ); + TEST_INVALID_PARAM( mbedtls_poly1305_init( NULL ) ); - mbedtls_poly1305_init( &ctx ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_poly1305_starts( NULL, key ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_poly1305_starts( &ctx, NULL ) ); - TEST_ASSERT( mbedtls_poly1305_starts( NULL, key ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_poly1305_starts( &ctx, NULL ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_poly1305_update( NULL, src, 0 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_poly1305_update( &ctx, NULL, src_len ) ); - TEST_ASSERT( mbedtls_poly1305_update( NULL, src, 0 ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, NULL, src_len ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, NULL, 0 ) - == 0 ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_poly1305_finish( NULL, mac ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_poly1305_finish( &ctx, NULL ) ); - TEST_ASSERT( mbedtls_poly1305_finish( NULL, mac ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_poly1305_finish( &ctx, NULL ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_poly1305_mac( NULL, src, 0, mac ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_poly1305_mac( key, NULL, src_len, mac ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, + mbedtls_poly1305_mac( key, src, 0, NULL ) ); - TEST_ASSERT( mbedtls_poly1305_mac( NULL, src, 0, mac ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_poly1305_mac( key, NULL, src_len, mac ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_poly1305_mac( key, src, 0, NULL ) - == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_poly1305_mac( key, NULL, 0, mac ) - == 0 ); - - mbedtls_poly1305_free( &ctx ); +exit: + return; } /* END_CASE */ From e463c42902208531506b414cbf533a7cb2f3a9e8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 14:00:26 +0000 Subject: [PATCH 217/415] Minor improvements --- include/mbedtls/chacha20.h | 13 ++++++++----- library/chachapoly.c | 2 -- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index 14436d68c..1c6cde07b 100644 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -82,7 +82,8 @@ mbedtls_chacha20_context; * to \c mbedtls_chacha20_update(), and finally to * \c mbedtls_chacha20_free(). * - * \param ctx The ChaCha20 context to initialize. Must not be \c NULL. + * \param ctx The ChaCha20 context to initialize. + * This must not be \c NULL. */ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ); @@ -90,7 +91,9 @@ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ); * \brief This function releases and clears the specified ChaCha20 context. * * \param ctx The ChaCha20 context to clear. May be \c NULL, - * in which case this function is a no-op. + * in which case this function is a no-op. If it is not + * \c NULL, it must point to an initialized context. + * */ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); @@ -103,7 +106,7 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); * \c mbedtls_chacha_update(). * * \param ctx The ChaCha20 context to which the key should be bound. - * Must be initialized. + * It must be initialized. * \param key The encryption/decryption key. Must be 32 bytes in length. * * \return \c 0 on success. @@ -123,7 +126,7 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, * messages encrypted with the same nonce and key. * * \param ctx The ChaCha20 context to which the nonce should be bound. - * Must be initialized. + * It must be initialized and bound to a key. * \param nonce The nonce. Must be 12 bytes in size. * \param counter The initial counter value. This is usually 0. * @@ -153,7 +156,7 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, * key and nonce. * * \param ctx The ChaCha20 context to use for encryption or decryption. - * Must be initialized. + * It must be initialized and bound to a key and nonce. * \param size The length of the input data in bytes. * \param input The buffer holding the input data. * This pointer can be \c NULL if `size == 0`. diff --git a/library/chachapoly.c b/library/chachapoly.c index ee5cc345e..e6ea139ff 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -179,9 +179,7 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); if( ctx->state != CHACHAPOLY_STATE_AAD ) - { return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); - } ctx->aad_len += aad_len; From 236ea16c011d356266b32ef7ae817c0f2573563e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 14:00:34 +0000 Subject: [PATCH 218/415] Fix wrong conditional in free() functions --- library/chachapoly.c | 2 +- library/poly1305.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/chachapoly.c b/library/chachapoly.c index e6ea139ff..dc643dd61 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -108,7 +108,7 @@ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ) void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ) { - if( ctx != NULL ) + if( ctx == NULL ) return; mbedtls_chacha20_free( &ctx->chacha20_ctx ); diff --git a/library/poly1305.c b/library/poly1305.c index c22a0a1ba..b27411918 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -289,7 +289,7 @@ void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ) void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ) { - if( ctx != NULL ) + if( ctx == NULL ) return; mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); From a994b2379fcb29ad3e22167c13beb334cbd2ab3d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 16:44:41 +0000 Subject: [PATCH 219/415] Test that xxx_free() functions accept NULL parameter --- tests/suites/test_suite_chacha20.function | 1 + tests/suites/test_suite_chachapoly.function | 1 + tests/suites/test_suite_poly1305.function | 1 + 3 files changed, 3 insertions(+) diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index 23f6d9ec0..49b389c7f 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -94,6 +94,7 @@ void chacha20_bad_params() mbedtls_chacha20_context ctx; TEST_INVALID_PARAM( mbedtls_chacha20_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_chacha20_free( NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, mbedtls_chacha20_setkey( NULL, key ) ); diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function index 51cc0abd8..8e56bf69a 100644 --- a/tests/suites/test_suite_chachapoly.function +++ b/tests/suites/test_suite_chachapoly.function @@ -139,6 +139,7 @@ void chachapoly_bad_params() memset( mac, 0x00, sizeof( mac ) ); TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) ); /* setkey */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index d4761fb60..066bb3942 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -98,6 +98,7 @@ void poly1305_bad_params() mbedtls_poly1305_context ctx; TEST_INVALID_PARAM( mbedtls_poly1305_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_poly1305_free( NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_poly1305_starts( NULL, key ) ); From ad7581fac577fb1d69901e3a47fc5144bb4f9f1e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 09:43:21 +0000 Subject: [PATCH 220/415] Minor improvements to ChaCha20/Poly1305/ChaChaPoly documentation --- include/mbedtls/chacha20.h | 27 +++++++++++--------- include/mbedtls/chachapoly.h | 49 ++++++++++++++++++++---------------- include/mbedtls/poly1305.h | 33 +++++++++++++----------- 3 files changed, 60 insertions(+), 49 deletions(-) diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index 1c6cde07b..2ae5e6e5f 100644 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -88,9 +88,10 @@ mbedtls_chacha20_context; void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ); /** - * \brief This function releases and clears the specified ChaCha20 context. + * \brief This function releases and clears the specified + * ChaCha20 context. * - * \param ctx The ChaCha20 context to clear. May be \c NULL, + * \param ctx The ChaCha20 context to clear. This may be \c NULL, * in which case this function is a no-op. If it is not * \c NULL, it must point to an initialized context. * @@ -107,7 +108,8 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); * * \param ctx The ChaCha20 context to which the key should be bound. * It must be initialized. - * \param key The encryption/decryption key. Must be 32 bytes in length. + * \param key The encryption/decryption key. This must be \c 32 Bytes + * in length. * * \return \c 0 on success. * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL. @@ -127,8 +129,8 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, * * \param ctx The ChaCha20 context to which the nonce should be bound. * It must be initialized and bound to a key. - * \param nonce The nonce. Must be 12 bytes in size. - * \param counter The initial counter value. This is usually 0. + * \param nonce The nonce. This must be \c 12 Bytes in size. + * \param counter The initial counter value. This is usually \c 0. * * \return \c 0 on success. * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is @@ -157,11 +159,11 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, * * \param ctx The ChaCha20 context to use for encryption or decryption. * It must be initialized and bound to a key and nonce. - * \param size The length of the input data in bytes. + * \param size The length of the input data in Bytes. * \param input The buffer holding the input data. * This pointer can be \c NULL if `size == 0`. * \param output The buffer holding the output data. - * Must be able to hold \p size bytes. + * This must be able to hold \p size Bytes. * This pointer can be \c NULL if `size == 0`. * * \return \c 0 on success. @@ -186,14 +188,15 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, * \note The \p input and \p output pointers must either be equal or * point to non-overlapping buffers. * - * \param key The encryption/decryption key. Must be 32 bytes in length. - * \param nonce The nonce. Must be 12 bytes in size. - * \param counter The initial counter value. This is usually 0. - * \param size The length of the input data in bytes. + * \param key The encryption/decryption key. + * This must be \c 32 Bytes in length. + * \param nonce The nonce. This must be \c 12 Bytes in size. + * \param counter The initial counter value. This is usually \c 0. + * \param size The length of the input data in Bytes. * \param input The buffer holding the input data. * This pointer can be \c NULL if `size == 0`. * \param output The buffer holding the output data. - * Must be able to hold \p size bytes. + * This must be able to hold \p size Bytes. * This pointer can be \c NULL if `size == 0`. * * \return \c 0 on success. diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h index 80d20e54a..49e615d27 100644 --- a/include/mbedtls/chachapoly.h +++ b/include/mbedtls/chachapoly.h @@ -123,7 +123,7 @@ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ); * \brief This function releases and clears the specified * ChaCha20-Poly1305 context. * - * \param ctx The ChachaPoly context to clear. May be \c NULL, in which + * \param ctx The ChachaPoly context to clear. This may be \c NULL, in which * case this function is a no-op. */ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ); @@ -133,8 +133,8 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ); * symmetric encryption key. * * \param ctx The ChaCha20-Poly1305 context to which the key should be - * bound. Must be initialized. - * \param key The 256-bit (32 bytes) key. + * bound. This must be initialized. + * \param key The \c 256 Bit (\c 32 Bytes) key. * * \return \c 0 on success. * \return A negative error code on failure. @@ -157,8 +157,10 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, * \warning Decryption with the piecewise API is discouraged, see the * warning on \c mbedtls_chachapoly_init(). * - * \param ctx The ChaCha20-Poly1305 context. Must be initialized. - * \param nonce The nonce/IV to use for the message. Must be 12 bytes. + * \param ctx The ChaCha20-Poly1305 context. This must be initialized + * and bound to a key. + * \param nonce The nonce/IV to use for the message. + * This must be a redable buffer of length \c 12 Bytes. * \param mode The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or * #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning). * @@ -194,11 +196,12 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, * \warning Decryption with the piecewise API is discouraged, see the * warning on \c mbedtls_chachapoly_init(). * - * \param ctx The ChaCha20-Poly1305 context to use. - * \param aad_len The length (in bytes) of the AAD. The length has no + * \param ctx The ChaCha20-Poly1305 context. This must be initialized + * and bound to a key. + * \param aad_len The length in Bytes of the AAD. The length has no * restrictions. * \param aad Buffer containing the AAD. - * This pointer can be NULL if aad_len == 0. + * This pointer can be \c NULL if `aad_len == 0`. * * \return \c 0 on success. * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA @@ -228,12 +231,12 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, * \warning Decryption with the piecewise API is discouraged, see the * warning on \c mbedtls_chachapoly_init(). * - * \param ctx The ChaCha20-Poly1305 context to use. Must be initialized. + * \param ctx The ChaCha20-Poly1305 context to use. This must be initialized. * \param len The length (in bytes) of the data to encrypt or decrypt. * \param input The buffer containing the data to encrypt or decrypt. * This pointer can be \c NULL if `len == 0`. * \param output The buffer to where the encrypted or decrypted data is - * written. Must be able to hold \p len bytes. + * written. This must be able to hold \p len bytes. * This pointer can be \c NULL if `len == 0`. * * \return \c 0 on success. @@ -251,7 +254,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, * \brief This function finished the ChaCha20-Poly1305 operation and * generates the MAC (authentication tag). * - * \param ctx The ChaCha20-Poly1305 context to use. Must be initialized. + * \param ctx The ChaCha20-Poly1305 context to use. This must be initialized. * \param mac The buffer to where the 128-bit (16 bytes) MAC is written. * * \warning Decryption with the piecewise API is discouraged, see the @@ -279,17 +282,18 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, * and key. * * \param ctx The ChaCha20-Poly1305 context to use (holds the key). - * Must be initialized. + * This must be initialized. * \param length The length (in bytes) of the data to encrypt or decrypt. * \param nonce The 96-bit (12 bytes) nonce/IV to use. - * \param aad The buffer containing the additional authenticated data (AAD). - * This pointer can be \c NULL if `aad_len == 0`. + * \param aad The buffer containing the additional authenticated + * data (AAD). This pointer can be \c NULL if `aad_len == 0`. * \param aad_len The length (in bytes) of the AAD data to process. * \param input The buffer containing the data to encrypt or decrypt. * This pointer can be \c NULL if `ilen == 0`. - * \param output The buffer to where the encrypted or decrypted data is written. - * This pointer can be \c NULL if `ilen == 0`. - * \param tag The buffer to where the computed 128-bit (16 bytes) MAC is written. + * \param output The buffer to where the encrypted or decrypted data + * is written. This pointer can be \c NULL if `ilen == 0`. + * \param tag The buffer to where the computed 128-bit (16 bytes) MAC + * is written. This must not be \c NULL. * * \return \c 0 on success. * \return A negative error code on failure. @@ -311,16 +315,17 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, * \c mbedtls_chachapoly_setkey(). * * \param ctx The ChaCha20-Poly1305 context to use (holds the key). - * \param length The length (in bytes) of the data to decrypt. - * \param nonce The 96-bit (12 bytes) nonce/IV to use. + * \param length The length (in Bytes) of the data to decrypt. + * \param nonce The \c 96 Bit (\c 12 bytes) nonce/IV to use. * \param aad The buffer containing the additional authenticated data (AAD). - * This pointer can be NULL if aad_len == 0. + * This pointer can be \c NULL if `aad_len == 0`. * \param aad_len The length (in bytes) of the AAD data to process. * \param tag The buffer holding the authentication tag. + * This must be a readable buffer of length \c 16 Bytes. * \param input The buffer containing the data to decrypt. - * This pointer can be NULL if ilen == 0. + * This pointer can be \c NULL if `ilen == 0`. * \param output The buffer to where the decrypted data is written. - * This pointer can be NULL if ilen == 0. + * This pointer can be \c NULL if `ilen == 0`. * * \return \c 0 on success. * \return #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index 617958e11..05866a2da 100644 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -84,15 +84,18 @@ mbedtls_poly1305_context; * \c mbedtls_poly1305_finish(), then finally * \c mbedtls_poly1305_free(). * - * \param ctx The Poly1305 context to initialize. Must not be \c NULL. + * \param ctx The Poly1305 context to initialize. This must + * not be \c NULL. */ void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ); /** - * \brief This function releases and clears the specified Poly1305 context. + * \brief This function releases and clears the specified + * Poly1305 context. * - * \param ctx The Poly1305 context to clear. May be \c NULL, in which - * case this function is a no-op. + * \param ctx The Poly1305 context to clear. This may be \c NULL, in which + * case this function is a no-op. If it is not \c NULL, it must + * point to an initialized Poly1305 context. */ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ); @@ -103,8 +106,8 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ); * invocation of Poly1305. * * \param ctx The Poly1305 context to which the key should be bound. - * Must be initialized. - * \param key The buffer containing the 32-byte (256-bit) key. + * This must be initialized. + * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key. * * \return \c 0 on success. * \return A negative error code on failure. @@ -121,8 +124,8 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, * It can be called repeatedly to process a stream of data. * * \param ctx The Poly1305 context to use for the Poly1305 operation. - * Must be initialized. - * \param ilen The length of the input data (in bytes). + * This must be initialized and bound to a key. + * \param ilen The length of the input data in Bytes. * Any value is accepted. * \param input The buffer holding the input data. * This pointer can be \c NULL if `ilen == 0`. @@ -139,9 +142,9 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, * Authentication Code (MAC). * * \param ctx The Poly1305 context to use for the Poly1305 operation. - * Must be initialized. - * \param mac The buffer to where the MAC is written. Must be big enough - * to hold the 16-byte MAC. + * This must be initialized and bound to a key. + * \param mac The buffer to where the MAC is written. This must + * be a writable buffer of length \c 16 Bytes. * * \return \c 0 on success. * \return A negative error code on failure. @@ -156,13 +159,13 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, * \warning The key must be unique and unpredictable for each * invocation of Poly1305. * - * \param key The buffer containing the 32-byte (256-bit) key. - * \param ilen The length of the input data (in bytes). + * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key. + * \param ilen The length of the input data in Bytes. * Any value is accepted. * \param input The buffer holding the input data. * This pointer can be \c NULL if `ilen == 0`. - * \param mac The buffer to where the MAC is written. Must be big enough - * to hold the 16-byte MAC. + * \param mac The buffer to where the MAC is written. This must be + * a writable buffer of length \c 16 Bytes. * * \return \c 0 on success. * \return A negative error code on failure. From 686c9a0e8d3132b1d7c36fdd9e6e0829507bd022 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 15:33:14 +0000 Subject: [PATCH 221/415] Test SHA-512 parameter validation --- tests/suites/test_suite_shax.data | 6 +++ tests/suites/test_suite_shax.function | 56 +++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index ee8074dc0..6958a02cf 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -95,6 +95,12 @@ SHA-256 Test Vector NIST CAVS #7 depends_on:MBEDTLS_SHA256_C mbedtls_sha256:"8390cf0be07661cc7669aac54ce09a37733a629d45f5d983ef201f9b2d13800e555d9b1097fec3b783d7a50dcb5e2b644b96a1e9463f177cf34906bf388f366db5c2deee04a30e283f764a97c3b377a034fefc22c259214faa99babaff160ab0aaa7e2ccb0ce09c6b32fe08cbc474694375aba703fadbfa31cf685b30a11c57f3cf4edd321e57d3ae6ebb1133c8260e75b9224fa47a2bb205249add2e2e62f817491482ae152322be0900355cdcc8d42a98f82e961a0dc6f537b7b410eff105f59673bfb787bf042aa071f7af68d944d27371c64160fe9382772372516c230c1f45c0d6b6cca7f274b394da9402d3eafdf733994ec58ab22d71829a98399574d4b5908a447a5a681cb0dd50a31145311d92c22a16de1ead66a5499f2dceb4cae694772ce90762ef8336afec653aa9b1a1c4820b221136dfce80dce2ba920d88a530c9410d0a4e0358a3a11052e58dd73b0b179ef8f56fe3b5a2d117a73a0c38a1392b6938e9782e0d86456ee4884e3c39d4d75813f13633bc79baa07c0d2d555afbf207f52b7dca126d015aa2b9873b3eb065e90b9b065a5373fe1fb1b20d594327d19fba56cb81e7b6696605ffa56eba3c27a438697cc21b201fd7e09f18deea1b3ea2f0d1edc02df0e20396a145412cd6b13c32d2e605641c948b714aec30c0649dc44143511f35ab0fd5dd64c34d06fe86f3836dfe9edeb7f08cfc3bd40956826356242191f99f53473f32b0cc0cf9321d6c92a112e8db90b86ee9e87cc32d0343db01e32ce9eb782cb24efbbbeb440fe929e8f2bf8dfb1550a3a2e742e8b455a3e5730e9e6a7a9824d17acc0f72a7f67eae0f0970f8bde46dcdefaed3047cf807e7f00a42e5fd11d40f5e98533d7574425b7d2bc3b3845c443008b58980e768e464e17cc6f6b3939eee52f713963d07d8c4abf02448ef0b889c9671e2f8a436ddeeffcca7176e9bf9d1005ecd377f2fa67c23ed1f137e60bf46018a8bd613d038e883704fc26e798969df35ec7bbc6a4fe46d8910bd82fa3cded265d0a3b6d399e4251e4d8233daa21b5812fded6536198ff13aa5a1cd46a5b9a17a4ddc1d9f85544d1d1cc16f3df858038c8e071a11a7e157a85a6a8dc47e88d75e7009a8b26fdb73f33a2a70f1e0c259f8f9533b9b8f9af9288b7274f21baeec78d396f8bacdcc22471207d9b4efccd3fedc5c5a2214ff5e51c553f35e21ae696fe51e8df733a8e06f50f419e599e9f9e4b37ce643fc810faaa47989771509d69a110ac916261427026369a21263ac4460fb4f708f8ae28599856db7cb6a43ac8e03d64a9609807e76c5f312b9d1863bfa304e8953647648b4f4ab0ed995e":"4109cdbec3240ad74cc6c37f39300f70fede16e21efc77f7865998714aad0b5e" +SHA-512 Invalid parameters +sha512_invalid_param: + +SHA-512 Valid parameters +sha512_valid_param: + SHA-384 Test Vector NIST CAVS #1 depends_on:MBEDTLS_SHA512_C sha384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b" diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 147ae0e1f..a5a7b68d5 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -46,6 +46,62 @@ void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string ) } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ +void sha512_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_sha512_free( NULL ) ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void sha512_invalid_param( ) +{ + mbedtls_sha512_context ctx; + unsigned char buf[64] = { 0 }; + size_t const buflen = sizeof( buf ); + int valid_type = 0; + int invalid_type = 42; + + TEST_INVALID_PARAM( mbedtls_sha512_init( NULL ) ); + + TEST_INVALID_PARAM( mbedtls_sha512_clone( NULL, &ctx ) ); + TEST_INVALID_PARAM( mbedtls_sha512_clone( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + mbedtls_sha512_starts_ret( NULL, valid_type ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + mbedtls_sha512_starts_ret( &ctx, invalid_type ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + mbedtls_sha512_update_ret( NULL, buf, buflen ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + mbedtls_sha512_update_ret( &ctx, NULL, buflen ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + mbedtls_sha512_finish_ret( NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + mbedtls_sha512_finish_ret( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + mbedtls_internal_sha512_process( NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + mbedtls_internal_sha512_process( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + mbedtls_sha512_ret( NULL, buflen, + buf, valid_type ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + mbedtls_sha512_ret( buf, buflen, + NULL, valid_type ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + mbedtls_sha512_ret( buf, buflen, + buf, invalid_type ) ); + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */ void sha384( data_t * src_str, data_t * hex_hash_string ) { From 77886af63e6a8db9c64d0fad40a6a6a4213ac013 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 14:54:04 +0000 Subject: [PATCH 222/415] Improve SHA-256 documentation on parameter preconditions --- include/mbedtls/sha256.h | 110 +++++++++++++++++++-------------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 8d90ca01c..aac48b212 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -72,25 +72,24 @@ mbedtls_sha256_context; /** * \brief This function initializes a SHA-256 context. * - * \param ctx The SHA-256 context to initialize. - * Must not be \c NULL. + * \param ctx The SHA-256 context to initialize. This must not be \c NULL. */ void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); /** * \brief This function clears a SHA-256 context. * - * \param ctx The SHA-256 context to clear. + * \param ctx The SHA-256 context to clear. This may be \c NULL, in which + * case this function returns immediately. If it is not \c NULL, + * it must point to an initialized SHA-256 context. */ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); /** * \brief This function clones the state of a SHA-256 context. * - * \param dst The destination context. - * Must not be \c NULL. - * \param src The context to clone. - * Must not be \c NULL. + * \param dst The destination context. This must be initialized. + * \param src The context to clone. This must be initialized. */ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ); @@ -99,12 +98,12 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * \brief This function starts a SHA-224 or SHA-256 checksum * calculation. * - * \param ctx The context to initialize. - * Must not be \c NULL. - * \param is224 Determines which function to use: - * 0: Use SHA-256, or 1: Use SHA-224. + * \param ctx The context to use. This must be initialized. + * \param is224 This determines which function to use. This must be + * either \c 0 for SHA-256, or \c 1 for SHA-224. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); @@ -112,13 +111,14 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * \brief This function feeds an input buffer into an ongoing * SHA-256 checksum calculation. * - * \param ctx The SHA-256 context. - * Must not be \c NULL. - * \param input The buffer holding the data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. + * \param ctx The SHA-256 context. This must be initialized + * and have a hash operation started. + * \param input The buffer holding the data. This must be a readable + * buffer of length \p ilen Bytes. + * \param ilen The length of the input data \p input in Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, @@ -128,12 +128,13 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * \brief This function finishes the SHA-256 operation, and writes * the result to the output buffer. * - * \param ctx The SHA-256 context. - * Must not be \c NULL. + * \param ctx The SHA-256 context. This must be initialized + * and have a hash operation started. * \param output The SHA-224 or SHA-256 checksum result. - * Must not be \c NULL. + * This must be a writable buffer of length \c 32 Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ); @@ -143,12 +144,13 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, * the ongoing SHA-256 computation. This function is for * internal use only. * - * \param ctx The SHA-256 context. - * Must not be \c NULL. - * \param data The buffer holding one block of data. - * Must not be \c NULL. + * \param ctx The SHA-256 context. This must be initialized + * and have a hash operation started. + * \param data The buffer holding one block of data. This must + * be a readable buffer of length \c 64 Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); @@ -163,13 +165,11 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \brief This function starts a SHA-224 or SHA-256 checksum * calculation. * - * * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0. * - * \param ctx The context to initialize. - * Must not be \c NULL. - * \param is224 Determines which function to use: - * 0: Use SHA-256, or 1: Use SHA-224. + * \param ctx The context to use. This must be initialized. + * \param is224 Determines which function to use. This must be + * either \c 0 for SHA-256, or \c 1 for SHA-224. */ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); @@ -180,11 +180,11 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, * * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0. * - * \param ctx The SHA-256 context to initialize. - * Must not be \c NULL. - * \param input The buffer holding the data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. + * \param ctx The SHA-256 context to use. This must be + * initialized and have a hash operation started. + * \param input The buffer holding the data. This must be a readable + * buffer of length \p ilen Bytes. + * \param ilen The length of the input data \p input in Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, @@ -196,10 +196,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, * * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0. * - * \param ctx The SHA-256 context. - * Must not be \c NULL. - * \param output The SHA-224 or SHA-256 checksum result. - * Must not be \c NULL. + * \param ctx The SHA-256 context. This must be initialized and + * have a has hoperation started. + * \param output The SHA-224 or SHA-256 checksum result. This must be + * a writable buffer of length \c 32 Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); @@ -211,10 +211,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, * * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0. * - * \param ctx The SHA-256 context. - * Must not be \c NULL. - * \param data The buffer holding one block of data. - * Must not be \c NULL. + * \param ctx The SHA-256 context. This must be initialized and + * have a hash operation started. + * \param data The buffer holding one block of data. This must be + * a readable buffer of size \c 64 Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); @@ -232,13 +232,13 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, * The SHA-256 result is calculated as * output = SHA-256(input buffer). * - * \param input The buffer holding the input data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. - * \param output The SHA-224 or SHA-256 checksum result. - * Must not be \c NULL. - * \param is224 Determines which function to use: - * 0: Use SHA-256, or 1: Use SHA-224. + * \param input The buffer holding the data. This must be a readable + * buffer of length \p ilen Bytes. + * \param ilen The length of the input data \p input in Bytes. + * \param output The SHA-224 or SHA-256 checksum result. This must + * be a writable buffer of length \c 32 Bytes. + * \param is224 Determines which function to use. This must be + * either \c 0 for SHA-256, or \c 1 for SHA-224. */ int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, @@ -264,13 +264,13 @@ int mbedtls_sha256_ret( const unsigned char *input, * * \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0. * - * \param input The buffer holding the data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. - * \param output The SHA-224 or SHA-256 checksum result. - * Must not be \c NULL. - * \param is224 Determines which function to use: - * 0: Use SHA-256, or 1: Use SHA-224. + * \param input The buffer holding the data. This must be a readable + * buffer of length \p ilen Bytes. + * \param ilen The length of the input data \p input in Bytes. + * \param output The SHA-224 or SHA-256 checksum result. This must be + * a writable buffer of length \c 32 Bytes. + * \param is224 Determines which function to use. This must be eithern + * \c 0 for SHA-256, or \c 1 for SHA-224. */ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, size_t ilen, From 36beb04fd5a44e7ed39bc644c0e1bd2d5609eb95 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 14:58:02 +0000 Subject: [PATCH 223/415] Add tests or SHA-256 parameter validation --- tests/suites/test_suite_shax.data | 6 +++ tests/suites/test_suite_shax.function | 56 +++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index ee8074dc0..a4c75e5be 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -39,6 +39,12 @@ SHA-1 Test Vector NIST CAVS #10 depends_on:MBEDTLS_SHA1_C mbedtls_sha1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af" +SHA-256 Valid parameters +sha256_valid_param: + +SHA-256 Invalid parameters +sha256_invalid_param: + SHA-224 Test Vector NIST CAVS #1 depends_on:MBEDTLS_SHA256_C sha224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 147ae0e1f..1d646d124 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -18,6 +18,62 @@ void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string ) } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ +void sha256_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_sha256_free( NULL ) ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void sha256_invalid_param( ) +{ + mbedtls_sha256_context ctx; + unsigned char buf[64] = { 0 }; + size_t const buflen = sizeof( buf ); + int valid_type = 0; + int invalid_type = 42; + + TEST_INVALID_PARAM( mbedtls_sha256_init( NULL ) ); + + TEST_INVALID_PARAM( mbedtls_sha256_clone( NULL, &ctx ) ); + TEST_INVALID_PARAM( mbedtls_sha256_clone( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_starts_ret( NULL, valid_type ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_starts_ret( &ctx, invalid_type ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_update_ret( NULL, buf, buflen ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_update_ret( &ctx, NULL, buflen ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_finish_ret( NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_finish_ret( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_internal_sha256_process( NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_internal_sha256_process( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_ret( NULL, buflen, + buf, valid_type ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_ret( buf, buflen, + NULL, valid_type ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_ret( buf, buflen, + buf, invalid_type ) ); + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ void sha224( data_t * src_str, data_t * hex_hash_string ) { From 230b4f415926c608e898b4b5879e278b8ecb90a1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 14:58:32 +0000 Subject: [PATCH 224/415] Fix definition of MBEDTLS_SHA256_VALIDATE[_RET] in sha256.c --- library/sha256.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 2f1968530..5092091e6 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -75,8 +75,8 @@ do { \ #endif #define MBEDTLS_SHA256_VALIDATE_RET(cond) \ - MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, cond ) -#define MBEDTLS_SHA256_VALIDATE(cond) MBEDTLS_VALIDATE( cond ) + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) +#define MBEDTLS_SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { From 596e014a06d9b3c9e3ad86231e1eb8c713b73bb3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 15:00:38 +0000 Subject: [PATCH 225/415] Add validation is `is224` argument in mbedtls_sha256_starts_ret() --- library/sha256.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 5092091e6..8df4fb1e7 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -107,7 +107,8 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, */ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) { - MBEDTLS_SHA256_VALIDATE( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); ctx->total[0] = 0; ctx->total[1] = 0; @@ -277,12 +278,12 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, size_t fill; uint32_t left; + MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); + if( ilen == 0 ) return( 0 ); - MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( input != NULL ); - left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -415,6 +416,7 @@ int mbedtls_sha256_ret( const unsigned char *input, int ret; mbedtls_sha256_context ctx; + MBEDTLS_SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); From fc2a0b2e6721f8d6eedf6c6a9bbc7a31a1179ea6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 16:31:48 +0000 Subject: [PATCH 226/415] Minor SHA-256 documentation improvement --- include/mbedtls/sha256.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index aac48b212..ce14d85ee 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -115,7 +115,7 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * and have a hash operation started. * \param input The buffer holding the data. This must be a readable * buffer of length \p ilen Bytes. - * \param ilen The length of the input data \p input in Bytes. + * \param ilen The length of the input data in Bytes. * * \return \c 0 on success. * \return A negative error code on failure. @@ -184,7 +184,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, * initialized and have a hash operation started. * \param input The buffer holding the data. This must be a readable * buffer of length \p ilen Bytes. - * \param ilen The length of the input data \p input in Bytes. + * \param ilen The length of the input data in Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, @@ -197,7 +197,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0. * * \param ctx The SHA-256 context. This must be initialized and - * have a has hoperation started. + * have a hash operation started. * \param output The SHA-224 or SHA-256 checksum result. This must be * a writable buffer of length \c 32 Bytes. */ @@ -234,7 +234,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, * * \param input The buffer holding the data. This must be a readable * buffer of length \p ilen Bytes. - * \param ilen The length of the input data \p input in Bytes. + * \param ilen The length of the input data in Bytes. * \param output The SHA-224 or SHA-256 checksum result. This must * be a writable buffer of length \c 32 Bytes. * \param is224 Determines which function to use. This must be @@ -266,10 +266,10 @@ int mbedtls_sha256_ret( const unsigned char *input, * * \param input The buffer holding the data. This must be a readable * buffer of length \p ilen Bytes. - * \param ilen The length of the input data \p input in Bytes. + * \param ilen The length of the input data in Bytes. * \param output The SHA-224 or SHA-256 checksum result. This must be * a writable buffer of length \c 32 Bytes. - * \param is224 Determines which function to use. This must be eithern + * \param is224 Determines which function to use. This must be either * \c 0 for SHA-256, or \c 1 for SHA-224. */ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, From ca6f4585c726766d24c4368de26daa1364b30f39 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 15:37:22 +0000 Subject: [PATCH 227/415] Fix parameter validation in SHA-512 module --- include/mbedtls/sha512.h | 17 +++++++---------- library/sha512.c | 12 +++++++----- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 93f9646ea..bf40e4b04 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -116,8 +116,7 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); * and have a hash operation started. * \param input The buffer holding the input data. This must * be a readable buffer of length \p ilen Bytes. - * It must not be \c NULL. - * \param ilen The length of the input data \p input in Bytes. + * \param ilen The length of the input data in Bytes. * * \return \c 0 on success. * \return A negative error code on failure. @@ -184,8 +183,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, * \param ctx The SHA-512 context. This must be initialized * and have a hash operation started. * \param input The buffer holding the data. This must be a readable - * buffer of length \p ilen Bytes. It must not be \c NULL. - * \param ilen The length of the input data \p input in Bytes. + * buffer of length \p ilen Bytes. + * \param ilen The length of the input data in Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, @@ -235,9 +234,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process( * output = SHA-512(input buffer). * * \param input The buffer holding the input data. This must be - * a readable buffer of length \p ilen Bytes. It - * must not be \c NULL. - * \param ilen The length of the input data \p input in Bytes. + * a readable buffer of length \p ilen Bytes. + * \param ilen The length of the input data in Bytes. * \param output The SHA-384 or SHA-512 checksum result. * This must be a writable buffer of length \c 64 Bytes. * \param is384 Determines which function to use. This must be either @@ -270,9 +268,8 @@ int mbedtls_sha512_ret( const unsigned char *input, * \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0 * * \param input The buffer holding the data. This must be a - * readable buffer of length \p ilen Bytes. It - * must not be \c NULL. - * \param ilen The length of the input data \p input in Bytes. + * readable buffer of length \p ilen Bytes. + * \param ilen The length of the input data in Bytes. * \param output The SHA-384 or SHA-512 checksum result. This must * be a writable buffer of length \c 64 Bytes. * \param is384 Determines which function to use. This must be eiher diff --git a/library/sha512.c b/library/sha512.c index 7a99170c9..8260f32a6 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -89,8 +89,8 @@ #endif /* PUT_UINT64_BE */ #define MBEDTLS_SHA512_VALIDATE_RET(cond) \ - MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, cond ) -#define MBEDTLS_SHA512_VALIDATE(cond) MBEDTLS_VALIDATE( cond ) + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA ) +#define MBEDTLS_SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) { @@ -122,6 +122,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) { MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); ctx->total[0] = 0; ctx->total[1] = 0; @@ -308,12 +309,12 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, size_t fill; unsigned int left; + MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); + if( ilen == 0 ) return( 0 ); - MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA512_VALIDATE_RET( input != NULL ); - left = (unsigned int) (ctx->total[0] & 0x7F); fill = 128 - left; @@ -447,6 +448,7 @@ int mbedtls_sha512_ret( const unsigned char *input, int ret; mbedtls_sha512_context ctx; + MBEDTLS_SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); MBEDTLS_SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); From 4fbd4bf442467c57d03f7340948a6d374634227d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 16:37:43 +0000 Subject: [PATCH 228/415] Fix guard in SHA-512 tests --- tests/suites/test_suite_shax.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index a5a7b68d5..ead6d9e31 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -46,7 +46,7 @@ void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */ void sha512_valid_param( ) { TEST_VALID_PARAM( mbedtls_sha512_free( NULL ) ); From 6c5c45f40079bc988f1b4b620757cfd606ec8173 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 19:38:01 +0000 Subject: [PATCH 229/415] Document parameter preconditions in DHM module --- include/mbedtls/dhm.h | 158 ++++++++++++++++++++++++++---------------- 1 file changed, 97 insertions(+), 61 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 8e2d0208d..6af7a8ff4 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -127,9 +127,15 @@ mbedtls_dhm_context; void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); /** - * \brief This function parses the ServerKeyExchange parameters. + * \brief This function parses the DHM parameters in a + * TLS ServerKeyExchange handshake message + * (DHM modulus, generator, and public key). * - * \param ctx The DHM context. + * \note In a TLS handshake, this is the how the client + * sets up its DHM context from the server's public + * DHM key material. + * + * \param ctx The DHM context to use. This must be initialized. * \param p On input, *p must be the start of the input buffer. * On output, *p is updated to point to the end of the data * that has been read. On success, this is the first byte @@ -143,31 +149,37 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, - unsigned char **p, - const unsigned char *end ); + unsigned char **p, + const unsigned char *end ); /** - * \brief This function sets up and writes the ServerKeyExchange - * parameters. + * \brief This function generates a DHM key pair and exports its + * public part together with the DHM parameters in the format + * used in a TLS ServerKeyExchange handshake message. * - * \note The destination buffer must be large enough to hold - * the reduced binary presentation of the modulus, the generator - * and the public key, each wrapped with a 2-byte length field. - * It is the responsibility of the caller to ensure that enough - * space is available. Refer to \c mbedtls_mpi_size to computing - * the byte-size of an MPI. - * - * \note This function assumes that \c ctx->P and \c ctx->G - * have already been properly set. For that, use + * \note This function assumes that the DHM parameters \c ctx->P + * and \c ctx->G have already been properly set. For that, use * mbedtls_dhm_set_group() below in conjunction with * mbedtls_mpi_read_binary() and mbedtls_mpi_read_string(). * - * \param ctx The DHM context. + * \note In a TLS handshake, this is the how the server generates + * and exports its DHM key material. + * + * \param ctx The DHM context to use. This must be initialized + * and have the DHM parameters set. It may or may not + * already have imported the peer's public key. * \param x_size The private key size in Bytes. - * \param olen The number of characters written. - * \param output The destination buffer. - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * \param olen The address at which to store the number of Bytes + * written on success. This must not be \c NULL. + * \param output The destination buffer. This must be a writable buffer of + * sufficient size to hold the reduced binary presentation of + * the modulus, the generator and the public key, each wrapped + * with a 2-byte length field. It is the responsibility of the + * caller to ensure that enough space is available. Refer to + * mbedtls_mpi_size() to computing the byte-size of an MPI. + * \param f_rng The RNG function. Must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng doesn't need a context parameter. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. @@ -180,12 +192,14 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, /** * \brief This function sets the prime modulus and generator. * - * \note This function can be used to set \p P, \p G + * \note This function can be used to set \c ctx->P, \c ctx->G * in preparation for mbedtls_dhm_make_params(). * - * \param ctx The DHM context. - * \param P The MPI holding the DHM prime modulus. - * \param G The MPI holding the DHM generator. + * \param ctx The DHM context to configure. This must be initialized. + * \param P The MPI holding the DHM prime modulus. This must be + * an initialized MPI. + * \param G The MPI holding the DHM generator. This must be an + * initialized MPI. * * \return \c 0 if successful. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. @@ -195,11 +209,17 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, const mbedtls_mpi *G ); /** - * \brief This function imports the public value of the peer, G^Y. + * \brief This function imports the raw public value of the peer. * - * \param ctx The DHM context. - * \param input The input buffer containing the G^Y value of the peer. - * \param ilen The size of the input buffer. + * \note In a TLS handshake, this is the how the server imports + * the Client's public DHM key. + * + * \param ctx The DHM context to use. This must be initialized and have + * its DHM parameters set, e.g. via mbedtls_dhm_set_group(). + * It may or may not already have generated its own private key. + * \param input The input buffer containing the \c G^Y value of the peer. + * This must be a readable buffer of size \p ilen Bytes. + * \param ilen The size of the input buffer \p input in Bytes. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. @@ -208,21 +228,25 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen ); /** - * \brief This function creates its own private key, \c X, and - * exports \c G^X. + * \brief This function creates a DHM key pair and exports + * the raw public key in big-endian format. * * \note The destination buffer is always fully written * so as to contain a big-endian representation of G^X mod P. - * If it is larger than ctx->len, it is padded accordingly + * If it is larger than \c ctx->len, it is padded accordingly * with zero-bytes at the beginning. * - * \param ctx The DHM context. + * \param ctx The DHM context to use. This must be initialized and + * have the DHM parameters set. It may or may not already + * have imported the peer's public key. * \param x_size The private key size in Bytes. - * \param output The destination buffer. - * \param olen The length of the destination buffer. Must be at least - * equal to ctx->len (the size of \c P). - * \param f_rng The RNG function. - * \param p_rng The RNG context. + * \param output The destination buffer. This must be a writable buffer of + * size \p olen Bytes. + * \param olen The length of the destination buffer. This must be at least + * equal to `ctx->len` (the size of \c P). + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL + * if \p f_rng doesn't need a context argument. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. @@ -233,22 +257,27 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, void *p_rng ); /** - * \brief This function derives and exports the shared secret - * \c (G^Y)^X mod \c P. + * \brief This function derives and exports the shared secret + * \c (G^Y)^X mod \c P. * - * \note If \p f_rng is not NULL, it is used to blind the input as - * a countermeasure against timing attacks. Blinding is used - * only if our private key \c X is re-used, and not used - * otherwise. We recommend always passing a non-NULL - * \p f_rng argument. + * \note If \p f_rng is not \c NULL, it is used to blind the input as + * a countermeasure against timing attacks. Blinding is used + * only if our private key \c X is re-used, and not used + * otherwise. We recommend always passing a non-NULL + * \p f_rng argument. * - * \param ctx The DHM context. - * \param output The destination buffer. - * \param output_size The size of the destination buffer. Must be at least - * the size of ctx->len (the size of \c P). + * \param ctx The DHM context to use. This must be initialized + * and have its own private key generated and the peer's + * public key imported. + * \param output The buffer to write the generated shared key to. This + * must be a writable buffer of size \p output_size Bytes. + * \param output_size The size of the destination buffer. This must be at + * least the size of \c ctx->len (the size of \c P). * \param olen On exit, holds the actual number of Bytes written. - * \param f_rng The RNG function, for blinding purposes. - * \param p_rng The RNG context. + * \param f_rng The RNG function, for blinding purposes. This may + * b \c NULL if blinding isn't needed. + * \param p_rng The RNG context. This may be \c NULL if \p f_rng + * doesn't need a context argument. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. @@ -259,9 +288,12 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, void *p_rng ); /** - * \brief This function frees and clears the components of a DHM context. + * \brief This function frees and clears the components + * of a DHM context. * - * \param ctx The DHM context to free and clear. + * \param ctx The DHM context to free and clear. This may be \c NULL, + * in which case this function is a no-op. If it is not \c NULL, + * it must point to an initialized DHM context. */ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); @@ -270,17 +302,19 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); /** * \brief This function parses DHM parameters in PEM or DER format. * - * \param dhm The DHM context to initialize. - * \param dhmin The input buffer. - * \param dhminlen The size of the buffer, including the terminating null - * Byte for PEM data. + * \param dhm The DHM context to import the DHM parameters into. + * This must be initialized. + * \param dhmin The input buffer. This must be a readable buffer of + * length \p dhminlen Bytes. + * \param dhminlen The size of the input buffer \p dhmin, including the + * terminating \c NULL Byte for PEM data. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code - * error code on failure. + * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error + * code on failure. */ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, - size_t dhminlen ); + size_t dhminlen ); #if defined(MBEDTLS_FS_IO) /** \ingroup x509_module */ @@ -288,11 +322,13 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, * \brief This function loads and parses DHM parameters from a file. * * \param dhm The DHM context to load the parameters to. + * This must be initialized. * \param path The filename to read the DHM parameters from. + * This must not be \c NULL. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code - * error code on failure. + * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX + * error code on failure. */ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ From 5c14ed6f86e8861634a32b490013b00a483e4534 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 19:44:47 +0000 Subject: [PATCH 230/415] Implement parameter validation for DHM module --- library/dhm.c | 44 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/library/dhm.c b/library/dhm.c index 82cbb0ce8..2ec8bb74f 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -60,6 +60,11 @@ #if !defined(MBEDTLS_DHM_ALT) +#define DHM_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA ) +#define DHM_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + /* * helper to validate the mbedtls_mpi size and import it */ @@ -103,6 +108,7 @@ static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P ) mbedtls_mpi L, U; int ret = 0; + mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) ); @@ -121,6 +127,7 @@ cleanup: void mbedtls_dhm_init( mbedtls_dhm_context *ctx ) { + DHM_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_dhm_context ) ); } @@ -132,6 +139,9 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, const unsigned char *end ) { int ret; + DHM_VALIDATE_RET( ctx != NULL ); + DHM_VALIDATE_RET( p != NULL && *p != NULL ); + DHM_VALIDATE_RET( end != NULL ); if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 || ( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 || @@ -157,6 +167,10 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, int ret, count = 0; size_t n1, n2, n3; unsigned char *p; + DHM_VALIDATE_RET( ctx != NULL ); + DHM_VALIDATE_RET( output != NULL ); + DHM_VALIDATE_RET( olen != NULL ); + DHM_VALIDATE_RET( f_rng != NULL ); if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); @@ -227,9 +241,9 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, const mbedtls_mpi *G ) { int ret; - - if( ctx == NULL || P == NULL || G == NULL ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + DHM_VALIDATE_RET( ctx != NULL ); + DHM_VALIDATE_RET( P != NULL ); + DHM_VALIDATE_RET( G != NULL ); if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 || ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 ) @@ -248,8 +262,10 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen ) { int ret; + DHM_VALIDATE_RET( ctx != NULL ); + DHM_VALIDATE_RET( input != NULL ); - if( ctx == NULL || ilen < 1 || ilen > ctx->len ) + if( ilen < 1 || ilen > ctx->len ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 ) @@ -267,8 +283,11 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, void *p_rng ) { int ret, count = 0; + DHM_VALIDATE_RET( ctx != NULL ); + DHM_VALIDATE_RET( output != NULL ); + DHM_VALIDATE_RET( f_rng != NULL ); - if( ctx == NULL || olen < 1 || olen > ctx->len ) + if( olen < 1 || olen > ctx->len ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ) @@ -380,8 +399,11 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, { int ret; mbedtls_mpi GYb; + DHM_VALIDATE_RET( ctx != NULL ); + DHM_VALIDATE_RET( output != NULL ); + DHM_VALIDATE_RET( olen != NULL ); - if( ctx == NULL || output_size < ctx->len ) + if( output_size < ctx->len ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 ) @@ -428,6 +450,9 @@ cleanup: */ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) { + if( ctx == NULL ) + return; + mbedtls_mpi_free( &ctx->pX ); mbedtls_mpi_free( &ctx->Vf ); mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY ); @@ -449,7 +474,12 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, unsigned char *p, *end; #if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_context pem; +#endif /* MBEDTLS_PEM_PARSE_C */ + DHM_VALIDATE_RET( dhm != NULL ); + DHM_VALIDATE_RET( dhmin != NULL ); + +#if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_init( &pem ); /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ @@ -596,6 +626,8 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) int ret; size_t n; unsigned char *buf; + DHM_VALIDATE_RET( dhm != NULL ); + DHM_VALIDATE_RET( path != NULL ); if( ( ret = load_file( path, &buf, &n ) ) != 0 ) return( ret ); From 8c8a93c5749b78418c9d22353ffcf135018a54f9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 21:10:46 +0000 Subject: [PATCH 231/415] Test parameter validation for DHM module --- tests/suites/test_suite_dhm.data | 3 + tests/suites/test_suite_dhm.function | 106 +++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data index 734fd97ac..edebce087 100644 --- a/tests/suites/test_suite_dhm.data +++ b/tests/suites/test_suite_dhm.data @@ -1,3 +1,6 @@ +Diffie-Hellman parameter validation +dhm_invalid_params: + Diffie-Hellman full exchange #1 dhm_do_dhm:10:"23":10:"5":0 diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index 9a4c99c9a..dad6be1e2 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -7,6 +7,112 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void dhm_invalid_params( ) +{ + mbedtls_dhm_context ctx; + unsigned char buf[42] = { 0 }; + unsigned char *buf_null = NULL; + mbedtls_mpi X; + size_t len; + + TEST_INVALID_PARAM( mbedtls_dhm_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_dhm_free( NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_read_params( NULL, + (unsigned char**) &buf, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_read_params( &ctx, &buf_null, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_read_params( &ctx, NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_read_params( &ctx, + (unsigned char**) &buf, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_make_params( NULL, 42, + buf, &len, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_make_params( &ctx, 42, + NULL, &len, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_make_params( &ctx, 42, + buf, NULL, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_make_params( &ctx, 42, + buf, &len, + NULL, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_set_group( NULL, &X, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_set_group( &ctx, NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_set_group( &ctx, &X, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_read_public( NULL, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_read_public( &ctx, NULL, 42 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_make_public( NULL, 42, + buf, 42, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_make_public( &ctx, 42, + NULL, 42, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_make_public( &ctx, 42, + buf, 42, + NULL, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_calc_secret( NULL, buf, 42, + &len, rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_calc_secret( &ctx, NULL, 42, + &len, rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_calc_secret( &ctx, buf, 42, + NULL, rnd_std_rand, + NULL ) ); + +#if defined(MBEDTLS_ASN1_PARSE_C) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_parse_dhm( NULL, buf, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_parse_dhm( &ctx, NULL, 42 ) ); + +#if defined(MBEDTLS_FS_IO) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_parse_dhmfile( NULL, "" ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, + mbedtls_dhm_parse_dhmfile( &ctx, NULL ) ); +#endif /* MBEDTLS_FS_IO */ +#endif /* MBEDTLS_ASN1_PARSE_C */ + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE */ void dhm_do_dhm( int radix_P, char *input_P, int radix_G, char *input_G, int result ) From adc9b178ca4c550bbe754c6a5b733ee148e4ad66 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 09:34:36 +0000 Subject: [PATCH 232/415] Minor improvements to DHM module --- library/dhm.c | 1 - tests/suites/test_suite_dhm.function | 35 ++++++++++++++-------------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/library/dhm.c b/library/dhm.c index 2ec8bb74f..ee28572f1 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -108,7 +108,6 @@ static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P ) mbedtls_mpi L, U; int ret = 0; - mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) ); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index dad6be1e2..8a05a38df 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -14,6 +14,7 @@ void dhm_invalid_params( ) unsigned char buf[42] = { 0 }; unsigned char *buf_null = NULL; mbedtls_mpi X; + size_t const buflen = sizeof( buf ); size_t len; TEST_INVALID_PARAM( mbedtls_dhm_init( NULL ) ); @@ -33,22 +34,22 @@ void dhm_invalid_params( ) NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_params( NULL, 42, + mbedtls_dhm_make_params( NULL, buflen, buf, &len, rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_params( &ctx, 42, + mbedtls_dhm_make_params( &ctx, buflen, NULL, &len, rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_params( &ctx, 42, + mbedtls_dhm_make_params( &ctx, buflen, buf, NULL, rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_params( &ctx, 42, + mbedtls_dhm_make_params( &ctx, buflen, buf, &len, NULL, NULL ) ); @@ -61,44 +62,44 @@ void dhm_invalid_params( ) mbedtls_dhm_set_group( &ctx, &X, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_read_public( NULL, buf, 42 ) ); + mbedtls_dhm_read_public( NULL, buf, buflen ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_read_public( &ctx, NULL, 42 ) ); + mbedtls_dhm_read_public( &ctx, NULL, buflen ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_public( NULL, 42, - buf, 42, + mbedtls_dhm_make_public( NULL, buflen, + buf, buflen, rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_public( &ctx, 42, - NULL, 42, + mbedtls_dhm_make_public( &ctx, buflen, + NULL, buflen, rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_public( &ctx, 42, - buf, 42, + mbedtls_dhm_make_public( &ctx, buflen, + buf, buflen, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( NULL, buf, 42, + mbedtls_dhm_calc_secret( NULL, buf, buflen, &len, rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( &ctx, NULL, 42, + mbedtls_dhm_calc_secret( &ctx, NULL, buflen, &len, rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( &ctx, buf, 42, + mbedtls_dhm_calc_secret( &ctx, buf, buflen, NULL, rnd_std_rand, NULL ) ); #if defined(MBEDTLS_ASN1_PARSE_C) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_parse_dhm( NULL, buf, 42 ) ); + mbedtls_dhm_parse_dhm( NULL, buf, buflen ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_parse_dhm( &ctx, NULL, 42 ) ); + mbedtls_dhm_parse_dhm( &ctx, NULL, buflen ) ); #if defined(MBEDTLS_FS_IO) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, From 9171c6e9ec495a6b33437cd148ccd00da2860f7f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 15:42:53 +0000 Subject: [PATCH 233/415] Leave behaviour on NULL buffers to SHA-1 unspecified for now We deal correctly with NULL being passed alongside a zero length argument, but don't have tests for it, so we shouldn't promise that it works. --- include/mbedtls/sha1.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 801759af3..0979dc0e3 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -141,7 +141,6 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); * and have a hash operation started. * \param input The buffer holding the input data. * This must be a readable buffer of length \p ilen Bytes. - * It may be \c NULL if \p ilen is zero. * \param ilen The length of the input data \p input in Bytes. * * \return \c 0 on success. @@ -224,7 +223,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); * have a hash operation started. * \param input The buffer holding the input data. * This must be a readable buffer of length \p ilen Bytes. - * It may be \c NULL if \p ilen is zero. * \param ilen The length of the input data \p input in Bytes. * */ @@ -286,7 +284,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, * * \param input The buffer holding the input data. * This must be a readable buffer of length \p ilen Bytes. - * It may be \c NULL if \p ilen is zero. * \param ilen The length of the input data \p input in Bytes. * \param output The SHA-1 checksum result. * This must be a writable buffer of length \c 20 Bytes. @@ -322,7 +319,6 @@ int mbedtls_sha1_ret( const unsigned char *input, * * \param input The buffer holding the input data. * This must be a readable buffer of length \p ilen Bytes. - * It may be \c NULL if \p ilen is zero. * \param ilen The length of the input data \p input in Bytes. * \param output The SHA-1 checksum result. This must be a writable * buffer of size \c 20 Bytes. From d22df58a56f9e97b7f3341fd0f97ff64ac125cf0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 16:39:45 +0000 Subject: [PATCH 234/415] Add missing guards around SHA-1 tests --- tests/suites/test_suite_shax.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 263759d29..c035ae971 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -4,14 +4,14 @@ #include "mbedtls/sha512.h" /* END_HEADER */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */ void sha1_valid_param( ) { TEST_VALID_PARAM( mbedtls_sha1_free( NULL ) ); } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void sha1_invalid_param( ) { mbedtls_sha1_context ctx; From 2f660d047dd60ac68ebe6c8d4da0d141403b6d71 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 17:04:59 +0000 Subject: [PATCH 235/415] Forbid passing NULL input buffers to RSA encryption routines --- include/mbedtls/rsa.h | 9 +++------ library/rsa.c | 6 +++--- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 5171fc971..bec74a9ce 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -601,8 +601,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable - * buffer of size \p ilen Bytes. It may be \c NULL if - * `ilen == 0`. + * buffer of size \p ilen Bytes. This must not be \c NULL. * \param output The output buffer. This must be a writable buffer * of length \c ctx->len Bytes. For example, \c 256 Bytes * for an 2048-bit RSA modulus. @@ -642,8 +641,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable - * buffer of size \p ilen Bytes. It may be \c NULL if - * `ilen == 0`. + * buffer of size \p ilen Bytes. This must not be \c NULL. * \param output The output buffer. This must be a writable buffer * of length \c ctx->len Bytes. For example, \c 256 Bytes * for an 2048-bit RSA modulus. @@ -687,8 +685,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \param label_len The length of the label in Bytes. * \param ilen The length of the plaintext buffer \p input in Bytes. * \param input The input data to encrypt. This must be a readable - * buffer of size \p ilen Bytes. It may be \c NULL if - * `ilen == 0`. + * buffer of size \p ilen Bytes. This must not be \c NULL. * \param output The output buffer. This must be a writable buffer * of length \c ctx->len Bytes. For example, \c 256 Bytes * for an 2048-bit RSA modulus. diff --git a/library/rsa.c b/library/rsa.c index 154738ff7..86bec64c9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1135,7 +1135,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); + RSA_VALIDATE_RET( input != NULL ); RSA_VALIDATE_RET( label_len == 0 || label != NULL ); if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) @@ -1218,7 +1218,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); + RSA_VALIDATE_RET( input != NULL ); if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1285,7 +1285,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); + RSA_VALIDATE_RET( input != NULL ); switch( ctx->padding ) { From 039ccab243801744e67c3d52b30c8dcdfaabacec Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 17:52:14 +0000 Subject: [PATCH 236/415] Don't declare MBEDTLS-namespace macros in sha1.c --- library/sha1.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/library/sha1.c b/library/sha1.c index 0eaedcfe6..8863ea385 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -71,14 +71,14 @@ } #endif -#define MBEDTLS_SHA1_VALIDATE_RET(cond) \ +#define SHA1_VALIDATE_RET(cond) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA ) -#define MBEDTLS_SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) +#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) { - MBEDTLS_SHA1_VALIDATE( ctx != NULL ); + SHA1_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); } @@ -94,8 +94,8 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) void mbedtls_sha1_clone( mbedtls_sha1_context *dst, const mbedtls_sha1_context *src ) { - MBEDTLS_SHA1_VALIDATE( dst != NULL ); - MBEDTLS_SHA1_VALIDATE( src != NULL ); + SHA1_VALIDATE( dst != NULL ); + SHA1_VALIDATE( src != NULL ); *dst = *src; } @@ -105,7 +105,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, */ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) { - MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL ); + SHA1_VALIDATE_RET( ctx != NULL ); ctx->total[0] = 0; ctx->total[1] = 0; @@ -132,8 +132,8 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, { uint32_t temp, W[16], A, B, C, D, E; - MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA1_VALIDATE_RET( (const unsigned char *)data != NULL ); + SHA1_VALIDATE_RET( ctx != NULL ); + SHA1_VALIDATE_RET( (const unsigned char *)data != NULL ); GET_UINT32_BE( W[ 0], data, 0 ); GET_UINT32_BE( W[ 1], data, 4 ); @@ -309,8 +309,8 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, size_t fill; uint32_t left; - MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA1_VALIDATE_RET( ctx != NULL ); + SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); if( ilen == 0 ) return( 0 ); @@ -370,8 +370,8 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, uint32_t used; uint32_t high, low; - MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA1_VALIDATE_RET( ctx != NULL ); + SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length @@ -441,8 +441,8 @@ int mbedtls_sha1_ret( const unsigned char *input, int ret; mbedtls_sha1_context ctx; - MBEDTLS_SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); - MBEDTLS_SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); mbedtls_sha1_init( &ctx ); From 8d215e713012b2c0ffb2dfa0f93f9974ac223280 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 17:53:21 +0000 Subject: [PATCH 237/415] Don't define MBEDTLS-namespace macros in sha256.c --- library/sha256.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 8df4fb1e7..9967d52f6 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -74,13 +74,13 @@ do { \ } while( 0 ) #endif -#define MBEDTLS_SHA256_VALIDATE_RET(cond) \ +#define SHA256_VALIDATE_RET(cond) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) -#define MBEDTLS_SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) +#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { - MBEDTLS_SHA256_VALIDATE( ctx != NULL ); + SHA256_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); } @@ -96,8 +96,8 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ) { - MBEDTLS_SHA256_VALIDATE( dst != NULL ); - MBEDTLS_SHA256_VALIDATE( src != NULL ); + SHA256_VALIDATE( dst != NULL ); + SHA256_VALIDATE( src != NULL ); *dst = *src; } @@ -107,8 +107,8 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, */ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) { - MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); + SHA256_VALIDATE_RET( ctx != NULL ); + SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); ctx->total[0] = 0; ctx->total[1] = 0; @@ -204,8 +204,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, uint32_t A[8]; unsigned int i; - MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( (const unsigned char *)data != NULL ); + SHA256_VALIDATE_RET( ctx != NULL ); + SHA256_VALIDATE_RET( (const unsigned char *)data != NULL ); for( i = 0; i < 8; i++ ) A[i] = ctx->state[i]; @@ -278,8 +278,8 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, size_t fill; uint32_t left; - MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA256_VALIDATE_RET( ctx != NULL ); + SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); if( ilen == 0 ) return( 0 ); @@ -339,8 +339,8 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, uint32_t used; uint32_t high, low; - MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA256_VALIDATE_RET( ctx != NULL ); + SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length @@ -416,9 +416,9 @@ int mbedtls_sha256_ret( const unsigned char *input, int ret; mbedtls_sha256_context ctx; - MBEDTLS_SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); - MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); + SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); mbedtls_sha256_init( &ctx ); From 38e15d49f359e27a633d642920e789f9a0663d3b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 17:54:00 +0000 Subject: [PATCH 238/415] Don't declare MBEDTLS-namespace identifiers in sha512.c --- library/sha512.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/library/sha512.c b/library/sha512.c index 8260f32a6..e7b2c5093 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -88,13 +88,13 @@ } #endif /* PUT_UINT64_BE */ -#define MBEDTLS_SHA512_VALIDATE_RET(cond) \ +#define SHA512_VALIDATE_RET(cond) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA ) -#define MBEDTLS_SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) +#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) { - MBEDTLS_SHA512_VALIDATE( ctx != NULL ); + SHA512_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); } @@ -110,8 +110,8 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) void mbedtls_sha512_clone( mbedtls_sha512_context *dst, const mbedtls_sha512_context *src ) { - MBEDTLS_SHA512_VALIDATE( dst != NULL ); - MBEDTLS_SHA512_VALIDATE( src != NULL ); + SHA512_VALIDATE( dst != NULL ); + SHA512_VALIDATE( src != NULL ); *dst = *src; } @@ -121,8 +121,8 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, */ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) { - MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); + SHA512_VALIDATE_RET( ctx != NULL ); + SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); ctx->total[0] = 0; ctx->total[1] = 0; @@ -221,8 +221,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, uint64_t temp1, temp2, W[80]; uint64_t A, B, C, D, E, F, G, H; - MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA512_VALIDATE_RET( (const unsigned char *)data != NULL ); + SHA512_VALIDATE_RET( ctx != NULL ); + SHA512_VALIDATE_RET( (const unsigned char *)data != NULL ); #define SHR(x,n) (x >> n) #define ROTR(x,n) (SHR(x,n) | (x << (64 - n))) @@ -309,8 +309,8 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, size_t fill; unsigned int left; - MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA512_VALIDATE_RET( ctx != NULL ); + SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); if( ilen == 0 ) return( 0 ); @@ -369,8 +369,8 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned used; uint64_t high, low; - MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA512_VALIDATE_RET( ctx != NULL ); + SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); /* * Add padding: 0x80 then 0x00 until 16 bytes remain for the length @@ -448,9 +448,9 @@ int mbedtls_sha512_ret( const unsigned char *input, int ret; mbedtls_sha512_context ctx; - MBEDTLS_SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); - MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); - MBEDTLS_SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); + SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); mbedtls_sha512_init( &ctx ); From 974ca0d947a5c67f6eaa0b04d315fda4a606658d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 18:03:24 +0000 Subject: [PATCH 239/415] Fix documentation bug on necessity of RNG in RSA PKCS v1.5 --- include/mbedtls/rsa.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index bec74a9ce..ed65a3445 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -588,12 +588,12 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG to use. If PKCS#1 v2.1 padding encoding is - * used, this must be provided. Additionally, it is - * used for blinding if \p mode is #MBEDTLS_RSA_PRIVATE - * and should be provided in this case; see - * mbedtls_rsa_private() for more. It is ignored - * for PKCS#1 v1.5 padding with #MBEDTLS_RSA_PUBLIC. + * \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding + * encoding, and for PKCS#1 v1.5 padding encoding when used + * with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5 + * padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE, + * it is used for blinding and should be provided in this + * case; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. May be * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't * need a context argument. From c23483ed8c8d4523c4b225aec505974891503a79 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 10 Dec 2018 17:21:19 +0000 Subject: [PATCH 240/415] Document preconditions on parameters in public bignum API --- include/mbedtls/bignum.h | 736 +++++++++++++++++++++++---------------- 1 file changed, 429 insertions(+), 307 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 40cfab49a..d8de4a375 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -186,96 +186,111 @@ typedef struct mbedtls_mpi mbedtls_mpi; /** - * \brief Initialize one MPI (make internal references valid) - * This just makes it ready to be set or freed, + * \brief Initialize an MPI context. + * + * This makes the MPI ready to be set or freed, * but does not define a value for the MPI. * - * \param X One MPI to initialize. + * \param X The MPI context to initialize. Must not be \c NULL. */ void mbedtls_mpi_init( mbedtls_mpi *X ); /** - * \brief Unallocate one MPI + * \brief Clear an MPI context. * - * \param X One MPI to unallocate. + * \param X The MPI context to be cleared. May be \c NULL, + * in which case this function is a no-op. */ void mbedtls_mpi_free( mbedtls_mpi *X ); /** - * \brief Enlarge to the specified number of limbs + * \brief Enlarge an MPI to the specified number of limbs. * - * This function does nothing if the MPI is already large enough. + * \note This function does nothing if the MPI is + * already large enough. * - * \param X MPI to grow - * \param nblimbs The target number of limbs + * \param X The MPI to grow. Must point to an initialized MPI. + * \param nblimbs The target number of limbs. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return Another negative error code on other kinds of failure. */ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ); /** - * \brief Resize down, keeping at least the specified number of limbs + * \brief Resize down, keeping at least the specified number of limbs. * * If \c X is smaller than \c nblimbs, it is resized up * instead. * - * \param X MPI to shrink - * \param nblimbs The minimum number of limbs to keep + * \param X The MPI to shrink. Must point to an initialized MPI. + * \param nblimbs The minimum number of limbs to keep. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed * (this can only happen when resizing up). + * \return Another negative error code on other kinds of failure. */ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ); /** - * \brief Copy the contents of Y into X + * \brief Make a copy of an MPI. * - * \param X Destination MPI. It is enlarged if necessary. - * \param Y Source MPI. + * \param X The destination MPI. Must point to an initialized MPI. + * \param Y The source MPI. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \note The limb-buffer in the destination MPI is enlarged + * if necessary to hold the value in the source MPI. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return Another negative error code on other kinds of failure. */ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ); /** - * \brief Swap the contents of X and Y + * \brief Swap the contents of two MPIs. * - * \param X First MPI value - * \param Y Second MPI value + * \param X The first MPI. Must not be \c NULL. + * \param Y The second MPI. Must not be \c NULL. */ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); /** - * \brief Safe conditional assignement X = Y if assign is 1 + * \brief Safe conditional copy of MPI which doesn't + * reveal whether the conditional was true or not. * - * \param X MPI to conditionally assign to - * \param Y Value to be assigned - * \param assign 1: perform the assignment, 0: keep X's original value - * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, + * \param X The MPI to conditionally assign to. + * \param Y The MPI to be assigned from. + * \param assign The conditional deciding whether to perform the + * assignment or not. Possible values: + * * \c 1: Perform the assignment `X = Y`. + * * \c 0: Keep the original value of \p X. * * \note This function is equivalent to - * if( assign ) mbedtls_mpi_copy( X, Y ); + * `if( assign ) mbedtls_mpi_copy( X, Y );` * except that it avoids leaking any information about whether * the assignment was done or not (the above code may leak * information through branch prediction and/or memory access * patterns analysis). + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return Another negative error code on other kinds of failure. */ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign ); /** - * \brief Safe conditional swap X <-> Y if swap is 1 + * \brief Safe conditional swap which doesn't + * reveal whether the conditional was true or not. * - * \param X First mbedtls_mpi value - * \param Y Second mbedtls_mpi value - * \param assign 1: perform the swap, 0: keep X and Y's original values - * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, + * \param X The first MPI. + * \param Y The second MPI. + * \param assign The conditional deciding whether to perform + * the swap or not Possible values: + * * \c 1: Swap the values of \p X and \p Y. + * * \c 0: Keep the original values of \p X and \p Y. * * \note This function is equivalent to * if( assign ) mbedtls_mpi_swap( X, Y ); @@ -283,415 +298,506 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned * the assignment was done or not (the above code may leak * information through branch prediction and/or memory access * patterns analysis). + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return Another negative error code on other kinds of failure. + * */ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign ); /** - * \brief Set value from integer + * \brief Store integer value in MPI. * - * \param X MPI to set - * \param z Value to use + * \param X The MPI to set. + * \param z The value to use. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return Another negative error code on other kinds of failure. */ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ); /** - * \brief Get a specific bit from X + * \brief Get a specific bit from an MPI. * - * \param X MPI to use - * \param pos Zero-based index of the bit in X + * \param X The MPI to query. + * \param pos Zero-based index of the bit to query. * - * \return Either a 0 or a 1 + * \return \c 0 or \c 1 on success, depending on whether bit \c pos + * of \c X is unset resp. set. + * \return A negative error code on failure. */ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ); /** - * \brief Set a bit of X to a specific value of 0 or 1 + * \brief Modify a specific bit in an MPI. * - * \note Will grow X if necessary to set a bit to 1 in a not yet - * existing limb. Will not grow if bit should be set to 0 + * \note This function will grow the target MPI if necessary to set a + * bit to \c 1 in a not yet existing limb. It will not grow if + * the bit should be set to \c 0. * - * \param X MPI to use - * \param pos Zero-based index of the bit in X - * \param val The value to set the bit to (0 or 1) + * \param X The MPI to modify. + * \param pos Zero-based index of the bit to modify. + * \param val The desired value of bit \c pos: \c 0 or \c 1. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1 + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return Another negative error code on other kinds of failure. */ int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ); /** - * \brief Return the number of zero-bits before the least significant - * '1' bit + * \brief Return the number of zero-bits before the + * least significant 1-bit * - * Note: Thus also the zero-based index of the least significant '1' bit + * \note This is the same as the zero-based index of + * the least significant '1' bit. * - * \param X MPI to use + * \param X The MPI to query. + * + * \return The number of zero-bits before the least significant + * 1-bit in \p X. */ size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ); /** * \brief Return the number of bits up to and including the most - * significant '1' bit' + * significant 1-bit. * - * Note: Thus also the one-based index of the most significant '1' bit + * * \note This is same as the one-based index of the most + * significant 1-bit. * - * \param X MPI to use + * \param X The MPI to query. Must point to an initialized MPI. + * + * \return The number of bits up to and including the most + * significant 1-bit. */ size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ); /** - * \brief Return the total size in bytes + * \brief Return the total size an MPI value in bytes. * - * \param X MPI to use + * \param X The MPI to use. Must point to an initialized MPI. + * + * \note The value returned by this function may be less than + * the number of bytes used to store \p X internally. + * This happens if and only if there are trailing zero-bytes. + * + * \return The least number of bytes capable of storing + * the absolute value of \p X. */ size_t mbedtls_mpi_size( const mbedtls_mpi *X ); /** - * \brief Import from an ASCII string + * \brief Import an MPI from an ASCII string. * - * \param X Destination MPI - * \param radix Input numeric base - * \param s Null-terminated string buffer + * \param X The destination MPI. Must point to an initialized MPI. + * \param radix The numeric base of the input string. + * \param s Null-terminated string buffer. * - * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ); /** - * \brief Export into an ASCII string + * \brief Export an MPI into an ASCII string. * - * \param X Source MPI - * \param radix Output numeric base - * \param buf Buffer to write the string to - * \param buflen Length of buf - * \param olen Length of the string written, including final NUL byte + * \param X The source MPI. Must point to an initialized MPI. + * \param radix The numeric base of the output string. + * \param buf Buffer to write the string to. Must be writable of + * length \p buflen Bytes. May be \c NULL if `buflen == 0`. + * \param buflen The available size in Bytes of \p buf. + * \param olen Address at which to store the length of the string written, + * including final \c NULL byte. Must not be \c NULL. * - * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code. - * *olen is always updated to reflect the amount - * of data that has (or would have) been written. + * \note Call this function with `buflen == 0` to obtain the + * minimum required buffer size in `*olen`. * - * \note Call this function with buflen = 0 to obtain the - * minimum required buffer size in *olen. + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf + * is too small to hold the value of \p X in the desired base. + * In this case, `*olen` is nonetheless updated to contain the + * size of \p buf required for a successful call. + * \return Another negative error code on different kinds of failure. */ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, char *buf, size_t buflen, size_t *olen ); #if defined(MBEDTLS_FS_IO) /** - * \brief Read MPI from a line in an opened file + * \brief Read an MPI from a line in an opened file. * - * \param X Destination MPI - * \param radix Input numeric base - * \param fin Input file handle - * - * \return 0 if successful, MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if - * the file read buffer is too small or a - * MBEDTLS_ERR_MPI_XXX error code + * \param X The destination MPI. Must point to an initialized MPI. + * \param radix The numeric base of the string representation used + * in the source line. + * \param fin The input file handle to use. Must not be \c NULL. * * \note On success, this function advances the file stream * to the end of the current line or to EOF. * - * The function returns 0 on an empty line. + * The function returns \c 0 on an empty line. * * Leading whitespaces are ignored, as is a - * '0x' prefix for radix 16. + * '0x' prefix for radix \c 16. * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer + * is too small. + * \return Another negative error code on failure. */ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ); /** - * \brief Write X into an opened file, or stdout if fout is NULL + * \brief Export an MPI into an opened file. * - * \param p Prefix, can be NULL - * \param X Source MPI - * \param radix Output numeric base - * \param fout Output file handle (can be NULL) + * \param p A string prefix to emit prior to the MPI data. + * For example, this might be a label, or "0x" when + * printing in base 16. May be \c NULL if no prefix + * is needed. + * \param X The source MPI. Must point to an initialized MPI. + * \param radix The numeric base to be used in the emitted string. + * \param fout The output file handle. May be \c NULL, in which case + * the output is written to `stdout`. * - * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code - * - * \note Set fout == NULL to print X on the console. + * \return \c 0 if successful. + * \return A negative error code on failure. */ -int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout ); +int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, + int radix, FILE *fout ); #endif /* MBEDTLS_FS_IO */ /** - * \brief Import X from unsigned binary data, big endian + * \brief Import an MPI from unsigned big endian binary data. * - * \param X Destination MPI - * \param buf Input buffer - * \param buflen Input buffer size + * \param X The destination MPI. Must point to an initialized MPI. + * \param buf The input buffer. Must be a readable buffer of length + * \p buflen Bytes. + * \param buflen The length of the input buffer \p p in Bytes. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ); +int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, + size_t buflen ); /** - * \brief Export X into unsigned binary data, big endian. - * Always fills the whole buffer, which will start with zeros - * if the number is smaller. + * \brief Export an MPI into unsigned big endian binary data + * of fixed size. * - * \param X Source MPI - * \param buf Output buffer - * \param buflen Output buffer size + * \param X The source MPI. Must point to an initialized MPI. + * \param buf The output buffer. Must be a writable buffer of length + * \p buflen Bytes. + * \param buflen The size of the output buffer \p buf in Bytes. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't + * large enoguh to hold the value of \p X. + * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen ); +int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, + size_t buflen ); /** - * \brief Left-shift: X <<= count + * \brief Perform a left-shift on an MPI: X <<= count * - * \param X MPI to shift - * \param count Amount to shift + * \param X The MPI to shift. Must point to an initialized MPI. + * \param count The amount to shift, in bits. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on different kinds of failure. */ int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ); /** - * \brief Right-shift: X >>= count + * \brief Perform a right-shift on an MPI: X >>= count * - * \param X MPI to shift - * \param count Amount to shift + * \param X The MPI to shift. Must point to an initialized MPI. + * \param count The amount to shift, in bits. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on different kinds of failure. */ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ); /** - * \brief Compare unsigned values + * \brief Compare the absolute values of two MPIs. * - * \param X Left-hand MPI - * \param Y Right-hand MPI + * \param X The left-hand MPI. Must point to an initialized MPI. + * \param Y The right-hand MPI. Must point to an initialized MPI. * - * \return 1 if |X| is greater than |Y|, - * -1 if |X| is lesser than |Y| or - * 0 if |X| is equal to |Y| + * \return \c 1 if `|X|` is greater than `|Y|`. + * \return \c -1 if `|X|` is lesser than `|Y|`. + * \return \c 0 if `|X|` is equal than `|Y|`. */ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ); /** - * \brief Compare signed values + * \brief Compare two MPIs. * - * \param X Left-hand MPI - * \param Y Right-hand MPI + * \param X The left-hand MPI. Must point to an initialized MPI. + * \param Y The right-hand MPI. Must point to an initialized MPI. * - * \return 1 if X is greater than Y, - * -1 if X is lesser than Y or - * 0 if X is equal to Y + * \return \c 1 if `X` is greater than `Y`. + * \return \c -1 if `X` is lesser than `Y`. + * \return \c 0 if `X` is equal than `Y`. */ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ); /** - * \brief Compare signed values + * \brief Compare an MPI with an integer. * - * \param X Left-hand MPI - * \param z The integer value to compare to + * \param X The left-hand MPI. Must point to an initialized MPI. + * \param z The integer value to compare \p X to. * - * \return 1 if X is greater than z, - * -1 if X is lesser than z or - * 0 if X is equal to z + * \return \c 1 if `X` is greater than `z`. + * \return \c -1 if `X` is lesser than `z`. + * \return \c 0 if `X` is equal than `z`. */ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ); /** - * \brief Unsigned addition: X = |A| + |B| + * \brief Perform an unsigned addition of MPIs: X = |A| + |B| * - * \param X Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI + * \param X The destination MPI. Must point to an initialized MPI. + * \param A The first summand. Must point to an initialized MPI. + * \param B The second summand. Must point to an initialized MPI. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ); +int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B ); /** - * \brief Unsigned subtraction: X = |A| - |B| + * \brief Perform an unsigned subtraction of MPIs: X = |A| - |B| * - * \param X Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI + * \param X The destination MPI. Must point to an initialized MPI. + * \param A The minuend. Must point to an initialized MPI. + * \param B The subtrahend. Must point to an initialized MPI. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A. + * \return Another negative error code on different kinds of failure. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A */ -int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ); +int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B ); /** - * \brief Signed addition: X = A + B + * \brief Perform a signed addition of MPIs: X = A + B * - * \param X Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI + * \param X The destination MPI. Must point to an initialized MPI. + * \param A The first summand. Must point to an initialized MPI. + * \param B The second summand. Must point to an initialized MPI. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ); +int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B ); /** - * \brief Signed subtraction: X = A - B + * \brief Perform a signed subtraction of MPIs: X = A - B * - * \param X Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI + * \param X The destination MPI. Must point to an initialized MPI. + * \param A The minuend. Must point to an initialized MPI. + * \param B The subtrahend. Must point to an initialized MPI. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ); +int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B ); /** - * \brief Signed addition: X = A + b + * \brief Perform a signed addition of an MPI and an integer: X = A + b * - * \param X Destination MPI - * \param A Left-hand MPI - * \param b The integer value to add + * \param X The destination MPI. Must point to an initialized MPI. + * \param A The first summand. Must point to an initialized MPI. + * \param b The second summand. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b ); +int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_sint b ); /** - * \brief Signed subtraction: X = A - b + * \brief Perform a signed subtraction of an MPI and an integer: + * X = A - b * - * \param X Destination MPI - * \param A Left-hand MPI - * \param b The integer value to subtract + * \param X The destination MPI. Must point to an initialized MPI. + * \param A The minuend. Must point to an initialized MPI. + * \param B The subtrahend. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b ); +int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_sint b ); /** - * \brief Baseline multiplication: X = A * B + * \brief Perform a multiplication of two MPIs: X = A * B * - * \param X Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI + * \param X The destination MPI. Must point to an initialized MPI. + * \param A The first factor. Must point to an initialized MPI. + * \param B The second factor. Must point to an initialized MPI. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on different kinds of failure. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ); +int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B ); /** - * \brief Baseline multiplication: X = A * b + * \brief Perform a multiplication of an MPI with an unsigned integer: + * X = A * b * - * \param X Destination MPI - * \param A Left-hand MPI - * \param b The unsigned integer value to multiply with + * \param X The destination MPI. Must point to an initialized MPI. + * \param A The first factor. Must point to an initialized MPI. + * \param b The second factor. * - * \note b is unsigned + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on different kinds of failure. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b ); +int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_uint b ); /** - * \brief Division by mbedtls_mpi: A = Q * B + R + * \brief Perform a division with remainder of two MPIs: + * A = Q * B + R * - * \param Q Destination MPI for the quotient - * \param R Destination MPI for the rest value - * \param A Left-hand MPI - * \param B Right-hand MPI + * \param Q The destination MPI for the quotient. + * May be \c NULL is the value of the quotient is not needed. + * \param R The destination MPI for the remainder value. + * May be \c NULL if the value of the remainder is not needed. + * \param A The divident. Must point to an initialized MPi. + * \param B The divisor. Must point to an initialized MPI. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0 - * - * \note Either Q or R can be NULL. + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if `B == 0`. + * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B ); +int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, + const mbedtls_mpi *B ); /** - * \brief Division by int: A = Q * b + R + * \brief Perform a division with remainder of an MPI by an integer: + * A = Q * b + R * - * \param Q Destination MPI for the quotient - * \param R Destination MPI for the rest value - * \param A Left-hand MPI - * \param b Integer to divide by + * \param Q The destination MPI for the quotient. + * May be \c NULL is the value of the quotient is not needed. + * \param R The destination MPI for the remainder value. + * May be \c NULL if the value of the remainder is not needed. + * \param A The divident. Must point to an initialized MPi. + * \param b The divisor. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0 - * - * \note Either Q or R can be NULL. + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if `b == 0`. + * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b ); +int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, + mbedtls_mpi_sint b ); /** - * \brief Modulo: R = A mod B + * \brief Perform a modular reduction. R = A mod B * - * \param R Destination MPI for the rest value - * \param A Left-hand MPI - * \param B Right-hand MPI + * \param R The destination MPI for the residue value. + * Must point to an initialized MPI. + * \param A The MPI to compute the residue of. + * Must point to an initialized MPI. + * \param B The base of the modular reduction. + * Must point to an initialized MPI. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if `B == 0`. + * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if `B < 0`. + * \return Another negative error code on different kinds of failure. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0, - * MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B < 0 */ -int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B ); +int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, + const mbedtls_mpi *B ); /** - * \brief Modulo: r = A mod b + * \brief Perform a modular reduction with respect to an integer. + * r = A mod b * - * \param r Destination mbedtls_mpi_uint - * \param A Left-hand MPI - * \param b Integer to divide by + * \param r The address at which to store the residue. + * Must not be \c NULL. + * \param A The MPI to compute the residue of. + * Must point to an initialized MPi. + * \param b The integer base of the modular reduction. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0, - * MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b < 0 + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if `b == 0`. + * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if `b < 0`. + * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b ); +int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, + mbedtls_mpi_sint b ); /** - * \brief Sliding-window exponentiation: X = A^E mod N + * \brief Perform a sliding-window exponentiation: X = A^E mod N * - * \param X Destination MPI - * \param A Left-hand MPI - * \param E Exponent MPI - * \param N Modular MPI - * \param _RR Speed-up MPI used for recalculations + * \param X The destination MPI. Must point to an initialized MPI. + * \param A The base of the exponentiation. + * Must point to an initialized MPI. + * \param E The exponent MPI. Must point to an initialized MPI. + * \param N The base for the modular reduction. Must point to an + * initialized MPI. + * \param _RR A helper MPI depending solely on \p N which can be used to + * speed-up multiple modular exponentiations for the same value + * of \p N. May be \c NULL. If it is not \c NULL, it must point + * an initialized MPI. If it is freshly initialized, i.e. not + * used after the call to mbedtls_mpi_init(), this function + * will compute the helper value and store it in \p _RR for + * reuse on subsequent calls to this function. Otherwise, the + * function will assume that \p _RR holds the helper value set + * by a previous call to mbedtls_mpi_exp_mod(), and reuse it. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even or - * if E is negative + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or + * even, or if \c E is negative. + * \return Another negative error code on different kinds of failures. * - * \note _RR is used to avoid re-computing R*R mod N across - * multiple calls, which speeds up things a bit. It can - * be set to NULL if the extra performance is unneeded. */ -int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR ); +int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *E, const mbedtls_mpi *N, + mbedtls_mpi *_RR ); /** - * \brief Fill an MPI X with size bytes of random + * \brief Fill an MPI with a number of random bytes. * - * \param X Destination MPI - * \param size Size in bytes - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param X The destination MPI. Must point to an initialized MPI. + * \param size The number of random bytes to generate. + * \param f_rng The RNG function to use. Must not be \c NULL. + * \param p_rng The RNG parameter to be passed to \p f_rng. May be \c NULL + * if \p f_rng doesn't need a context argument. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on failure. * - * \note The bytes obtained from the PRNG are interpreted + * \note The bytes obtained from the RNG are interpreted * as a big-endian representation of an MPI; this can * be relevant in applications like deterministic ECDSA. */ @@ -700,30 +806,36 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, void *p_rng ); /** - * \brief Greatest common divisor: G = gcd(A, B) + * \brief Compute the greatest common divisor: G = gcd(A, B) * - * \param G Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI + * \param G The destination MPI. Must point to an initialized MPI. + * \param A The first operand. Must point to an initialized MPI. + * \param A The second operand. Must point to an initialized MPI. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B ); +int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, + const mbedtls_mpi *B ); /** - * \brief Modular inverse: X = A^-1 mod N + * \brief Compute the modular inverse: X = A^-1 mod N * - * \param X Destination MPI - * \param A Left-hand MPI - * \param N Right-hand MPI + * \param X The destination MPI. Must point to an initialized MPI. + * \param A The MPI to calculate the modular inverse of. Must point + * to an initialized MPI. + * \param N The base of the modular inversion. Must point to an + * initialized MPI. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is <= 1, - MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N. + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `N <= 1`. + * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse + * with respect to \p N. */ -int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N ); +int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *N ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -732,19 +844,22 @@ int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi #define MBEDTLS_DEPRECATED #endif /** - * \brief Miller-Rabin primality test with error probability of - * 2-80 + * \brief Perform a Miller-Rabin primality test with error + * probability of 2-80. * * \deprecated Superseded by mbedtls_mpi_is_prime_ext() which allows * specifying the number of Miller-Rabin rounds. * - * \param X MPI to check - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param X The MPI to check for primality. + * Must point to an initialized MPI. + * \param f_rng The RNG function to use. Must not be \c NULL. + * \param p_rng The RNG parameter to be passed to \p f_rng. + * May be \c NULL if \p f_rng doesn't use a context parameter. * - * \return 0 if successful (probably prime), - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime + * \return \c 0 if successful, i.e. \p X is probably prime. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. + * \return Another negative error code on other kinds of failure. */ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, int (*f_rng)(void *, unsigned char *, size_t), @@ -764,16 +879,19 @@ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, * case when mbedtls_mpi_gen_prime calls this function), then * \p rounds can be much lower. * - * \param X MPI to check - * \param rounds Number of bases to perform Miller-Rabin primality test for. - * The probability of returning 0 on a composite is at most - * 2-2*\p rounds. - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param X The MPI to check for primality. + * Must point to an initialized MPI. + * \param rounds The number of bases to perform the Miller-Rabin primality + * test for. The probability of returning 0 on a composite is + * at most 2-2*\p rounds. + * \param f_rng The RNG function to use. Must not be \c NULL. + * \param p_rng The RNG parameter to be passed to \p f_rng. + * May be \c NULL if \p f_rng doesn't use a context parameter. * - * \return 0 if successful (probably prime), - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime + * \return \c 0 if successful, i.e. \p X is probably prime. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. + * \return Another negative error code on other kinds of failure. */ int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, int (*f_rng)(void *, unsigned char *, size_t), @@ -790,18 +908,22 @@ typedef enum { } mbedtls_mpi_gen_prime_flag_t; /** - * \brief Prime number generation + * \brief Generate a prime number. * - * \param X Destination MPI - * \param nbits Required size of X in bits - * ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS ) - * \param flags Mask of flags of type #mbedtls_mpi_gen_prime_flag_t - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param X The destination MPI to store the generated prime in. + * Must point to an initialized MPi. + * \param nbits The required size of the destination MPI in bits. + * Must be between \c 3 and #MBEDTLS_MPI_MAX_BITS. + * \param flags A mask of flags of type #mbedtls_mpi_gen_prime_flag_t. + * \param f_rng The RNG function to use. Must not be \c NULL. + * \param p_rng The RNG parameter to be passed to \p f_rng. + * May be \c NULL if \p f_rng doesn't use a context parameter. * - * \return 0 if successful (probably prime), - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3 + * \return \c 0 if successful, in which case \p X holds a probably + * probably prime number. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between + * \c 3 and #MBEDTLS_MPI_MAX_BITS. */ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, int (*f_rng)(void *, unsigned char *, size_t), From 73d7d79bc1789a0a5608094eea6dffbc656d5237 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 11 Dec 2018 10:35:51 +0000 Subject: [PATCH 241/415] Implement parameter validation for MPI module --- library/bignum.c | 144 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 130 insertions(+), 14 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index be4df2fe7..90af7e495 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -59,6 +59,11 @@ #define mbedtls_free free #endif +#define MPI_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) +#define MPI_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ @@ -83,8 +88,7 @@ static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) */ void mbedtls_mpi_init( mbedtls_mpi *X ) { - if( X == NULL ) - return; + MPI_VALIDATE( X != NULL ); X->s = 1; X->n = 0; @@ -116,6 +120,7 @@ void mbedtls_mpi_free( mbedtls_mpi *X ) int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ) { mbedtls_mpi_uint *p; + MPI_VALIDATE_RET( X != NULL ); if( nblimbs > MBEDTLS_MPI_MAX_LIMBS ) return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); @@ -147,6 +152,10 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) { mbedtls_mpi_uint *p; size_t i; + MPI_VALIDATE_RET( X != NULL ); + + if( nblimbs > MBEDTLS_MPI_MAX_LIMBS ) + return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); /* Actually resize up in this case */ if( X->n <= nblimbs ) @@ -183,6 +192,8 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ) { int ret = 0; size_t i; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( Y != NULL ); if( X == Y ) return( 0 ); @@ -222,6 +233,8 @@ cleanup: void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ) { mbedtls_mpi T; + MPI_VALIDATE( X != NULL ); + MPI_VALIDATE( Y != NULL ); memcpy( &T, X, sizeof( mbedtls_mpi ) ); memcpy( X, Y, sizeof( mbedtls_mpi ) ); @@ -237,6 +250,8 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned { int ret = 0; size_t i; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( Y != NULL ); /* make sure assign is 0 or 1 in a time-constant manner */ assign = (assign | (unsigned char)-assign) >> 7; @@ -266,6 +281,8 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char sw int ret, s; size_t i; mbedtls_mpi_uint tmp; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( Y != NULL ); if( X == Y ) return( 0 ); @@ -298,6 +315,7 @@ cleanup: int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ) { int ret; + MPI_VALIDATE_RET( X != NULL ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) ); memset( X->p, 0, X->n * ciL ); @@ -315,6 +333,8 @@ cleanup: */ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ) { + MPI_VALIDATE_RET( X != NULL ); + if( X->n * biL <= pos ) return( 0 ); @@ -333,6 +353,7 @@ int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ) int ret = 0; size_t off = pos / biL; size_t idx = pos % biL; + MPI_VALIDATE_RET( X != NULL ); if( val != 0 && val != 1 ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -359,6 +380,7 @@ cleanup: size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ) { size_t i, j, count = 0; + MPI_VALIDATE_RET( X != NULL ); for( i = 0; i < X->n; i++ ) for( j = 0; j < biL; j++, count++ ) @@ -439,9 +461,11 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) size_t i, j, slen, n; mbedtls_mpi_uint d; mbedtls_mpi T; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( s != NULL ); if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );; mbedtls_mpi_init( &T ); @@ -539,9 +563,12 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, size_t n; char *p; mbedtls_mpi T; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( olen != NULL ); + MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );; n = mbedtls_mpi_bitlen( X ); if( radix >= 4 ) n >>= 1; @@ -620,6 +647,12 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ) */ char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ]; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( fin != NULL ); + + if( radix < 2 || radix > 16 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + memset( s, 0, sizeof( s ) ); if( fgets( s, sizeof( s ) - 1, fin ) == NULL ) return( MBEDTLS_ERR_MPI_FILE_IO_ERROR ); @@ -651,6 +684,10 @@ int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE * newline characters and '\0' */ char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ]; + MPI_VALIDATE_RET( X != NULL ); + + if( radix < 2 || radix > 16 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); memset( s, 0, sizeof( s ) ); @@ -687,6 +724,9 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t bu size_t i, j; size_t const limbs = CHARS_TO_LIMBS( buflen ); + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + /* Ensure that target MPI has exactly the necessary number of limbs */ if( X->n != limbs ) { @@ -711,11 +751,16 @@ cleanup: int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen ) { - size_t stored_bytes = X->n * ciL; + size_t stored_bytes; size_t bytes_to_copy; unsigned char *p; size_t i; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + + stored_bytes = X->n * ciL; + if( stored_bytes < buflen ) { /* There is enough space in the output buffer. Write initial @@ -754,6 +799,7 @@ int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ) int ret; size_t i, v0, t1; mbedtls_mpi_uint r0 = 0, r1; + MPI_VALIDATE_RET( X != NULL ); v0 = count / (biL ); t1 = count & (biL - 1); @@ -803,6 +849,7 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ) { size_t i, v0, v1; mbedtls_mpi_uint r0 = 0, r1; + MPI_VALIDATE_RET( X != NULL ); v0 = count / biL; v1 = count & (biL - 1); @@ -845,6 +892,8 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ) int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ) { size_t i, j; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( Y != NULL ); for( i = X->n; i > 0; i-- ) if( X->p[i - 1] != 0 ) @@ -875,6 +924,8 @@ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ) int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ) { size_t i, j; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( Y != NULL ); for( i = X->n; i > 0; i-- ) if( X->p[i - 1] != 0 ) @@ -909,6 +960,7 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ) { mbedtls_mpi Y; mbedtls_mpi_uint p[1]; + MPI_VALIDATE_RET( X != NULL ); *p = ( z < 0 ) ? -z : z; Y.s = ( z < 0 ) ? -1 : 1; @@ -926,6 +978,9 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi int ret; size_t i, j; mbedtls_mpi_uint *o, *p, c, tmp; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET( B != NULL ); if( X == B ) { @@ -1003,6 +1058,9 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi mbedtls_mpi TB; int ret; size_t n; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET( B != NULL ); if( mbedtls_mpi_cmp_abs( A, B ) < 0 ) return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); @@ -1043,8 +1101,12 @@ cleanup: */ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret, s = A->s; + int ret, s; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET( B != NULL ); + s = A->s; if( A->s * B->s < 0 ) { if( mbedtls_mpi_cmp_abs( A, B ) >= 0 ) @@ -1074,8 +1136,12 @@ cleanup: */ int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret, s = A->s; + int ret, s; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET( B != NULL ); + s = A->s; if( A->s * B->s > 0 ) { if( mbedtls_mpi_cmp_abs( A, B ) >= 0 ) @@ -1107,6 +1173,8 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint { mbedtls_mpi _B; mbedtls_mpi_uint p[1]; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( A != NULL ); p[0] = ( b < 0 ) ? -b : b; _B.s = ( b < 0 ) ? -1 : 1; @@ -1123,6 +1191,8 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint { mbedtls_mpi _B; mbedtls_mpi_uint p[1]; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( A != NULL ); p[0] = ( b < 0 ) ? -b : b; _B.s = ( b < 0 ) ? -1 : 1; @@ -1212,6 +1282,9 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi int ret; size_t i, j; mbedtls_mpi TA, TB; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET( B != NULL ); mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB ); @@ -1248,6 +1321,8 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint { mbedtls_mpi _B; mbedtls_mpi_uint p[1]; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( A != NULL ); _B.s = 1; _B.n = 1; @@ -1356,11 +1431,14 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, /* * Division by mbedtls_mpi: A = Q * B + R (HAC 14.20) */ -int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, + const mbedtls_mpi *B ) { int ret; size_t i, n, t, k; mbedtls_mpi X, Y, Z, T1, T2; + MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET( B != NULL ); if( mbedtls_mpi_cmp_int( B, 0 ) == 0 ) return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO ); @@ -1471,10 +1549,13 @@ cleanup: /* * Division by int: A = Q * b + R */ -int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b ) +int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, + const mbedtls_mpi *A, + mbedtls_mpi_sint b ) { mbedtls_mpi _B; mbedtls_mpi_uint p[1]; + MPI_VALIDATE_RET( A != NULL ); p[0] = ( b < 0 ) ? -b : b; _B.s = ( b < 0 ) ? -1 : 1; @@ -1490,6 +1571,9 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, m int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B ) { int ret; + MPI_VALIDATE_RET( R != NULL ); + MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET( B != NULL ); if( mbedtls_mpi_cmp_int( B, 0 ) < 0 ) return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); @@ -1514,6 +1598,8 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_ { size_t i; mbedtls_mpi_uint x, y, z; + MPI_VALIDATE_RET( r != NULL ); + MPI_VALIDATE_RET( A != NULL ); if( b == 0 ) return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO ); @@ -1627,7 +1713,8 @@ static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi /* * Montgomery reduction: A = A * R^-1 mod N */ -static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) +static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, + mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { mbedtls_mpi_uint z = 1; mbedtls_mpi U; @@ -1641,7 +1728,9 @@ static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint m /* * Sliding-window exponentiation: X = A^E mod N (HAC 14.85) */ -int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR ) +int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *E, const mbedtls_mpi *N, + mbedtls_mpi *_RR ) { int ret; size_t wbits, wsize, one = 1; @@ -1651,6 +1740,11 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; int neg; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET( E != NULL ); + MPI_VALIDATE_RET( N != NULL ); + if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -1855,6 +1949,10 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B size_t lz, lzt; mbedtls_mpi TG, TA, TB; + MPI_VALIDATE_RET( G != NULL ); + MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET( B != NULL ); + mbedtls_mpi_init( &TG ); mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); @@ -1911,6 +2009,8 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, { int ret; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( f_rng != NULL ); if( size > MBEDTLS_MPI_MAX_SIZE ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -1930,6 +2030,9 @@ int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi { int ret; mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET( N != NULL ); if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -2089,7 +2192,11 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, size_t i, j, k, s; mbedtls_mpi W, R, T, A, RR; - mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A ); + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( f_rng != NULL ); + + mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); + mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A ); mbedtls_mpi_init( &RR ); /* @@ -2161,7 +2268,8 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, } cleanup: - mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A ); + mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); + mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A ); mbedtls_mpi_free( &RR ); return( ret ); @@ -2176,6 +2284,8 @@ int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, { int ret; mbedtls_mpi XX; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( f_rng != NULL ); XX.s = 1; XX.n = X->n; @@ -2207,12 +2317,15 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( f_rng != NULL ); + /* * In the past our key generation aimed for an error rate of at most * 2^-80. Since this function is deprecated, aim for the same certainty * here as well. */ - return mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ); + return( mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ) ); } #endif @@ -2240,6 +2353,9 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, mbedtls_mpi_uint r; mbedtls_mpi Y; + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( f_rng != NULL ); + if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); From afb607b9db3c88c95be47bb27477cb0500037121 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 11 Dec 2018 14:27:08 +0000 Subject: [PATCH 242/415] Add tests for parameter validation in MPI module --- tests/suites/test_suite_mpi.data | 3 + tests/suites/test_suite_mpi.function | 175 +++++++++++++++++++++++++++ 2 files changed, 178 insertions(+) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 6ea3b2943..ff25a6fcc 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -1,3 +1,6 @@ +Parameter validation +mpi_invalid_param: + Arguments with no value mpi_null: diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 9c1d78f7f..a82bf8181 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -50,6 +50,181 @@ int mbedtls_test_mpi_miller_rabin_determinizer( void* state, * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void mpi_invalid_param( ) +{ + mbedtls_mpi X; + const char *s_in = "00101000101010"; + char s_out[16] = { 0 }; + unsigned char u_out[16] = { 0 }; + unsigned char u_in[16] = { 0 }; + size_t olen; + mbedtls_mpi_uint mpi_uint; + + TEST_INVALID_PARAM( mbedtls_mpi_init( NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_grow( NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_copy( NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_copy( &X, NULL ) ); + TEST_INVALID_PARAM( mbedtls_mpi_swap( NULL, &X ) ); + TEST_INVALID_PARAM( mbedtls_mpi_swap( &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_safe_cond_assign( NULL, &X, 0 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_safe_cond_assign( &X, NULL, 0 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_safe_cond_swap( NULL, &X, 0 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_safe_cond_swap( &X, NULL, 0 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_lset( NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_get_bit( NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_set_bit( NULL, 42, 0 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_read_string( NULL, 2, s_in ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_read_string( &X, 2, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_write_string( NULL, 2, + s_out, sizeof( s_out ), + &olen ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_write_string( &X, 2, + NULL, sizeof( s_out ), + &olen ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_write_string( &X, 2, + s_out, sizeof( s_out ), + NULL ) ); +#if defined(MBEDTLS_FS_IO) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_read_file( NULL, 2, stdin ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_read_file( &X, 2, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_write_file( "", NULL, 2, NULL ) ); +#endif /* MBEDTLS_FS_IO */ + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_read_binary( NULL, u_in, + sizeof( u_in ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_read_binary( &X, NULL, + sizeof( u_in ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_write_binary( NULL, u_out, + sizeof( u_out ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_write_binary( &X, NULL, + sizeof( u_out ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_shift_l( NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_shift_r( NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_cmp_abs( NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_cmp_abs( &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_cmp_mpi( NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_cmp_mpi( &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_cmp_int( NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_add_abs( NULL, &X, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_add_abs( &X, NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_add_abs( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_sub_abs( NULL, &X, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_sub_abs( &X, NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_sub_abs( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_add_mpi( NULL, &X, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_add_mpi( &X, NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_add_mpi( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_sub_mpi( NULL, &X, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_sub_mpi( &X, NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_sub_mpi( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_add_int( NULL, &X, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_add_int( &X, NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_sub_int( NULL, &X, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_sub_int( &X, NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mul_mpi( NULL, &X, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mul_mpi( &X, NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mul_mpi( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mul_int( NULL, &X, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mul_int( &X, NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_div_mpi( &X, &X, NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_div_mpi( &X, &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_div_int( &X, &X, NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_mpi( NULL, &X, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_mpi( &X, NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_mpi( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_int( NULL, &X, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_int( &mpi_uint, NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_exp_mod( NULL, &X, &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_exp_mod( &X, NULL, &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_exp_mod( &X, &X, NULL, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_fill_random( NULL, 42, rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_gcd( NULL, &X, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_gcd( &X, NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_gcd( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_inv_mod( NULL, &X, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_inv_mod( &X, NULL, &X ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_inv_mod( NULL, &X, &X ) ); + +exit: + return; + +} +/* END_CASE */ + /* BEGIN_CASE */ void mpi_null( ) { From 8282c2f0704d4f980a806080f4381eb5cee9a953 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 13:36:46 +0000 Subject: [PATCH 243/415] Minor improvements to bignum documentation --- include/mbedtls/bignum.h | 175 ++++++++++++++++++++------------------- 1 file changed, 89 insertions(+), 86 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index d8de4a375..4f835b4e2 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -191,7 +191,7 @@ mbedtls_mpi; * This makes the MPI ready to be set or freed, * but does not define a value for the MPI. * - * \param X The MPI context to initialize. Must not be \c NULL. + * \param X The MPI context to initialize. This must not be \c NULL. */ void mbedtls_mpi_init( mbedtls_mpi *X ); @@ -199,7 +199,8 @@ void mbedtls_mpi_init( mbedtls_mpi *X ); * \brief Clear an MPI context. * * \param X The MPI context to be cleared. May be \c NULL, - * in which case this function is a no-op. + * in which case this function is a no-op. If it is + * not \c NULL, it must point to an initialized MPI. */ void mbedtls_mpi_free( mbedtls_mpi *X ); @@ -209,7 +210,7 @@ void mbedtls_mpi_free( mbedtls_mpi *X ); * \note This function does nothing if the MPI is * already large enough. * - * \param X The MPI to grow. Must point to an initialized MPI. + * \param X The MPI to grow. It must be initialized. * \param nblimbs The target number of limbs. * * \return \c 0 if successful. @@ -224,7 +225,7 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ); * If \c X is smaller than \c nblimbs, it is resized up * instead. * - * \param X The MPI to shrink. Must point to an initialized MPI. + * \param X The MPI to shrink. This must point to an initialized MPI. * \param nblimbs The minimum number of limbs to keep. * * \return \c 0 if successful. @@ -237,8 +238,8 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ); /** * \brief Make a copy of an MPI. * - * \param X The destination MPI. Must point to an initialized MPI. - * \param Y The source MPI. + * \param X The destination MPI. This must point to an initialized MPI. + * \param Y The source MPI. This must point to an initialized MPI. * * \note The limb-buffer in the destination MPI is enlarged * if necessary to hold the value in the source MPI. @@ -252,8 +253,8 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ); /** * \brief Swap the contents of two MPIs. * - * \param X The first MPI. Must not be \c NULL. - * \param Y The second MPI. Must not be \c NULL. + * \param X The first MPI. It must be initialized. + * \param Y The second MPI. It must be initialized. */ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); @@ -261,8 +262,10 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); * \brief Safe conditional copy of MPI which doesn't * reveal whether the conditional was true or not. * - * \param X The MPI to conditionally assign to. - * \param Y The MPI to be assigned from. + * \param X The MPI to conditionally assign to. This must point + * to an initialized MPI. + * \param Y The MPI to be assigned from. This must point to an + * initialized MPI. * \param assign The conditional deciding whether to perform the * assignment or not. Possible values: * * \c 1: Perform the assignment `X = Y`. @@ -285,10 +288,10 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned * \brief Safe conditional swap which doesn't * reveal whether the conditional was true or not. * - * \param X The first MPI. - * \param Y The second MPI. + * \param X The first MPI. This must be initialized. + * \param Y The second MPI. This must be initialized. * \param assign The conditional deciding whether to perform - * the swap or not Possible values: + * the swap or not. Possible values: * * \c 1: Swap the values of \p X and \p Y. * * \c 0: Keep the original values of \p X and \p Y. * @@ -309,7 +312,7 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char as /** * \brief Store integer value in MPI. * - * \param X The MPI to set. + * \param X The MPI to set. This must be initialized. * \param z The value to use. * * \return \c 0 if successful. @@ -321,11 +324,11 @@ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ); /** * \brief Get a specific bit from an MPI. * - * \param X The MPI to query. + * \param X The MPI to query. This must be initialized. * \param pos Zero-based index of the bit to query. * * \return \c 0 or \c 1 on success, depending on whether bit \c pos - * of \c X is unset resp. set. + * of \c X is unset or set. * \return A negative error code on failure. */ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ); @@ -337,7 +340,7 @@ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ); * bit to \c 1 in a not yet existing limb. It will not grow if * the bit should be set to \c 0. * - * \param X The MPI to modify. + * \param X The MPI to modify. This must be initialized. * \param pos Zero-based index of the bit to modify. * \param val The desired value of bit \c pos: \c 0 or \c 1. * @@ -349,7 +352,7 @@ int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ); /** * \brief Return the number of zero-bits before the - * least significant 1-bit + * least significant '1' bit * * \note This is the same as the zero-based index of * the least significant '1' bit. @@ -357,28 +360,28 @@ int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ); * \param X The MPI to query. * * \return The number of zero-bits before the least significant - * 1-bit in \p X. + * '1' bit in \p X. */ size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ); /** * \brief Return the number of bits up to and including the most - * significant 1-bit. + * significant '1' bit. * * * \note This is same as the one-based index of the most - * significant 1-bit. + * significant '1' bit. * - * \param X The MPI to query. Must point to an initialized MPI. + * \param X The MPI to query. This must point to an initialized MPI. * * \return The number of bits up to and including the most - * significant 1-bit. + * significant '1' bit. */ size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ); /** * \brief Return the total size an MPI value in bytes. * - * \param X The MPI to use. Must point to an initialized MPI. + * \param X The MPI to use. This must point to an initialized MPI. * * \note The value returned by this function may be less than * the number of bytes used to store \p X internally. @@ -392,7 +395,7 @@ size_t mbedtls_mpi_size( const mbedtls_mpi *X ); /** * \brief Import an MPI from an ASCII string. * - * \param X The destination MPI. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. * \param radix The numeric base of the input string. * \param s Null-terminated string buffer. * @@ -404,13 +407,13 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ); /** * \brief Export an MPI into an ASCII string. * - * \param X The source MPI. Must point to an initialized MPI. + * \param X The source MPI. This must point to an initialized MPI. * \param radix The numeric base of the output string. * \param buf Buffer to write the string to. Must be writable of * length \p buflen Bytes. May be \c NULL if `buflen == 0`. * \param buflen The available size in Bytes of \p buf. * \param olen Address at which to store the length of the string written, - * including final \c NULL byte. Must not be \c NULL. + * including final \c NULL byte. This must not be \c NULL. * * \note Call this function with `buflen == 0` to obtain the * minimum required buffer size in `*olen`. @@ -429,10 +432,10 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, /** * \brief Read an MPI from a line in an opened file. * - * \param X The destination MPI. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. * \param radix The numeric base of the string representation used * in the source line. - * \param fin The input file handle to use. Must not be \c NULL. + * \param fin The input file handle to use. This must not be \c NULL. * * \note On success, this function advances the file stream * to the end of the current line or to EOF. @@ -456,7 +459,7 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ); * For example, this might be a label, or "0x" when * printing in base 16. May be \c NULL if no prefix * is needed. - * \param X The source MPI. Must point to an initialized MPI. + * \param X The source MPI. This must point to an initialized MPI. * \param radix The numeric base to be used in the emitted string. * \param fout The output file handle. May be \c NULL, in which case * the output is written to `stdout`. @@ -471,7 +474,7 @@ int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, /** * \brief Import an MPI from unsigned big endian binary data. * - * \param X The destination MPI. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. * \param buf The input buffer. Must be a readable buffer of length * \p buflen Bytes. * \param buflen The length of the input buffer \p p in Bytes. @@ -487,7 +490,7 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, * \brief Export an MPI into unsigned big endian binary data * of fixed size. * - * \param X The source MPI. Must point to an initialized MPI. + * \param X The source MPI. This must point to an initialized MPI. * \param buf The output buffer. Must be a writable buffer of length * \p buflen Bytes. * \param buflen The size of the output buffer \p buf in Bytes. @@ -503,7 +506,7 @@ int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, /** * \brief Perform a left-shift on an MPI: X <<= count * - * \param X The MPI to shift. Must point to an initialized MPI. + * \param X The MPI to shift. This must point to an initialized MPI. * \param count The amount to shift, in bits. * * \return \c 0 if successful. @@ -515,7 +518,7 @@ int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ); /** * \brief Perform a right-shift on an MPI: X >>= count * - * \param X The MPI to shift. Must point to an initialized MPI. + * \param X The MPI to shift. This must point to an initialized MPI. * \param count The amount to shift, in bits. * * \return \c 0 if successful. @@ -527,8 +530,8 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ); /** * \brief Compare the absolute values of two MPIs. * - * \param X The left-hand MPI. Must point to an initialized MPI. - * \param Y The right-hand MPI. Must point to an initialized MPI. + * \param X The left-hand MPI. This must point to an initialized MPI. + * \param Y The right-hand MPI. This must point to an initialized MPI. * * \return \c 1 if `|X|` is greater than `|Y|`. * \return \c -1 if `|X|` is lesser than `|Y|`. @@ -539,8 +542,8 @@ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ); /** * \brief Compare two MPIs. * - * \param X The left-hand MPI. Must point to an initialized MPI. - * \param Y The right-hand MPI. Must point to an initialized MPI. + * \param X The left-hand MPI. This must point to an initialized MPI. + * \param Y The right-hand MPI. This must point to an initialized MPI. * * \return \c 1 if `X` is greater than `Y`. * \return \c -1 if `X` is lesser than `Y`. @@ -551,7 +554,7 @@ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ); /** * \brief Compare an MPI with an integer. * - * \param X The left-hand MPI. Must point to an initialized MPI. + * \param X The left-hand MPI. This must point to an initialized MPI. * \param z The integer value to compare \p X to. * * \return \c 1 if `X` is greater than `z`. @@ -563,9 +566,9 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ); /** * \brief Perform an unsigned addition of MPIs: X = |A| + |B| * - * \param X The destination MPI. Must point to an initialized MPI. - * \param A The first summand. Must point to an initialized MPI. - * \param B The second summand. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. + * \param A The first summand. This must point to an initialized MPI. + * \param B The second summand. This must point to an initialized MPI. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -577,9 +580,9 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, /** * \brief Perform an unsigned subtraction of MPIs: X = |A| - |B| * - * \param X The destination MPI. Must point to an initialized MPI. - * \param A The minuend. Must point to an initialized MPI. - * \param B The subtrahend. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. + * \param A The minuend. This must point to an initialized MPI. + * \param B The subtrahend. This must point to an initialized MPI. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A. @@ -592,9 +595,9 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, /** * \brief Perform a signed addition of MPIs: X = A + B * - * \param X The destination MPI. Must point to an initialized MPI. - * \param A The first summand. Must point to an initialized MPI. - * \param B The second summand. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. + * \param A The first summand. This must point to an initialized MPI. + * \param B The second summand. This must point to an initialized MPI. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -606,9 +609,9 @@ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, /** * \brief Perform a signed subtraction of MPIs: X = A - B * - * \param X The destination MPI. Must point to an initialized MPI. - * \param A The minuend. Must point to an initialized MPI. - * \param B The subtrahend. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. + * \param A The minuend. This must point to an initialized MPI. + * \param B The subtrahend. This must point to an initialized MPI. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -620,8 +623,8 @@ int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, /** * \brief Perform a signed addition of an MPI and an integer: X = A + b * - * \param X The destination MPI. Must point to an initialized MPI. - * \param A The first summand. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. + * \param A The first summand. This must point to an initialized MPI. * \param b The second summand. * * \return \c 0 if successful. @@ -635,8 +638,8 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, * \brief Perform a signed subtraction of an MPI and an integer: * X = A - b * - * \param X The destination MPI. Must point to an initialized MPI. - * \param A The minuend. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. + * \param A The minuend. This must point to an initialized MPI. * \param B The subtrahend. * * \return \c 0 if successful. @@ -649,9 +652,9 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, /** * \brief Perform a multiplication of two MPIs: X = A * B * - * \param X The destination MPI. Must point to an initialized MPI. - * \param A The first factor. Must point to an initialized MPI. - * \param B The second factor. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. + * \param A The first factor. This must point to an initialized MPI. + * \param B The second factor. This must point to an initialized MPI. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -665,8 +668,8 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, * \brief Perform a multiplication of an MPI with an unsigned integer: * X = A * b * - * \param X The destination MPI. Must point to an initialized MPI. - * \param A The first factor. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. + * \param A The first factor. This must point to an initialized MPI. * \param b The second factor. * * \return \c 0 if successful. @@ -685,8 +688,8 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, * May be \c NULL is the value of the quotient is not needed. * \param R The destination MPI for the remainder value. * May be \c NULL if the value of the remainder is not needed. - * \param A The divident. Must point to an initialized MPi. - * \param B The divisor. Must point to an initialized MPI. + * \param A The divident. This must point to an initialized MPi. + * \param B The divisor. This must point to an initialized MPI. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. @@ -704,7 +707,7 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * May be \c NULL is the value of the quotient is not needed. * \param R The destination MPI for the remainder value. * May be \c NULL if the value of the remainder is not needed. - * \param A The divident. Must point to an initialized MPi. + * \param A The divident. This must point to an initialized MPi. * \param b The divisor. * * \return \c 0 if successful. @@ -719,11 +722,11 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * \brief Perform a modular reduction. R = A mod B * * \param R The destination MPI for the residue value. - * Must point to an initialized MPI. + * This must point to an initialized MPI. * \param A The MPI to compute the residue of. - * Must point to an initialized MPI. + * This must point to an initialized MPI. * \param B The base of the modular reduction. - * Must point to an initialized MPI. + * This must point to an initialized MPI. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -740,9 +743,9 @@ int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, * r = A mod b * * \param r The address at which to store the residue. - * Must not be \c NULL. + * This must not be \c NULL. * \param A The MPI to compute the residue of. - * Must point to an initialized MPi. + * This must point to an initialized MPi. * \param b The integer base of the modular reduction. * * \return \c 0 if successful. @@ -757,11 +760,11 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, /** * \brief Perform a sliding-window exponentiation: X = A^E mod N * - * \param X The destination MPI. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. * \param A The base of the exponentiation. - * Must point to an initialized MPI. - * \param E The exponent MPI. Must point to an initialized MPI. - * \param N The base for the modular reduction. Must point to an + * This must point to an initialized MPI. + * \param E The exponent MPI. This must point to an initialized MPI. + * \param N The base for the modular reduction. This must point to an * initialized MPI. * \param _RR A helper MPI depending solely on \p N which can be used to * speed-up multiple modular exponentiations for the same value @@ -787,9 +790,9 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, /** * \brief Fill an MPI with a number of random bytes. * - * \param X The destination MPI. Must point to an initialized MPI. + * \param X The destination MPI. This must point to an initialized MPI. * \param size The number of random bytes to generate. - * \param f_rng The RNG function to use. Must not be \c NULL. + * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG parameter to be passed to \p f_rng. May be \c NULL * if \p f_rng doesn't need a context argument. * @@ -808,9 +811,9 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, /** * \brief Compute the greatest common divisor: G = gcd(A, B) * - * \param G The destination MPI. Must point to an initialized MPI. - * \param A The first operand. Must point to an initialized MPI. - * \param A The second operand. Must point to an initialized MPI. + * \param G The destination MPI. This must point to an initialized MPI. + * \param A The first operand. This must point to an initialized MPI. + * \param A The second operand. This must point to an initialized MPI. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -822,10 +825,10 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, /** * \brief Compute the modular inverse: X = A^-1 mod N * - * \param X The destination MPI. Must point to an initialized MPI. - * \param A The MPI to calculate the modular inverse of. Must point + * \param X The destination MPI. This must point to an initialized MPI. + * \param A The MPI to calculate the modular inverse of. This must point * to an initialized MPI. - * \param N The base of the modular inversion. Must point to an + * \param N The base of the modular inversion. This must point to an * initialized MPI. * * \return \c 0 if successful. @@ -851,8 +854,8 @@ int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * specifying the number of Miller-Rabin rounds. * * \param X The MPI to check for primality. - * Must point to an initialized MPI. - * \param f_rng The RNG function to use. Must not be \c NULL. + * This must point to an initialized MPI. + * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG parameter to be passed to \p f_rng. * May be \c NULL if \p f_rng doesn't use a context parameter. * @@ -880,11 +883,11 @@ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, * \p rounds can be much lower. * * \param X The MPI to check for primality. - * Must point to an initialized MPI. + * This must point to an initialized MPI. * \param rounds The number of bases to perform the Miller-Rabin primality * test for. The probability of returning 0 on a composite is * at most 2-2*\p rounds. - * \param f_rng The RNG function to use. Must not be \c NULL. + * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG parameter to be passed to \p f_rng. * May be \c NULL if \p f_rng doesn't use a context parameter. * @@ -911,11 +914,11 @@ typedef enum { * \brief Generate a prime number. * * \param X The destination MPI to store the generated prime in. - * Must point to an initialized MPi. + * This must point to an initialized MPi. * \param nbits The required size of the destination MPI in bits. * Must be between \c 3 and #MBEDTLS_MPI_MAX_BITS. * \param flags A mask of flags of type #mbedtls_mpi_gen_prime_flag_t. - * \param f_rng The RNG function to use. Must not be \c NULL. + * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG parameter to be passed to \p f_rng. * May be \c NULL if \p f_rng doesn't use a context parameter. * From 54c91dd2358b74777f059c551a19d930861377b7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 13:37:06 +0000 Subject: [PATCH 244/415] Remove double semicolon from bignum.c --- library/bignum.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 90af7e495..8b01bad6c 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -465,7 +465,7 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) MPI_VALIDATE_RET( s != NULL ); if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );; + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); mbedtls_mpi_init( &T ); @@ -568,7 +568,7 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );; + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); n = mbedtls_mpi_bitlen( X ); if( radix >= 4 ) n >>= 1; From 56b661cbf890a0d8f8324efeb24ed70e03dcb5e5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 13:37:25 +0000 Subject: [PATCH 245/415] Add test that mbedtls_mpi_free() accepts NULL parameter --- tests/suites/test_suite_mpi.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index a82bf8181..ddab63e07 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -219,9 +219,10 @@ void mpi_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_inv_mod( NULL, &X, &X ) ); + mbedtls_mpi_free( NULL ); + exit: return; - } /* END_CASE */ From e118504a5f22893c3e80c1ad17fc45e7d5cc82d4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Dec 2018 14:31:46 +0000 Subject: [PATCH 246/415] Numerous minor improvements to bignum documentation --- include/mbedtls/bignum.h | 128 ++++++++++++++------------- tests/suites/test_suite_mpi.function | 34 ++++++- 2 files changed, 101 insertions(+), 61 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 4f835b4e2..ba747d09b 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -196,9 +196,9 @@ mbedtls_mpi; void mbedtls_mpi_init( mbedtls_mpi *X ); /** - * \brief Clear an MPI context. + * \brief This function frees the components an MPI context. * - * \param X The MPI context to be cleared. May be \c NULL, + * \param X The MPI context to be cleared. This may be \c NULL, * in which case this function is a no-op. If it is * not \c NULL, it must point to an initialized MPI. */ @@ -220,7 +220,8 @@ void mbedtls_mpi_free( mbedtls_mpi *X ); int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ); /** - * \brief Resize down, keeping at least the specified number of limbs. + * \brief This function resizes an MPI downwards, keeping at least the + * specified number of limbs. * * If \c X is smaller than \c nblimbs, it is resized up * instead. @@ -259,14 +260,14 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ); void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); /** - * \brief Safe conditional copy of MPI which doesn't - * reveal whether the conditional was true or not. + * \brief Perform a safe conditional copy of MPI which doesn't + * reveal whether the condition was true or not. * * \param X The MPI to conditionally assign to. This must point * to an initialized MPI. * \param Y The MPI to be assigned from. This must point to an * initialized MPI. - * \param assign The conditional deciding whether to perform the + * \param assign The condition deciding whether to perform the * assignment or not. Possible values: * * \c 1: Perform the assignment `X = Y`. * * \c 0: Keep the original value of \p X. @@ -285,12 +286,12 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign ); /** - * \brief Safe conditional swap which doesn't - * reveal whether the conditional was true or not. + * \brief Perform a safe conditional swap which doesn't + * reveal whether the condition was true or not. * * \param X The first MPI. This must be initialized. * \param Y The second MPI. This must be initialized. - * \param assign The conditional deciding whether to perform + * \param assign The condition deciding whether to perform * the swap or not. Possible values: * * \c 1: Swap the values of \p X and \p Y. * * \c 0: Keep the original values of \p X and \p Y. @@ -351,41 +352,42 @@ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ); int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ); /** - * \brief Return the number of zero-bits before the - * least significant '1' bit + * \brief Return the number of bits of value \c 0 before the + * least significant bit of value \c 1. * * \note This is the same as the zero-based index of - * the least significant '1' bit. + * the least significant bit of value \c 1. * * \param X The MPI to query. * - * \return The number of zero-bits before the least significant - * '1' bit in \p X. + * \return The number of bits of value \c 0 before the least significant + * bit of value \c 1 in \p X. */ size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ); /** * \brief Return the number of bits up to and including the most - * significant '1' bit. + * significant bit of value \c 1. * * * \note This is same as the one-based index of the most - * significant '1' bit. + * significant bit of value \c 1. * * \param X The MPI to query. This must point to an initialized MPI. * * \return The number of bits up to and including the most - * significant '1' bit. + * significant bit of value \c 1. */ size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ); /** - * \brief Return the total size an MPI value in bytes. + * \brief Return the total size of an MPI value in bytes. * * \param X The MPI to use. This must point to an initialized MPI. * * \note The value returned by this function may be less than * the number of bytes used to store \p X internally. - * This happens if and only if there are trailing zero-bytes. + * This happens if and only if there are trailing bytes + * of value zero. * * \return The least number of bytes capable of storing * the absolute value of \p X. @@ -405,17 +407,19 @@ size_t mbedtls_mpi_size( const mbedtls_mpi *X ); int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ); /** - * \brief Export an MPI into an ASCII string. + * \brief Export an MPI to an ASCII string. * * \param X The source MPI. This must point to an initialized MPI. * \param radix The numeric base of the output string. - * \param buf Buffer to write the string to. Must be writable of - * length \p buflen Bytes. May be \c NULL if `buflen == 0`. + * \param buf The buffer to write the string to. This must be writable + * buffer of length \p buflen Bytes. It May be \c NULL if + * `buflen == 0`. * \param buflen The available size in Bytes of \p buf. - * \param olen Address at which to store the length of the string written, - * including final \c NULL byte. This must not be \c NULL. + * \param olen The address at which to store the length of the string + * written, including the final \c NULL byte. This must + * not be \c NULL. * - * \note Call this function with `buflen == 0` to obtain the + * \note You can call this function with `buflen == 0` to obtain the * minimum required buffer size in `*olen`. * * \return \c 0 if successful. @@ -457,12 +461,12 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ); * * \param p A string prefix to emit prior to the MPI data. * For example, this might be a label, or "0x" when - * printing in base 16. May be \c NULL if no prefix + * printing in base \c 16. This may be \c NULL if no prefix * is needed. * \param X The source MPI. This must point to an initialized MPI. * \param radix The numeric base to be used in the emitted string. - * \param fout The output file handle. May be \c NULL, in which case - * the output is written to `stdout`. + * \param fout The output file handle. This may be \c NULL, in which case + * the output is written to \c stdout. * * \return \c 0 if successful. * \return A negative error code on failure. @@ -475,7 +479,7 @@ int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, * \brief Import an MPI from unsigned big endian binary data. * * \param X The destination MPI. This must point to an initialized MPI. - * \param buf The input buffer. Must be a readable buffer of length + * \param buf The input buffer. This must be a readable buffer of length * \p buflen Bytes. * \param buflen The length of the input buffer \p p in Bytes. * @@ -491,13 +495,13 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, * of fixed size. * * \param X The source MPI. This must point to an initialized MPI. - * \param buf The output buffer. Must be a writable buffer of length + * \param buf The output buffer. This must be a writable buffer of length * \p buflen Bytes. * \param buflen The size of the output buffer \p buf in Bytes. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't - * large enoguh to hold the value of \p X. + * large enough to hold the value of \p X. * \return Another negative error code on different kinds of failure. */ int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, @@ -507,7 +511,7 @@ int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, * \brief Perform a left-shift on an MPI: X <<= count * * \param X The MPI to shift. This must point to an initialized MPI. - * \param count The amount to shift, in bits. + * \param count The number of bits to shift by. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -519,7 +523,7 @@ int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ); * \brief Perform a right-shift on an MPI: X >>= count * * \param X The MPI to shift. This must point to an initialized MPI. - * \param count The amount to shift, in bits. + * \param count The number of bits to shift by. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -535,7 +539,7 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ); * * \return \c 1 if `|X|` is greater than `|Y|`. * \return \c -1 if `|X|` is lesser than `|Y|`. - * \return \c 0 if `|X|` is equal than `|Y|`. + * \return \c 0 if `|X|` is equal to `|Y|`. */ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ); @@ -545,9 +549,9 @@ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ); * \param X The left-hand MPI. This must point to an initialized MPI. * \param Y The right-hand MPI. This must point to an initialized MPI. * - * \return \c 1 if `X` is greater than `Y`. - * \return \c -1 if `X` is lesser than `Y`. - * \return \c 0 if `X` is equal than `Y`. + * \return \c 1 if \p X is greater than \p Y. + * \return \c -1 if \p X is lesser than \p Y. + * \return \c 0 if \p X is equal to \p Y. */ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ); @@ -557,9 +561,9 @@ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ); * \param X The left-hand MPI. This must point to an initialized MPI. * \param z The integer value to compare \p X to. * - * \return \c 1 if `X` is greater than `z`. - * \return \c -1 if `X` is lesser than `z`. - * \return \c 0 if `X` is equal than `z`. + * \return \c 1 if \p X is greater than \p z. + * \return \c -1 if \p X is lesser than \p z. + * \return \c 0 if \p X is equal to \p z. */ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ); @@ -693,7 +697,7 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if `B == 0`. + * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. * \return Another negative error code on different kinds of failure. */ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, @@ -712,7 +716,7 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if `b == 0`. + * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero. * \return Another negative error code on different kinds of failure. */ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, @@ -730,8 +734,8 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if `B == 0`. - * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if `B < 0`. + * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. + * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative. * \return Another negative error code on different kinds of failure. * */ @@ -750,8 +754,8 @@ int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if `b == 0`. - * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if `b < 0`. + * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero. + * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative. * \return Another negative error code on different kinds of failure. */ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, @@ -768,13 +772,13 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, * initialized MPI. * \param _RR A helper MPI depending solely on \p N which can be used to * speed-up multiple modular exponentiations for the same value - * of \p N. May be \c NULL. If it is not \c NULL, it must point - * an initialized MPI. If it is freshly initialized, i.e. not - * used after the call to mbedtls_mpi_init(), this function - * will compute the helper value and store it in \p _RR for - * reuse on subsequent calls to this function. Otherwise, the - * function will assume that \p _RR holds the helper value set - * by a previous call to mbedtls_mpi_exp_mod(), and reuse it. + * of \p N. This may be \c NULL. If it is not \c NULL, it must + * point an initialized MPI. If it hasn't been used after + * the call to mbedtls_mpi_init(), this function will compute + * the helper value and store it in \p _RR for reuse on + * subsequent calls to this function. Otherwise, the function + * will assume that \p _RR holds the helper value set by a + * previous call to mbedtls_mpi_exp_mod(), and reuse it. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -793,8 +797,8 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * \param X The destination MPI. This must point to an initialized MPI. * \param size The number of random bytes to generate. * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG parameter to be passed to \p f_rng. May be \c NULL - * if \p f_rng doesn't need a context argument. + * \param p_rng The RNG parameter to be passed to \p f_rng. This may be + * \c NULL if \p f_rng doesn't need a context argument. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -833,7 +837,8 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `N <= 1`. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than + * or equal to one. * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse * with respect to \p N. */ @@ -857,7 +862,8 @@ int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * This must point to an initialized MPI. * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG parameter to be passed to \p f_rng. - * May be \c NULL if \p f_rng doesn't use a context parameter. + * This may be \c NULL if \p f_rng doesn't use a + * context parameter. * * \return \c 0 if successful, i.e. \p X is probably prime. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -889,7 +895,8 @@ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, * at most 2-2*\p rounds. * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG parameter to be passed to \p f_rng. - * May be \c NULL if \p f_rng doesn't use a context parameter. + * This may be \c NULL if \p f_rng doesn't use + * a context parameter. * * \return \c 0 if successful, i.e. \p X is probably prime. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -920,9 +927,10 @@ typedef enum { * \param flags A mask of flags of type #mbedtls_mpi_gen_prime_flag_t. * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG parameter to be passed to \p f_rng. - * May be \c NULL if \p f_rng doesn't use a context parameter. + * This may be \c NULL if \p f_rng doesn't use + * a context parameter. * - * \return \c 0 if successful, in which case \p X holds a probably + * \return \c 0 if successful, in which case \p X holds a * probably prime number. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index ddab63e07..d5bb6a7b9 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -62,32 +62,41 @@ void mpi_invalid_param( ) mbedtls_mpi_uint mpi_uint; TEST_INVALID_PARAM( mbedtls_mpi_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_mpi_free( NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_grow( NULL, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_copy( NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_copy( &X, NULL ) ); + TEST_INVALID_PARAM( mbedtls_mpi_swap( NULL, &X ) ); TEST_INVALID_PARAM( mbedtls_mpi_swap( &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_safe_cond_assign( NULL, &X, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_safe_cond_assign( &X, NULL, 0 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_safe_cond_swap( NULL, &X, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_safe_cond_swap( &X, NULL, 0 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_lset( NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_get_bit( NULL, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_set_bit( NULL, 42, 0 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_read_string( NULL, 2, s_in ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_read_string( &X, 2, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_write_string( NULL, 2, s_out, sizeof( s_out ), @@ -100,11 +109,13 @@ void mpi_invalid_param( ) mbedtls_mpi_write_string( &X, 2, s_out, sizeof( s_out ), NULL ) ); + #if defined(MBEDTLS_FS_IO) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_read_file( NULL, 2, stdin ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_read_file( &X, 2, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_write_file( "", NULL, 2, NULL ) ); #endif /* MBEDTLS_FS_IO */ @@ -115,84 +126,102 @@ void mpi_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_read_binary( &X, NULL, sizeof( u_in ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_write_binary( NULL, u_out, sizeof( u_out ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_write_binary( &X, NULL, sizeof( u_out ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_shift_l( NULL, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_shift_r( NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_cmp_abs( NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_cmp_abs( &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_cmp_mpi( NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_cmp_mpi( &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_cmp_int( NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_add_abs( NULL, &X, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_add_abs( &X, NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_add_abs( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_sub_abs( NULL, &X, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_sub_abs( &X, NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_sub_abs( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_add_mpi( NULL, &X, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_add_mpi( &X, NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_add_mpi( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_sub_mpi( NULL, &X, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_sub_mpi( &X, NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_sub_mpi( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_add_int( NULL, &X, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_add_int( &X, NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_sub_int( NULL, &X, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_sub_int( &X, NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mul_mpi( NULL, &X, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mul_mpi( &X, NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mul_mpi( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mul_int( NULL, &X, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mul_int( &X, NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_div_mpi( &X, &X, NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_div_mpi( &X, &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_div_int( &X, &X, NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_mpi( NULL, &X, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_mpi( &X, NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_mpi( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_int( NULL, &X, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_int( &mpi_uint, NULL, 42 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_exp_mod( NULL, &X, &X, &X, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, @@ -201,23 +230,26 @@ void mpi_invalid_param( ) mbedtls_mpi_exp_mod( &X, &X, NULL, &X, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_fill_random( NULL, 42, rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_gcd( NULL, &X, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_gcd( &X, NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_gcd( &X, &X, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_inv_mod( NULL, &X, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_inv_mod( &X, NULL, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_inv_mod( NULL, &X, &X ) ); + mbedtls_mpi_inv_mod( &X, &X, NULL ) ); mbedtls_mpi_free( NULL ); From 01c3c1064052512b4a386be56ac33c5eac924a30 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 23:04:51 +0000 Subject: [PATCH 247/415] Fix typos in documentation of bignum module Found by doxygen.sh --- include/mbedtls/bignum.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index ba747d09b..e0c863f7b 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -644,7 +644,7 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, * * \param X The destination MPI. This must point to an initialized MPI. * \param A The minuend. This must point to an initialized MPI. - * \param B The subtrahend. + * \param b The subtrahend. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. @@ -817,7 +817,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, * * \param G The destination MPI. This must point to an initialized MPI. * \param A The first operand. This must point to an initialized MPI. - * \param A The second operand. This must point to an initialized MPI. + * \param B The second operand. This must point to an initialized MPI. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. From d73101266d78a879c30071bb3b744820b5a42485 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 18:11:42 +0000 Subject: [PATCH 248/415] Don't promise that passing a NULL to mbedtls_mpi_read_string works --- include/mbedtls/bignum.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index e0c863f7b..d3337d2fb 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -412,8 +412,7 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ); * \param X The source MPI. This must point to an initialized MPI. * \param radix The numeric base of the output string. * \param buf The buffer to write the string to. This must be writable - * buffer of length \p buflen Bytes. It May be \c NULL if - * `buflen == 0`. + * buffer of length \p buflen Bytes. * \param buflen The available size in Bytes of \p buf. * \param olen The address at which to store the length of the string * written, including the final \c NULL byte. This must From 42f783d3b73f0d64c154bbbcd2ab25cb114899ce Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 18:39:32 +0000 Subject: [PATCH 249/415] Fix minor issues in SHA1 documentation --- include/mbedtls/sha1.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 0979dc0e3..2c4f0a6ae 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -160,7 +160,6 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, * * \param ctx The SHA-1 context to use. This must be initialized and * have a hash operation started. - * This must not be \c NULL. * \param output The SHA-1 checksum result. This must be a writable * buffer of length \c 20 Bytes. * @@ -177,8 +176,8 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param ctx The SHA-1 context to use. This must be initialized and - * have a hash operation started. + * \param ctx The SHA-1 context to use. This must be initialized + * and have a hash operation started. * \param data The data block being processed. This must be a * readable buffer of length \c 64 Bytes. * @@ -219,7 +218,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); * * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0. * - * \param ctx The SHA-1 context. THis must be initialized and + * \param ctx The SHA-1 context. This must be initialized and * have a hash operation started. * \param input The buffer holding the input data. * This must be a readable buffer of length \p ilen Bytes. From 3f2d1ef1694d9c329a9817c483d6c588976aeac4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 18:41:40 +0000 Subject: [PATCH 250/415] Fix typo in SHA512 documentation --- include/mbedtls/sha512.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index bf40e4b04..34a90b51e 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -272,7 +272,7 @@ int mbedtls_sha512_ret( const unsigned char *input, * \param ilen The length of the input data in Bytes. * \param output The SHA-384 or SHA-512 checksum result. This must * be a writable buffer of length \c 64 Bytes. - * \param is384 Determines which function to use. This must be eiher + * \param is384 Determines which function to use. This must be either * \c 0 for SHA-512, or \c 1 for SHA-384. */ MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, From a7634e83477d94db22ab47f4f5da18dd1bbc5daf Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 18:45:00 +0000 Subject: [PATCH 251/415] Fix wrong invocation of parameter validation macro in ECDH module --- library/ecdh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecdh.c b/library/ecdh.c index a8d6dbd83..37927f7e5 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -238,7 +238,7 @@ static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx ) */ void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ) { - ECDH_VALIDATE_RET( ctx != NULL ); + ECDH_VALIDATE( ctx != NULL ); ctx->restart_enabled = 1; } From ee427b26d4ec99a67569637cad833a1ab5247094 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 18 Dec 2018 21:04:55 +0000 Subject: [PATCH 252/415] tests: Backup config.h before modifying it It's good to make a backup of config.h before modifying it, so that when "cleanup" runs the next test has a clean default config.h to start from. Fixes 840af0a9ae6b ("Add tests to all.sh for CHECK_PARAMS edge cases") --- tests/scripts/all.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 64cb695c8..c5c0c3add 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -621,6 +621,7 @@ make TEST_CPP=1 msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full # includes CHECK_PARAMS scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C @@ -636,6 +637,7 @@ make CC=gcc CFLAGS='-Werror -O1' all test msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full # includes CHECK_PARAMS scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" From d01ff493e54cd9179420b35fdaf726611f4dcc83 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:10:28 +0000 Subject: [PATCH 253/415] Minor improvements in bignum documentation --- include/mbedtls/bignum.h | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index d3337d2fb..7b808381e 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -688,9 +688,11 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, * A = Q * B + R * * \param Q The destination MPI for the quotient. - * May be \c NULL is the value of the quotient is not needed. + * This may be \c NULL if the value of the + * quotient is not needed. * \param R The destination MPI for the remainder value. - * May be \c NULL if the value of the remainder is not needed. + * This may be \c NULL if the value of the + * remainder is not needed. * \param A The divident. This must point to an initialized MPi. * \param B The divisor. This must point to an initialized MPI. * @@ -707,9 +709,11 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * A = Q * b + R * * \param Q The destination MPI for the quotient. - * May be \c NULL is the value of the quotient is not needed. + * This may be \c NULL if the value of the + * quotient is not needed. * \param R The destination MPI for the remainder value. - * May be \c NULL if the value of the remainder is not needed. + * This may be \c NULL if the value of the + * remainder is not needed. * \param A The divident. This must point to an initialized MPi. * \param b The divisor. * @@ -922,7 +926,7 @@ typedef enum { * \param X The destination MPI to store the generated prime in. * This must point to an initialized MPi. * \param nbits The required size of the destination MPI in bits. - * Must be between \c 3 and #MBEDTLS_MPI_MAX_BITS. + * This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS. * \param flags A mask of flags of type #mbedtls_mpi_gen_prime_flag_t. * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG parameter to be passed to \p f_rng. From 79b9e39732a168292b631c8d8678b48d92c785bb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:17:49 +0000 Subject: [PATCH 254/415] Weaken preconditions for mbedtls[_internal]_sha1_process() --- include/mbedtls/sha1.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 2c4f0a6ae..38ea10b13 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -176,8 +176,7 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param ctx The SHA-1 context to use. This must be initialized - * and have a hash operation started. + * \param ctx The SHA-1 context to use. This must be initialized. * \param data The data block being processed. This must be a * readable buffer of length \c 64 Bytes. * @@ -256,8 +255,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, * * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0. * - * \param ctx The SHA-1 context. This must be initialized and - * have a hash operation started. + * \param ctx The SHA-1 context. This must be initialized. * \param data The data block being processed. * This must be a readable buffer of length \c 64 bytes. * From 3f1f4ad9bd3393dd641d85e198279db9d6288e39 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:19:37 +0000 Subject: [PATCH 255/415] Weaken preconditions on mbedtls_[internal_]sha256_process() --- include/mbedtls/sha256.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index ce14d85ee..0e42f0abb 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -144,8 +144,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, * the ongoing SHA-256 computation. This function is for * internal use only. * - * \param ctx The SHA-256 context. This must be initialized - * and have a hash operation started. + * \param ctx The SHA-256 context. This must be initialized. * \param data The buffer holding one block of data. This must * be a readable buffer of length \c 64 Bytes. * @@ -211,8 +210,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, * * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0. * - * \param ctx The SHA-256 context. This must be initialized and - * have a hash operation started. + * \param ctx The SHA-256 context. This must be initialized. * \param data The buffer holding one block of data. This must be * a readable buffer of size \c 64 Bytes. */ From b48e1aa846d58fbef94ddd65775af28e0d31bfae Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:25:01 +0000 Subject: [PATCH 256/415] Add separate test for mbedtls_mpi_free() accepting NULL --- tests/suites/test_suite_mpi.data | 5 ++++- tests/suites/test_suite_mpi.function | 8 +++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index ff25a6fcc..8b5f97d38 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -1,4 +1,7 @@ -Parameter validation +MPI - Valid parameters +mpi_valid_param: + +MPI - Invalid parameters mpi_invalid_param: Arguments with no value diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index d5bb6a7b9..63e0e9715 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -50,6 +50,13 @@ int mbedtls_test_mpi_miller_rabin_determinizer( void* state, * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void mpi_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_mpi_free( NULL ) ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void mpi_invalid_param( ) { @@ -62,7 +69,6 @@ void mpi_invalid_param( ) mbedtls_mpi_uint mpi_uint; TEST_INVALID_PARAM( mbedtls_mpi_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_mpi_free( NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_grow( NULL, 42 ) ); From 59274d43cb628d49f02bd8414833802fa3fd1181 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:27:03 +0000 Subject: [PATCH 257/415] Remove unnecessary call to mbedtls_mpi_free() in MPI tests --- tests/suites/test_suite_mpi.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 63e0e9715..3379a999d 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -257,8 +257,6 @@ void mpi_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_inv_mod( &X, &X, NULL ) ); - mbedtls_mpi_free( NULL ); - exit: return; } From c81cfece8f6aa7631d1685ce2629be2acc16d48a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:32:42 +0000 Subject: [PATCH 258/415] Minor fixes to parameter validation in ECDH module --- include/mbedtls/ecdh.h | 6 +++--- library/ecdh.c | 5 +---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index f17446c6d..05b2b0397 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -312,8 +312,8 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, * \param ctx The ECDH context to set up. This must be initialized. * \param key The EC key to use. This must be initialized. * \param side Defines the source of the key. Possible values are: - * - \c 1: The imported key is ours. - * - \c 0: The imported key is that of the peer. + * - #MBEDTLS_ECDH_OURS: The key is ours. + * - #MBEDTLS_ECDH_THEIRS: The key is that of the peer. * * \return \c 0 on success. * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. @@ -338,7 +338,7 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, * \param olen The address at which to store the number of Bytes written. * This must not be \c NULL. * \param buf The destination buffer. This must be a writable buffer - * of lsength \p blen Bytes. + * of length \p blen Bytes. * \param blen The size of the destination buffer \p buf in Bytes. * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be diff --git a/library/ecdh.c b/library/ecdh.c index 37927f7e5..da95c60da 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -64,10 +64,6 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_restart_ctx *rs_ctx ) { int ret; - ECDH_VALIDATE_RET( grp != NULL ); - ECDH_VALIDATE_RET( d != NULL ); - ECDH_VALIDATE_RET( Q != NULL ); - ECDH_VALIDATE_RET( f_rng != NULL ); /* If multiplication is in progress, we already generated a privkey */ #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -513,6 +509,7 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, ECDH_VALIDATE_RET( ctx != NULL ); ECDH_VALIDATE_RET( olen != NULL ); ECDH_VALIDATE_RET( buf != NULL ); + ECDH_VALIDATE_RET( f_rng != NULL ); #if defined(MBEDTLS_ECP_RESTARTABLE) restart_enabled = ctx->restart_enabled; From 035c6baefe6ea48d8ddaac8a0dd84084f15216b9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:35:53 +0000 Subject: [PATCH 259/415] Fix documentation bug in ECDSA module --- include/mbedtls/ecdsa.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 86f49449a..40fdab372 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -479,16 +479,16 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief This function sets an ECDSA context from an EC key pair. + * \brief This function sets up an ECDSA context from an EC key pair. * * \see ecp.h * - * \param ctx The ECDSA context to set. This must be initialized. + * \param ctx The ECDSA context to setup. This must be initialized. * \param key The EC key to use. This must be initialized and hold * a private-public key pair or a public key. In the former * case, the ECDSA context may be used for signature creation - * after this call. In the latter case, it may be used for - * signature verification. + * and verification after this call. In the latter case, it + * may be used for signature verification. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. From a310b41ebecf9724934666941df6d29ae2cbe8c2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 00:51:21 +0100 Subject: [PATCH 260/415] Add null-pointer support information to init/free --- include/mbedtls/pk.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index df3a03c7c..e2529e4ce 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -197,23 +197,35 @@ typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx ); const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ); /** - * \brief Initialize a mbedtls_pk_context (as NONE) + * \brief Initialize a #mbedtls_pk_context (as NONE). + * + * \param ctx The context to initialize. + * This must not be \c NULL. */ void mbedtls_pk_init( mbedtls_pk_context *ctx ); /** - * \brief Free a mbedtls_pk_context + * \brief Free the components of a #mbedtls_pk_context. + * + * \param ctx The context to clear. + * If this is \c NULL, this function does nothing. */ void mbedtls_pk_free( mbedtls_pk_context *ctx ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Initialize a restart context + * + * \param ctx The context to initialize. + * This must not be \c NULL. */ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ); /** * \brief Free the components of a restart context + * + * \param ctx The context to clear. + * If this is \c NULL, this function does nothing. */ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ); #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ From e97dc60b42481b77dbb2f1ae2fdae4a22fc385c1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 00:51:38 +0100 Subject: [PATCH 261/415] Implement parameter validation in pk, pkparse and pkwrite Add checks for null pointers under MBEDTLS_CHECK_PARAMS. In functions that perform operations with a context, only check if the context pointer is non-null under MBEDTLS_CHECK_PARAMS. In the default configuration, unconditionally dereference the context pointer. In functions that query a context, support NULL as a pointer-to-context argument, and return the same value as for a context which has been initialized but not set up. --- library/pk.c | 62 ++++++++++++++++++++++++++++++++++++----------- library/pkparse.c | 33 +++++++++++++++++++++++-- library/pkwrite.c | 28 ++++++++++++++++++++- 3 files changed, 106 insertions(+), 17 deletions(-) diff --git a/library/pk.c b/library/pk.c index e0e8dbad2..d8bce8f46 100644 --- a/library/pk.c +++ b/library/pk.c @@ -44,13 +44,18 @@ #include #include +/* Parameter validation macros based on platform_util.h */ +#define PK_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) +#define PK_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + /* * Initialise a mbedtls_pk_context */ void mbedtls_pk_init( mbedtls_pk_context *ctx ) { - if( ctx == NULL ) - return; + PK_VALIDATE( ctx != NULL ); ctx->pk_info = NULL; ctx->pk_ctx = NULL; @@ -75,6 +80,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ) */ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) { + PK_VALIDATE( ctx != NULL ); ctx->pk_info = NULL; ctx->rs_ctx = NULL; } @@ -84,7 +90,8 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) */ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) { - if( ctx == NULL || ctx->pk_info == NULL || + PK_VALIDATE( ctx != NULL ); + if( ctx->pk_info == NULL || ctx->pk_info->rs_free_func == NULL ) { return; @@ -128,7 +135,8 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) */ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) { - if( ctx == NULL || info == NULL || ctx->pk_info != NULL ) + PK_VALIDATE_RET( ctx != NULL ); + if( info == NULL || ctx->pk_info != NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) @@ -151,7 +159,8 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, mbedtls_rsa_alt_context *rsa_alt; const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; - if( ctx == NULL || ctx->pk_info != NULL ) + PK_VALIDATE_RET( ctx != NULL ); + if( ctx->pk_info != NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) @@ -175,7 +184,6 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, */ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) { - /* null or NONE context can't do anything */ if( ctx == NULL || ctx->pk_info == NULL ) return( 0 ); @@ -232,7 +240,11 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, const unsigned char *sig, size_t sig_len, mbedtls_pk_restart_ctx *rs_ctx ) { - if( ctx == NULL || ctx->pk_info == NULL || + PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( hash != NULL ); + PK_VALIDATE_RET( sig != NULL ); + + if( ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -285,7 +297,11 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { - if( ctx == NULL || ctx->pk_info == NULL ) + PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( hash != NULL ); + PK_VALIDATE_RET( sig != NULL ); + + if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); if( ! mbedtls_pk_can_do( ctx, type ) ) @@ -345,7 +361,11 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_pk_restart_ctx *rs_ctx ) { - if( ctx == NULL || ctx->pk_info == NULL || + PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( hash != NULL ); + PK_VALIDATE_RET( sig != NULL ); + + if( ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -399,7 +419,12 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - if( ctx == NULL || ctx->pk_info == NULL ) + PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( input != NULL || ilen == 0 ); + PK_VALIDATE_RET( output != NULL || osize == 0 ); + PK_VALIDATE_RET( olen != NULL ); + + if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); if( ctx->pk_info->decrypt_func == NULL ) @@ -417,7 +442,12 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - if( ctx == NULL || ctx->pk_info == NULL ) + PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( input != NULL || ilen == 0 ); + PK_VALIDATE_RET( output != NULL || osize == 0 ); + PK_VALIDATE_RET( olen != NULL ); + + if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); if( ctx->pk_info->encrypt_func == NULL ) @@ -432,8 +462,11 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, */ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) { - if( pub == NULL || pub->pk_info == NULL || - prv == NULL || prv->pk_info == NULL || + PK_VALIDATE_RET( pub != NULL ); + PK_VALIDATE_RET( prv != NULL ); + + if( pub->pk_info == NULL || + prv->pk_info == NULL || prv->pk_info->check_pair_func == NULL ) { return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -469,7 +502,8 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) */ int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) { - if( ctx == NULL || ctx->pk_info == NULL ) + PK_VALIDATE_RET( ctx != NULL ); + if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); if( ctx->pk_info->debug_func == NULL ) diff --git a/library/pkparse.c b/library/pkparse.c index 86d9fb004..7c14e34ec 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -61,6 +61,12 @@ #define mbedtls_free free #endif +/* Parameter validation macros based on platform_util.h */ +#define PK_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) +#define PK_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #if defined(MBEDTLS_FS_IO) /* * Load all data from a file into a given buffer. @@ -74,6 +80,10 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) FILE *f; long size; + PK_VALIDATE_RET( path != NULL ); + PK_VALIDATE_RET( buf != NULL ); + PK_VALIDATE_RET( n != NULL ); + if( ( f = fopen( path, "rb" ) ) == NULL ) return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); @@ -124,6 +134,8 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, size_t n; unsigned char *buf; + PK_VALIDATE_RET( ctx != NULL ); + if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); @@ -148,6 +160,8 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) size_t n; unsigned char *buf; + PK_VALIDATE_RET( ctx != NULL ); + if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); @@ -605,6 +619,11 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; const mbedtls_pk_info_t *pk_info; + PK_VALIDATE_RET( p != NULL ); + PK_VALIDATE_RET( *p != NULL ); + PK_VALIDATE_RET( end != NULL ); + PK_VALIDATE_RET( pk != NULL ); + if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { @@ -1145,12 +1164,17 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, { int ret; const mbedtls_pk_info_t *pk_info; - #if defined(MBEDTLS_PEM_PARSE_C) size_t len; mbedtls_pem_context pem; +#endif - mbedtls_pem_init( &pem ); + PK_VALIDATE_RET( pk != NULL ); + PK_VALIDATE_RET( key != NULL || keylen == 0 ); + PK_VALIDATE_RET( pwd != NULL || pwdlen == 0 ); + +#if defined(MBEDTLS_PEM_PARSE_C) + mbedtls_pem_init( &pem ); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ @@ -1360,7 +1384,12 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, #if defined(MBEDTLS_PEM_PARSE_C) size_t len; mbedtls_pem_context pem; +#endif + PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( key != NULL || keylen == 0 ); + +#if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_init( &pem ); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ diff --git a/library/pkwrite.c b/library/pkwrite.c index 8eabd889b..51d0c56f1 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -30,6 +30,7 @@ #include "mbedtls/pk.h" #include "mbedtls/asn1write.h" #include "mbedtls/oid.h" +#include "mbedtls/platform_util.h" #include @@ -54,6 +55,12 @@ #define mbedtls_free free #endif +/* Parameter validation macros based on platform_util.h */ +#define PK_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) +#define PK_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #if defined(MBEDTLS_RSA_C) /* * RSAPublicKey ::= SEQUENCE { @@ -151,6 +158,11 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, int ret; size_t len = 0; + PK_VALIDATE_RET( p != NULL ); + PK_VALIDATE_RET( *p != NULL ); + PK_VALIDATE_RET( start != NULL ); + PK_VALIDATE_RET( key != NULL ); + #if defined(MBEDTLS_RSA_C) if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) ); @@ -173,6 +185,9 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si size_t len = 0, par_len = 0, oid_len; const char *oid; + PK_VALIDATE_RET( key != NULL ); + PK_VALIDATE_RET( buf != NULL || size == 0 ); + c = buf + size; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) ); @@ -217,9 +232,14 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) { int ret; - unsigned char *c = buf + size; + unsigned char *c; size_t len = 0; + PK_VALIDATE_RET( key != NULL ); + PK_VALIDATE_RET( buf != NULL || size == 0 ); + + c = buf + size; + #if defined(MBEDTLS_RSA_C) if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) { @@ -457,6 +477,9 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, si unsigned char output_buf[PUB_DER_MAX_BYTES]; size_t olen = 0; + PK_VALIDATE_RET( key != NULL ); + PK_VALIDATE_RET( buf != NULL || size == 0 ); + if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf, sizeof(output_buf) ) ) < 0 ) { @@ -480,6 +503,9 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_ const char *begin, *end; size_t olen = 0; + PK_VALIDATE_RET( key != NULL ); + PK_VALIDATE_RET( buf != NULL || size == 0 ); + if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 ) return( ret ); From 78438e410911a9453eaecad5727f44a335568565 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 00:55:07 +0100 Subject: [PATCH 262/415] Test parameter validation for pk, pkparse and pkwrite --- tests/suites/test_suite_pk.data | 3 + tests/suites/test_suite_pk.function | 316 ++++++++++++++++++++++++++++ 2 files changed, 319 insertions(+) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 478cde7be..d029b995f 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1,3 +1,6 @@ +PK invalid parameters +invalid_parameters: + PK utils: RSA depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_utils:MBEDTLS_PK_RSA:512:64:"RSA" diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 4813f71f7..b2f9a9942 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -69,6 +69,322 @@ size_t mbedtls_rsa_key_len_func( void *ctx ) * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void valid_parameters( ) +{ + mbedtls_pk_context pk; + size_t len; + + mbedtls_pk_init( &pk ); + + TEST_VALID_PARAM( mbedtls_pk_setup( &pk, NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_VALID_PARAM( mbedtls_pk_get_bitlen( NULL ) == 0 ); + + TEST_VALID_PARAM( mbedtls_pk_get_len( NULL ) == 0 ); + + TEST_VALID_PARAM( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 ); + + TEST_VALID_PARAM( mbedtls_pk_encrypt( &pk, + NULL, 0, + NULL, &len, 0, + rnd_std_rand, NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_VALID_PARAM( mbedtls_pk_decrypt( &pk, + NULL, 0, + NULL, &len, 0, + rnd_std_rand, NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + +#if defined(MBEDTLS_PK_PARSE_C) + TEST_VALID_PARAM( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) == + MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + + TEST_VALID_PARAM( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) == + MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); +#endif /* MBEDTLS_PK_PARSE_C */ + +#if defined(MBEDTLS_PK_WRITE_C) + TEST_VALID_PARAM( mbedtls_pk_write_key_der( &pk, NULL, 0 ) == + MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + + TEST_VALID_PARAM( mbedtls_pk_write_pubkey_der( &pk, NULL, 0 ) == + MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); +#endif /* MBEDTLS_PK_WRITE_C */ +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void invalid_parameters( ) +{ + size_t len; + unsigned char *null_buf = NULL; + unsigned char buf[1]; + unsigned char *p = buf; + char str[1] = {0}; + mbedtls_pk_context pk; + void *options = buf; + + mbedtls_pk_init( &pk ); + + TEST_INVALID_PARAM( mbedtls_pk_init( NULL ) ); + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + TEST_INVALID_PARAM( mbedtls_pk_restart_init( NULL ) ); + + TEST_INVALID_PARAM( mbedtls_pk_restart_free( NULL ) ); +#endif + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_setup( NULL, NULL ) ); + +#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_setup_rsa_alt( NULL, buf, + NULL, NULL, NULL ) ); +#endif + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_restartable( NULL, + MBEDTLS_MD_NONE, + buf, sizeof( buf ), + buf, sizeof( buf ), + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_restartable( &pk, + MBEDTLS_MD_NONE, + NULL, sizeof( buf ), + buf, sizeof( buf ), + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_restartable( &pk, + MBEDTLS_MD_NONE, + buf, sizeof( buf ), + NULL, sizeof( buf ), + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify( NULL, + MBEDTLS_MD_NONE, + buf, sizeof( buf ), + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify( &pk, + MBEDTLS_MD_NONE, + NULL, sizeof( buf ), + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify( &pk, + MBEDTLS_MD_NONE, + buf, sizeof( buf ), + NULL, sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, + NULL, + MBEDTLS_MD_NONE, + buf, sizeof( buf ), + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, + &pk, + MBEDTLS_MD_NONE, + NULL, sizeof( buf ), + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, + &pk, + MBEDTLS_MD_NONE, + buf, sizeof( buf ), + NULL, sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign_restartable( NULL, + MBEDTLS_MD_NONE, + buf, sizeof( buf ), + buf, &len, + rnd_std_rand, NULL, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign_restartable( &pk, + MBEDTLS_MD_NONE, + NULL, sizeof( buf ), + buf, &len, + rnd_std_rand, NULL, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign_restartable( &pk, + MBEDTLS_MD_NONE, + buf, sizeof( buf ), + NULL, &len, + rnd_std_rand, NULL, + NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign( NULL, + MBEDTLS_MD_NONE, + buf, sizeof( buf ), + buf, &len, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign( &pk, + MBEDTLS_MD_NONE, + NULL, sizeof( buf ), + buf, &len, + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign( &pk, + MBEDTLS_MD_NONE, + buf, sizeof( buf ), + NULL, &len, + rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( NULL, + buf, sizeof( buf ), + buf, &len, sizeof( buf ), + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( &pk, + NULL, sizeof( buf ), + buf, &len, sizeof( buf ), + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( &pk, + buf, sizeof( buf ), + NULL, &len, sizeof( buf ), + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( &pk, + buf, sizeof( buf ), + buf, NULL, sizeof( buf ), + rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( NULL, + buf, sizeof( buf ), + buf, &len, sizeof( buf ), + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( &pk, + NULL, sizeof( buf ), + buf, &len, sizeof( buf ), + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( &pk, + buf, sizeof( buf ), + NULL, &len, sizeof( buf ), + rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( &pk, + buf, sizeof( buf ), + buf, NULL, sizeof( buf ), + rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_check_pair( NULL, &pk ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_check_pair( &pk, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_debug( NULL, NULL ) ); + +#if defined(MBEDTLS_PK_PARSE_C) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_load_file( NULL, &p, &len ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_load_file( str, NULL, &len ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_load_file( str, &p, NULL ) ); + +#if defined(MBEDTLS_FS_IO) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_keyfile( NULL, str, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_keyfile( &pk, NULL, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_public_keyfile( NULL, str ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_public_keyfile( &pk, NULL ) ); +#endif + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_subpubkey( NULL, buf, &pk ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_subpubkey( &null_buf, buf, &pk ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_subpubkey( &p, NULL, &pk ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_subpubkey( &p, buf, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_key( NULL, + buf, sizeof( buf ), + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_key( &pk, + NULL, sizeof( buf ), + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_key( &pk, + buf, sizeof( buf ), + NULL, sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_public_key( NULL, + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_parse_public_key( &pk, + NULL, sizeof( buf ) ) ); +#endif /* MBEDTLS_PK_PARSE_C */ + +#if defined(MBEDTLS_PK_WRITE_C) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_pubkey( NULL, p, &pk ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_pubkey( &null_buf, p, &pk ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_pubkey( &p, NULL, &pk ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_pubkey( &p, p, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_pubkey_der( NULL, + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_pubkey_der( &pk, + NULL, sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_key_der( NULL, + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_key_der( &pk, + NULL, sizeof( buf ) ) ); + +#if defined(MBEDTLS_PEM_WRITE_C) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_pubkey_pem( NULL, + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_pubkey_pem( &pk, + NULL, sizeof( buf ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_key_pem( NULL, + buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_write_key_pem( &pk, + NULL, sizeof( buf ) ) ); +#endif /* MBEDTLS_PEM_WRITE_C */ + +#endif /* MBEDTLS_PK_WRITE_C */ +} +/* END_CASE */ + /* BEGIN_CASE */ void pk_utils( int type, int size, int len, char * name ) { From 80f71689eeb83366ac4492f8aad0e05b85faae33 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:44:43 +0000 Subject: [PATCH 263/415] Add parameter validation to mbedtls_ecp_restart_init() --- library/ecp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ecp.c b/library/ecp.c index 229b28eaf..beab9c4c3 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -244,6 +244,7 @@ static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx ) */ void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) { + ECP_VALIDATE( ctx != NULL ); ctx->ops_done = 0; ctx->depth = 0; ctx->rsm = NULL; From 807c107c3c9f4d742324552fe8d5e6a1e1f526c8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:45:14 +0000 Subject: [PATCH 264/415] Fix typos in ECP test suite --- tests/suites/test_suite_ecp.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 49ab870ac..40a037ec0 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -16,7 +16,7 @@ /* BEGIN_CASE */ void ecp_valid_param( ) { - TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) ); + TEST_VALID_PARAM( mbedtls_ecp_group_free( NULL ) ); TEST_VALID_PARAM( mbedtls_ecp_keypair_free( NULL ) ); TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) ); @@ -46,7 +46,7 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) ); TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) ); - TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) ); + TEST_INVALID_PARAM( mbedtls_ecp_group_init( NULL ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) TEST_INVALID_PARAM( mbedtls_ecp_restart_init( NULL ) ); From 0a4fa9b1fb0819fc65ccaba18dd2608024c8472e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:45:29 +0000 Subject: [PATCH 265/415] Add parameter validation test for mbedtls_ecp_check_budget() --- tests/suites/test_suite_ecp.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 40a037ec0..de61022b1 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -43,6 +43,7 @@ void ecp_invalid_param( ) unsigned char buf[42] = { 0 }; const unsigned char *null_buf = NULL; mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1; + mbedtls_ecp_restart_ctx restart_ctx; TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) ); TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) ); @@ -50,6 +51,7 @@ void ecp_invalid_param( ) #if defined(MBEDTLS_ECP_RESTARTABLE) TEST_INVALID_PARAM( mbedtls_ecp_restart_init( NULL ) ); + TEST_INVALID_PARAM( mbedtls_ecp_check_budget( NULL, &restart_ctx, 42 ) ); #endif /* MBEDTLS_ECP_RESTARTABLE */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, From 549e455a423576881139d5ecaa8f9ad6738bb74a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:45:43 +0000 Subject: [PATCH 266/415] Add parameter validation test for mbedtls_ecp_gen_privkey() --- tests/suites/test_suite_ecp.function | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index de61022b1..b6253feef 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -64,6 +64,22 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_group_copy( &grp, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_privkey( NULL, + &m, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_privkey( &grp, + NULL, + rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_gen_privkey( &grp, + &m, + NULL, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_set_zero( NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, From b7a04a785176512f32805e9901e30a76fbb68a50 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:50:21 +0000 Subject: [PATCH 267/415] Fix mbedtls_ecp_curve_info_from_name() for NULL input --- library/ecp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ecp.c b/library/ecp.c index beab9c4c3..ecea5910e 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -505,6 +505,9 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name { const mbedtls_ecp_curve_info *curve_info; + if( name == NULL ) + return( NULL ); + for( curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) From 195953503843911ab8fad3bc06d44795eb0795d6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:54:04 +0000 Subject: [PATCH 268/415] Add parameter validation test for mbedtls_ecp_check_pub_priv() --- tests/suites/test_suite_ecp.function | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index b6253feef..606ddd22a 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -287,6 +287,11 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_check_pubkey( &grp, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_check_pub_priv( NULL, &kp ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecp_check_pub_priv( &kp, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_check_privkey( NULL, &m ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, From 185e5163098f078b5c1eea442a9189f70da16d35 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 09:48:50 +0000 Subject: [PATCH 269/415] Minor fixes to ECJPAKE parameter validation --- include/mbedtls/ecjpake.h | 6 +++--- library/ecjpake.c | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index cf4ab87ad..f9291644a 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -110,8 +110,8 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); * #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER. * \param hash The identifier of the hash function to use, * for example #MBEDTLS_MD_SHA256. - * \param curve The identifier of the Telliptic curve to use, - * for example #MBEDTLS_ECP_DP_SECP192K1. + * \param curve The identifier of the elliptic curve to use, + * for example #MBEDTLS_ECP_DP_SECP256R1. * \param secret The pre-shared secret (passphrase). This must be * a readable buffer of length \p len Bytes, but need * only be valid for the duration of this call. It may @@ -209,7 +209,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, * (TLS: contents of the Client/ServerKeyExchange). * * \param ctx The ECJPAKE context to use. This must be initialized - * and set up and have performed roudn one. + * and set up and have performed round one. * \param buf The buffer holding the second round message. This must * be a readable buffer of length \p len Bytes. * \param len The length in Bytes of \p buf. diff --git a/library/ecjpake.c b/library/ecjpake.c index c5ab4cbba..be941b14b 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -111,6 +111,7 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, size_t len ) { int ret; + ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT || role == MBEDTLS_ECJPAKE_SERVER ); @@ -579,6 +580,7 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, const unsigned char *end = buf + len; mbedtls_ecp_group grp; mbedtls_ecp_point G; /* C: GB, S: GA */ + ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( buf != NULL ); @@ -673,6 +675,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, unsigned char *p = buf; const unsigned char *end = buf + len; size_t ec_len; + ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( buf != NULL ); ECJPAKE_VALIDATE_RET( olen != NULL ); @@ -752,6 +755,7 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, mbedtls_mpi m_xm2_s, one; unsigned char kx[MBEDTLS_ECP_MAX_BYTES]; size_t x_bytes; + ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( buf != NULL ); ECJPAKE_VALIDATE_RET( olen != NULL ); From 859522a31ce0cd46252cabd47a24664b6b8a4468 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 09:54:14 +0000 Subject: [PATCH 270/415] Regenerate errors.c --- library/error.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/error.c b/library/error.c index 564490e58..097260c26 100644 --- a/library/error.c +++ b/library/error.c @@ -856,7 +856,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "SHA1 - Invalid input data" ); + mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 input data was malformed" ); #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) From d8e4f4a76425d46c5855dfc6b57f3c81f85ab3bd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 09:54:55 +0000 Subject: [PATCH 271/415] Regenerate errors.c --- library/error.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/error.c b/library/error.c index 701c7920f..d7e85a551 100644 --- a/library/error.c +++ b/library/error.c @@ -861,7 +861,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "SHA256 - Invalid input data" ); + mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 input data was malformed" ); #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) From 9994e0d7cff6d185c958491dba72b50b6ddbd459 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 09:55:40 +0000 Subject: [PATCH 272/415] Regenerate errors.c --- library/error.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/error.c b/library/error.c index 3251af06c..ab7bfb88a 100644 --- a/library/error.c +++ b/library/error.c @@ -866,7 +866,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "SHA512 - Invalid input data" ); + mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 input data was malformed" ); #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_THREADING_C) From fbf67770d89332a69897bd60d931e45114db6f80 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 10:14:43 +0000 Subject: [PATCH 273/415] Improve ECJPAKE documentation --- include/mbedtls/ecjpake.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index f9291644a..b967af838 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -113,9 +113,8 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); * \param curve The identifier of the elliptic curve to use, * for example #MBEDTLS_ECP_DP_SECP256R1. * \param secret The pre-shared secret (passphrase). This must be - * a readable buffer of length \p len Bytes, but need - * only be valid for the duration of this call. It may - * be \c NULL if \p len is zero. + * a readable buffer of length \p len Bytes. It need + * only be valid for the duration of this call. * \param len The length of the pre-shared secret \p secret. * * \return \c 0 if successful. @@ -209,7 +208,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, * (TLS: contents of the Client/ServerKeyExchange). * * \param ctx The ECJPAKE context to use. This must be initialized - * and set up and have performed round one. + * and set up and already have performed round one. * \param buf The buffer holding the second round message. This must * be a readable buffer of length \p len Bytes. * \param len The length in Bytes of \p buf. @@ -245,7 +244,8 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, void *p_rng ); /** - * \brief Free an ECJPAKE context. + * \brief This clears an ECJPAKE context and frees any + * embedded data structure. * * \param ctx The ECJPAKE context to free. This may be \c NULL, * in which case this function does nothing. If it is not From bb186f89fce29f6e0ad5587588529c273d925eda Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 10:27:24 +0000 Subject: [PATCH 274/415] Weaken preconditions for mbedtls[_internal]_sha512_process() --- include/mbedtls/sha512.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 34a90b51e..7b26cf5cc 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -145,8 +145,7 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, * \brief This function processes a single data block within * the ongoing SHA-512 computation. * - * \param ctx The SHA-512 context. This must be initialized - * and have a hash operation started. + * \param ctx The SHA-512 context. This must be initialized. * \param data The buffer holding one block of data. This * must be a readable buffer of length \c 128 Bytes. * @@ -211,8 +210,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, * * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0. * - * \param ctx The SHA-512 context. This must be initialized and - * have a hash operation started. + * \param ctx The SHA-512 context. This must be initialized. * \param data The buffer holding one block of data. This must be * a readable buffer of length \c 128 Bytes. */ From e146e7dbaeceaa62b3d8258f2433819c2dfc32ca Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 13:20:21 +0100 Subject: [PATCH 275/415] Don't use TEST_VALID_PARAM with a value TEST_VALID_PARAM is only for functions that return void. This commit fixes the build with clang -Wunused-comparison. --- tests/suites/test_suite_pk.function | 46 ++++++++++++++--------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index b2f9a9942..936bcdfb2 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -77,41 +77,41 @@ void valid_parameters( ) mbedtls_pk_init( &pk ); - TEST_VALID_PARAM( mbedtls_pk_setup( &pk, NULL ) == - MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - TEST_VALID_PARAM( mbedtls_pk_get_bitlen( NULL ) == 0 ); + TEST_ASSERT( mbedtls_pk_get_bitlen( NULL ) == 0 ); - TEST_VALID_PARAM( mbedtls_pk_get_len( NULL ) == 0 ); + TEST_ASSERT( mbedtls_pk_get_len( NULL ) == 0 ); - TEST_VALID_PARAM( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 ); + TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 ); - TEST_VALID_PARAM( mbedtls_pk_encrypt( &pk, - NULL, 0, - NULL, &len, 0, - rnd_std_rand, NULL ) == - MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_pk_encrypt( &pk, + NULL, 0, + NULL, &len, 0, + rnd_std_rand, NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - TEST_VALID_PARAM( mbedtls_pk_decrypt( &pk, - NULL, 0, - NULL, &len, 0, - rnd_std_rand, NULL ) == - MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_pk_decrypt( &pk, + NULL, 0, + NULL, &len, 0, + rnd_std_rand, NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #if defined(MBEDTLS_PK_PARSE_C) - TEST_VALID_PARAM( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) == - MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) == + MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); - TEST_VALID_PARAM( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) == - MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) == + MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); #endif /* MBEDTLS_PK_PARSE_C */ #if defined(MBEDTLS_PK_WRITE_C) - TEST_VALID_PARAM( mbedtls_pk_write_key_der( &pk, NULL, 0 ) == - MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) == + MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - TEST_VALID_PARAM( mbedtls_pk_write_pubkey_der( &pk, NULL, 0 ) == - MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + TEST_ASSERT( mbedtls_pk_write_pubkey_der( &pk, NULL, 0 ) == + MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); #endif /* MBEDTLS_PK_WRITE_C */ } /* END_CASE */ From 7a16aaddba7e258ee619750650dd6d8e8e7ffc7d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 14:54:16 +0000 Subject: [PATCH 276/415] Document parameter preconditions in CAMELLIA module --- include/mbedtls/camellia.h | 170 +++++++++++++++++++++++-------------- 1 file changed, 107 insertions(+), 63 deletions(-) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 0a02335ac..d1a2a1c3a 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -72,52 +72,68 @@ mbedtls_camellia_context; #endif /* MBEDTLS_CAMELLIA_ALT */ /** - * \brief Initialize CAMELLIA context + * \brief Initialize a CAMELLIA context. * - * \param ctx CAMELLIA context to be initialized + * \param ctx The CAMELLIA context to be initialized. + * This must not be \c NULL. */ void mbedtls_camellia_init( mbedtls_camellia_context *ctx ); /** - * \brief Clear CAMELLIA context + * \brief Clear a CAMELLIA context. * - * \param ctx CAMELLIA context to be cleared + * \param ctx The CAMELLIA context to be cleared. May be \c NULL, + * in which case this function is a no-op. If it is not + * \c NULL, it must be initialized. */ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); /** - * \brief CAMELLIA key schedule (encryption) + * \brief Perform a CAMELLIA key schedule (encryption). * - * \param ctx CAMELLIA context to be initialized - * \param key encryption key - * \param keybits must be 128, 192 or 256 + * \param ctx The CAMELLIA context to use. This must be initialized. + * \param key The encryption key to use. Must be a readable buffer + * of size \p keybits bits. + * \param keybits The length of \p key in Bits. Must be either \c 128, + * \c 192 or \c 256. * - * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA + * \return \c 0 if successful. + * \return A negative error code on failure. */ -int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key, - unsigned int keybits ); +int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits ); /** - * \brief CAMELLIA key schedule (decryption) + * \brief Perform a CAMELLIA key schedule (decryption). * - * \param ctx CAMELLIA context to be initialized - * \param key decryption key - * \param keybits must be 128, 192 or 256 + * \param ctx The CAMELLIA context to use. This must be initialized. + * \param key The decryption key. Must be a readable buffer + * of size \p keybits bits. + * \param keybits The length of \p key in Bits. Must be either \c 128, + * \c 192 or \c 256. * - * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA + * \return \c 0 if successful. + * \return A negative error code on failure. */ -int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key, - unsigned int keybits ); +int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits ); /** - * \brief CAMELLIA-ECB block encryption/decryption + * \brief Perform a CAMELLIA-ECB block encryption/decryption. * - * \param ctx CAMELLIA context - * \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT - * \param input 16-byte input block - * \param output 16-byte output block + * \param ctx The CAMELLIA context to use. Must be initialized + * and bound to a key. + * \param mode The mode of operation. Must be either + * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. + * \param input The input block. Must be a readable buffer + * of size \c 16 Bytes. + * \param output The output block. Must be a writable buffer + * of size \c 16 Bytes. * - * \return 0 if successful + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, int mode, @@ -126,9 +142,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CBC) /** - * \brief CAMELLIA-CBC buffer encryption/decryption - * Length should be a multiple of the block - * size (16 bytes) + * \brief Perform a CAMELLIA-CBC buffer encryption/decryption. * * \note Upon exit, the content of the IV is updated so that you can * call the function same function again on the following @@ -138,15 +152,24 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * IV, you should either save it manually or use the cipher * module instead. * - * \param ctx CAMELLIA context - * \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data + * \param ctx The CAMELLIA context to use. Must be initialized + * and bound to a key. + * \param mode The mode of operation. Possible values are + * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. + * \param length The length in Bytes of the input data. + * Must be a multiple of \c 16. + * \param iv The initialization vector. This must be RW buffer + * of length \c 16 Bytes. It is updated to allow streaming + * use as explained above. + * \param input The buffer holding the input data. Must point to a readable + * buffer of length \p length Bytes. May be \c NULL if + * `length == 0`. + * \param input The buffer holding the output data. Must point to a writable + * buffer of length \p length Bytes. May be \c NULL if + * `length == 0`. * - * \return 0 if successful, or - * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, int mode, @@ -158,11 +181,13 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CFB) /** - * \brief CAMELLIA-CFB128 buffer encryption/decryption + * \brief Perform a CAMELLIA-CFB128 buffer encryption/decryption. * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT. + * \note Due to the nature of CFB you should use the same key + * schedule for both encryption and decryption. So a + * context initialized with mbedtls_camellia_setkey_enc() + * for both #MBEDTLS_CAMELLIA_ENCRYPT and + * #MBEDTLS_CAMELLIA_DECRYPT. * * \note Upon exit, the content of the IV is updated so that you can * call the function same function again on the following @@ -172,16 +197,26 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * IV, you should either save it manually or use the cipher * module instead. * - * \param ctx CAMELLIA context - * \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT - * \param length length of the input data - * \param iv_off offset in IV (updated after use) - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data + * \param ctx The CAMELLIA context to use. Must be initialized + * and bound to a key. + * \param mode The mode of operation. Possible values are + * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. + * \param length The length of the input data. Any value is allowed. + * \param iv_off The current offset in the IV. This must be smaller + * than \c 16. It is updated after this call to allow + * the aforementioned streaming usage. + * \param iv The initialization vector. Must be an RW buffer of + * length \c 16 Bytes. It is updated after this call to + * allow the aforementioned streaming usage. + * \param input The buffer holding the input data. Must be a readable + * buffer of size \p length Bytes. May be \c NULL if + * \p length is \c 0. + * \param output The buffer to hold the output data. Must be a writable + * buffer of length \p length Bytes. May be \c NULL if + * \p length is \c 0. * - * \return 0 if successful, or - * MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, int mode, @@ -194,11 +229,13 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CTR) /** - * \brief CAMELLIA-CTR buffer encryption/decryption + * \brief CAMELLIA-CTR buffer encryption/decryption * - * Note: Due to the nature of CTR you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT. + * \note Due to the nature of CTR you should use the same key + * schedule for both encryption and decryption. So a + * context initialized with mbedtls_camellia_setkey_enc() + * for both #MBEDTLS_CAMELLIA_ENCRYPT and + * #MBEDTLS_CAMELLIA_DECRYPT. * * \warning You must never reuse a nonce value with the same key. Doing so * would void the encryption for the two messages encrypted with @@ -238,24 +275,31 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * more than 2**32 messages with the same key. * * Note that for both stategies, sizes are measured in blocks and - * that a CAMELLIA block is 16 bytes. + * that a CAMELLIA block is \c 16 bytes. * * \warning Upon return, \p stream_block contains sensitive data. Its * content must not be written to insecure storage and should be * securely discarded as soon as it's no longer needed. * - * \param ctx CAMELLIA context - * \param length The length of the data - * \param nc_off The offset in the current stream_block (for resuming + * \param ctx The CAMELLIA context to use. + * \param length The length of the input data. Any value is allowed. + * \param nc_off The offset in the current \p stream_block (for resuming * within current cipher stream). The offset pointer to - * should be 0 at the start of a stream. - * \param nonce_counter The 128-bit nonce and counter. - * \param stream_block The saved stream-block for resuming. Is overwritten - * by the function. - * \param input The input data stream - * \param output The output data stream + * should be \c 0 at the start of a stream. It is updated + * at the end of this call. + * \param nonce_counter The 128-bit nonce and counter. Must be an RW buffer of + * length \c 16 Bytes. + * \param stream_block The saved stream-block for resuming. Must be an + * RW buffer of length \c 16 Bytes. + * \param input The input data stream. Must be a readable buffer of + * size \p length Bytes. This may be \c NULL if \p length + * is \c 0. + * \param output The output data stream. Must be a writable buffer of + * size \p length Bytes. This may be \c NULL if \p length + * is \c 0. * - * \return 0 if successful + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, size_t length, From b4b7fb75049642fe7e0cbb8fb7ff1e3de5a59a9b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 18:02:06 +0000 Subject: [PATCH 277/415] Implement parameter validation for CAMELLIA module --- include/mbedtls/camellia.h | 3 ++ library/camellia.c | 59 ++++++++++++++++++++++++++++++++++---- 2 files changed, 56 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index d1a2a1c3a..b9903f636 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -45,6 +45,9 @@ #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ +/** TEMPORARY -- THIS IS IN CONFLICT WITH EXISTING ERROR CODES AND NEEDS CHANGE. */ +#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Invalid data input length. */ + /* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ diff --git a/library/camellia.c b/library/camellia.c index 97c9f20d0..9ac394f9f 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -49,6 +49,12 @@ #if !defined(MBEDTLS_CAMELLIA_ALT) +/* Parameter validation macros */ +#define CAMELLIA_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ) +#define CAMELLIA_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + /* * 32-bit integer manipulation macros (big endian) */ @@ -321,6 +327,7 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], void mbedtls_camellia_init( mbedtls_camellia_context *ctx ) { + CAMELLIA_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_camellia_context ) ); } @@ -335,8 +342,9 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ) /* * Camellia key schedule (encryption) */ -int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key, - unsigned int keybits ) +int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits ) { int idx; size_t i; @@ -345,6 +353,9 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c uint32_t SIGMA[6][2]; uint32_t KC[16]; uint32_t TK[20]; + CAMELLIA_VALIDATE_RET( ctx != NULL ); + CAMELLIA_VALIDATE_RET( key != NULL ); + CAMELLIA_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 ); RK = ctx->rk; @@ -440,14 +451,18 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c /* * Camellia key schedule (decryption) */ -int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key, - unsigned int keybits ) +int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits ) { int idx, ret; size_t i; mbedtls_camellia_context cty; uint32_t *RK; uint32_t *SK; + CAMELLIA_VALIDATE_RET( ctx != NULL ); + CAMELLIA_VALIDATE_RET( key != NULL ); + CAMELLIA_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 ); mbedtls_camellia_init( &cty ); @@ -495,6 +510,11 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, { int NR; uint32_t *RK, X[4]; + CAMELLIA_VALIDATE_RET( ctx != NULL ); + CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || + mode == MBEDTLS_CAMELLIA_DECRYPT ); + CAMELLIA_VALIDATE_RET( input != NULL ); + CAMELLIA_VALIDATE_RET( output != NULL ); ( (void) mode ); @@ -560,6 +580,12 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, { int i; unsigned char temp[16]; + CAMELLIA_VALIDATE_RET( ctx != NULL ); + CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || + mode == MBEDTLS_CAMELLIA_DECRYPT ); + CAMELLIA_VALIDATE_RET( iv != NULL ); + CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); + CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); if( length % 16 ) return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); @@ -614,7 +640,18 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, unsigned char *output ) { int c; - size_t n = *iv_off; + size_t n; + CAMELLIA_VALIDATE_RET( ctx != NULL ); + CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || + mode == MBEDTLS_CAMELLIA_DECRYPT ); + CAMELLIA_VALIDATE_RET( iv != NULL ); + CAMELLIA_VALIDATE_RET( iv_off != NULL ); + CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); + CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); + + n = *iv_off; + if( n >= 16 ) + return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); if( mode == MBEDTLS_CAMELLIA_DECRYPT ) { @@ -662,7 +699,17 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, unsigned char *output ) { int c, i; - size_t n = *nc_off; + size_t n; + CAMELLIA_VALIDATE_RET( ctx != NULL ); + CAMELLIA_VALIDATE_RET( nonce_counter != NULL ); + CAMELLIA_VALIDATE_RET( stream_block != NULL ); + CAMELLIA_VALIDATE_RET( nc_off != NULL ); + CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); + CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); + + n = *nc_off; + if( n >= 16 ) + return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); while( length-- ) { From 75788371df4203c6c88c0f06525ed5b065d466ac Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 18:02:18 +0000 Subject: [PATCH 278/415] Test parameter validation for CAMELLIA module --- tests/suites/test_suite_camellia.data | 3 + tests/suites/test_suite_camellia.function | 165 ++++++++++++++++++++++ 2 files changed, 168 insertions(+) diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data index 190632ed3..af4718f15 100644 --- a/tests/suites/test_suite_camellia.data +++ b/tests/suites/test_suite_camellia.data @@ -1,3 +1,6 @@ +Camellia parameter validation +camellia_invalid_param: + Camellia-128-ECB Encrypt RFC3713 #1 camellia_encrypt_ecb:"0123456789abcdeffedcba9876543210":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":0 diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index d09a6107a..d799dbb6f 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -7,6 +7,171 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void camellia_invalid_param( ) +{ + mbedtls_camellia_context ctx; + unsigned char buf[16] = { 0 }; + size_t off; + ((void) off); + + TEST_INVALID_PARAM( mbedtls_camellia_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_camellia_free( NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_setkey_enc( NULL, + buf, + 128 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_setkey_enc( &ctx, + NULL, + 128 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_setkey_enc( &ctx, + buf, + 42 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_setkey_dec( NULL, + buf, + 128 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_setkey_dec( &ctx, + NULL, + 128 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_setkey_dec( &ctx, + buf, + 42 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_ecb( NULL, + MBEDTLS_CAMELLIA_ENCRYPT, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_ecb( &ctx, + 42, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_ecb( &ctx, + MBEDTLS_CAMELLIA_ENCRYPT, + NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_ecb( &ctx, + MBEDTLS_CAMELLIA_ENCRYPT, + buf, NULL ) ); + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_cbc( NULL, + MBEDTLS_CAMELLIA_ENCRYPT, + sizeof( buf ), + buf, buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_cbc( &ctx, + 42, + sizeof( buf ), + buf, buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_cbc( &ctx, + MBEDTLS_CAMELLIA_ENCRYPT, + sizeof( buf ), + NULL, buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_cbc( &ctx, + MBEDTLS_CAMELLIA_ENCRYPT, + sizeof( buf ), + buf, NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_cbc( &ctx, + MBEDTLS_CAMELLIA_ENCRYPT, + sizeof( buf ), + buf, buf, NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_CFB) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_cfb128( NULL, + MBEDTLS_CAMELLIA_ENCRYPT, + sizeof( buf ), + &off, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_cfb128( &ctx, + 42, + sizeof( buf ), + &off, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_cfb128( &ctx, + MBEDTLS_CAMELLIA_ENCRYPT, + sizeof( buf ), + NULL, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_cfb128( &ctx, + MBEDTLS_CAMELLIA_ENCRYPT, + sizeof( buf ), + &off, NULL, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_cfb128( &ctx, + MBEDTLS_CAMELLIA_ENCRYPT, + sizeof( buf ), + &off, buf, + NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_cfb128( &ctx, + MBEDTLS_CAMELLIA_ENCRYPT, + sizeof( buf ), + &off, buf, + buf, NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_ctr( NULL, + sizeof( buf ), + &off, + buf, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_ctr( &ctx, + sizeof( buf ), + NULL, + buf, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_ctr( &ctx, + sizeof( buf ), + &off, + NULL, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_ctr( &ctx, + sizeof( buf ), + &off, + buf, NULL, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_ctr( &ctx, + sizeof( buf ), + &off, + buf, buf, + NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_ctr( &ctx, + sizeof( buf ), + &off, + buf, buf, + buf, NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CTR */ + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE */ void camellia_encrypt_ecb( data_t * key_str, data_t * src_str, data_t * hex_dst_string, int setkey_result ) From f10905a6a71f78ea87f9bcf6e16adfff86f5d890 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Dec 2018 15:15:36 +0000 Subject: [PATCH 279/415] Use full sentences in documentation of CAMELLIA preconditions --- include/mbedtls/camellia.h | 60 +++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index b9903f636..b42155ccf 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -85,7 +85,7 @@ void mbedtls_camellia_init( mbedtls_camellia_context *ctx ); /** * \brief Clear a CAMELLIA context. * - * \param ctx The CAMELLIA context to be cleared. May be \c NULL, + * \param ctx The CAMELLIA context to be cleared. This may be \c NULL, * in which case this function is a no-op. If it is not * \c NULL, it must be initialized. */ @@ -95,9 +95,9 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); * \brief Perform a CAMELLIA key schedule (encryption). * * \param ctx The CAMELLIA context to use. This must be initialized. - * \param key The encryption key to use. Must be a readable buffer + * \param key The encryption key to use. This must be a readable buffer * of size \p keybits bits. - * \param keybits The length of \p key in Bits. Must be either \c 128, + * \param keybits The length of \p key in Bits. This must be either \c 128, * \c 192 or \c 256. * * \return \c 0 if successful. @@ -111,9 +111,9 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, * \brief Perform a CAMELLIA key schedule (decryption). * * \param ctx The CAMELLIA context to use. This must be initialized. - * \param key The decryption key. Must be a readable buffer + * \param key The decryption key. This must be a readable buffer * of size \p keybits bits. - * \param keybits The length of \p key in Bits. Must be either \c 128, + * \param keybits The length of \p key in Bits. This must be either \c 128, * \c 192 or \c 256. * * \return \c 0 if successful. @@ -126,13 +126,13 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, /** * \brief Perform a CAMELLIA-ECB block encryption/decryption. * - * \param ctx The CAMELLIA context to use. Must be initialized + * \param ctx The CAMELLIA context to use. This must be initialized * and bound to a key. - * \param mode The mode of operation. Must be either + * \param mode The mode of operation. This must be either * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. - * \param input The input block. Must be a readable buffer + * \param input The input block. This must be a readable buffer * of size \c 16 Bytes. - * \param output The output block. Must be a writable buffer + * \param output The output block. This must be a writable buffer * of size \c 16 Bytes. * * \return \c 0 if successful. @@ -155,7 +155,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * IV, you should either save it manually or use the cipher * module instead. * - * \param ctx The CAMELLIA context to use. Must be initialized + * \param ctx The CAMELLIA context to use. This must be initialized * and bound to a key. * \param mode The mode of operation. Possible values are * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. @@ -164,12 +164,12 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * \param iv The initialization vector. This must be RW buffer * of length \c 16 Bytes. It is updated to allow streaming * use as explained above. - * \param input The buffer holding the input data. Must point to a readable - * buffer of length \p length Bytes. May be \c NULL if - * `length == 0`. - * \param input The buffer holding the output data. Must point to a writable - * buffer of length \p length Bytes. May be \c NULL if - * `length == 0`. + * \param input The buffer holding the input data. This must point to a + * readable buffer of length \p length Bytes. This may be + * \c NULL if `length == 0`. + * \param input The buffer holding the output data. This must point to a + * writable buffer of length \p length Bytes. This may be + * \c NULL if `length == 0`. * * \return \c 0 if successful. * \return A negative error code on failure. @@ -200,7 +200,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * IV, you should either save it manually or use the cipher * module instead. * - * \param ctx The CAMELLIA context to use. Must be initialized + * \param ctx The CAMELLIA context to use. This must be initialized * and bound to a key. * \param mode The mode of operation. Possible values are * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. @@ -208,14 +208,14 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * \param iv_off The current offset in the IV. This must be smaller * than \c 16. It is updated after this call to allow * the aforementioned streaming usage. - * \param iv The initialization vector. Must be an RW buffer of + * \param iv The initialization vector. This must be an RW buffer of * length \c 16 Bytes. It is updated after this call to * allow the aforementioned streaming usage. - * \param input The buffer holding the input data. Must be a readable - * buffer of size \p length Bytes. May be \c NULL if + * \param input The buffer holding the input data. This must be a readable + * buffer of size \p length Bytes. This may be \c NULL if * \p length is \c 0. - * \param output The buffer to hold the output data. Must be a writable - * buffer of length \p length Bytes. May be \c NULL if + * \param output The buffer to hold the output data. This must be a writable + * buffer of length \p length Bytes. This may be \c NULL if * \p length is \c 0. * * \return \c 0 if successful. @@ -271,7 +271,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * * The per-message nonce (or information sufficient to reconstruct * it) needs to be communicated with the ciphertext and must be unique. - * The recommended way to ensure uniqueness is to use a message + * unique. The recommended way to ensure uniqueness is to use a message * counter. An alternative is to generate random nonces, but this * limits the number of messages that can be securely encrypted: * for example, with 96-bit random nonces, you should not encrypt @@ -290,16 +290,16 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * within current cipher stream). The offset pointer to * should be \c 0 at the start of a stream. It is updated * at the end of this call. - * \param nonce_counter The 128-bit nonce and counter. Must be an RW buffer of - * length \c 16 Bytes. - * \param stream_block The saved stream-block for resuming. Must be an + * \param nonce_counter The 128-bit nonce and counter. This must be an RW buffer + * of length \c 16 Bytes. + * \param stream_block The saved stream-block for resuming. This must be an * RW buffer of length \c 16 Bytes. - * \param input The input data stream. Must be a readable buffer of - * size \p length Bytes. This may be \c NULL if \p length - * is \c 0. - * \param output The output data stream. Must be a writable buffer of + * \param input The input data stream. This must be a readable buffer of * size \p length Bytes. This may be \c NULL if \p length * is \c 0. + * \param output The output data stream. This must be a writable buffer + * of size \p length Bytes. This may be \c NULL if + * \p length is \c 0. * * \return \c 0 if successful. * \return A negative error code on failure. From e939de7247f15bdfe1fcabb9caf0482d59b95313 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Dec 2018 15:39:24 +0000 Subject: [PATCH 280/415] Minor fixes to Camellia parameter validation --- include/mbedtls/camellia.h | 8 ++-- tests/suites/test_suite_camellia.function | 52 ++++++++++++----------- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index b42155ccf..8e9cb26bb 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -96,7 +96,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); * * \param ctx The CAMELLIA context to use. This must be initialized. * \param key The encryption key to use. This must be a readable buffer - * of size \p keybits bits. + * of size \p keybits Bits. * \param keybits The length of \p key in Bits. This must be either \c 128, * \c 192 or \c 256. * @@ -112,7 +112,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, * * \param ctx The CAMELLIA context to use. This must be initialized. * \param key The decryption key. This must be a readable buffer - * of size \p keybits bits. + * of size \p keybits Bits. * \param keybits The length of \p key in Bits. This must be either \c 128, * \c 192 or \c 256. * @@ -157,7 +157,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * * \param ctx The CAMELLIA context to use. This must be initialized * and bound to a key. - * \param mode The mode of operation. Possible values are + * \param mode The mode of operation. This must be either * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. * \param length The length in Bytes of the input data. * Must be a multiple of \c 16. @@ -202,7 +202,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * * \param ctx The CAMELLIA context to use. This must be initialized * and bound to a key. - * \param mode The mode of operation. Possible values are + * \param mode The mode of operation. This must be either * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. * \param length The length of the input data. Any value is allowed. * \param iv_off The current offset in the IV. This must be smaller diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index d799dbb6f..b4fa13eb8 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -12,6 +12,10 @@ void camellia_invalid_param( ) { mbedtls_camellia_context ctx; unsigned char buf[16] = { 0 }; + const size_t valid_keybits = 128; + const size_t invalid_keybits = 42; + const int invalid_mode = 42; + const int valid_mode = MBEDTLS_CAMELLIA_ENCRYPT; size_t off; ((void) off); @@ -21,70 +25,70 @@ void camellia_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_setkey_enc( NULL, buf, - 128 ) ); + valid_keybits ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_setkey_enc( &ctx, NULL, - 128 ) ); + valid_keybits ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_setkey_enc( &ctx, buf, - 42 ) ); + invalid_keybits ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_setkey_dec( NULL, buf, - 128 ) ); + valid_keybits ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_setkey_dec( &ctx, NULL, - 128 ) ); + valid_keybits ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_setkey_dec( &ctx, buf, - 42 ) ); + invalid_keybits ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_ecb( NULL, - MBEDTLS_CAMELLIA_ENCRYPT, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_ecb( &ctx, - 42, + valid_mode, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_ecb( &ctx, - MBEDTLS_CAMELLIA_ENCRYPT, + invalid_mode, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + mbedtls_camellia_crypt_ecb( &ctx, + valid_mode, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_ecb( &ctx, - MBEDTLS_CAMELLIA_ENCRYPT, + valid_mode, buf, NULL ) ); #if defined(MBEDTLS_CIPHER_MODE_CBC) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cbc( NULL, - MBEDTLS_CAMELLIA_ENCRYPT, + valid_mode, sizeof( buf ), buf, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cbc( &ctx, - 42, + invalid_mode, sizeof( buf ), buf, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cbc( &ctx, - MBEDTLS_CAMELLIA_ENCRYPT, + valid_mode, sizeof( buf ), NULL, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cbc( &ctx, - MBEDTLS_CAMELLIA_ENCRYPT, + valid_mode, sizeof( buf ), buf, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cbc( &ctx, - MBEDTLS_CAMELLIA_ENCRYPT, + valid_mode, sizeof( buf ), buf, buf, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -92,37 +96,37 @@ void camellia_invalid_param( ) #if defined(MBEDTLS_CIPHER_MODE_CFB) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cfb128( NULL, - MBEDTLS_CAMELLIA_ENCRYPT, + valid_mode, sizeof( buf ), &off, buf, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cfb128( &ctx, - 42, + invalid_mode, sizeof( buf ), &off, buf, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cfb128( &ctx, - MBEDTLS_CAMELLIA_ENCRYPT, + valid_mode, sizeof( buf ), NULL, buf, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cfb128( &ctx, - MBEDTLS_CAMELLIA_ENCRYPT, + valid_mode, sizeof( buf ), &off, NULL, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cfb128( &ctx, - MBEDTLS_CAMELLIA_ENCRYPT, + valid_mode, sizeof( buf ), &off, buf, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cfb128( &ctx, - MBEDTLS_CAMELLIA_ENCRYPT, + valid_mode, sizeof( buf ), &off, buf, buf, NULL ) ); From ff62f44ad7bb8081880684e6bd0b559e0ff01ee6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Dec 2018 15:53:41 +0000 Subject: [PATCH 281/415] Remove duplicated parameter check in CAMELLIA module --- library/camellia.c | 2 -- tests/suites/test_suite_camellia.function | 9 --------- 2 files changed, 11 deletions(-) diff --git a/library/camellia.c b/library/camellia.c index 9ac394f9f..7fb8dc76e 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -355,7 +355,6 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, uint32_t TK[20]; CAMELLIA_VALIDATE_RET( ctx != NULL ); CAMELLIA_VALIDATE_RET( key != NULL ); - CAMELLIA_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 ); RK = ctx->rk; @@ -462,7 +461,6 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, uint32_t *SK; CAMELLIA_VALIDATE_RET( ctx != NULL ); CAMELLIA_VALIDATE_RET( key != NULL ); - CAMELLIA_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 ); mbedtls_camellia_init( &cty ); diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index b4fa13eb8..5d70fa2c9 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -13,7 +13,6 @@ void camellia_invalid_param( ) mbedtls_camellia_context ctx; unsigned char buf[16] = { 0 }; const size_t valid_keybits = 128; - const size_t invalid_keybits = 42; const int invalid_mode = 42; const int valid_mode = MBEDTLS_CAMELLIA_ENCRYPT; size_t off; @@ -30,10 +29,6 @@ void camellia_invalid_param( ) mbedtls_camellia_setkey_enc( &ctx, NULL, valid_keybits ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_setkey_enc( &ctx, - buf, - invalid_keybits ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_setkey_dec( NULL, @@ -43,10 +38,6 @@ void camellia_invalid_param( ) mbedtls_camellia_setkey_dec( &ctx, NULL, valid_keybits ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_setkey_dec( &ctx, - buf, - invalid_keybits ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_ecb( NULL, From af4b83bb2a72e69f8b7f12c458802ede39f1116e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 09:30:27 +0000 Subject: [PATCH 282/415] Minor improvements to CAMELLIA documentation --- include/mbedtls/camellia.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 8e9cb26bb..02084e282 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -159,15 +159,15 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * and bound to a key. * \param mode The mode of operation. This must be either * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. - * \param length The length in Bytes of the input data. - * Must be a multiple of \c 16. + * \param length The length in Bytes of the input data \p input. + * This must be a multiple of \c 16. * \param iv The initialization vector. This must be RW buffer * of length \c 16 Bytes. It is updated to allow streaming * use as explained above. * \param input The buffer holding the input data. This must point to a * readable buffer of length \p length Bytes. This may be * \c NULL if `length == 0`. - * \param input The buffer holding the output data. This must point to a + * \param output The buffer holding the output data. This must point to a * writable buffer of length \p length Bytes. This may be * \c NULL if `length == 0`. * @@ -204,7 +204,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * and bound to a key. * \param mode The mode of operation. This must be either * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. - * \param length The length of the input data. Any value is allowed. + * \param length The length of the input data \p input. Any value is allowed. * \param iv_off The current offset in the IV. This must be smaller * than \c 16. It is updated after this call to allow * the aforementioned streaming usage. @@ -284,8 +284,10 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * content must not be written to insecure storage and should be * securely discarded as soon as it's no longer needed. * - * \param ctx The CAMELLIA context to use. - * \param length The length of the input data. Any value is allowed. + * \param ctx The CAMELLIA context to use. This must be initialized + * and bound to a key. + * \param length The length of the input data \p input. + * Any value is allowed. * \param nc_off The offset in the current \p stream_block (for resuming * within current cipher stream). The offset pointer to * should be \c 0 at the start of a stream. It is updated From f1931760d891289d7f6c22b8f6a672d8f8b4a8ad Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 14:20:05 +0000 Subject: [PATCH 283/415] Move test of mbedtls_camellia_free() to separate test The acceptance of NULL should be tested regardless of the setting of MBEDTLS_CHECK_PARAMS. --- tests/suites/test_suite_camellia.data | 5 ++++- tests/suites/test_suite_camellia.function | 8 +++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data index af4718f15..671d57002 100644 --- a/tests/suites/test_suite_camellia.data +++ b/tests/suites/test_suite_camellia.data @@ -1,4 +1,7 @@ -Camellia parameter validation +Camellia - Valid parameters +camellia_valid_param: + +Camellia - Invalid parameters camellia_invalid_param: Camellia-128-ECB Encrypt RFC3713 #1 diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 5d70fa2c9..940834815 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -7,6 +7,13 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void camellia_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_camellia_free( NULL ) ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void camellia_invalid_param( ) { @@ -19,7 +26,6 @@ void camellia_invalid_param( ) ((void) off); TEST_INVALID_PARAM( mbedtls_camellia_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_camellia_free( NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_setkey_enc( NULL, From c7579ecb172b9dcff89ffd7e8788cb6e7c8d48ab Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 15:18:02 +0000 Subject: [PATCH 284/415] Improve Camellia documentation --- include/mbedtls/camellia.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 02084e282..e14a198ec 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -86,7 +86,7 @@ void mbedtls_camellia_init( mbedtls_camellia_context *ctx ); * \brief Clear a CAMELLIA context. * * \param ctx The CAMELLIA context to be cleared. This may be \c NULL, - * in which case this function is a no-op. If it is not + * in which case this function returns immediately. If it is not * \c NULL, it must be initialized. */ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); @@ -161,7 +161,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. * \param length The length in Bytes of the input data \p input. * This must be a multiple of \c 16. - * \param iv The initialization vector. This must be RW buffer + * \param iv The initialization vector. This must be a read/write buffer * of length \c 16 Bytes. It is updated to allow streaming * use as explained above. * \param input The buffer holding the input data. This must point to a @@ -206,10 +206,10 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. * \param length The length of the input data \p input. Any value is allowed. * \param iv_off The current offset in the IV. This must be smaller - * than \c 16. It is updated after this call to allow + * than \c 16 Bytes. It is updated after this call to allow * the aforementioned streaming usage. - * \param iv The initialization vector. This must be an RW buffer of - * length \c 16 Bytes. It is updated after this call to + * \param iv The initialization vector. This must be a read/write buffer + * of length \c 16 Bytes. It is updated after this call to * allow the aforementioned streaming usage. * \param input The buffer holding the input data. This must be a readable * buffer of size \p length Bytes. This may be \c NULL if @@ -286,16 +286,16 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * * \param ctx The CAMELLIA context to use. This must be initialized * and bound to a key. - * \param length The length of the input data \p input. + * \param length The length of the input data \p input in Bytes. * Any value is allowed. * \param nc_off The offset in the current \p stream_block (for resuming * within current cipher stream). The offset pointer to * should be \c 0 at the start of a stream. It is updated * at the end of this call. - * \param nonce_counter The 128-bit nonce and counter. This must be an RW buffer - * of length \c 16 Bytes. - * \param stream_block The saved stream-block for resuming. This must be an - * RW buffer of length \c 16 Bytes. + * \param nonce_counter The 128-bit nonce and counter. This must be a read/write + * buffer of length \c 16 Bytes. + * \param stream_block The saved stream-block for resuming. This must be a + * read/write buffer of length \c 16 Bytes. * \param input The input data stream. This must be a readable buffer of * size \p length Bytes. This may be \c NULL if \p length * is \c 0. From bdb7cd4840ece5bf98e23ff208c9f02cb4af9613 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 17:49:48 +0000 Subject: [PATCH 285/415] Don't promise that passing NULL input to Camellia works --- include/mbedtls/camellia.h | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index e14a198ec..41e17f111 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -165,11 +165,9 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * of length \c 16 Bytes. It is updated to allow streaming * use as explained above. * \param input The buffer holding the input data. This must point to a - * readable buffer of length \p length Bytes. This may be - * \c NULL if `length == 0`. + * readable buffer of length \p length Bytes. * \param output The buffer holding the output data. This must point to a - * writable buffer of length \p length Bytes. This may be - * \c NULL if `length == 0`. + * writable buffer of length \p length Bytes. * * \return \c 0 if successful. * \return A negative error code on failure. @@ -212,11 +210,9 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * of length \c 16 Bytes. It is updated after this call to * allow the aforementioned streaming usage. * \param input The buffer holding the input data. This must be a readable - * buffer of size \p length Bytes. This may be \c NULL if - * \p length is \c 0. + * buffer of size \p length Bytes. * \param output The buffer to hold the output data. This must be a writable - * buffer of length \p length Bytes. This may be \c NULL if - * \p length is \c 0. + * buffer of length \p length Bytes. * * \return \c 0 if successful. * \return A negative error code on failure. @@ -297,11 +293,9 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * \param stream_block The saved stream-block for resuming. This must be a * read/write buffer of length \c 16 Bytes. * \param input The input data stream. This must be a readable buffer of - * size \p length Bytes. This may be \c NULL if \p length - * is \c 0. + * size \p length Bytes. * \param output The output data stream. This must be a writable buffer - * of size \p length Bytes. This may be \c NULL if - * \p length is \c 0. + * of size \p length Bytes. * * \return \c 0 if successful. * \return A negative error code on failure. From 1e2f3ed08f4fc5dacda67ea3923fa1a68b8a08d2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 18:30:03 +0000 Subject: [PATCH 286/415] Remove merge artifact --- include/mbedtls/camellia.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 41e17f111..57bb39e8b 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -45,9 +45,6 @@ #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ -/** TEMPORARY -- THIS IS IN CONFLICT WITH EXISTING ERROR CODES AND NEEDS CHANGE. */ -#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Invalid data input length. */ - /* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ From 139d8313d904a27d7d1d60cbb32faf1b487ee954 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 11 Dec 2018 21:29:27 +0000 Subject: [PATCH 287/415] Document parameter preconditions for the ARIA module --- include/mbedtls/aria.h | 51 +++++++++++++++++++++++++++++++----------- 1 file changed, 38 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index c80c9fd26..54db1a637 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -91,14 +91,15 @@ mbedtls_aria_context; * It must be the first API called before using * the context. * - * \param ctx The ARIA context to initialize. + * \param ctx The ARIA context to initialize. Must not be \c NULL. */ void mbedtls_aria_init( mbedtls_aria_context *ctx ); /** * \brief This function releases and clears the specified ARIA context. * - * \param ctx The ARIA context to clear. + * \param ctx The ARIA context to clear. May be \c NULL, in which + * case this function is a no-op. */ void mbedtls_aria_free( mbedtls_aria_context *ctx ); @@ -106,14 +107,16 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ); * \brief This function sets the encryption key. * * \param ctx The ARIA context to which the key should be bound. - * \param key The encryption key. + * Must be initialized. + * \param key The encryption key. Must be a readable buffer + * of size \p keybits bits. * \param keybits The size of data passed in bits. Valid options are: *
        • 128 bits
          • *
        • 192 bits
          • *
        • 256 bits
        * - * \return \c 0 on success or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA - * on failure. + * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, const unsigned char *key, @@ -123,13 +126,16 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, * \brief This function sets the decryption key. * * \param ctx The ARIA context to which the key should be bound. - * \param key The decryption key. + * Must be initialized. + * \param key The decryption key. Must be a readable buffer + * of size \p keybits bits. * \param keybits The size of data passed. Valid options are: *
        • 128 bits
          • *
        • 192 bits
          • *
        • 256 bits
        * - * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA on failure. + * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, const unsigned char *key, @@ -148,10 +154,12 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, * call to this API with the same context. * * \param ctx The ARIA context to use for encryption or decryption. + * Must be initialized. * \param input The 16-Byte buffer holding the input data. * \param output The 16-Byte buffer holding the output data. * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], @@ -183,16 +191,20 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, * * * \param ctx The ARIA context to use for encryption or decryption. + * Must be initialized. * \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or * #MBEDTLS_ARIA_DECRYPT. * \param length The length of the input data in Bytes. This must be a * multiple of the block size (16 Bytes). * \param iv Initialization vector (updated after use). + * Must be a readable buffer of size 16 Bytes. * \param input The buffer holding the input data. + * May be \c NULL if `length == 0`. * \param output The buffer holding the output data. + * May be \c NULL if `length == 0`. * - * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH - * on failure. + * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, int mode, @@ -227,15 +239,21 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, * * * \param ctx The ARIA context to use for encryption or decryption. + * Must be initialized. * \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or * #MBEDTLS_ARIA_DECRYPT. * \param length The length of the input data. * \param iv_off The offset in IV (updated after use). + * Must not be larger than 15. * \param iv The initialization vector (updated after use). + * Must be a readable buffer of size 16 Bytes. * \param input The buffer holding the input data. + * May be \c NULL if `length == 0`. * \param output The buffer holding the output data. + * May be \c NULL if `length == 0`. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, int mode, @@ -305,17 +323,24 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * securely discarded as soon as it's no longer needed. * * \param ctx The ARIA context to use for encryption or decryption. + * Must be initialized. * \param length The length of the input data. * \param nc_off The offset in the current \p stream_block, for * resuming within the current cipher stream. The * offset pointer should be 0 at the start of a stream. - * \param nonce_counter The 128-bit nonce and counter. - * \param stream_block The saved stream block for resuming. This is - * overwritten by the function. + * Must not be larger than 15. + * \param nonce_counter The 128-bit nonce and counter. Must point to + * an RW-buffer of length 16 bytes. + * \param stream_block The saved stream block for resuming. Must point to + * an RW-buffer of length 16 bytes. + * This is overwritten by the function. * \param input The buffer holding the input data. + * May be \c NULL if `length == 0`. * \param output The buffer holding the output data. + * May be \c NULL if `length == 0`. * - * \return \c 0 on success. + * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, size_t length, From b54ae0bc0d16f349f3f8fec15b0e3168c2abdede Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 11 Dec 2018 21:51:32 +0000 Subject: [PATCH 288/415] Implement parameter validation for ARIA module --- library/aria.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/library/aria.c b/library/aria.c index 6d87941c1..aff66d667 100644 --- a/library/aria.c +++ b/library/aria.c @@ -55,6 +55,12 @@ #define inline __inline #endif +/* Parameter validation macros */ +#define ARIA_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ) +#define ARIA_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + /* * 32-bit integer manipulation macros (little endian) */ @@ -449,6 +455,8 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, int i; uint32_t w[4][4], *w2; + ARIA_VALIDATE_RET( ctx != NULL ); + ARIA_VALIDATE_RET( key != NULL ); if( keybits != 128 && keybits != 192 && keybits != 256 ) return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); @@ -503,6 +511,8 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits ) { int i, j, k, ret; + ARIA_VALIDATE_RET( ctx != NULL ); + ARIA_VALIDATE_RET( key != NULL ); ret = mbedtls_aria_setkey_enc( ctx, key, keybits ); if( ret != 0 ) @@ -539,6 +549,9 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, int i; uint32_t a, b, c, d; + ARIA_VALIDATE_RET( ctx != NULL ); + ARIA_VALIDATE_RET( input != NULL ); + ARIA_VALIDATE_RET( output != NULL ); GET_UINT32_LE( a, input, 0 ); GET_UINT32_LE( b, input, 4 ); @@ -586,6 +599,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, /* Initialize context */ void mbedtls_aria_init( mbedtls_aria_context *ctx ) { + ARIA_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_aria_context ) ); } @@ -612,6 +626,13 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, int i; unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE]; + ARIA_VALIDATE_RET( ctx != NULL ); + ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT || + mode == MBEDTLS_ARIA_DECRYPT ); + ARIA_VALIDATE_RET( length == 0 || input != NULL ); + ARIA_VALIDATE_RET( length == 0 || output != NULL ); + ARIA_VALIDATE_RET( iv != NULL ); + if( length % MBEDTLS_ARIA_BLOCKSIZE ) return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH ); @@ -665,7 +686,23 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, unsigned char *output ) { unsigned char c; - size_t n = *iv_off; + size_t n; + + ARIA_VALIDATE_RET( ctx != NULL ); + ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT || + mode == MBEDTLS_ARIA_DECRYPT ); + ARIA_VALIDATE_RET( length == 0 || input != NULL ); + ARIA_VALIDATE_RET( length == 0 || output != NULL ); + ARIA_VALIDATE_RET( iv != NULL ); + ARIA_VALIDATE_RET( iv_off != NULL ); + + n = *iv_off; + + /* An overly large value of n can lead to an unlimited + * buffer overflow. Therefore, guard against this + * outside of parameter validation. */ + if( n >= MBEDTLS_ARIA_BLOCKSIZE ) + return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); if( mode == MBEDTLS_ARIA_DECRYPT ) { @@ -713,7 +750,21 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, unsigned char *output ) { int c, i; - size_t n = *nc_off; + size_t n; + + ARIA_VALIDATE_RET( ctx != NULL ); + ARIA_VALIDATE_RET( length == 0 || input != NULL ); + ARIA_VALIDATE_RET( length == 0 || output != NULL ); + ARIA_VALIDATE_RET( nonce_counter != NULL ); + ARIA_VALIDATE_RET( stream_block != NULL ); + ARIA_VALIDATE_RET( nc_off != NULL ); + + n = *nc_off; + /* An overly large value of n can lead to an unlimited + * buffer overflow. Therefore, guard against this + * outside of parameter validation. */ + if( n >= MBEDTLS_ARIA_BLOCKSIZE ) + return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); while( length-- ) { From 9e45c1607ec439a23592dd1d35539bf10ccc91e8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 11 Dec 2018 21:51:38 +0000 Subject: [PATCH 289/415] Test parameter validation for ARIA module --- tests/suites/test_suite_aria.data | 3 + tests/suites/test_suite_aria.function | 179 ++++++++++++++++++++++++++ 2 files changed, 182 insertions(+) diff --git a/tests/suites/test_suite_aria.data b/tests/suites/test_suite_aria.data index 8cb2d2aa3..5a92ee9c7 100644 --- a/tests/suites/test_suite_aria.data +++ b/tests/suites/test_suite_aria.data @@ -1,3 +1,6 @@ +Parameter validation +aria_invalid_param: + ARIA-128-ECB Encrypt - RFC 5794 aria_encrypt_ecb:"000102030405060708090a0b0c0d0e0f":"00112233445566778899aabbccddeeff":"d718fbd6ab644c739da95f3be6451778":0 diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 4e39078ff..586b2d37f 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -16,6 +16,185 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void aria_invalid_param( ) +{ + mbedtls_aria_context ctx; + unsigned char key[128 / 8] = { 0 }; + unsigned char input[MBEDTLS_ARIA_BLOCKSIZE] = { 0 }; + unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] = { 0 }; + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE] = { 0 }; + size_t iv_off = 0; + + TEST_INVALID_PARAM( mbedtls_aria_init( NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_setkey_enc( NULL, key, + sizeof( key ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_setkey_enc( &ctx, NULL, + sizeof( key ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_setkey_dec( NULL, key, + sizeof( key ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_setkey_dec( &ctx, NULL, + sizeof( key ) ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_ecb( NULL, input, output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_ecb( &ctx, NULL, output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_ecb( &ctx, input, NULL ) ); + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_cbc( NULL, + MBEDTLS_ARIA_ENCRYPT, + sizeof( input ), + iv, + input, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_cbc( &ctx, + 42 /* invalid mode */, + sizeof( input ), + iv, + input, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_cbc( &ctx, + MBEDTLS_ARIA_ENCRYPT, + sizeof( input ), + NULL, + input, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_cbc( &ctx, + MBEDTLS_ARIA_ENCRYPT, + sizeof( input ), + iv, + NULL, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_cbc( &ctx, + MBEDTLS_ARIA_ENCRYPT, + sizeof( input ), + iv, + input, + NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_CFB) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_cfb128( NULL, + MBEDTLS_ARIA_ENCRYPT, + sizeof( input ), + &iv_off, + iv, + input, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_cfb128( &ctx, + 42, /* invalid mode */ + sizeof( input ), + &iv_off, + iv, + input, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_cfb128( &ctx, + MBEDTLS_ARIA_ENCRYPT, + sizeof( input ), + NULL, + iv, + input, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_cfb128( &ctx, + MBEDTLS_ARIA_ENCRYPT, + sizeof( input ), + &iv_off, + NULL, + input, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_cfb128( &ctx, + MBEDTLS_ARIA_ENCRYPT, + sizeof( input ), + &iv_off, + iv, + NULL, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_cfb128( &ctx, + MBEDTLS_ARIA_ENCRYPT, + sizeof( input ), + &iv_off, + iv, + input, + NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_ctr( NULL, + sizeof( input ), + &iv_off, + iv, + iv, + input, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_ctr( &ctx, + sizeof( input ), + NULL, + iv, + iv, + input, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_ctr( &ctx, + sizeof( input ), + &iv_off, + NULL, + iv, + input, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_ctr( &ctx, + sizeof( input ), + &iv_off, + iv, + NULL, + input, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_ctr( &ctx, + sizeof( input ), + &iv_off, + iv, + iv, + NULL, + output ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + mbedtls_aria_crypt_ctr( &ctx, + sizeof( input ), + &iv_off, + iv, + iv, + input, + NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CTR */ + +exit: + return; + +} +/* END_CASE */ + /* BEGIN_CASE */ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, char *hex_dst_string, int setkey_result ) From 02d524c05c37c85f51f1662ab0685a5bf7059bdb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 09:18:37 +0000 Subject: [PATCH 290/415] Minor ARIA documentation improvements --- include/mbedtls/aria.h | 69 ++++++++++++++++++++++-------------------- 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 54db1a637..bd99b9fb8 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -91,15 +91,16 @@ mbedtls_aria_context; * It must be the first API called before using * the context. * - * \param ctx The ARIA context to initialize. Must not be \c NULL. + * \param ctx The ARIA context to initialize. This must not be \c NULL. */ void mbedtls_aria_init( mbedtls_aria_context *ctx ); /** * \brief This function releases and clears the specified ARIA context. * - * \param ctx The ARIA context to clear. May be \c NULL, in which - * case this function is a no-op. + * \param ctx The ARIA context to clear. This may be \c NULL, in which + * case this function is a no-op. If it is not \c NULL, + * it must point to an initialized ARIA context. */ void mbedtls_aria_free( mbedtls_aria_context *ctx ); @@ -107,10 +108,10 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ); * \brief This function sets the encryption key. * * \param ctx The ARIA context to which the key should be bound. - * Must be initialized. - * \param key The encryption key. Must be a readable buffer - * of size \p keybits bits. - * \param keybits The size of data passed in bits. Valid options are: + * This must be initialized. + * \param key The encryption key. This must be a readable buffer + * of size \p keybits Bits. + * \param keybits The size of \p key in Bits. Valid options are: *
        • 128 bits
          • *
        • 192 bits
          • *
        • 256 bits
        @@ -126,9 +127,9 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, * \brief This function sets the decryption key. * * \param ctx The ARIA context to which the key should be bound. - * Must be initialized. - * \param key The decryption key. Must be a readable buffer - * of size \p keybits bits. + * This must be initialized. + * \param key The decryption key. This must be a readable buffer + * of size \p keybits Bits. * \param keybits The size of data passed. Valid options are: *
        • 128 bits
          • *
        • 192 bits
          • @@ -154,7 +155,7 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, * call to this API with the same context. * * \param ctx The ARIA context to use for encryption or decryption. - * Must be initialized. + * This must be initialized and bound to a key. * \param input The 16-Byte buffer holding the input data. * \param output The 16-Byte buffer holding the output data. @@ -191,17 +192,18 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, * * * \param ctx The ARIA context to use for encryption or decryption. - * Must be initialized. - * \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or - * #MBEDTLS_ARIA_DECRYPT. + * This must be initialized and bound to a key. + * \param mode The mode of operation. This must be either + * #MBEDTLS_ARIA_ENCRYPT for encryption, or + * #MBEDTLS_ARIA_DECRYPT for decryption. * \param length The length of the input data in Bytes. This must be a * multiple of the block size (16 Bytes). * \param iv Initialization vector (updated after use). - * Must be a readable buffer of size 16 Bytes. + * This must be a readable buffer of size 16 Bytes. * \param input The buffer holding the input data. - * May be \c NULL if `length == 0`. + * This may be \c NULL if `length == 0`. * \param output The buffer holding the output data. - * May be \c NULL if `length == 0`. + * This may be \c NULL if `length == 0`. * * \return \c 0 on success. * \return A negative error code on failure. @@ -239,18 +241,19 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, * * * \param ctx The ARIA context to use for encryption or decryption. - * Must be initialized. - * \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or - * #MBEDTLS_ARIA_DECRYPT. - * \param length The length of the input data. + * This must be initialized and bound to a key. + * \param mode The mode of operation. This must be either + * #MBEDTLS_ARIA_ENCRYPT for encryption, or + * #MBEDTLS_ARIA_DECRYPT for decryption. + * \param length The length of the input data \p input in Bytes. * \param iv_off The offset in IV (updated after use). - * Must not be larger than 15. + * This must not be larger than 15. * \param iv The initialization vector (updated after use). - * Must be a readable buffer of size 16 Bytes. + * This must be a readable buffer of size 16 Bytes. * \param input The buffer holding the input data. - * May be \c NULL if `length == 0`. + * This may be \c NULL if `length == 0`. * \param output The buffer holding the output data. - * May be \c NULL if `length == 0`. + * This may be \c NULL if `length == 0`. * * \return \c 0 on success. * \return A negative error code on failure. @@ -323,21 +326,21 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * securely discarded as soon as it's no longer needed. * * \param ctx The ARIA context to use for encryption or decryption. - * Must be initialized. - * \param length The length of the input data. + * This must be initialized and bound to a key. + * \param length The length of the input data \p input in Bytes. * \param nc_off The offset in the current \p stream_block, for * resuming within the current cipher stream. The * offset pointer should be 0 at the start of a stream. - * Must not be larger than 15. - * \param nonce_counter The 128-bit nonce and counter. Must point to - * an RW-buffer of length 16 bytes. - * \param stream_block The saved stream block for resuming. Must point to + * This must not be larger than 15. + * \param nonce_counter The 128-bit nonce and counter. This must point to * an RW-buffer of length 16 bytes. + * \param stream_block The saved stream block for resuming. This must + * point to an RW-buffer of length 16 bytes. * This is overwritten by the function. * \param input The buffer holding the input data. - * May be \c NULL if `length == 0`. + * This may be \c NULL if `length == 0`. * \param output The buffer holding the output data. - * May be \c NULL if `length == 0`. + * This may be \c NULL if `length == 0`. * * \return \c 0 on success. * \return A negative error code on failure. From b0de9f5b03b0ab64657b9ca13d8862c80168e9b7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 12:06:38 +0000 Subject: [PATCH 291/415] Test that mbedtls_aria_free() accepts NULL parameter --- tests/suites/test_suite_aria.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 586b2d37f..d392cfd81 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -27,6 +27,7 @@ void aria_invalid_param( ) size_t iv_off = 0; TEST_INVALID_PARAM( mbedtls_aria_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_aria_free( NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, mbedtls_aria_setkey_enc( NULL, key, From 2f87504cb788907f1d9f320a82e48d0ca4ee8167 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 12:06:51 +0000 Subject: [PATCH 292/415] Minor ARIA documentation improvements --- include/mbedtls/aria.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index bd99b9fb8..3db43766a 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -99,7 +99,7 @@ void mbedtls_aria_init( mbedtls_aria_context *ctx ); * \brief This function releases and clears the specified ARIA context. * * \param ctx The ARIA context to clear. This may be \c NULL, in which - * case this function is a no-op. If it is not \c NULL, + * case this function returns immediately. If it is not \c NULL, * it must point to an initialized ARIA context. */ void mbedtls_aria_free( mbedtls_aria_context *ctx ); @@ -328,14 +328,14 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * \param ctx The ARIA context to use for encryption or decryption. * This must be initialized and bound to a key. * \param length The length of the input data \p input in Bytes. - * \param nc_off The offset in the current \p stream_block, for - * resuming within the current cipher stream. The - * offset pointer should be 0 at the start of a stream. - * This must not be larger than 15. + * \param nc_off The offset in Bytes in the current \p stream_block, + * for resuming within the current cipher stream. The + * offset pointer should be \c 0 at the start of a + * stream. This must not be larger than \c 15 Bytes. * \param nonce_counter The 128-bit nonce and counter. This must point to - * an RW-buffer of length 16 bytes. + * a read/write buffer of length \c 16 bytes. * \param stream_block The saved stream block for resuming. This must - * point to an RW-buffer of length 16 bytes. + * point to a read/write buffer of length \c 16 bytes. * This is overwritten by the function. * \param input The buffer holding the input data. * This may be \c NULL if `length == 0`. From fac1d44d62f833b82afe6fb743a55f87c80cf854 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 12:07:01 +0000 Subject: [PATCH 293/415] Fix style in ARIA parameter validation tests --- tests/suites/test_suite_aria.function | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index d392cfd81..8ceb5bb08 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -33,15 +33,15 @@ void aria_invalid_param( ) mbedtls_aria_setkey_enc( NULL, key, sizeof( key ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_setkey_enc( &ctx, NULL, - sizeof( key ) ) ); + mbedtls_aria_setkey_enc( &ctx, NULL, + sizeof( key ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_setkey_dec( NULL, key, - sizeof( key ) ) ); + mbedtls_aria_setkey_dec( NULL, key, + sizeof( key ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_setkey_dec( &ctx, NULL, - sizeof( key ) ) ); + mbedtls_aria_setkey_dec( &ctx, NULL, + sizeof( key ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, mbedtls_aria_crypt_ecb( NULL, input, output ) ); From 14b91e8e228fb3cd766842e894215db126ed6291 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 14:13:36 +0000 Subject: [PATCH 294/415] Move testing of mbedtls_aria_free() to separate test The test that mbedtls_aria_free() accepts NULL parameters can be performed even if MBEDTLS_CHECK_PARAMS is unset, but was previously included in the test case aria_invalid_params() which is only executed if MBEDTLS_CHECK_PARAMS is set. --- tests/suites/test_suite_aria.data | 5 ++++- tests/suites/test_suite_aria.function | 8 +++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_aria.data b/tests/suites/test_suite_aria.data index 5a92ee9c7..2da0b30c2 100644 --- a/tests/suites/test_suite_aria.data +++ b/tests/suites/test_suite_aria.data @@ -1,4 +1,7 @@ -Parameter validation +ARIA - Valid parameters +aria_valid_param: + +ARIA - Invalid parameters aria_invalid_param: ARIA-128-ECB Encrypt - RFC 5794 diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 8ceb5bb08..6e29e535f 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -16,6 +16,13 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void aria_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_aria_free( NULL ) ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void aria_invalid_param( ) { @@ -27,7 +34,6 @@ void aria_invalid_param( ) size_t iv_off = 0; TEST_INVALID_PARAM( mbedtls_aria_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_aria_free( NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, mbedtls_aria_setkey_enc( NULL, key, From 938a15e58408f636e40e10cb553a6befc006ba92 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 16:43:45 +0000 Subject: [PATCH 295/415] Leave behaviour on NULL input unspecified in ARIA We allow a NULL input buffer if the input length is zero, but we don't test it. As long as that's the case, we shouldn't promise to support it. --- include/mbedtls/aria.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 3db43766a..1e8956ed1 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -200,10 +200,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, * multiple of the block size (16 Bytes). * \param iv Initialization vector (updated after use). * This must be a readable buffer of size 16 Bytes. - * \param input The buffer holding the input data. - * This may be \c NULL if `length == 0`. - * \param output The buffer holding the output data. - * This may be \c NULL if `length == 0`. + * \param input The buffer holding the input data. This must + * be a readable buffer of length \p length Bytes. + * \param output The buffer holding the output data. This must + * be a writable buffer of length \p length Bytes. * * \return \c 0 on success. * \return A negative error code on failure. @@ -250,10 +250,10 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, * This must not be larger than 15. * \param iv The initialization vector (updated after use). * This must be a readable buffer of size 16 Bytes. - * \param input The buffer holding the input data. - * This may be \c NULL if `length == 0`. - * \param output The buffer holding the output data. - * This may be \c NULL if `length == 0`. + * \param input The buffer holding the input data. This must + * be a readable buffer of length \p length Bytes. + * \param output The buffer holding the output data. This must + * be a writable buffer of length \p length Bytes. * * \return \c 0 on success. * \return A negative error code on failure. @@ -337,10 +337,10 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * \param stream_block The saved stream block for resuming. This must * point to a read/write buffer of length \c 16 bytes. * This is overwritten by the function. - * \param input The buffer holding the input data. - * This may be \c NULL if `length == 0`. - * \param output The buffer holding the output data. - * This may be \c NULL if `length == 0`. + * \param input The buffer holding the input data. This must + * be a readable buffer of length \p length Bytes. + * \param output The buffer holding the output data. This must + * be a writable buffer of length \p length Bytes. * * \return \c 0 on success. * \return A negative error code on failure. From 0294072c0987ccac1894fb90ff2c8fa804690187 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 18:18:45 +0000 Subject: [PATCH 296/415] Avoid unused variable warning in ARIA param validation test --- tests/suites/test_suite_aria.function | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 6e29e535f..7e35f154b 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -33,6 +33,9 @@ void aria_invalid_param( ) unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE] = { 0 }; size_t iv_off = 0; + ((void) iv_off); + ((void) iv); + TEST_INVALID_PARAM( mbedtls_aria_init( NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, From 3b4d6c69254f13bcff93c3d28da1581dd6d65897 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 18:14:08 +0000 Subject: [PATCH 297/415] Document parameter preconditions for Blowfish module --- include/mbedtls/blowfish.h | 119 +++++++++++++++++++++++-------------- 1 file changed, 76 insertions(+), 43 deletions(-) diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 922d8f82e..d904269c0 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -76,40 +76,51 @@ mbedtls_blowfish_context; #endif /* MBEDTLS_BLOWFISH_ALT */ /** - * \brief Initialize Blowfish context + * \brief Initialize a Blowfish context. * - * \param ctx Blowfish context to be initialized + * \param ctx The Blowfish context to be initialized. + * Must not be \c NULL. */ void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ); /** - * \brief Clear Blowfish context + * \brief Clear a Blowfish context. * - * \param ctx Blowfish context to be cleared + * \param ctx The Blowfish context to be cleared. + * This may be \c NULL, in which case this function + * is a no-op. If it is not \c NULL, it must point + * to an initialized Blowfish context. */ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); /** - * \brief Blowfish key schedule + * \brief Perform a Blowfish key schedule. * - * \param ctx Blowfish context to be initialized - * \param key encryption key - * \param keybits must be between 32 and 448 bits + * \param ctx The Blowfish context to perform the key schedule on. + * \param key The encryption key. Must be a readable buffer of + * length \p keybits Bits. + * \param keybits The length of \p key in Bits. Must be between + * \c 32 and \c 448 and a multiple of \c 8. * - * \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key, unsigned int keybits ); /** - * \brief Blowfish-ECB block encryption/decryption + * \brief Perform a Blowfish-ECB block encryption/decryption. * - * \param ctx Blowfish context - * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT - * \param input 8-byte input block - * \param output 8-byte output block + * \param ctx The Blowfish context to use. This must be initialized + * and bound to a key. + * \param mode The mode of operation. Possible values are + * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or + * #MBEDTLS_BLOWFISH_DECRYPT for decryption. + * \param input The input block. Must be a readable buffer of size 8 Bytes. + * \param input The output block. Must be a writable buffer of size 8 Bytes. * - * \return 0 if successful + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, int mode, @@ -118,7 +129,7 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CBC) /** - * \brief Blowfish-CBC buffer encryption/decryption + * \brief Perform a Blowfish-CBC buffer encryption/decryption * Length should be a multiple of the block * size (8 bytes) * @@ -130,15 +141,21 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, * IV, you should either save it manually or use the cipher * module instead. * - * \param ctx Blowfish context - * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data + * \param ctx The Blowfish context to use. This must be initialized + * and bound to a key. + * \param mode The mode of operation. Possible values are + * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or + * #MBEDTLS_BLOWFISH_DECRYPT for decryption. + * \param length The length of the input data in Bytes. + * \param iv The initialization vector. This must be an RW buffer + * of length \c 8 Bytes. It is updated by this function. + * \param input The input data. Must be a readable buffer of length + * \p length Bytes. If \p length if \c 0, it may be \c NULL. + * \param output The output data. Must be a writable buffer of length + * \p length Bytes. If \p length if \c 0, it may be \c NULL. * - * \return 0 if successful, or - * MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, int mode, @@ -150,7 +167,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CFB) /** - * \brief Blowfish CFB buffer encryption/decryption. + * \brief Perform a Blowfish CFB buffer encryption/decryption. * * \note Upon exit, the content of the IV is updated so that you can * call the function same function again on the following @@ -160,15 +177,25 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, * IV, you should either save it manually or use the cipher * module instead. * - * \param ctx Blowfish context - * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT - * \param length length of the input data - * \param iv_off offset in IV (updated after use) - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data + * \param ctx The Blowfish context to use. This must be initialized + * and bound to a key. + * \param mode The mode of operation. Possible values are + * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or + * #MBEDTLS_BLOWFISH_DECRYPT for decryption. + * \param length The length of the input data in Bytes. + * \param iv_off The offset in the initialiation vector. + * The value pointed to must be smaller than \c 8. + * It is updated by this function to support the aforementioned + * streaming usage. + * \param iv The initialization vector. Must be an RW buffer of + * size \c 8 Bytes. It is updated after use. + * \param input The input data. Must be a readable buffer of length + * \p length Bytes. If \p length if \c 0, it may be \c NULL. + * \param output The output data. Must be a writable buffer of length + * \p length Bytes. If \p length if \c 0, it may be \c NULL. * - * \return 0 if successful + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, int mode, @@ -181,7 +208,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CTR) /** - * \brief Blowfish-CTR buffer encryption/decryption + * \brief Perform a Blowfish-CTR buffer encryption/decryption. * * \warning You must never reuse a nonce value with the same key. Doing so * would void the encryption for the two messages encrypted with @@ -224,18 +251,24 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, * content must not be written to insecure storage and should be * securely discarded as soon as it's no longer needed. * - * \param ctx Blowfish context - * \param length The length of the data + * \param ctx The Blowfish context to use. This must be initialized + * and bound to a key. + * \param length The length of the input data in Bytes. * \param nc_off The offset in the current stream_block (for resuming * within current cipher stream). The offset pointer to - * should be 0 at the start of a stream. - * \param nonce_counter The 64-bit nonce and counter. - * \param stream_block The saved stream-block for resuming. Is overwritten - * by the function. - * \param input The input data stream - * \param output The output data stream + * should be \c 0 at the start of a stream and must be + * smaller than \c 8. It is updated by this function. + * \param nonce_counter The 64-bit nonce and counter. This must point to an RW + * buffer of length \c 8 Bytes. + * \param stream_block The saved stream-block for resuming. This must point to + * an RW buffer of length \c 8 Bytes. + * \param input The input data. Must be a readable buffer of length + * \p length Bytes. If \p length if \c 0, it may be \c NULL. + * \param output The output data. Must be a writable buffer of length + * \p length Bytes. If \p length if \c 0, it may be \c NULL. * - * \return 0 if successful + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, size_t length, From 541aa69de40e022cd73f216d0f27e86550f2cd3c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 18:46:09 +0000 Subject: [PATCH 298/415] Implement parameter validation for Blowfish module --- library/blowfish.c | 56 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 50 insertions(+), 6 deletions(-) diff --git a/library/blowfish.c b/library/blowfish.c index b3448c20b..cbf923824 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -40,6 +40,12 @@ #if !defined(MBEDTLS_BLOWFISH_ALT) +/* Parameter validation macros */ +#define BLOWFISH_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ) +#define BLOWFISH_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + /* * 32-bit integer manipulation macros (big endian) */ @@ -153,6 +159,7 @@ static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ) { + BLOWFISH_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_blowfish_context ) ); } @@ -167,14 +174,18 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ) /* * Blowfish key schedule */ -int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key, - unsigned int keybits ) +int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, + const unsigned char *key, + unsigned int keybits ) { unsigned int i, j, k; uint32_t data, datal, datar; + BLOWFISH_VALIDATE_RET( ctx != NULL ); + BLOWFISH_VALIDATE_RET( key != NULL ); - if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS || - ( keybits % 8 ) ) + if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || + keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS || + keybits % 8 != 0 ) { return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); } @@ -231,6 +242,11 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] ) { uint32_t X0, X1; + BLOWFISH_VALIDATE_RET( ctx != NULL ); + BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || + mode == MBEDTLS_BLOWFISH_DECRYPT ); + BLOWFISH_VALIDATE_RET( input != NULL ); + BLOWFISH_VALIDATE_RET( output != NULL ); GET_UINT32_BE( X0, input, 0 ); GET_UINT32_BE( X1, input, 4 ); @@ -263,6 +279,12 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, { int i; unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE]; + BLOWFISH_VALIDATE_RET( ctx != NULL ); + BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || + mode == MBEDTLS_BLOWFISH_DECRYPT ); + BLOWFISH_VALIDATE_RET( iv != NULL ); + BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); + BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); if( length % MBEDTLS_BLOWFISH_BLOCKSIZE ) return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH ); @@ -317,7 +339,19 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, unsigned char *output ) { int c; - size_t n = *iv_off; + size_t n; + + BLOWFISH_VALIDATE_RET( ctx != NULL ); + BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || + mode == MBEDTLS_BLOWFISH_DECRYPT ); + BLOWFISH_VALIDATE_RET( iv != NULL ); + BLOWFISH_VALIDATE_RET( iv_off != NULL ); + BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); + BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); + + n = *iv_off; + if( n >= 8 ) + return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); if( mode == MBEDTLS_BLOWFISH_DECRYPT ) { @@ -365,7 +399,17 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, unsigned char *output ) { int c, i; - size_t n = *nc_off; + size_t n; + BLOWFISH_VALIDATE_RET( ctx != NULL ); + BLOWFISH_VALIDATE_RET( nonce_counter != NULL ); + BLOWFISH_VALIDATE_RET( stream_block != NULL ); + BLOWFISH_VALIDATE_RET( nc_off != NULL ); + BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); + BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); + + n = *nc_off; + if( n >= 8 ) + return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); while( length-- ) { From e38b4cd661c51c39ab6eb31bef9b5b8244680f46 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Dec 2018 18:46:19 +0000 Subject: [PATCH 299/415] Test parameter validation for Blowfish module --- tests/suites/test_suite_blowfish.data | 3 + tests/suites/test_suite_blowfish.function | 148 ++++++++++++++++++++++ 2 files changed, 151 insertions(+) diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data index d4e8791c1..e1a614ca7 100644 --- a/tests/suites/test_suite_blowfish.data +++ b/tests/suites/test_suite_blowfish.data @@ -1,3 +1,6 @@ +Blowfish parameter validation +blowfish_invalid_param: + BLOWFISH-ECB Encrypt SSLeay reference #1 blowfish_encrypt_ecb:"0000000000000000":"0000000000000000":"4ef997456198dd78":0 diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index 189e23dc6..028ae1a20 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -7,6 +7,154 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void blowfish_invalid_param( ) +{ + mbedtls_blowfish_context ctx; + unsigned char buf[16] = { 0 }; + size_t off; + ((void) off); + + TEST_INVALID_PARAM( mbedtls_blowfish_init( NULL ) ); + TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_setkey( NULL, + buf, + 128 ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_setkey( &ctx, + NULL, + 128 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_ecb( NULL, + MBEDTLS_BLOWFISH_ENCRYPT, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_ecb( &ctx, + 42, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_ecb( &ctx, + MBEDTLS_BLOWFISH_ENCRYPT, + NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_ecb( &ctx, + MBEDTLS_BLOWFISH_ENCRYPT, + buf, NULL ) ); + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_cbc( NULL, + MBEDTLS_BLOWFISH_ENCRYPT, + sizeof( buf ), + buf, buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_cbc( &ctx, + 42, + sizeof( buf ), + buf, buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_cbc( &ctx, + MBEDTLS_BLOWFISH_ENCRYPT, + sizeof( buf ), + NULL, buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_cbc( &ctx, + MBEDTLS_BLOWFISH_ENCRYPT, + sizeof( buf ), + buf, NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_cbc( &ctx, + MBEDTLS_BLOWFISH_ENCRYPT, + sizeof( buf ), + buf, buf, NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_CFB) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_cfb64( NULL, + MBEDTLS_BLOWFISH_ENCRYPT, + sizeof( buf ), + &off, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_cfb64( &ctx, + 42, + sizeof( buf ), + &off, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_cfb64( &ctx, + MBEDTLS_BLOWFISH_ENCRYPT, + sizeof( buf ), + NULL, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_cfb64( &ctx, + MBEDTLS_BLOWFISH_ENCRYPT, + sizeof( buf ), + &off, NULL, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_cfb64( &ctx, + MBEDTLS_BLOWFISH_ENCRYPT, + sizeof( buf ), + &off, buf, + NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_cfb64( &ctx, + MBEDTLS_BLOWFISH_ENCRYPT, + sizeof( buf ), + &off, buf, + buf, NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_ctr( NULL, + sizeof( buf ), + &off, + buf, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_ctr( &ctx, + sizeof( buf ), + NULL, + buf, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_ctr( &ctx, + sizeof( buf ), + &off, + NULL, buf, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_ctr( &ctx, + sizeof( buf ), + &off, + buf, NULL, + buf, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_ctr( &ctx, + sizeof( buf ), + &off, + buf, buf, + NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + mbedtls_blowfish_crypt_ctr( &ctx, + sizeof( buf ), + &off, + buf, buf, + buf, NULL ) ); +#endif /* MBEDTLS_CIPHER_MODE_CTR */ + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE */ void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str, data_t * hex_dst_string, int setkey_result ) From 49acc64c695e2b1b88f31b770f23df83d0f2b34f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 09:24:51 +0000 Subject: [PATCH 300/415] Minor improvements to Blowfish documentation and tests --- include/mbedtls/blowfish.h | 35 +++++++++++---------- tests/suites/test_suite_blowfish.function | 37 ++++++++++++----------- 2 files changed, 37 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index d904269c0..e40e17c65 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -79,7 +79,7 @@ mbedtls_blowfish_context; * \brief Initialize a Blowfish context. * * \param ctx The Blowfish context to be initialized. - * Must not be \c NULL. + * This must not be \c NULL. */ void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ); @@ -97,9 +97,9 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); * \brief Perform a Blowfish key schedule. * * \param ctx The Blowfish context to perform the key schedule on. - * \param key The encryption key. Must be a readable buffer of + * \param key The encryption key. This must be a readable buffer of * length \p keybits Bits. - * \param keybits The length of \p key in Bits. Must be between + * \param keybits The length of \p key in Bits. This must be between * \c 32 and \c 448 and a multiple of \c 8. * * \return \c 0 if successful. @@ -116,8 +116,8 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char * \param mode The mode of operation. Possible values are * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or * #MBEDTLS_BLOWFISH_DECRYPT for decryption. - * \param input The input block. Must be a readable buffer of size 8 Bytes. - * \param input The output block. Must be a writable buffer of size 8 Bytes. + * \param input The input block. This must be a readable buffer of size 8 Bytes. + * \param input The output block. This must be a writable buffer of size 8 Bytes. * * \return \c 0 if successful. * \return A negative error code on failure. @@ -129,9 +129,7 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CBC) /** - * \brief Perform a Blowfish-CBC buffer encryption/decryption - * Length should be a multiple of the block - * size (8 bytes) + * \brief Perform a Blowfish-CBC buffer encryption/decryption. * * \note Upon exit, the content of the IV is updated so that you can * call the function same function again on the following @@ -146,12 +144,13 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, * \param mode The mode of operation. Possible values are * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or * #MBEDTLS_BLOWFISH_DECRYPT for decryption. - * \param length The length of the input data in Bytes. + * \param length The length of the input data in Bytes. This must be + * multiple of \c 8. * \param iv The initialization vector. This must be an RW buffer * of length \c 8 Bytes. It is updated by this function. - * \param input The input data. Must be a readable buffer of length + * \param input The input data. This must be a readable buffer of length * \p length Bytes. If \p length if \c 0, it may be \c NULL. - * \param output The output data. Must be a writable buffer of length + * \param output The output data. This must be a writable buffer of length * \p length Bytes. If \p length if \c 0, it may be \c NULL. * * \return \c 0 if successful. @@ -187,11 +186,11 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, * The value pointed to must be smaller than \c 8. * It is updated by this function to support the aforementioned * streaming usage. - * \param iv The initialization vector. Must be an RW buffer of + * \param iv The initialization vector. This must be an RW buffer of * size \c 8 Bytes. It is updated after use. - * \param input The input data. Must be a readable buffer of length + * \param input The input data. This must be a readable buffer of length * \p length Bytes. If \p length if \c 0, it may be \c NULL. - * \param output The output data. Must be a writable buffer of length + * \param output The output data. This must be a writable buffer of length * \p length Bytes. If \p length if \c 0, it may be \c NULL. * * \return \c 0 if successful. @@ -262,10 +261,10 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, * buffer of length \c 8 Bytes. * \param stream_block The saved stream-block for resuming. This must point to * an RW buffer of length \c 8 Bytes. - * \param input The input data. Must be a readable buffer of length - * \p length Bytes. If \p length if \c 0, it may be \c NULL. - * \param output The output data. Must be a writable buffer of length - * \p length Bytes. If \p length if \c 0, it may be \c NULL. + * \param input The input data. This must be a readable buffer of length + * \p length Bytes. If \p length is \c 0, it may be \c NULL. + * \param output The output data. This must be a writable buffer of length + * \p length Bytes. If \p length is \c 0, it may be \c NULL. * * \return \c 0 if successful. * \return A negative error code on failure. diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index 028ae1a20..1d1422a4f 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -12,6 +12,9 @@ void blowfish_invalid_param( ) { mbedtls_blowfish_context ctx; unsigned char buf[16] = { 0 }; + size_t const valid_keylength = sizeof( buf ) * 8; + size_t valid_mode = MBEDTLS_BLOWFISH_ENCRYPT; + size_t invalid_mode = 42; size_t off; ((void) off); @@ -21,53 +24,53 @@ void blowfish_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_setkey( NULL, buf, - 128 ) ); + valid_keylength ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_setkey( &ctx, NULL, - 128 ) ); + valid_keylength ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_ecb( NULL, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_ecb( &ctx, - 42, + invalid_mode, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_ecb( &ctx, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_ecb( &ctx, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, buf, NULL ) ); #if defined(MBEDTLS_CIPHER_MODE_CBC) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cbc( NULL, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, sizeof( buf ), buf, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cbc( &ctx, - 42, + invalid_mode, sizeof( buf ), buf, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cbc( &ctx, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, sizeof( buf ), NULL, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cbc( &ctx, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, sizeof( buf ), buf, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cbc( &ctx, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, sizeof( buf ), buf, buf, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -75,37 +78,37 @@ void blowfish_invalid_param( ) #if defined(MBEDTLS_CIPHER_MODE_CFB) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cfb64( NULL, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, sizeof( buf ), &off, buf, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cfb64( &ctx, - 42, + invalid_mode, sizeof( buf ), &off, buf, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cfb64( &ctx, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, sizeof( buf ), NULL, buf, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cfb64( &ctx, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, sizeof( buf ), &off, NULL, buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cfb64( &ctx, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, sizeof( buf ), &off, buf, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cfb64( &ctx, - MBEDTLS_BLOWFISH_ENCRYPT, + valid_mode, sizeof( buf ), &off, buf, buf, NULL ) ); From f947c0a2dd7d29fcbe36e9cc83129579a3282d89 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 14:17:10 +0000 Subject: [PATCH 301/415] Move testing of mbedtls_blowfish_free() to separate test case It should be tested regardless of the setting of MBEDTLS_CHECK_PARAMS. --- tests/suites/test_suite_blowfish.data | 5 ++++- tests/suites/test_suite_blowfish.function | 7 +++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data index e1a614ca7..fd172d3b2 100644 --- a/tests/suites/test_suite_blowfish.data +++ b/tests/suites/test_suite_blowfish.data @@ -1,4 +1,7 @@ -Blowfish parameter validation +BLOWFISH - Valid parameters +blowfish_valid_param: + +BLOWFISH - Invalid parameters blowfish_invalid_param: BLOWFISH-ECB Encrypt SSLeay reference #1 diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index 1d1422a4f..7a93cd139 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -7,6 +7,13 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void blowfish_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void blowfish_invalid_param( ) { From 3d9a3490f85d826c3a4c819acc61cdae4c9354b0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 15:15:42 +0000 Subject: [PATCH 302/415] Improve Blowfish documentation --- include/mbedtls/blowfish.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index e40e17c65..74d516dc9 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -88,8 +88,8 @@ void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ); * * \param ctx The Blowfish context to be cleared. * This may be \c NULL, in which case this function - * is a no-op. If it is not \c NULL, it must point - * to an initialized Blowfish context. + * returns immediately. If it is not \c NULL, it must + * point to an initialized Blowfish context. */ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); @@ -146,7 +146,7 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, * #MBEDTLS_BLOWFISH_DECRYPT for decryption. * \param length The length of the input data in Bytes. This must be * multiple of \c 8. - * \param iv The initialization vector. This must be an RW buffer + * \param iv The initialization vector. This must be a read/write buffer * of length \c 8 Bytes. It is updated by this function. * \param input The input data. This must be a readable buffer of length * \p length Bytes. If \p length if \c 0, it may be \c NULL. @@ -183,10 +183,10 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, * #MBEDTLS_BLOWFISH_DECRYPT for decryption. * \param length The length of the input data in Bytes. * \param iv_off The offset in the initialiation vector. - * The value pointed to must be smaller than \c 8. + * The value pointed to must be smaller than \c 8 Bytes. * It is updated by this function to support the aforementioned * streaming usage. - * \param iv The initialization vector. This must be an RW buffer of + * \param iv The initialization vector. This must be a read/write buffer of * size \c 8 Bytes. It is updated after use. * \param input The input data. This must be a readable buffer of length * \p length Bytes. If \p length if \c 0, it may be \c NULL. @@ -257,10 +257,10 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, * within current cipher stream). The offset pointer to * should be \c 0 at the start of a stream and must be * smaller than \c 8. It is updated by this function. - * \param nonce_counter The 64-bit nonce and counter. This must point to an RW - * buffer of length \c 8 Bytes. + * \param nonce_counter The 64-bit nonce and counter. This must point to a + * read/write buffer of length \c 8 Bytes. * \param stream_block The saved stream-block for resuming. This must point to - * an RW buffer of length \c 8 Bytes. + * a read/write buffer of length \c 8 Bytes. * \param input The input data. This must be a readable buffer of length * \p length Bytes. If \p length is \c 0, it may be \c NULL. * \param output The output data. This must be a writable buffer of length From 20376d631d54b40be2165280de12aeb8c409c5ce Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 17:47:39 +0000 Subject: [PATCH 303/415] Don't promise that passing NULL input to Blowfish works It seems to work, but we don't test it currently, so we shouldn't promise it. --- include/mbedtls/blowfish.h | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 74d516dc9..cd53840ed 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -116,8 +116,10 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char * \param mode The mode of operation. Possible values are * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or * #MBEDTLS_BLOWFISH_DECRYPT for decryption. - * \param input The input block. This must be a readable buffer of size 8 Bytes. - * \param input The output block. This must be a writable buffer of size 8 Bytes. + * \param input The input block. This must be a readable buffer + * of size \c 8 Bytes. + * \param output The output block. This must be a writable buffer + * of size \c 8 Bytes. * * \return \c 0 if successful. * \return A negative error code on failure. @@ -149,9 +151,9 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, * \param iv The initialization vector. This must be a read/write buffer * of length \c 8 Bytes. It is updated by this function. * \param input The input data. This must be a readable buffer of length - * \p length Bytes. If \p length if \c 0, it may be \c NULL. + * \p length Bytes. * \param output The output data. This must be a writable buffer of length - * \p length Bytes. If \p length if \c 0, it may be \c NULL. + * \p length Bytes. * * \return \c 0 if successful. * \return A negative error code on failure. @@ -186,12 +188,12 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, * The value pointed to must be smaller than \c 8 Bytes. * It is updated by this function to support the aforementioned * streaming usage. - * \param iv The initialization vector. This must be a read/write buffer of - * size \c 8 Bytes. It is updated after use. + * \param iv The initialization vector. This must be a read/write buffer + * of size \c 8 Bytes. It is updated after use. * \param input The input data. This must be a readable buffer of length - * \p length Bytes. If \p length if \c 0, it may be \c NULL. + * \p length Bytes. * \param output The output data. This must be a writable buffer of length - * \p length Bytes. If \p length if \c 0, it may be \c NULL. + * \p length Bytes. * * \return \c 0 if successful. * \return A negative error code on failure. @@ -261,10 +263,10 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, * read/write buffer of length \c 8 Bytes. * \param stream_block The saved stream-block for resuming. This must point to * a read/write buffer of length \c 8 Bytes. - * \param input The input data. This must be a readable buffer of length - * \p length Bytes. If \p length is \c 0, it may be \c NULL. - * \param output The output data. This must be a writable buffer of length - * \p length Bytes. If \p length is \c 0, it may be \c NULL. + * \param input The input data. This must be a readable buffer of + * length \p length Bytes. + * \param output The output data. This must be a writable buffer of + * length \p length Bytes. * * \return \c 0 if successful. * \return A negative error code on failure. From 1f19fa6f62346d57d5dac41512cc107c8a7fc7fb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 14:18:39 +0100 Subject: [PATCH 304/415] PK: Fix free(NULL) in library and tests free() functions are documented as no-ops on NULL. Implement and test this correctly. --- library/pk.c | 3 +-- tests/suites/test_suite_pk.function | 8 ++++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/library/pk.c b/library/pk.c index d8bce8f46..38ab7747c 100644 --- a/library/pk.c +++ b/library/pk.c @@ -90,8 +90,7 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) */ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) { - PK_VALIDATE( ctx != NULL ); - if( ctx->pk_info == NULL || + if( ctx == NULL || ctx->pk_info == NULL || ctx->pk_info->rs_free_func == NULL ) { return; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 936bcdfb2..b8069b540 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -77,6 +77,12 @@ void valid_parameters( ) mbedtls_pk_init( &pk ); + TEST_VALID_PARAM( mbedtls_pk_free( NULL ) ); + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + TEST_VALID_PARAM( mbedtls_pk_restart_free( NULL ) ); +#endif + TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -133,8 +139,6 @@ void invalid_parameters( ) #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) TEST_INVALID_PARAM( mbedtls_pk_restart_init( NULL ) ); - - TEST_INVALID_PARAM( mbedtls_pk_restart_free( NULL ) ); #endif TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, From 70ded3602c9507188518f065dec97857321061ca Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 13:42:05 +0000 Subject: [PATCH 305/415] Minor improvements to Camellia module and documentation --- include/mbedtls/camellia.h | 62 ++++++++++++++++++++------------------ library/camellia.c | 11 ++++--- 2 files changed, 38 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 57bb39e8b..aa1b2988c 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -89,7 +89,7 @@ void mbedtls_camellia_init( mbedtls_camellia_context *ctx ); void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); /** - * \brief Perform a CAMELLIA key schedule (encryption). + * \brief Perform a CAMELLIA key schedule operation for encryption. * * \param ctx The CAMELLIA context to use. This must be initialized. * \param key The encryption key to use. This must be a readable buffer @@ -105,7 +105,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, unsigned int keybits ); /** - * \brief Perform a CAMELLIA key schedule (decryption). + * \brief Perform a CAMELLIA key schedule operation for decryption. * * \param ctx The CAMELLIA context to use. This must be initialized. * \param key The decryption key. This must be a readable buffer @@ -121,7 +121,7 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, unsigned int keybits ); /** - * \brief Perform a CAMELLIA-ECB block encryption/decryption. + * \brief Perform a CAMELLIA-ECB block encryption/decryption operation. * * \param ctx The CAMELLIA context to use. This must be initialized * and bound to a key. @@ -142,7 +142,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CBC) /** - * \brief Perform a CAMELLIA-CBC buffer encryption/decryption. + * \brief Perform a CAMELLIA-CBC buffer encryption/decryption operation. * * \note Upon exit, the content of the IV is updated so that you can * call the function same function again on the following @@ -157,7 +157,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * \param mode The mode of operation. This must be either * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. * \param length The length in Bytes of the input data \p input. - * This must be a multiple of \c 16. + * This must be a multiple of \c 16 Bytes. * \param iv The initialization vector. This must be a read/write buffer * of length \c 16 Bytes. It is updated to allow streaming * use as explained above. @@ -179,13 +179,14 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CFB) /** - * \brief Perform a CAMELLIA-CFB128 buffer encryption/decryption. + * \brief Perform a CAMELLIA-CFB128 buffer encryption/decryption + * operation. * - * \note Due to the nature of CFB you should use the same key - * schedule for both encryption and decryption. So a - * context initialized with mbedtls_camellia_setkey_enc() - * for both #MBEDTLS_CAMELLIA_ENCRYPT and - * #MBEDTLS_CAMELLIA_DECRYPT. + * \note Due to the nature of CFB mode, you should use the same + * key for both encryption and decryption. In particular, calls + * to this function should be preceded by a key-schedule via + * mbedtls_camellia_setkey_enc() regardless of whether \p mode + * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. * * \note Upon exit, the content of the IV is updated so that you can * call the function same function again on the following @@ -225,13 +226,13 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CTR) /** - * \brief CAMELLIA-CTR buffer encryption/decryption + * \brief Perform a CAMELLIA-CTR buffer encryption/decryption operation. * - * \note Due to the nature of CTR you should use the same key - * schedule for both encryption and decryption. So a - * context initialized with mbedtls_camellia_setkey_enc() - * for both #MBEDTLS_CAMELLIA_ENCRYPT and - * #MBEDTLS_CAMELLIA_DECRYPT. + * *note Due to the nature of CTR mode, you should use the same + * key for both encryption and decryption. In particular, calls + * to this function should be preceded by a key-schedule via + * mbedtls_camellia_setkey_enc() regardless of whether \p mode + * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. * * \warning You must never reuse a nonce value with the same key. Doing so * would void the encryption for the two messages encrypted with @@ -254,21 +255,22 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * per-message nonce, handled by yourself, and the second one * updated by this function internally. * - * For example, you might reserve the first 12 bytes for the - * per-message nonce, and the last 4 bytes for internal use. In that - * case, before calling this function on a new message you need to - * set the first 12 bytes of \p nonce_counter to your chosen nonce - * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p - * stream_block to be ignored). That way, you can encrypt at most - * 2**96 messages of up to 2**32 blocks each with the same key. + * For example, you might reserve the first \c 12 Bytes for the + * per-message nonce, and the last \c 4 Bytes for internal use. + * In that case, before calling this function on a new message you + * need to set the first \c 12 Bytes of \p nonce_counter to your + * chosen nonce value, the last four to \c 0, and \p nc_off to \c 0 + * (which will cause \p stream_block to be ignored). That way, you + * can encrypt at most \c 2**96 messages of up to \c 2**32 blocks + * each with the same key. * * The per-message nonce (or information sufficient to reconstruct - * it) needs to be communicated with the ciphertext and must be unique. - * unique. The recommended way to ensure uniqueness is to use a message - * counter. An alternative is to generate random nonces, but this - * limits the number of messages that can be securely encrypted: - * for example, with 96-bit random nonces, you should not encrypt - * more than 2**32 messages with the same key. + * it) needs to be communicated with the ciphertext and must be. + * unique. The recommended way to ensure uniqueness is to use a + * message counter. An alternative is to generate random nonces, + * but this limits the number of messages that can be securely + * encrypted: for example, with 96-bit random nonces, you should + * not encrypt more than 2**32 messages with the same key. * * Note that for both stategies, sizes are measured in blocks and * that a CAMELLIA block is \c 16 bytes. diff --git a/library/camellia.c b/library/camellia.c index 7fb8dc76e..22262b89a 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -353,6 +353,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, uint32_t SIGMA[6][2]; uint32_t KC[16]; uint32_t TK[20]; + CAMELLIA_VALIDATE_RET( ctx != NULL ); CAMELLIA_VALIDATE_RET( key != NULL ); @@ -570,11 +571,11 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * Camellia-CBC buffer encryption/decryption */ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) { int i; unsigned char temp[16]; From ed54128fdb5da3cf6d37d09669873bafe4c69155 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 15:48:37 +0000 Subject: [PATCH 306/415] Minor Blowfish documentation improvements --- include/mbedtls/blowfish.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index cd53840ed..f01573dca 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -94,7 +94,7 @@ void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ); void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); /** - * \brief Perform a Blowfish key schedule. + * \brief Perform a Blowfish key schedule operation. * * \param ctx The Blowfish context to perform the key schedule on. * \param key The encryption key. This must be a readable buffer of @@ -109,7 +109,7 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char unsigned int keybits ); /** - * \brief Perform a Blowfish-ECB block encryption/decryption. + * \brief Perform a Blowfish-ECB block encryption/decryption operation. * * \param ctx The Blowfish context to use. This must be initialized * and bound to a key. @@ -131,7 +131,7 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CBC) /** - * \brief Perform a Blowfish-CBC buffer encryption/decryption. + * \brief Perform a Blowfish-CBC buffer encryption/decryption operation. * * \note Upon exit, the content of the IV is updated so that you can * call the function same function again on the following @@ -168,7 +168,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CFB) /** - * \brief Perform a Blowfish CFB buffer encryption/decryption. + * \brief Perform a Blowfish CFB buffer encryption/decryption operation. * * \note Upon exit, the content of the IV is updated so that you can * call the function same function again on the following @@ -209,7 +209,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CTR) /** - * \brief Perform a Blowfish-CTR buffer encryption/decryption. + * \brief Perform a Blowfish-CTR buffer encryption/decryption operation. * * \warning You must never reuse a nonce value with the same key. Doing so * would void the encryption for the two messages encrypted with @@ -256,7 +256,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, * and bound to a key. * \param length The length of the input data in Bytes. * \param nc_off The offset in the current stream_block (for resuming - * within current cipher stream). The offset pointer to + * within current cipher stream). The offset pointer * should be \c 0 at the start of a stream and must be * smaller than \c 8. It is updated by this function. * \param nonce_counter The 64-bit nonce and counter. This must point to a From df4b59696d98be1f323eb7ebdc959603ecdb5869 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 15:50:02 +0000 Subject: [PATCH 307/415] Minor Camellia documentation improvements --- include/mbedtls/camellia.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index aa1b2988c..0f7c42c92 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -265,7 +265,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * each with the same key. * * The per-message nonce (or information sufficient to reconstruct - * it) needs to be communicated with the ciphertext and must be. + * it) needs to be communicated with the ciphertext and must be * unique. The recommended way to ensure uniqueness is to use a * message counter. An alternative is to generate random nonces, * but this limits the number of messages that can be securely @@ -273,7 +273,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * not encrypt more than 2**32 messages with the same key. * * Note that for both stategies, sizes are measured in blocks and - * that a CAMELLIA block is \c 16 bytes. + * that a CAMELLIA block is \c 16 Bytes. * * \warning Upon return, \p stream_block contains sensitive data. Its * content must not be written to insecure storage and should be From 159171b72ac7080c3692587565b19142ac9fd32f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 17:03:28 +0100 Subject: [PATCH 308/415] PK parse/write: support keylen=0 correctly A 0-length buffer for the key is a legitimate edge case. Ensure that it works, even with buf=NULL. Document the key and keylen parameters. There are already test cases for parsing an empty buffer. A subsequent commit will add tests for writing to an empty buffer. --- include/mbedtls/pk.h | 34 ++++++++++++++++++++++------------ library/pkparse.c | 22 +++++++++++----------- library/pkwrite.c | 8 ++++++-- 3 files changed, 39 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index e2529e4ce..310aeef5f 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -530,9 +530,13 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); * \brief Parse a private key in PEM or DER format * * \param ctx key to be initialized - * \param key input buffer - * \param keylen size of the buffer - * (including the terminating null byte for PEM data) + * \param key Input buffer to parse. + * The buffer must contain the input exactly, with no + * extra trailing material. For PEM, the buffer must + * contain a null-terminated string. + * \param keylen Size of \b key in bytes. + * For PEM data, this includes the terminating null byte, + * so \p keylen must be equal to `strlen(key) + 1`. * \param pwd password for decryption (optional) * \param pwdlen size of the password * @@ -553,9 +557,13 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *ctx, * \brief Parse a public key in PEM or DER format * * \param ctx key to be initialized - * \param key input buffer - * \param keylen size of the buffer - * (including the terminating null byte for PEM data) + * \param key Input buffer to parse. + * The buffer must contain the input exactly, with no + * extra trailing material. For PEM, the buffer must + * contain a null-terminated string. + * \param keylen Size of \b key in bytes. + * For PEM data, this includes the terminating null byte, + * so \p keylen must be equal to `strlen(key) + 1`. * * \note On entry, ctx must be empty, either freshly initialised * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a @@ -643,9 +651,10 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, si /** * \brief Write a public key to a PEM string * - * \param ctx public key to write away - * \param buf buffer to write to - * \param size size of the buffer + * \param ctx Context containing the public key to write. + * \param buf Buffer to write to. The output includes a + * terminating null byte. + * \param size Size of the buffer in bytes. * * \return 0 if successful, or a specific error code */ @@ -654,9 +663,10 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, si /** * \brief Write a private key to a PKCS#1 or SEC1 PEM string * - * \param ctx private to write away - * \param buf buffer to write to - * \param size size of the buffer + * \param ctx Context containing the private key to write. + * \param buf Buffer to write to. The output includes a + * terminating null byte. + * \param size Size of the buffer in bytes. * * \return 0 if successful, or a specific error code */ diff --git a/library/pkparse.c b/library/pkparse.c index 7c14e34ec..127f9b840 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1170,15 +1170,16 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, #endif PK_VALIDATE_RET( pk != NULL ); - PK_VALIDATE_RET( key != NULL || keylen == 0 ); - PK_VALIDATE_RET( pwd != NULL || pwdlen == 0 ); + if( keylen == 0 ) + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + PK_VALIDATE_RET( key != NULL ); #if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_init( &pem ); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( keylen == 0 || key[keylen - 1] != '\0' ) + if( key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, @@ -1209,7 +1210,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, #if defined(MBEDTLS_ECP_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( keylen == 0 || key[keylen - 1] != '\0' ) + if( key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, @@ -1239,7 +1240,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, #endif /* MBEDTLS_ECP_C */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( keylen == 0 || key[keylen - 1] != '\0' ) + if( key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, @@ -1262,7 +1263,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( keylen == 0 || key[keylen - 1] != '\0' ) + if( key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, @@ -1300,9 +1301,6 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, { unsigned char *key_copy; - if( keylen == 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); - if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL ) return( MBEDTLS_ERR_PK_ALLOC_FAILED ); @@ -1387,13 +1385,15 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, #endif PK_VALIDATE_RET( ctx != NULL ); + if( keylen == 0 ) + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); PK_VALIDATE_RET( key != NULL || keylen == 0 ); #if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_init( &pem ); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( keylen == 0 || key[keylen - 1] != '\0' ) + if( key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, @@ -1424,7 +1424,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, #endif /* MBEDTLS_RSA_C */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( keylen == 0 || key[keylen - 1] != '\0' ) + if( key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, diff --git a/library/pkwrite.c b/library/pkwrite.c index 51d0c56f1..8d1da2f75 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -186,7 +186,9 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si const char *oid; PK_VALIDATE_RET( key != NULL ); - PK_VALIDATE_RET( buf != NULL || size == 0 ); + if( size == 0 ) + return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + PK_VALIDATE_RET( buf != NULL ); c = buf + size; @@ -236,7 +238,9 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ size_t len = 0; PK_VALIDATE_RET( key != NULL ); - PK_VALIDATE_RET( buf != NULL || size == 0 ); + if( size == 0 ) + return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + PK_VALIDATE_RET( buf != NULL ); c = buf + size; From cc274c2ebf784290533b04be16a72045a28ecdfe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 17:08:01 +0100 Subject: [PATCH 309/415] Do run the valid parameters test function --- tests/suites/test_suite_pk.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index d029b995f..0da32418a 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1,6 +1,9 @@ PK invalid parameters invalid_parameters: +PK valid parameters +valid_parameters: + PK utils: RSA depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_utils:MBEDTLS_PK_RSA:512:64:"RSA" From 998fbfbe6872e4d163d02d81f4c3966e86eb5262 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 17:08:51 +0100 Subject: [PATCH 310/415] Properly test pk_write with an empty output buffer This needs a real key to test properly. --- tests/suites/test_suite_pk.data | 4 ++++ tests/suites/test_suite_pk.function | 32 +++++++++++++++++++++++++---- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 0da32418a..e41dfa710 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -4,6 +4,10 @@ invalid_parameters: PK valid parameters valid_parameters: +PK write valid parameters +depends_on:MBEDTLS_RSA_C +valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12" + PK utils: RSA depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_utils:MBEDTLS_PK_RSA:512:64:"RSA" diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index b8069b540..20b5457a0 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -2,6 +2,8 @@ #include "mbedtls/pk.h" /* For error codes */ +#include "mbedtls/asn1.h" +#include "mbedtls/base64.h" #include "mbedtls/ecp.h" #include "mbedtls/rsa.h" @@ -111,14 +113,36 @@ void valid_parameters( ) TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) == MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); #endif /* MBEDTLS_PK_PARSE_C */ +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */ +void valid_parameters_pkwrite( data_t *key_data ) +{ + mbedtls_pk_context pk; + + /* For the write tests to be effective, we need a valid key pair. */ + mbedtls_pk_init( &pk ); + TEST_ASSERT( mbedtls_pk_parse_key( &pk, + key_data->x, key_data->len, + NULL, 0 ) == 0 ); -#if defined(MBEDTLS_PK_WRITE_C) TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) == - MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); TEST_ASSERT( mbedtls_pk_write_pubkey_der( &pk, NULL, 0 ) == - MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); -#endif /* MBEDTLS_PK_WRITE_C */ + MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + +#if defined(MBEDTLS_PEM_WRITE_C) + TEST_ASSERT( mbedtls_pk_write_key_pem( &pk, NULL, 0 ) == + MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); + + TEST_ASSERT( mbedtls_pk_write_pubkey_pem( &pk, NULL, 0 ) == + MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); +#endif /* MBEDTLS_PEM_WRITE_C */ + +exit: + mbedtls_pk_free( &pk ); } /* END_CASE */ From ee3cfec3cc87b71ea0f9a4e3b5524a225a9e4809 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 17:10:02 +0100 Subject: [PATCH 311/415] PK sign/verify: hash=NULL is ok if md_alg=0 and hash_len=0 --- library/pk.c | 9 ++-- tests/suites/test_suite_pk.function | 76 +++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 3 deletions(-) diff --git a/library/pk.c b/library/pk.c index 38ab7747c..66301ee2d 100644 --- a/library/pk.c +++ b/library/pk.c @@ -240,7 +240,8 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, mbedtls_pk_restart_ctx *rs_ctx ) { PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( hash != NULL ); + PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || + hash != NULL ); PK_VALIDATE_RET( sig != NULL ); if( ctx->pk_info == NULL || @@ -297,7 +298,8 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, const unsigned char *sig, size_t sig_len ) { PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( hash != NULL ); + PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || + hash != NULL ); PK_VALIDATE_RET( sig != NULL ); if( ctx->pk_info == NULL ) @@ -361,7 +363,8 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, mbedtls_pk_restart_ctx *rs_ctx ) { PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( hash != NULL ); + PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || + hash != NULL ); PK_VALIDATE_RET( sig != NULL ); if( ctx->pk_info == NULL || diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 20b5457a0..1f5d7d61a 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -75,7 +75,9 @@ size_t mbedtls_rsa_key_len_func( void *ctx ) void valid_parameters( ) { mbedtls_pk_context pk; + unsigned char buf[1]; size_t len; + void *options = NULL; mbedtls_pk_init( &pk ); @@ -94,6 +96,49 @@ void valid_parameters( ) TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 ); + TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, &len, + rnd_std_rand, NULL, + NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, &len, + rnd_std_rand, NULL, + NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_pk_sign( &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, &len, + rnd_std_rand, NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, sizeof( buf ), + NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_pk_verify( &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, sizeof( buf ) ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, + &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, sizeof( buf ) ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_pk_encrypt( &pk, NULL, 0, NULL, &len, 0, @@ -155,6 +200,7 @@ void invalid_parameters( ) unsigned char *p = buf; char str[1] = {0}; mbedtls_pk_context pk; + mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; void *options = buf; mbedtls_pk_init( &pk ); @@ -186,6 +232,12 @@ void invalid_parameters( ) NULL, sizeof( buf ), buf, sizeof( buf ), NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_restartable( &pk, + valid_md, + NULL, 0, + buf, sizeof( buf ), + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_NONE, @@ -203,6 +255,11 @@ void invalid_parameters( ) MBEDTLS_MD_NONE, NULL, sizeof( buf ), buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify( &pk, + valid_md, + NULL, 0, + buf, sizeof( buf ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, @@ -221,6 +278,12 @@ void invalid_parameters( ) MBEDTLS_MD_NONE, NULL, sizeof( buf ), buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, + &pk, + valid_md, + NULL, 0, + buf, sizeof( buf ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, &pk, @@ -242,6 +305,13 @@ void invalid_parameters( ) buf, &len, rnd_std_rand, NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign_restartable( &pk, + valid_md, + NULL, 0, + buf, &len, + rnd_std_rand, NULL, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, @@ -262,6 +332,12 @@ void invalid_parameters( ) NULL, sizeof( buf ), buf, &len, rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign( &pk, + valid_md, + NULL, 0, + buf, &len, + rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, From 8ce11a323e9e7b5297a296e32fc738c6ecaa3756 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 16:18:52 +0000 Subject: [PATCH 312/415] Minor improvements to bignum module --- include/mbedtls/bignum.h | 8 ++++---- library/bignum.c | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 7b808381e..141a8e9ad 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -196,7 +196,7 @@ mbedtls_mpi; void mbedtls_mpi_init( mbedtls_mpi *X ); /** - * \brief This function frees the components an MPI context. + * \brief This function frees the components of an MPI context. * * \param X The MPI context to be cleared. This may be \c NULL, * in which case this function is a no-op. If it is @@ -693,7 +693,7 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, * \param R The destination MPI for the remainder value. * This may be \c NULL if the value of the * remainder is not needed. - * \param A The divident. This must point to an initialized MPi. + * \param A The dividend. This must point to an initialized MPi. * \param B The divisor. This must point to an initialized MPI. * * \return \c 0 if successful. @@ -714,7 +714,7 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * \param R The destination MPI for the remainder value. * This may be \c NULL if the value of the * remainder is not needed. - * \param A The divident. This must point to an initialized MPi. + * \param A The dividend. This must point to an initialized MPi. * \param b The divisor. * * \return \c 0 if successful. @@ -776,7 +776,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, * \param _RR A helper MPI depending solely on \p N which can be used to * speed-up multiple modular exponentiations for the same value * of \p N. This may be \c NULL. If it is not \c NULL, it must - * point an initialized MPI. If it hasn't been used after + * point to an initialized MPI. If it hasn't been used after * the call to mbedtls_mpi_init(), this function will compute * the helper value and store it in \p _RR for reuse on * subsequent calls to this function. Otherwise, the function diff --git a/library/bignum.c b/library/bignum.c index 8b01bad6c..0d0d922c1 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -724,7 +724,7 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t bu size_t i, j; size_t const limbs = CHARS_TO_LIMBS( buflen ); - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); /* Ensure that target MPI has exactly the necessary number of limbs */ @@ -2009,7 +2009,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, { int ret; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( f_rng != NULL ); if( size > MBEDTLS_MPI_MAX_SIZE ) @@ -2192,7 +2192,7 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, size_t i, j, k, s; mbedtls_mpi W, R, T, A, RR; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( f_rng != NULL ); mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); @@ -2284,7 +2284,7 @@ int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, { int ret; mbedtls_mpi XX; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( f_rng != NULL ); XX.s = 1; @@ -2317,7 +2317,7 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( f_rng != NULL ); /* @@ -2353,7 +2353,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, mbedtls_mpi_uint r; mbedtls_mpi Y; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( f_rng != NULL ); if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS ) From 8ffc92a1e8f376820c6870a025495525125693f3 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 12 Dec 2018 14:21:59 +0100 Subject: [PATCH 313/415] Add parameter validation for the GCM module --- include/mbedtls/gcm.h | 87 +++++++++----- library/gcm.c | 46 +++++++- tests/CMakeLists.txt | 1 + tests/suites/helpers.function | 1 - tests/suites/test_suite_gcm.function | 160 ++++++++++++++++++++++++++ tests/suites/test_suite_gcm.misc.data | 2 + 6 files changed, 263 insertions(+), 34 deletions(-) create mode 100644 tests/suites/test_suite_gcm.misc.data diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 93d15ee80..f68643d10 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -85,7 +85,7 @@ mbedtls_gcm_context; * cipher, nor set the key. For this purpose, use * mbedtls_gcm_setkey(). * - * \param ctx The GCM context to initialize. + * \param ctx The GCM context to initialize. This must not be \c NULL. */ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); @@ -93,9 +93,10 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); * \brief This function associates a GCM context with a * cipher algorithm and a key. * - * \param ctx The GCM context to initialize. + * \param ctx The GCM context. This must be initialized. * \param cipher The 128-bit block cipher to use. - * \param key The encryption key. + * \param key The encryption key. This must be a readable buffer of at + * least \p keybits bits. * \param keybits The key size in bits. Valid options are: *
          • 128 bits
            • *
          • 192 bits
            • @@ -122,7 +123,8 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * authentic. You should use this function to perform encryption * only. For decryption, use mbedtls_gcm_auth_decrypt() instead. * - * \param ctx The GCM context to use for encryption or decryption. + * \param ctx The GCM context to use for encryption or decryption. This + * must be initialized. * \param mode The operation to perform: * - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption. * The ciphertext is written to \p output and the @@ -136,21 +138,28 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * calling this function in decryption mode. * \param length The length of the input data, which is equal to the length * of the output data. - * \param iv The initialization vector. + * \param iv The initialization vector. This must be a readable buffer of + * at least \p iv_len Bytes. * \param iv_len The length of the IV. - * \param add The buffer holding the additional data. + * \param add The buffer holding the additional data. If \p add_len is + * greater than zero, this must be of at least that size in + * Bytes. * \param add_len The length of the additional data. - * \param input The buffer holding the input data. Its size is \b length. - * \param output The buffer for holding the output data. It must have room - * for \b length bytes. + * \param input The buffer holding the input data. If \p length is greater + * than zero, this must be a readable buffer of at least that + * size in Bytes. + * \param output The buffer for holding the output data. If \p length is greater + * than zero, this must be a writable buffer of at least that + * size in Bytes. * \param tag_len The length of the tag to generate. - * \param tag The buffer for holding the tag. + * \param tag The buffer for holding the tag. This must be a readable + * buffer of at least \p tag_len Bytes. * * \return \c 0 if the encryption or decryption was performed * successfully. Note that in #MBEDTLS_GCM_DECRYPT mode, * this does not indicate that the data is authentic. - * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid or - * a cipher-specific error code if the encryption + * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are + * not valid or a cipher-specific error code if the encryption * or decryption failed. */ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, @@ -173,23 +182,31 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * input buffer. If the buffers overlap, the output buffer * must trail at least 8 Bytes behind the input buffer. * - * \param ctx The GCM context. + * \param ctx The GCM context. This must be initialized. * \param length The length of the ciphertext to decrypt, which is also * the length of the decrypted plaintext. - * \param iv The initialization vector. + * \param iv The initialization vector. This must be a readable buffer + * of at least \p iv_len Bytes. * \param iv_len The length of the IV. - * \param add The buffer holding the additional data. + * \param add The buffer holding the additional data. If \p add_len is + * greater than zero, this must be of at least that size in + * Bytes. * \param add_len The length of the additional data. - * \param tag The buffer holding the tag to verify. + * \param tag The buffer holding the tag to verify. This must be a + * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the tag to verify. - * \param input The buffer holding the ciphertext. Its size is \b length. - * \param output The buffer for holding the decrypted plaintext. It must - * have room for \b length bytes. + * \param input The buffer holding the ciphertext. If \p length is greater + * than zero, this must be a readable buffer of at least that + * size. + * \param output The buffer for holding the decrypted plaintext. If \p length + * is greater than zero, this must be a writable buffer of at + * least that size. * * \return \c 0 if successful and authenticated. * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match. - * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid or - * a cipher-specific error code if the decryption failed. + * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are + * not valid or a cipher-specific error code if the decryption + * failed. */ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, size_t length, @@ -206,15 +223,16 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, * \brief This function starts a GCM encryption or decryption * operation. * - * \param ctx The GCM context. + * \param ctx The GCM context. This must be initialized. * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or * #MBEDTLS_GCM_DECRYPT. - * \param iv The initialization vector. + * \param iv The initialization vector. This must be a readable buffer of + * at least \p iv_len Bytes. * \param iv_len The length of the IV. * \param add The buffer holding the additional data, or NULL * if \p add_len is 0. * \param add_len The length of the additional data. If 0, - * \p add is NULL. + * \p add may be NULL. * * \return \c 0 on success. */ @@ -237,11 +255,15 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, * input buffer. If the buffers overlap, the output buffer * must trail at least 8 Bytes behind the input buffer. * - * \param ctx The GCM context. + * \param ctx The GCM context. This must be initialized. * \param length The length of the input data. This must be a multiple of * 16 except in the last call before mbedtls_gcm_finish(). - * \param input The buffer holding the input data. - * \param output The buffer for holding the output data. + * \param input The buffer holding the input data. If \p length is greater + * than zero, this must be a readable buffer of at least that + * size in Bytes. + * \param output The buffer for holding the output data. If \p length is + * greater than zero, this must be a writable buffer of at + * least that size in Bytes. * * \return \c 0 on success. * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. @@ -258,9 +280,11 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, * It wraps up the GCM stream, and generates the * tag. The tag can have a maximum length of 16 Bytes. * - * \param ctx The GCM context. - * \param tag The buffer for holding the tag. - * \param tag_len The length of the tag to generate. Must be at least four. + * \param ctx The GCM context. This must be initialized. + * \param tag The buffer for holding the tag. This must be a readable + * buffer of at least \p tag_len Bytes. + * \param tag_len The length of the tag to generate. This must be at least + * four. * * \return \c 0 on success. * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. @@ -273,7 +297,8 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, * \brief This function clears a GCM context and the underlying * cipher sub-context. * - * \param ctx The GCM context to clear. + * \param ctx The GCM context to clear. If this is \c NULL, the call has + * no effect. */ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); diff --git a/library/gcm.c b/library/gcm.c index c486ef765..3e41eda9d 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -57,6 +57,12 @@ #if !defined(MBEDTLS_GCM_ALT) +/* Parameter validation macros */ +#define GCM_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT ) +#define GCM_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + /* * 32-bit integer manipulation macros (big endian) */ @@ -85,6 +91,7 @@ */ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ) { + GCM_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_gcm_context ) ); } @@ -164,6 +171,10 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, int ret; const mbedtls_cipher_info_t *cipher_info; + GCM_VALIDATE_RET( ctx != NULL ); + GCM_VALIDATE_RET( key != NULL ); + GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 ); + cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); if( cipher_info == NULL ) return( MBEDTLS_ERR_GCM_BAD_INPUT ); @@ -274,6 +285,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, const unsigned char *p; size_t use_len, olen = 0; + GCM_VALIDATE_RET( ctx != NULL ); + GCM_VALIDATE_RET( iv != NULL ); + GCM_VALIDATE_RET( add_len == 0 || add != NULL ); + /* IV and AD are limited to 2^64 bits, so 2^61 bytes */ /* IV is not allowed to be zero length */ if( iv_len == 0 || @@ -356,6 +371,10 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, unsigned char *out_p = output; size_t use_len, olen = 0; + GCM_VALIDATE_RET( ctx != NULL ); + GCM_VALIDATE_RET( length == 0 || input != NULL ); + GCM_VALIDATE_RET( length == 0 || output != NULL ); + if( output > input && (size_t) ( output - input ) < length ) return( MBEDTLS_ERR_GCM_BAD_INPUT ); @@ -409,8 +428,14 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, { unsigned char work_buf[16]; size_t i; - uint64_t orig_len = ctx->len * 8; - uint64_t orig_add_len = ctx->add_len * 8; + uint64_t orig_len; + uint64_t orig_add_len; + + GCM_VALIDATE_RET( ctx != NULL ); + GCM_VALIDATE_RET( tag != NULL ); + + orig_len = ctx->len * 8; + orig_add_len = ctx->add_len * 8; if( tag_len > 16 || tag_len < 4 ) return( MBEDTLS_ERR_GCM_BAD_INPUT ); @@ -452,6 +477,13 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, { int ret; + GCM_VALIDATE_RET( ctx != NULL ); + GCM_VALIDATE_RET( iv != NULL ); + GCM_VALIDATE_RET( add_len == 0 || add != NULL ); + GCM_VALIDATE_RET( length == 0 || input != NULL ); + GCM_VALIDATE_RET( length == 0 || output != NULL ); + GCM_VALIDATE_RET( tag != NULL ); + if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 ) return( ret ); @@ -480,6 +512,13 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, size_t i; int diff; + GCM_VALIDATE_RET( ctx != NULL ); + GCM_VALIDATE_RET( iv != NULL ); + GCM_VALIDATE_RET( add_len == 0 || add != NULL ); + GCM_VALIDATE_RET( tag != NULL ); + GCM_VALIDATE_RET( length == 0 || input != NULL ); + GCM_VALIDATE_RET( length == 0 || output != NULL ); + if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length, iv, iv_len, add, add_len, input, output, tag_len, check_tag ) ) != 0 ) @@ -502,6 +541,9 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) { + if( ctx == NULL ) { + return; + } mbedtls_cipher_free( &ctx->cipher_ctx ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); } diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 58126bedc..9e15249ea 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -92,6 +92,7 @@ add_test_suite(gcm gcm.aes128_de) add_test_suite(gcm gcm.aes192_de) add_test_suite(gcm gcm.aes256_de) add_test_suite(gcm gcm.camellia) +add_test_suite(gcm gcm.misc) add_test_suite(hkdf) add_test_suite(hmac_drbg hmac_drbg.misc) add_test_suite(hmac_drbg hmac_drbg.no_reseed) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 3aa5cd6d0..2e227f02c 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -632,4 +632,3 @@ int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) } return ret; } - diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 4d3bba161..434d42e81 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -103,6 +103,166 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void gcm_invalid_param( ) +{ + mbedtls_gcm_context ctx; + unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; + mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; + int valid_mode = MBEDTLS_GCM_ENCRYPT; + int valid_len = sizeof(valid_buffer); + int valid_bitlen = 128, invalid_bitlen = 1; + + mbedtls_gcm_init( &ctx ); + + /* mbedtls_gcm_init() */ + TEST_INVALID_PARAM( mbedtls_gcm_init( NULL ) ); + + /* mbedtls_gcm_setkey */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) ); + + /* mbedtls_gcm_crypt_and_tag() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_crypt_and_tag( NULL, valid_mode, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_len, valid_buffer ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len, + NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_len, valid_buffer ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len, + valid_buffer, valid_len, + NULL, valid_len, + valid_buffer, valid_buffer, + valid_len, valid_buffer ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + NULL, valid_buffer, + valid_len, valid_buffer ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, NULL, + valid_len, valid_buffer ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_len, NULL ) ); + + /* mbedtls_gcm_auth_decrypt() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_auth_decrypt( NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_auth_decrypt( &ctx, valid_len, + NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + NULL, valid_len, + valid_buffer, valid_buffer) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + NULL, valid_buffer) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, NULL) ); + + /* mbedtls_gcm_starts() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_starts( NULL, valid_mode, + valid_buffer, valid_len, + valid_buffer, valid_len ) ); + + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_starts( &ctx, valid_mode, + NULL, valid_len, + valid_buffer, valid_len ) ); + + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_starts( &ctx, valid_mode, + valid_buffer, valid_len, + NULL, valid_len ) ); + + /* mbedtls_gcm_update() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_update( NULL, valid_len, + valid_buffer, valid_buffer ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_update( &ctx, valid_len, + NULL, valid_buffer ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_update( &ctx, valid_len, + valid_buffer, NULL ) ); + + /* mbedtls_gcm_finish() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_finish( NULL, valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_GCM_BAD_INPUT, + mbedtls_gcm_finish( &ctx, NULL, valid_len ) ); + +exit: + mbedtls_gcm_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void gcm_selftest( ) { diff --git a/tests/suites/test_suite_gcm.misc.data b/tests/suites/test_suite_gcm.misc.data new file mode 100644 index 000000000..f22b7a3b7 --- /dev/null +++ b/tests/suites/test_suite_gcm.misc.data @@ -0,0 +1,2 @@ +GCM - Invalid parameters +gcm_invalid_param: From 5fccb3edf3d63c315e010be915a2f6b263340d63 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 12 Dec 2018 15:51:26 +0100 Subject: [PATCH 314/415] Add tests for valid NULL in gcm_free() --- tests/suites/test_suite_gcm.function | 9 +++++++++ tests/suites/test_suite_gcm.misc.data | 3 +++ 2 files changed, 12 insertions(+) diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 434d42e81..1fcb681b9 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -263,6 +263,15 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void gcm_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_gcm_free( NULL ) ); +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void gcm_selftest( ) { diff --git a/tests/suites/test_suite_gcm.misc.data b/tests/suites/test_suite_gcm.misc.data index f22b7a3b7..cf0152653 100644 --- a/tests/suites/test_suite_gcm.misc.data +++ b/tests/suites/test_suite_gcm.misc.data @@ -1,2 +1,5 @@ GCM - Invalid parameters gcm_invalid_param: + +GCM - Valid parameters +gcm_valid_param: From 2ae7ae5301e21188b455b5b39475b8043ca30217 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Thu, 13 Dec 2018 14:48:30 +0100 Subject: [PATCH 315/415] Doxygen comments improvement --- include/mbedtls/gcm.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index f68643d10..6a49c39c4 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -143,7 +143,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * \param iv_len The length of the IV. * \param add The buffer holding the additional data. If \p add_len is * greater than zero, this must be of at least that size in - * Bytes. + * Bytes. If `add_len == 0`, this may be \c NULL. * \param add_len The length of the additional data. * \param input The buffer holding the input data. If \p length is greater * than zero, this must be a readable buffer of at least that @@ -190,7 +190,7 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * \param iv_len The length of the IV. * \param add The buffer holding the additional data. If \p add_len is * greater than zero, this must be of at least that size in - * Bytes. + * Bytes. If `add_len == 0`, this may be \c NULL. * \param add_len The length of the additional data. * \param tag The buffer holding the tag to verify. This must be a * readable buffer of at least \p tag_len Bytes. @@ -229,10 +229,10 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, * \param iv The initialization vector. This must be a readable buffer of * at least \p iv_len Bytes. * \param iv_len The length of the IV. - * \param add The buffer holding the additional data, or NULL - * if \p add_len is 0. - * \param add_len The length of the additional data. If 0, - * \p add may be NULL. + * \param add The buffer holding the additional data, or \c NULL + * if \p add_len is \c 0. + * \param add_len The length of the additional data. If \c 0, + * \p add may be \c NULL. * * \return \c 0 on success. */ From 9af22e479072bedd1f50b88b26a6dca50d754c7d Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Thu, 13 Dec 2018 14:49:27 +0100 Subject: [PATCH 316/415] Update change log --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 0ead78009..4d7eb196f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,7 @@ API Changes in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. * Deprecate the Blowfish error MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH in favour of a new generic error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. + * Add validation checks for input parameters to functions in the GCM module. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update From 21298a20c4eab443694a7d34bfb1e3a5a41f01af Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Thu, 13 Dec 2018 17:11:58 +0100 Subject: [PATCH 317/415] Improve parameter validation in mbedtls_gcm_free() --- include/mbedtls/gcm.h | 2 +- library/gcm.c | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 6a49c39c4..cf8bed9a1 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -298,7 +298,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, * cipher sub-context. * * \param ctx The GCM context to clear. If this is \c NULL, the call has - * no effect. + * no effect. Otherwise, this must be initialized. */ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); diff --git a/library/gcm.c b/library/gcm.c index 3e41eda9d..675926a51 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -541,9 +541,8 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) { - if( ctx == NULL ) { + if( ctx == NULL ) return; - } mbedtls_cipher_free( &ctx->cipher_ctx ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); } From 6009ece91d6de0b137fb5afe740aaa55ee32555d Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 19 Dec 2018 13:24:29 +0100 Subject: [PATCH 318/415] Increase strictness of NULL parameter validity in GCM's doxygen --- include/mbedtls/gcm.h | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index cf8bed9a1..fccabb0d9 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -141,9 +141,8 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * \param iv The initialization vector. This must be a readable buffer of * at least \p iv_len Bytes. * \param iv_len The length of the IV. - * \param add The buffer holding the additional data. If \p add_len is - * greater than zero, this must be of at least that size in - * Bytes. If `add_len == 0`, this may be \c NULL. + * \param add The buffer holding the additional data. This must be of at + * least that size in Bytes. * \param add_len The length of the additional data. * \param input The buffer holding the input data. If \p length is greater * than zero, this must be a readable buffer of at least that @@ -188,9 +187,8 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * \param iv The initialization vector. This must be a readable buffer * of at least \p iv_len Bytes. * \param iv_len The length of the IV. - * \param add The buffer holding the additional data. If \p add_len is - * greater than zero, this must be of at least that size in - * Bytes. If `add_len == 0`, this may be \c NULL. + * \param add The buffer holding the additional data. This must be of at + * least that size in Bytes. * \param add_len The length of the additional data. * \param tag The buffer holding the tag to verify. This must be a * readable buffer of at least \p tag_len Bytes. From e0215d78697938e4df9410e6e4657e2dc7ca9afd Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Mon, 17 Dec 2018 10:20:30 +0100 Subject: [PATCH 319/415] Add Cipher module parameter validation --- include/mbedtls/cipher.h | 186 ++++++++++------ library/cipher.c | 74 ++++++- tests/CMakeLists.txt | 1 + tests/suites/test_suite_cipher.function | 258 +++++++++++++++++++++++ tests/suites/test_suite_cipher.misc.data | 2 + 5 files changed, 441 insertions(+), 80 deletions(-) create mode 100644 tests/suites/test_suite_cipher.misc.data diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 58a5d63dd..4df10e802 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -336,11 +336,12 @@ const int *mbedtls_cipher_list( void ); * \brief This function retrieves the cipher-information * structure associated with the given cipher name. * - * \param cipher_name Name of the cipher to search for. + * \param cipher_name Name of the cipher to search for. This can be \c NULL. * * \return The cipher information structure associated with the * given \p cipher_name. - * \return NULL if the associated cipher information is not found. + * \return \c NULL if the associated cipher information is not found + * or if \p cipher_name is \c NULL. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name ); @@ -352,7 +353,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher * * \return The cipher information structure associated with the * given \p cipher_type. - * \return NULL if the associated cipher information is not found. + * \return \c NULL if the associated cipher information is not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type ); @@ -368,7 +369,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher * * \return The cipher information structure associated with the * given \p cipher_id. - * \return NULL if the associated cipher information is not found. + * \return \c NULL if the associated cipher information is not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, int key_bitlen, @@ -376,6 +377,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_ciph /** * \brief This function initializes a \p cipher_context as NONE. + * + * \param ctx The context to be initialized. This must not be \c NULL. */ void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ); @@ -383,6 +386,9 @@ void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ); * \brief This function frees and clears the cipher-specific * context of \p ctx. Freeing \p ctx itself remains the * responsibility of the caller. + * + * \param ctx The context to be freed. If this is \c NULL, the + * function has no effect. */ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); @@ -392,8 +398,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); * structure with the appropriate values. It also clears * the structure. * - * \param ctx The context to initialize. May not be NULL. - * \param cipher_info The cipher to use. + * \param ctx The context to initialize. This must be initialized. + * \param cipher_info The cipher to use. This may not be \c NULL. * * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on @@ -405,17 +411,19 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); * In future versions, the caller will be required to call * mbedtls_cipher_init() on the structure first. */ -int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info ); +int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, + const mbedtls_cipher_info_t *cipher_info ); /** * \brief This function returns the block size of the given cipher. * - * \param ctx The context of the cipher. Must be initialized. + * \param ctx The context of the cipher. This must be initialized. * * \return The size of the blocks of the cipher. * \return 0 if \p ctx has not been initialized. */ -static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx ) +static inline unsigned int mbedtls_cipher_get_block_size( + const mbedtls_cipher_context_t *ctx ) { if( NULL == ctx || NULL == ctx->cipher_info ) return 0; @@ -427,12 +435,13 @@ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_c * \brief This function returns the mode of operation for * the cipher. For example, MBEDTLS_MODE_CBC. * - * \param ctx The context of the cipher. Must be initialized. + * \param ctx The context of the cipher. This must be initialized. * * \return The mode of operation. * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized. */ -static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx ) +static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( + const mbedtls_cipher_context_t *ctx ) { if( NULL == ctx || NULL == ctx->cipher_info ) return MBEDTLS_MODE_NONE; @@ -444,13 +453,14 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl * \brief This function returns the size of the IV or nonce * of the cipher, in Bytes. * - * \param ctx The context of the cipher. Must be initialized. + * \param ctx The context of the cipher. This must be initialized. * * \return The recommended IV size if no IV has been set. * \return \c 0 for ciphers not using an IV or a nonce. * \return The actual size if an IV has been set. */ -static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) +static inline int mbedtls_cipher_get_iv_size( + const mbedtls_cipher_context_t *ctx ) { if( NULL == ctx || NULL == ctx->cipher_info ) return 0; @@ -464,12 +474,13 @@ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ct /** * \brief This function returns the type of the given cipher. * - * \param ctx The context of the cipher. Must be initialized. + * \param ctx The context of the cipher. This must be initialized. * * \return The type of the cipher. * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized. */ -static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx ) +static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( + const mbedtls_cipher_context_t *ctx ) { if( NULL == ctx || NULL == ctx->cipher_info ) return MBEDTLS_CIPHER_NONE; @@ -481,12 +492,13 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_ciphe * \brief This function returns the name of the given cipher * as a string. * - * \param ctx The context of the cipher. Must be initialized. + * \param ctx The context of the cipher. This must be initialized. * * \return The name of the cipher. * \return NULL if \p ctx has not been not initialized. */ -static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx ) +static inline const char *mbedtls_cipher_get_name( + const mbedtls_cipher_context_t *ctx ) { if( NULL == ctx || NULL == ctx->cipher_info ) return 0; @@ -497,13 +509,14 @@ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_ /** * \brief This function returns the key length of the cipher. * - * \param ctx The context of the cipher. Must be initialized. + * \param ctx The context of the cipher. This must be initialized. * * \return The key length of the cipher in bits. * \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been * initialized. */ -static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx ) +static inline int mbedtls_cipher_get_key_bitlen( + const mbedtls_cipher_context_t *ctx ) { if( NULL == ctx || NULL == ctx->cipher_info ) return MBEDTLS_KEY_LENGTH_NONE; @@ -514,12 +527,13 @@ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t /** * \brief This function returns the operation of the given cipher. * - * \param ctx The context of the cipher. Must be initialized. + * \param ctx The context of the cipher. This must be initialized. * * \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized. */ -static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx ) +static inline mbedtls_operation_t mbedtls_cipher_get_operation( + const mbedtls_cipher_context_t *ctx ) { if( NULL == ctx || NULL == ctx->cipher_info ) return MBEDTLS_OPERATION_NONE; @@ -530,11 +544,12 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci /** * \brief This function sets the key to use with the given context. * - * \param ctx The generic cipher context. May not be NULL. Must have - * been initialized using mbedtls_cipher_info_from_type() - * or mbedtls_cipher_info_from_string(). - * \param key The key to use. - * \param key_bitlen The key length to use, in bits. + * \param ctx The generic cipher context. This must be initialized + * using mbedtls_cipher_info_from_type() or + * mbedtls_cipher_info_from_string(). + * \param key The key to use. This must be a readable buffer of at + * least \p key_bitlen Bits. + * \param key_bitlen The key length to use, in Bits. * \param operation The operation that the key will be used for: * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. * @@ -543,8 +558,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci * parameter-verification failure. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key, - int key_bitlen, const mbedtls_operation_t operation ); +int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, + const unsigned char *key, + int key_bitlen, + const mbedtls_operation_t operation ); #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) /** @@ -553,7 +570,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k * * The default passing mode is PKCS7 padding. * - * \param ctx The generic cipher context. + * \param ctx The generic cipher context. This must be initialized. * \param mode The padding mode. * * \return \c 0 on success. @@ -562,7 +579,8 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode * does not support padding. */ -int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode ); +int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, + mbedtls_cipher_padding_t mode ); #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ /** @@ -572,8 +590,9 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph * \note Some ciphers do not use IVs nor nonce. For these * ciphers, this function has no effect. * - * \param ctx The generic cipher context. - * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. + * \param ctx The generic cipher context. This must be initialized. + * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This + * must be a readable buffer of at least \p iv_len Bytes. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size IV. * @@ -582,12 +601,13 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph * parameter-verification failure. */ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len ); + const unsigned char *iv, + size_t iv_len ); /** * \brief This function resets the cipher state. * - * \param ctx The generic cipher context. + * \param ctx The generic cipher context. This must be initialized. * * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on @@ -599,10 +619,12 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); /** * \brief This function adds additional data for AEAD ciphers. * Currently supported with GCM and ChaCha20+Poly1305. - * Must be called exactly once, after mbedtls_cipher_reset(). + * This must be called exactly once, after + * mbedtls_cipher_reset(). * - * \param ctx The generic cipher context. - * \param ad The additional data to use. + * \param ctx The generic cipher context. This must be initialized. + * \param ad The additional data to use. If `ad_len > 0`, then this + * must be a readable buffer of at least \p ad_len Bytes. * \param ad_len the Length of \p ad. * * \return \c 0 on success. @@ -627,14 +649,16 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * mbedtls_cipher_finish(), must have \p ilen as a * multiple of the block size of the cipher. * - * \param ctx The generic cipher context. - * \param input The buffer holding the input data. + * \param ctx The generic cipher context. This must be initialized. + * \param input The buffer holding the input data. This must be a + * readable buffer of at least \p ilen Bytes. * \param ilen The length of the input data. - * \param output The buffer for the output data. Must be able to hold at - * least \p ilen + block_size. Must not be the same buffer - * as input. + * \param output The buffer for the output data. This must be able to + * hold at least \p ilen + block_size. This must not be the + * same buffer as \p input. * \param olen The length of the output data, to be updated with the - * actual number of Bytes written. + * actual number of Bytes written. This must not be + * \c NULL. * * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on @@ -652,9 +676,11 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * contained in it is padded to the size of * the last block, and written to the \p output buffer. * - * \param ctx The generic cipher context. - * \param output The buffer to write data to. Needs block_size available. + * \param ctx The generic cipher context. This must be initialized. + * \param output The buffer to write data to. This needs to be a writable + * buffer of at least \p block_size Bytes. * \param olen The length of the data written to the \p output buffer. + * This may not be \c NULL. * * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on @@ -672,10 +698,11 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, /** * \brief This function writes a tag for AEAD ciphers. * Currently supported with GCM and ChaCha20+Poly1305. - * Must be called after mbedtls_cipher_finish(). + * This must be called after mbedtls_cipher_finish(). * - * \param ctx The generic cipher context. - * \param tag The buffer to write the tag to. + * \param ctx The generic cipher context. This must be initialized. + * \param tag The buffer to write the tag to. This must be a readable + * boffer of at least \p tag_len Bytes. * \param tag_len The length of the tag to write. * * \return \c 0 on success. @@ -687,10 +714,11 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, /** * \brief This function checks the tag for AEAD ciphers. * Currently supported with GCM and ChaCha20+Poly1305. - * Must be called after mbedtls_cipher_finish(). + * This must be called after mbedtls_cipher_finish(). * - * \param ctx The generic cipher context. - * \param tag The buffer holding the tag. + * \param ctx The generic cipher context. This must be initialized. + * \param tag The buffer holding the tag. This must be a readable + * buffer of at least \p tag_len Bytes. * \param tag_len The length of the tag to check. * * \return \c 0 on success. @@ -704,18 +732,22 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, * \brief The generic all-in-one encryption/decryption function, * for all ciphers except AEAD constructs. * - * \param ctx The generic cipher context. + * \param ctx The generic cipher context. This must be initialized. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. + * If `iv_len > 0`, this must be a readable buffer of at + * least \p Bytes. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size * IV. - * \param input The buffer holding the input data. + * \param input The buffer holding the input data. This must be a + * readable buffer of at least \p ilen Bytes. * \param ilen The length of the input data. - * \param output The buffer for the output data. Must be able to hold at - * least \p ilen + block_size. Must not be the same buffer - * as input. + * \param output The buffer for the output data. This must be able to + * hold at least \p ilen + block_size. This must not be the + * same buffer as \p input. * \param olen The length of the output data, to be updated with the - * actual number of Bytes written. + * actual number of Bytes written. This must not be + * \c NULL. * * \note Some ciphers do not use IVs nor nonce. For these * ciphers, use \p iv = NULL and \p iv_len = 0. @@ -738,19 +770,26 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, /** * \brief The generic autenticated encryption (AEAD) function. * - * \param ctx The generic cipher context. + * \param ctx The generic cipher context. This must be initialized. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. + * This must be a readable buffer of at least \p iv_len + * Bytes. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size IV. - * \param ad The additional data to authenticate. + * \param ad The additional data to authenticate. If `ad_len > 0`, + * this must be a readable buffer of at least \p ad_len + * Bytes. * \param ad_len The length of \p ad. - * \param input The buffer holding the input data. + * \param input The buffer holding the input data. This must be a + * readable buffer of at least \p ilen Bytes. * \param ilen The length of the input data. - * \param output The buffer for the output data. - * Must be able to hold at least \p ilen. + * \param output The buffer for the output data. This must be able to + * hold at least \p ilen. * \param olen The length of the output data, to be updated with the - * actual number of Bytes written. - * \param tag The buffer for the authentication tag. + * actual number of Bytes written. This must not be + * \c NULL. + * \param tag The buffer for the authentication tag. This must be a + * writable buffer of at least \p tag_len Bytes. * \param tag_len The desired length of the authentication tag. * * \return \c 0 on success. @@ -772,19 +811,26 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * is zeroed out to prevent the unauthentic plaintext being * used, making this interface safer. * - * \param ctx The generic cipher context. + * \param ctx The generic cipher context. This must be initialized. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. + * This must be a readable buffer of at least \p iv_len + * Bytes. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size IV. - * \param ad The additional data to be authenticated. + * \param ad The additional data to be authenticated. If `ad_len > 0`, + * this must be a readable buffer of at least \p ad_len + * Bytes. * \param ad_len The length of \p ad. - * \param input The buffer holding the input data. + * \param input The buffer holding the input data. This must be a + * readable buffer of at least \p ilen Bytes. * \param ilen The length of the input data. * \param output The buffer for the output data. - * Must be able to hold at least \p ilen. + * This must be able to hold at least \p ilen Bytes. * \param olen The length of the output data, to be updated with the - * actual number of Bytes written. - * \param tag The buffer holding the authentication tag. + * actual number of Bytes written. This must not be + * \c NULL. + * \param tag The buffer holding the authentication tag. This must be + * a readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication tag. * * \return \c 0 on success. diff --git a/library/cipher.c b/library/cipher.c index d7acf34ee..d2078f6f6 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -65,6 +65,11 @@ #define mbedtls_free free #endif +#define CIPHER_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) +#define CIPHER_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) /* Compare the contents of two buffers in constant time. * Returns 0 if the contents are bitwise identical, otherwise returns @@ -150,6 +155,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_ciph void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ) { + CIPHER_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); } @@ -199,9 +205,14 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_in return( 0 ); } -int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key, - int key_bitlen, const mbedtls_operation_t operation ) +int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, + const unsigned char *key, + int key_bitlen, + const mbedtls_operation_t operation ) { + CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT || + operation == MBEDTLS_DECRYPT ); + if( NULL == ctx || NULL == ctx->cipher_info ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); @@ -234,9 +245,11 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k } int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len ) + const unsigned char *iv, + size_t iv_len ) { size_t actual_iv_size; + if( NULL == ctx || NULL == ctx->cipher_info ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); else if( NULL == iv && iv_len != 0 ) @@ -295,6 +308,8 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ) int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len ) { + CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); + if( NULL == ctx || NULL == ctx->cipher_info ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); @@ -335,9 +350,13 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i size_t ilen, unsigned char *output, size_t *olen ) { int ret; - size_t block_size = 0; + size_t block_size; - if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) + CIPHER_VALIDATE_RET( input != NULL ); + CIPHER_VALIDATE_RET( output != NULL ); + CIPHER_VALIDATE_RET( olen != NULL ); + + if( NULL == ctx || NULL == ctx->cipher_info ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } @@ -745,7 +764,10 @@ static int get_no_padding( unsigned char *input, size_t input_len, int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen ) { - if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) + CIPHER_VALIDATE_RET( output != NULL ); + CIPHER_VALIDATE_RET( olen != NULL ); + + if( NULL == ctx || NULL == ctx->cipher_info ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); *olen = 0; @@ -830,10 +852,13 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, } #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) -int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode ) +int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, + mbedtls_cipher_padding_t mode ) { - if( NULL == ctx || - MBEDTLS_MODE_CBC != ctx->cipher_info->mode ) + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); + + if( MBEDTLS_MODE_CBC != ctx->cipher_info->mode ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } @@ -881,7 +906,9 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len ) { - if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag ) + CIPHER_VALIDATE_RET( tag != NULL ); + + if( NULL == ctx || NULL == ctx->cipher_info ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); if( MBEDTLS_ENCRYPT != ctx->operation ) @@ -913,6 +940,8 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, unsigned char check_tag[16]; int ret; + CIPHER_VALIDATE_RET( tag != NULL ); + if( NULL == ctx || NULL == ctx->cipher_info || MBEDTLS_DECRYPT != ctx->operation ) { @@ -976,6 +1005,13 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, int ret; size_t finish_olen; + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); + CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); + CIPHER_VALIDATE_RET( input != NULL ); + CIPHER_VALIDATE_RET( output != NULL ); + CIPHER_VALIDATE_RET( olen != NULL ); + if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 ) return( ret ); @@ -1004,6 +1040,15 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len ) { + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); + CIPHER_VALIDATE_RET( iv != NULL ); + CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); + CIPHER_VALIDATE_RET( input != NULL ); + CIPHER_VALIDATE_RET( output != NULL ); + CIPHER_VALIDATE_RET( olen != NULL ); + CIPHER_VALIDATE_RET( tag != NULL ); + #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) { @@ -1051,6 +1096,15 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len ) { + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); + CIPHER_VALIDATE_RET( iv != NULL ); + CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); + CIPHER_VALIDATE_RET( input != NULL ); + CIPHER_VALIDATE_RET( output != NULL ); + CIPHER_VALIDATE_RET( olen != NULL ); + CIPHER_VALIDATE_RET( tag != NULL ); + #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) { diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 58126bedc..d7a144270 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -72,6 +72,7 @@ add_test_suite(cipher cipher.chacha20) add_test_suite(cipher cipher.chachapoly) add_test_suite(cipher cipher.des) add_test_suite(cipher cipher.gcm) +add_test_suite(cipher cipher.misc) add_test_suite(cipher cipher.null) add_test_suite(cipher cipher.padding) add_test_suite(cmac) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index c5bce7e50..3d559a3c9 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -91,6 +91,264 @@ void cipher_null_args( ) } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void cipher_invalid_param( ) +{ + mbedtls_cipher_context_t invalid_ctx; + mbedtls_cipher_context_t valid_ctx; + + mbedtls_operation_t invalid_operation = 100; + mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; + unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; + int valid_size = sizeof(valid_buffer); + int valid_bitlen = valid_size * 8; + size_t size_t_var; + + /* mbedtls_cipher_init() */ + TEST_VALID_PARAM( mbedtls_cipher_init( &invalid_ctx ) ); + TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) ); + + TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) ); + + /* mbedtls_cipher_setkey() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_setkey( &valid_ctx, + valid_buffer, + valid_bitlen, + invalid_operation ) ); + + /* mbedtls_cipher_set_padding_mode() */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_set_padding_mode( NULL, valid_mode ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_set_padding_mode( &invalid_ctx, + valid_mode ) ); + + /* mbedtls_cipher_update() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_update( &valid_ctx, + NULL, valid_size, + valid_buffer, + &size_t_var ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_update( &valid_ctx, + valid_buffer, valid_size, + NULL, + &size_t_var ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_update( &valid_ctx, + valid_buffer, valid_size, + valid_buffer, + NULL ) ); + + /* mbedtls_cipher_finish() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_finish( &valid_ctx, + NULL, + &size_t_var ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_finish( &valid_ctx, + valid_buffer, + NULL ) ); + + /* mbedtls_cipher_write_tag() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_write_tag( &valid_ctx, + NULL, + valid_size ) ); + + /* mbedtls_cipher_check_tag() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_check_tag( &valid_ctx, + NULL, + valid_size ) ); + + /* mbedtls_cipher_crypt() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_crypt( NULL, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_crypt( &invalid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_crypt( &valid_ctx, + NULL, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_crypt( &valid_ctx, + valid_buffer, valid_size, + NULL, valid_size, + valid_buffer, &size_t_var ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_crypt( &valid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + NULL, &size_t_var ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_crypt( &valid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, NULL ) ); + + /* mbedtls_cipher_auth_encrypt() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_encrypt( NULL, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_encrypt( &invalid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_encrypt( &valid_ctx, + NULL, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_encrypt( &valid_ctx, + valid_buffer, valid_size, + NULL, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_encrypt( &valid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + NULL, valid_size, + valid_buffer, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_encrypt( &valid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + NULL, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_encrypt( &valid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, NULL, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_encrypt( &valid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var, + NULL, valid_size ) ); + + /* mbedtls_cipher_auth_decrypt() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_decrypt( NULL, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_decrypt( &invalid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_decrypt( &valid_ctx, + NULL, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_decrypt( &valid_ctx, + valid_buffer, valid_size, + NULL, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_decrypt( &valid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + NULL, valid_size, + valid_buffer, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_decrypt( &valid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + NULL, &size_t_var, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_decrypt( &valid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, NULL, + valid_buffer, valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_auth_decrypt( &valid_ctx, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, valid_size, + valid_buffer, &size_t_var, + NULL, valid_size ) ); + + /* mbedtls_cipher_free() */ + TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) ); +exit: + TEST_VALID_PARAM( mbedtls_cipher_free( &invalid_ctx ) ); + TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_AES_C */ void cipher_special_behaviours( ) { diff --git a/tests/suites/test_suite_cipher.misc.data b/tests/suites/test_suite_cipher.misc.data new file mode 100644 index 000000000..4ef257fe5 --- /dev/null +++ b/tests/suites/test_suite_cipher.misc.data @@ -0,0 +1,2 @@ +CIPHER - Invalid parameters +cipher_invalid_param: \ No newline at end of file From a539070f822cac577cf49c314573cdfdde14d7f6 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Mon, 17 Dec 2018 11:27:03 +0100 Subject: [PATCH 320/415] Make all parameter validation tests optional --- library/cipher.c | 48 +++---- tests/suites/test_suite_cipher.function | 172 +++++++++++++++++------- 2 files changed, 143 insertions(+), 77 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index d2078f6f6..c45a1a430 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -181,8 +181,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info ) { - if( NULL == cipher_info || NULL == ctx ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( cipher_info != NULL ); memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); @@ -210,12 +210,12 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, int key_bitlen, const mbedtls_operation_t operation ) { + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); + CIPHER_VALIDATE_RET( key != NULL ); CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT || operation == MBEDTLS_DECRYPT ); - if( NULL == ctx || NULL == ctx->cipher_info ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 && (int) ctx->cipher_info->key_bitlen != key_bitlen ) { @@ -250,10 +250,9 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, { size_t actual_iv_size; - if( NULL == ctx || NULL == ctx->cipher_info ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - else if( NULL == iv && iv_len != 0 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); + CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); if( NULL == iv && iv_len == 0 ) ctx->iv_size = 0; @@ -296,8 +295,8 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); ctx->unprocessed_len = 0; @@ -308,11 +307,10 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ) int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len ) { + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - if( NULL == ctx || NULL == ctx->cipher_info ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) { @@ -352,15 +350,12 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i int ret; size_t block_size; + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( input != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); - if( NULL == ctx || NULL == ctx->cipher_info ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - } - *olen = 0; block_size = mbedtls_cipher_get_block_size( ctx ); @@ -764,12 +759,11 @@ static int get_no_padding( unsigned char *input, size_t input_len, int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen ) { + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); - if( NULL == ctx || NULL == ctx->cipher_info ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - *olen = 0; if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode || @@ -906,11 +900,10 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len ) { + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( tag != NULL ); - if( NULL == ctx || NULL == ctx->cipher_info ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - if( MBEDTLS_ENCRYPT != ctx->operation ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); @@ -940,10 +933,11 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, unsigned char check_tag[16]; int ret; + CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( tag != NULL ); - if( NULL == ctx || NULL == ctx->cipher_info || - MBEDTLS_DECRYPT != ctx->operation ) + if( MBEDTLS_DECRYPT != ctx->operation ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 3d559a3c9..dd997b089 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -25,9 +25,6 @@ void mbedtls_cipher_list( ) void cipher_null_args( ) { mbedtls_cipher_context_t ctx; - const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type( *( mbedtls_cipher_list() ) ); - unsigned char buf[1] = { 0 }; - size_t olen; mbedtls_cipher_init( &ctx ); @@ -41,53 +38,6 @@ void cipher_null_args( ) TEST_ASSERT( mbedtls_cipher_get_iv_size( &ctx ) == 0 ); TEST_ASSERT( mbedtls_cipher_info_from_string( NULL ) == NULL ); - - TEST_ASSERT( mbedtls_cipher_setup( &ctx, NULL ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_cipher_setup( NULL, info ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - TEST_ASSERT( mbedtls_cipher_setkey( NULL, buf, 0, MBEDTLS_ENCRYPT ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_cipher_setkey( &ctx, buf, 0, MBEDTLS_ENCRYPT ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - TEST_ASSERT( mbedtls_cipher_set_iv( NULL, buf, 0 ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, buf, 0 ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - TEST_ASSERT( mbedtls_cipher_reset( NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - -#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - TEST_ASSERT( mbedtls_cipher_update_ad( NULL, buf, 0 ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_cipher_update_ad( &ctx, buf, 0 ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); -#endif - - TEST_ASSERT( mbedtls_cipher_update( NULL, buf, 0, buf, &olen ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_cipher_update( &ctx, buf, 0, buf, &olen ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - TEST_ASSERT( mbedtls_cipher_finish( NULL, buf, &olen ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_cipher_finish( &ctx, buf, &olen ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - -#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - TEST_ASSERT( mbedtls_cipher_write_tag( NULL, buf, olen ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_cipher_write_tag( &ctx, buf, olen ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - TEST_ASSERT( mbedtls_cipher_check_tag( NULL, buf, olen ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_cipher_check_tag( &ctx, buf, olen ) - == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); -#endif } /* END_CASE */ @@ -97,11 +47,15 @@ void cipher_invalid_param( ) mbedtls_cipher_context_t invalid_ctx; mbedtls_cipher_context_t valid_ctx; + mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; mbedtls_operation_t invalid_operation = 100; mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; int valid_size = sizeof(valid_buffer); int valid_bitlen = valid_size * 8; + const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( + *( mbedtls_cipher_list() ) ); + size_t size_t_var; /* mbedtls_cipher_init() */ @@ -110,7 +64,33 @@ void cipher_invalid_param( ) TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) ); + /* mbedtls_cipher_setup() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_setup( NULL, valid_info ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_setup( &valid_ctx, NULL ) ); + /* mbedtls_cipher_setkey() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_setkey( NULL, + valid_buffer, + valid_bitlen, + valid_operation ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_setkey( &invalid_ctx, + valid_buffer, + valid_bitlen, + valid_operation ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_setkey( &valid_ctx, + NULL, + valid_bitlen, + valid_operation ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_setkey( &valid_ctx, @@ -118,14 +98,72 @@ void cipher_invalid_param( ) valid_bitlen, invalid_operation ) ); + /* mbedtls_cipher_set_iv() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_set_iv( NULL, + valid_buffer, + valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_set_iv( &invalid_ctx, + valid_buffer, + valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_set_iv( &valid_ctx, + NULL, + valid_size ) ); + + /* mbedtls_cipher_reset() */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_reset( NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_reset( &invalid_ctx ) ); + +#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) + /* mbedtls_cipher_update_ad() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_update_ad( NULL, + valid_buffer, + valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_update_ad( &invalid_ctx, + valid_buffer, + valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_update_ad( &valid_ctx, + NULL, + valid_size ) ); +#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ + +#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) /* mbedtls_cipher_set_padding_mode() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_set_padding_mode( NULL, valid_mode ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) ); +#endif /* mbedtls_cipher_update() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_update( NULL, + valid_buffer, + valid_size, + valid_buffer, + &size_t_var ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_update( &invalid_ctx, + valid_buffer, + valid_size, + valid_buffer, + &size_t_var ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_update( &valid_ctx, @@ -146,6 +184,16 @@ void cipher_invalid_param( ) NULL ) ); /* mbedtls_cipher_finish() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_finish( NULL, + valid_buffer, + &size_t_var ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_finish( &invalid_ctx, + valid_buffer, + &size_t_var ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_finish( &valid_ctx, @@ -157,7 +205,18 @@ void cipher_invalid_param( ) valid_buffer, NULL ) ); +#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) /* mbedtls_cipher_write_tag() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_write_tag( NULL, + valid_buffer, + valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_write_tag( &invalid_ctx, + valid_buffer, + valid_size ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_write_tag( &valid_ctx, @@ -165,11 +224,22 @@ void cipher_invalid_param( ) valid_size ) ); /* mbedtls_cipher_check_tag() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_check_tag( NULL, + valid_buffer, + valid_size ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_check_tag( &invalid_ctx, + valid_buffer, + valid_size ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_check_tag( &valid_ctx, NULL, valid_size ) ); +#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ /* mbedtls_cipher_crypt() */ TEST_INVALID_PARAM_RET( @@ -209,6 +279,7 @@ void cipher_invalid_param( ) valid_buffer, valid_size, valid_buffer, NULL ) ); +#if defined(MBEDTLS_CIPHER_MODE_AEAD) /* mbedtls_cipher_auth_encrypt() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, @@ -340,6 +411,7 @@ void cipher_invalid_param( ) valid_buffer, valid_size, valid_buffer, &size_t_var, NULL, valid_size ) ); +#endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */ /* mbedtls_cipher_free() */ TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) ); From d5913bc115c8850ac05bec7dba635b014110f80e Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 18 Dec 2018 14:59:16 +0100 Subject: [PATCH 321/415] Improve documentation of the parameter validation in the Cipher module --- include/mbedtls/cipher.h | 103 +++++++++++++++++++++++---------------- 1 file changed, 61 insertions(+), 42 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 4df10e802..1e81ac256 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -336,12 +336,12 @@ const int *mbedtls_cipher_list( void ); * \brief This function retrieves the cipher-information * structure associated with the given cipher name. * - * \param cipher_name Name of the cipher to search for. This can be \c NULL. + * \param cipher_name Name of the cipher to search for. This must not be + * \c NULL. * * \return The cipher information structure associated with the * given \p cipher_name. - * \return \c NULL if the associated cipher information is not found - * or if \p cipher_name is \c NULL. + * \return \c NULL if the associated cipher information is not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name ); @@ -388,7 +388,8 @@ void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ); * responsibility of the caller. * * \param ctx The context to be freed. If this is \c NULL, the - * function has no effect. + * function has no effect, otherwise this must point to an + * initialized context. */ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); @@ -419,8 +420,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, * * \param ctx The context of the cipher. This must be initialized. * - * \return The size of the blocks of the cipher. - * \return 0 if \p ctx has not been initialized. + * \return The block size of the underlying cipher. + * \return \c 0 if \p ctx has not been initialized. */ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx ) @@ -544,9 +545,8 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( /** * \brief This function sets the key to use with the given context. * - * \param ctx The generic cipher context. This must be initialized - * using mbedtls_cipher_info_from_type() or - * mbedtls_cipher_info_from_string(). + * \param ctx The generic cipher context. This must be initialized and + * bound to a cipher information structure. * \param key The key to use. This must be a readable buffer of at * least \p key_bitlen Bits. * \param key_bitlen The key length to use, in Bits. @@ -570,7 +570,8 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, * * The default passing mode is PKCS7 padding. * - * \param ctx The generic cipher context. This must be initialized. + * \param ctx The generic cipher context. This must be initialized and + * bound to a cipher information structure. * \param mode The padding mode. * * \return \c 0 on success. @@ -590,9 +591,11 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, * \note Some ciphers do not use IVs nor nonce. For these * ciphers, this function has no effect. * - * \param ctx The generic cipher context. This must be initialized. - * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This - * must be a readable buffer of at least \p iv_len Bytes. + * \param ctx The generic cipher context. This must be initialized and + * bound to a cipher information structure. + * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. If + * `iv_len > 0`, this may be \c NULL, otherwise this must be a + * readable buffer of at least \p iv_len Bytes. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size IV. * @@ -624,8 +627,9 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); * * \param ctx The generic cipher context. This must be initialized. * \param ad The additional data to use. If `ad_len > 0`, then this - * must be a readable buffer of at least \p ad_len Bytes. - * \param ad_len the Length of \p ad. + * must be a readable buffer of at least \p ad_len Bytes, + * otherwise this may be \c NULL. + * \param ad_len the Length of \p ad Bytes. * * \return \c 0 on success. * \return A specific error code on failure. @@ -649,12 +653,14 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * mbedtls_cipher_finish(), must have \p ilen as a * multiple of the block size of the cipher. * - * \param ctx The generic cipher context. This must be initialized. + * \param ctx The generic cipher context. This must be initialized and + * bound to a key. * \param input The buffer holding the input data. This must be a - * readable buffer of at least \p ilen Bytes. + * readable buffer of at least \p ilen Bytes. If + * `ilen == 0`, this may be \c NULL. * \param ilen The length of the input data. * \param output The buffer for the output data. This must be able to - * hold at least \p ilen + block_size. This must not be the + * hold at least `ilen + block_size`. This must not be the * same buffer as \p input. * \param olen The length of the output data, to be updated with the * actual number of Bytes written. This must not be @@ -676,7 +682,8 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * contained in it is padded to the size of * the last block, and written to the \p output buffer. * - * \param ctx The generic cipher context. This must be initialized. + * \param ctx The generic cipher context. This must be initialized and + * bound to a key. * \param output The buffer to write data to. This needs to be a writable * buffer of at least \p block_size Bytes. * \param olen The length of the data written to the \p output buffer. @@ -700,9 +707,13 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, * Currently supported with GCM and ChaCha20+Poly1305. * This must be called after mbedtls_cipher_finish(). * - * \param ctx The generic cipher context. This must be initialized. - * \param tag The buffer to write the tag to. This must be a readable - * boffer of at least \p tag_len Bytes. + * \param ctx The generic cipher context. This must be initialized, + * bound to a key, and have just completed a cipher + * operation through mbedtls_cipher_finish() the tag for + * which should be written. + * \param tag The buffer to write the tag to. This must be a writable + * buffer of at least \p tag_len Bytes. If `tag_len == 0`, + * this may be \c NULL. * \param tag_len The length of the tag to write. * * \return \c 0 on success. @@ -717,8 +728,9 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, * This must be called after mbedtls_cipher_finish(). * * \param ctx The generic cipher context. This must be initialized. - * \param tag The buffer holding the tag. This must be a readable - * buffer of at least \p tag_len Bytes. + * \param tag The buffer holding the tag. If `tag_len > 0`, then this + * must be a readable buffer of at least \p tag_len Bytes, + * otherwise this may be \c NULL. * \param tag_len The length of the tag to check. * * \return \c 0 on success. @@ -735,15 +747,16 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, * \param ctx The generic cipher context. This must be initialized. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. * If `iv_len > 0`, this must be a readable buffer of at - * least \p Bytes. + * least \p iv_len Bytes, otherwise this may be \c NULL. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size * IV. - * \param input The buffer holding the input data. This must be a - * readable buffer of at least \p ilen Bytes. - * \param ilen The length of the input data. + * \param input The buffer holding the input data. If `ilen > 0`, then + * this must be a readable buffer of at least \p ilen + * Bytes, otherwise this may be \c NULL. + * \param ilen The length of the input data in Bytes. * \param output The buffer for the output data. This must be able to - * hold at least \p ilen + block_size. This must not be the + * hold at least `ilen + block_size`. This must not be the * same buffer as \p input. * \param olen The length of the output data, to be updated with the * actual number of Bytes written. This must not be @@ -770,7 +783,8 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, /** * \brief The generic autenticated encryption (AEAD) function. * - * \param ctx The generic cipher context. This must be initialized. + * \param ctx The generic cipher context. This must be initialized and + * bound to a key. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. * This must be a readable buffer of at least \p iv_len * Bytes. @@ -778,18 +792,20 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * This parameter is discarded by ciphers with fixed-size IV. * \param ad The additional data to authenticate. If `ad_len > 0`, * this must be a readable buffer of at least \p ad_len - * Bytes. + * Bytes, otherwise this may be \c NULL. * \param ad_len The length of \p ad. - * \param input The buffer holding the input data. This must be a - * readable buffer of at least \p ilen Bytes. + * \param input The buffer holding the input data. If `ilen > 0`, then + * this must be a readable buffer of at least \p ilen + * Bytes, otherwise this may be \c NULL. * \param ilen The length of the input data. * \param output The buffer for the output data. This must be able to - * hold at least \p ilen. + * hold at least \p ilen Bytes. * \param olen The length of the output data, to be updated with the * actual number of Bytes written. This must not be * \c NULL. - * \param tag The buffer for the authentication tag. This must be a - * writable buffer of at least \p tag_len Bytes. + * \param tag The buffer for the authentication tag. If `tag_len > 0`, + * then this must be a writable buffer of at least + * \p tag_len Bytes, otherwise this may be \c NULL. * \param tag_len The desired length of the authentication tag. * * \return \c 0 on success. @@ -811,7 +827,8 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * is zeroed out to prevent the unauthentic plaintext being * used, making this interface safer. * - * \param ctx The generic cipher context. This must be initialized. + * \param ctx The generic cipher context. This must be initialized and + * and bound to a key. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. * This must be a readable buffer of at least \p iv_len * Bytes. @@ -819,18 +836,20 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * This parameter is discarded by ciphers with fixed-size IV. * \param ad The additional data to be authenticated. If `ad_len > 0`, * this must be a readable buffer of at least \p ad_len - * Bytes. + * Bytes, otherwise this may be \c NULL. * \param ad_len The length of \p ad. - * \param input The buffer holding the input data. This must be a - * readable buffer of at least \p ilen Bytes. + * \param input The buffer holding the input data. If `ilen > 0`, then + * this must be a readable buffer of at least \p ilen + * Bytes, otherwise, this may be \c NULL. * \param ilen The length of the input data. * \param output The buffer for the output data. * This must be able to hold at least \p ilen Bytes. * \param olen The length of the output data, to be updated with the * actual number of Bytes written. This must not be * \c NULL. - * \param tag The buffer holding the authentication tag. This must be - * a readable buffer of at least \p tag_len Bytes. + * \param tag The buffer holding the authentication tag. If + * `tag_len > 0`, then this must be a readable buffer of at + * least \p tag_len Bytes, otherwise this can be \c NULL. * \param tag_len The length of the authentication tag. * * \return \c 0 on success. From c29d94c7bfbe47c5c298720e4e0e970d415b1225 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 18 Dec 2018 15:09:56 +0100 Subject: [PATCH 322/415] Account for optional NULL buffer arguments in the Cipher module --- library/cipher.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index c45a1a430..14ff37111 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -254,9 +254,6 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - if( NULL == iv && iv_len == 0 ) - ctx->iv_size = 0; - /* avoid buffer overflow in ctx->iv */ if( iv_len > MBEDTLS_MAX_IV_LENGTH ) return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); @@ -352,7 +349,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i CIPHER_VALIDATE_RET( ctx != NULL ); CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); - CIPHER_VALIDATE_RET( input != NULL ); + CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); @@ -902,7 +899,7 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, { CIPHER_VALIDATE_RET( ctx != NULL ); CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); - CIPHER_VALIDATE_RET( tag != NULL ); + CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); if( MBEDTLS_ENCRYPT != ctx->operation ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); @@ -935,7 +932,7 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( ctx != NULL ); CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); - CIPHER_VALIDATE_RET( tag != NULL ); + CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); if( MBEDTLS_DECRYPT != ctx->operation ) { @@ -1002,7 +999,7 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( ctx != NULL ); CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( input != NULL ); + CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); @@ -1038,10 +1035,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( iv != NULL ); CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( input != NULL ); + CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); - CIPHER_VALIDATE_RET( tag != NULL ); + CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) @@ -1094,10 +1091,10 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( iv != NULL ); CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( input != NULL ); + CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); - CIPHER_VALIDATE_RET( tag != NULL ); + CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) From 90b8d4a11e36928d9258985f3aa914e9cd2eda1a Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 18 Dec 2018 16:12:34 +0100 Subject: [PATCH 323/415] Include static cipher functions in the parameter validation scheme --- include/mbedtls/cipher.h | 35 ++++++----- tests/suites/test_suite_cipher.function | 64 ++++++++++++++------- tests/suites/test_suite_cipher.padding.data | 3 - 3 files changed, 65 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 1e81ac256..3c6077b04 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -36,6 +36,7 @@ #endif #include +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) #define MBEDTLS_CIPHER_MODE_AEAD @@ -426,8 +427,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return 0; + MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); + MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, 0 ); return ctx->cipher_info->block_size; } @@ -444,8 +445,8 @@ static inline unsigned int mbedtls_cipher_get_block_size( static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return MBEDTLS_MODE_NONE; + MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE ); + MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, MBEDTLS_MODE_NONE ); return ctx->cipher_info->mode; } @@ -463,8 +464,8 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return 0; + MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); + MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, 0 ); if( ctx->iv_size != 0 ) return (int) ctx->iv_size; @@ -483,8 +484,10 @@ static inline int mbedtls_cipher_get_iv_size( static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return MBEDTLS_CIPHER_NONE; + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx != NULL, MBEDTLS_CIPHER_NONE ); + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx->cipher_info != NULL, MBEDTLS_CIPHER_NONE ); return ctx->cipher_info->type; } @@ -501,8 +504,8 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return 0; + MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); + MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, 0 ); return ctx->cipher_info->name; } @@ -519,8 +522,10 @@ static inline const char *mbedtls_cipher_get_name( static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return MBEDTLS_KEY_LENGTH_NONE; + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx != NULL, MBEDTLS_KEY_LENGTH_NONE ); + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx->cipher_info != NULL, MBEDTLS_KEY_LENGTH_NONE ); return (int) ctx->cipher_info->key_bitlen; } @@ -536,8 +541,10 @@ static inline int mbedtls_cipher_get_key_bitlen( static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return MBEDTLS_OPERATION_NONE; + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx != NULL, MBEDTLS_OPERATION_NONE ); + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx->cipher_info != NULL, MBEDTLS_OPERATION_NONE ); return ctx->operation; } diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index dd997b089..fba32fdd6 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -21,26 +21,6 @@ void mbedtls_cipher_list( ) } /* END_CASE */ -/* BEGIN_CASE */ -void cipher_null_args( ) -{ - mbedtls_cipher_context_t ctx; - - mbedtls_cipher_init( &ctx ); - - TEST_ASSERT( mbedtls_cipher_get_block_size( NULL ) == 0 ); - TEST_ASSERT( mbedtls_cipher_get_block_size( &ctx ) == 0 ); - - TEST_ASSERT( mbedtls_cipher_get_cipher_mode( NULL ) == MBEDTLS_MODE_NONE ); - TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &ctx ) == MBEDTLS_MODE_NONE ); - - TEST_ASSERT( mbedtls_cipher_get_iv_size( NULL ) == 0 ); - TEST_ASSERT( mbedtls_cipher_get_iv_size( &ctx ) == 0 ); - - TEST_ASSERT( mbedtls_cipher_info_from_string( NULL ) == NULL ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void cipher_invalid_param( ) { @@ -72,6 +52,50 @@ void cipher_invalid_param( ) MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_setup( &valid_ctx, NULL ) ); + /* mbedtls_cipher_get_block_size() */ + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) ); + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( &invalid_ctx ) ); + + /* mbedtls_cipher_get_cipher_mode() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_MODE_NONE, + mbedtls_cipher_get_cipher_mode( NULL ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_MODE_NONE, + mbedtls_cipher_get_cipher_mode( &invalid_ctx ) ); + + /* mbedtls_cipher_get_iv_size() */ + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) ); + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( &invalid_ctx ) ); + + /* mbedtls_cipher_get_type() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_CIPHER_NONE, + mbedtls_cipher_get_type( NULL ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_CIPHER_NONE, + mbedtls_cipher_get_type( &invalid_ctx ) ); + + /* mbedtls_cipher_get_name() */ + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) ); + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( &invalid_ctx ) ); + + /* mbedtls_cipher_get_key_bitlen() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_KEY_LENGTH_NONE, + mbedtls_cipher_get_key_bitlen( NULL ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_KEY_LENGTH_NONE, + mbedtls_cipher_get_key_bitlen( &invalid_ctx ) ); + + /* mbedtls_cipher_get_operation() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_OPERATION_NONE, + mbedtls_cipher_get_operation( NULL ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_OPERATION_NONE, + mbedtls_cipher_get_operation( &invalid_ctx ) ); + /* mbedtls_cipher_setkey() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data index 1c0ba0980..dc4c9d70b 100644 --- a/tests/suites/test_suite_cipher.padding.data +++ b/tests/suites/test_suite_cipher.padding.data @@ -1,9 +1,6 @@ Cipher list mbedtls_cipher_list: -Cipher null/uninitialised arguments -cipher_null_args: - Set padding with AES-CBC depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 set_padding:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_PKCS7:0 From 5b01f8b3ae97b889ae7f68e15b5c6c65cd33f36c Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 18 Dec 2018 16:15:12 +0100 Subject: [PATCH 324/415] Add a new line at the end of the test data file --- tests/suites/test_suite_cipher.misc.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_cipher.misc.data b/tests/suites/test_suite_cipher.misc.data index 4ef257fe5..07783c300 100644 --- a/tests/suites/test_suite_cipher.misc.data +++ b/tests/suites/test_suite_cipher.misc.data @@ -1,2 +1,2 @@ CIPHER - Invalid parameters -cipher_invalid_param: \ No newline at end of file +cipher_invalid_param: From d409285cfa2c88a547f61811ebac5a9fcedd720a Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 18 Dec 2018 17:02:05 +0100 Subject: [PATCH 325/415] Add a change log entry --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0ead78009..839cefdd5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,8 @@ API Changes in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. * Deprecate the Blowfish error MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH in favour of a new generic error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. + * Add validation checks for input parameters to functions in the Cipher + module. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update From 6df25e793009466a857140127732dce01db9b686 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 19 Dec 2018 11:22:40 +0100 Subject: [PATCH 326/415] Increase strictness of NULL parameter validity in Cipher's doxygen --- include/mbedtls/cipher.h | 60 ++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 36 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 3c6077b04..dc7644396 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -600,9 +600,8 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, * * \param ctx The generic cipher context. This must be initialized and * bound to a cipher information structure. - * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. If - * `iv_len > 0`, this may be \c NULL, otherwise this must be a - * readable buffer of at least \p iv_len Bytes. + * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This + * must be a readable buffer of at least \p iv_len Bytes. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size IV. * @@ -633,9 +632,8 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); * mbedtls_cipher_reset(). * * \param ctx The generic cipher context. This must be initialized. - * \param ad The additional data to use. If `ad_len > 0`, then this - * must be a readable buffer of at least \p ad_len Bytes, - * otherwise this may be \c NULL. + * \param ad The additional data to use. This must be a readable + * buffer of at least \p ad_len Bytes. * \param ad_len the Length of \p ad Bytes. * * \return \c 0 on success. @@ -663,8 +661,7 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * \param ctx The generic cipher context. This must be initialized and * bound to a key. * \param input The buffer holding the input data. This must be a - * readable buffer of at least \p ilen Bytes. If - * `ilen == 0`, this may be \c NULL. + * readable buffer of at least \p ilen Bytes. * \param ilen The length of the input data. * \param output The buffer for the output data. This must be able to * hold at least `ilen + block_size`. This must not be the @@ -719,8 +716,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, * operation through mbedtls_cipher_finish() the tag for * which should be written. * \param tag The buffer to write the tag to. This must be a writable - * buffer of at least \p tag_len Bytes. If `tag_len == 0`, - * this may be \c NULL. + * buffer of at least \p tag_len Bytes. * \param tag_len The length of the tag to write. * * \return \c 0 on success. @@ -735,9 +731,8 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, * This must be called after mbedtls_cipher_finish(). * * \param ctx The generic cipher context. This must be initialized. - * \param tag The buffer holding the tag. If `tag_len > 0`, then this - * must be a readable buffer of at least \p tag_len Bytes, - * otherwise this may be \c NULL. + * \param tag The buffer holding the tag. This must be a readable + * buffer of at least \p tag_len Bytes. * \param tag_len The length of the tag to check. * * \return \c 0 on success. @@ -753,14 +748,13 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, * * \param ctx The generic cipher context. This must be initialized. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. - * If `iv_len > 0`, this must be a readable buffer of at - * least \p iv_len Bytes, otherwise this may be \c NULL. + * This must be a readable buffer of at least \p iv_len + * Bytes. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size * IV. - * \param input The buffer holding the input data. If `ilen > 0`, then - * this must be a readable buffer of at least \p ilen - * Bytes, otherwise this may be \c NULL. + * \param input The buffer holding the input data. This must be a + * readable buffer of at least \p ilen Bytes. * \param ilen The length of the input data in Bytes. * \param output The buffer for the output data. This must be able to * hold at least `ilen + block_size`. This must not be the @@ -797,22 +791,19 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * Bytes. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size IV. - * \param ad The additional data to authenticate. If `ad_len > 0`, - * this must be a readable buffer of at least \p ad_len - * Bytes, otherwise this may be \c NULL. + * \param ad The additional data to authenticate. This must be a + * readable buffer of at least \p ad_len Bytes. * \param ad_len The length of \p ad. - * \param input The buffer holding the input data. If `ilen > 0`, then - * this must be a readable buffer of at least \p ilen - * Bytes, otherwise this may be \c NULL. + * \param input The buffer holding the input data. This must be a + * readable buffer of at least \p ilen Bytes. * \param ilen The length of the input data. * \param output The buffer for the output data. This must be able to * hold at least \p ilen Bytes. * \param olen The length of the output data, to be updated with the * actual number of Bytes written. This must not be * \c NULL. - * \param tag The buffer for the authentication tag. If `tag_len > 0`, - * then this must be a writable buffer of at least - * \p tag_len Bytes, otherwise this may be \c NULL. + * \param tag The buffer for the authentication tag. This must be a + * writable buffer of at least \p tag_len Bytes. * \param tag_len The desired length of the authentication tag. * * \return \c 0 on success. @@ -841,22 +832,19 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * Bytes. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size IV. - * \param ad The additional data to be authenticated. If `ad_len > 0`, - * this must be a readable buffer of at least \p ad_len - * Bytes, otherwise this may be \c NULL. + * \param ad The additional data to be authenticated. This must be a + * readable buffer of at least \p ad_len Bytes. * \param ad_len The length of \p ad. - * \param input The buffer holding the input data. If `ilen > 0`, then - * this must be a readable buffer of at least \p ilen - * Bytes, otherwise, this may be \c NULL. + * \param input The buffer holding the input data. This must be a + * readable buffer of at least \p ilen Bytes. * \param ilen The length of the input data. * \param output The buffer for the output data. * This must be able to hold at least \p ilen Bytes. * \param olen The length of the output data, to be updated with the * actual number of Bytes written. This must not be * \c NULL. - * \param tag The buffer holding the authentication tag. If - * `tag_len > 0`, then this must be a readable buffer of at - * least \p tag_len Bytes, otherwise this can be \c NULL. + * \param tag The buffer holding the authentication tag. This must be + * a readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication tag. * * \return \c 0 on success. From 95070a828660f8964bd4bd6b52162481873d685d Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 19 Dec 2018 14:48:37 +0100 Subject: [PATCH 327/415] Make some cipher parameter validation unconditional --- include/mbedtls/cipher.h | 24 +++--- library/cipher.c | 39 ++++++--- tests/suites/test_suite_cipher.function | 101 +++++++++++------------- 3 files changed, 88 insertions(+), 76 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index dc7644396..520055409 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -428,7 +428,8 @@ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx ) { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, 0 ); + if( ctx->cipher_info == NULL ) + return 0; return ctx->cipher_info->block_size; } @@ -446,7 +447,8 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx ) { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE ); - MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, MBEDTLS_MODE_NONE ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_MODE_NONE; return ctx->cipher_info->mode; } @@ -465,7 +467,8 @@ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, 0 ); + if( ctx->cipher_info == NULL ) + return 0; if( ctx->iv_size != 0 ) return (int) ctx->iv_size; @@ -486,8 +489,8 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_CIPHER_NONE ); - MBEDTLS_INTERNAL_VALIDATE_RET( - ctx->cipher_info != NULL, MBEDTLS_CIPHER_NONE ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_CIPHER_NONE; return ctx->cipher_info->type; } @@ -505,7 +508,8 @@ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx ) { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, 0 ); + if( ctx->cipher_info == NULL ) + return 0; return ctx->cipher_info->name; } @@ -524,8 +528,8 @@ static inline int mbedtls_cipher_get_key_bitlen( { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_KEY_LENGTH_NONE ); - MBEDTLS_INTERNAL_VALIDATE_RET( - ctx->cipher_info != NULL, MBEDTLS_KEY_LENGTH_NONE ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_KEY_LENGTH_NONE; return (int) ctx->cipher_info->key_bitlen; } @@ -543,8 +547,8 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_OPERATION_NONE ); - MBEDTLS_INTERNAL_VALIDATE_RET( - ctx->cipher_info != NULL, MBEDTLS_OPERATION_NONE ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_OPERATION_NONE; return ctx->operation; } diff --git a/library/cipher.c b/library/cipher.c index 14ff37111..b37fc768c 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -182,7 +182,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info ) { CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( cipher_info != NULL ); + if( cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); @@ -211,10 +212,11 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const mbedtls_operation_t operation ) { CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( key != NULL ); CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT || operation == MBEDTLS_DECRYPT ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 && (int) ctx->cipher_info->key_bitlen != key_bitlen ) @@ -251,8 +253,9 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, size_t actual_iv_size; CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; /* avoid buffer overflow in ctx->iv */ if( iv_len > MBEDTLS_MAX_IV_LENGTH ) @@ -293,7 +296,8 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ) { CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; ctx->unprocessed_len = 0; @@ -305,8 +309,9 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len ) { CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) @@ -348,10 +353,11 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i size_t block_size; CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; *olen = 0; block_size = mbedtls_cipher_get_block_size( ctx ); @@ -757,9 +763,10 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen ) { CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; *olen = 0; @@ -847,7 +854,8 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode ) { CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; if( MBEDTLS_MODE_CBC != ctx->cipher_info->mode ) { @@ -898,8 +906,9 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len ) { CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; if( MBEDTLS_ENCRYPT != ctx->operation ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); @@ -931,8 +940,9 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, int ret; CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; if( MBEDTLS_DECRYPT != ctx->operation ) { @@ -997,11 +1007,12 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, size_t finish_olen; CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 ) return( ret ); @@ -1032,13 +1043,14 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len ) { CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( iv != NULL ); CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) @@ -1088,13 +1100,14 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len ) { CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ctx->cipher_info != NULL ); CIPHER_VALIDATE_RET( iv != NULL ); CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); + if( ctx->cipher_info == NULL ) + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index fba32fdd6..16327c387 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -48,53 +48,49 @@ void cipher_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_setup( NULL, valid_info ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_setup( &valid_ctx, NULL ) ); + TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); /* mbedtls_cipher_get_block_size() */ TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) ); - TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( &invalid_ctx ) ); + TEST_ASSERT( mbedtls_cipher_get_block_size( &invalid_ctx ) == 0 ); /* mbedtls_cipher_get_cipher_mode() */ TEST_INVALID_PARAM_RET( MBEDTLS_MODE_NONE, mbedtls_cipher_get_cipher_mode( NULL ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_MODE_NONE, - mbedtls_cipher_get_cipher_mode( &invalid_ctx ) ); + TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &invalid_ctx ) == + MBEDTLS_MODE_NONE ); /* mbedtls_cipher_get_iv_size() */ TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) ); - TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( &invalid_ctx ) ); + TEST_ASSERT( mbedtls_cipher_get_iv_size( &invalid_ctx ) == 0 ); /* mbedtls_cipher_get_type() */ TEST_INVALID_PARAM_RET( MBEDTLS_CIPHER_NONE, mbedtls_cipher_get_type( NULL ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_CIPHER_NONE, - mbedtls_cipher_get_type( &invalid_ctx ) ); + TEST_ASSERT( + mbedtls_cipher_get_type( &invalid_ctx ) == + MBEDTLS_CIPHER_NONE); /* mbedtls_cipher_get_name() */ TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) ); - TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( &invalid_ctx ) ); + TEST_ASSERT( mbedtls_cipher_get_name( &invalid_ctx ) == 0 ); /* mbedtls_cipher_get_key_bitlen() */ TEST_INVALID_PARAM_RET( MBEDTLS_KEY_LENGTH_NONE, mbedtls_cipher_get_key_bitlen( NULL ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_KEY_LENGTH_NONE, - mbedtls_cipher_get_key_bitlen( &invalid_ctx ) ); + TEST_ASSERT( mbedtls_cipher_get_key_bitlen( &invalid_ctx ) == + MBEDTLS_KEY_LENGTH_NONE ); /* mbedtls_cipher_get_operation() */ TEST_INVALID_PARAM_RET( MBEDTLS_OPERATION_NONE, mbedtls_cipher_get_operation( NULL ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_OPERATION_NONE, - mbedtls_cipher_get_operation( &invalid_ctx ) ); + TEST_ASSERT( mbedtls_cipher_get_operation( &invalid_ctx ) == + MBEDTLS_OPERATION_NONE ); /* mbedtls_cipher_setkey() */ TEST_INVALID_PARAM_RET( @@ -103,12 +99,12 @@ void cipher_invalid_param( ) valid_buffer, valid_bitlen, valid_operation ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + TEST_ASSERT( mbedtls_cipher_setkey( &invalid_ctx, valid_buffer, valid_bitlen, - valid_operation ) ); + valid_operation ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_setkey( &valid_ctx, @@ -128,11 +124,11 @@ void cipher_invalid_param( ) mbedtls_cipher_set_iv( NULL, valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + TEST_ASSERT( mbedtls_cipher_set_iv( &invalid_ctx, valid_buffer, - valid_size ) ); + valid_size ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_set_iv( &valid_ctx, @@ -142,8 +138,8 @@ void cipher_invalid_param( ) /* mbedtls_cipher_reset() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_reset( NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_reset( &invalid_ctx ) ); + TEST_ASSERT( mbedtls_cipher_reset( &invalid_ctx ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) /* mbedtls_cipher_update_ad() */ @@ -152,11 +148,11 @@ void cipher_invalid_param( ) mbedtls_cipher_update_ad( NULL, valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + TEST_ASSERT( mbedtls_cipher_update_ad( &invalid_ctx, valid_buffer, - valid_size ) ); + valid_size ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_update_ad( &valid_ctx, @@ -168,9 +164,8 @@ void cipher_invalid_param( ) /* mbedtls_cipher_set_padding_mode() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_set_padding_mode( NULL, valid_mode ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_set_padding_mode( &invalid_ctx, - valid_mode ) ); + TEST_ASSERT( mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); #endif /* mbedtls_cipher_update() */ @@ -181,13 +176,13 @@ void cipher_invalid_param( ) valid_size, valid_buffer, &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + TEST_ASSERT( mbedtls_cipher_update( &invalid_ctx, valid_buffer, valid_size, valid_buffer, - &size_t_var ) ); + &size_t_var ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_update( &valid_ctx, @@ -213,11 +208,11 @@ void cipher_invalid_param( ) mbedtls_cipher_finish( NULL, valid_buffer, &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + TEST_ASSERT( mbedtls_cipher_finish( &invalid_ctx, valid_buffer, - &size_t_var ) ); + &size_t_var ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_finish( &valid_ctx, @@ -236,11 +231,11 @@ void cipher_invalid_param( ) mbedtls_cipher_write_tag( NULL, valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + TEST_ASSERT( mbedtls_cipher_write_tag( &invalid_ctx, valid_buffer, - valid_size ) ); + valid_size ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_write_tag( &valid_ctx, @@ -253,11 +248,11 @@ void cipher_invalid_param( ) mbedtls_cipher_check_tag( NULL, valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + TEST_ASSERT( mbedtls_cipher_check_tag( &invalid_ctx, valid_buffer, - valid_size ) ); + valid_size ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_check_tag( &valid_ctx, @@ -272,12 +267,12 @@ void cipher_invalid_param( ) valid_buffer, valid_size, valid_buffer, valid_size, valid_buffer, &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + TEST_ASSERT( mbedtls_cipher_crypt( &invalid_ctx, valid_buffer, valid_size, valid_buffer, valid_size, - valid_buffer, &size_t_var ) ); + valid_buffer, &size_t_var ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_crypt( &valid_ctx, @@ -313,14 +308,14 @@ void cipher_invalid_param( ) valid_buffer, valid_size, valid_buffer, &size_t_var, valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + TEST_ASSERT( mbedtls_cipher_auth_encrypt( &invalid_ctx, valid_buffer, valid_size, valid_buffer, valid_size, valid_buffer, valid_size, valid_buffer, &size_t_var, - valid_buffer, valid_size ) ); + valid_buffer, valid_size ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_auth_encrypt( &valid_ctx, @@ -379,14 +374,14 @@ void cipher_invalid_param( ) valid_buffer, valid_size, valid_buffer, &size_t_var, valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + TEST_ASSERT( mbedtls_cipher_auth_decrypt( &invalid_ctx, valid_buffer, valid_size, valid_buffer, valid_size, valid_buffer, valid_size, valid_buffer, &size_t_var, - valid_buffer, valid_size ) ); + valid_buffer, valid_size ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_auth_decrypt( &valid_ctx, From e4b8d28ca78ccc0b3a1df43dcd8696bd1fd4c245 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 19 Dec 2018 16:52:33 +0100 Subject: [PATCH 328/415] Remove imprecise clause from documenting comment --- include/mbedtls/cipher.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 520055409..922b6c32c 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -401,7 +401,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); * the structure. * * \param ctx The context to initialize. This must be initialized. - * \param cipher_info The cipher to use. This may not be \c NULL. + * \param cipher_info The cipher to use. * * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on From 1a9df6bcb7d17d32d027659671da2727c9f5548c Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 19 Dec 2018 16:52:45 +0100 Subject: [PATCH 329/415] Improve style in the Cipher module --- library/cipher.c | 69 ++++++++++++++++++++++++------------------------ 1 file changed, 34 insertions(+), 35 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index b37fc768c..abf268f31 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -86,7 +86,7 @@ static int mbedtls_constant_time_memcmp( const void *v1, const void *v2, size_t for( diff = 0, i = 0; i < len; i++ ) diff |= p1[i] ^ p2[i]; - return (int)diff; + return( (int)diff ); } #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ @@ -183,7 +183,7 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_in { CIPHER_VALIDATE_RET( ctx != NULL ); if( cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); @@ -216,7 +216,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT || operation == MBEDTLS_DECRYPT ); if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 && (int) ctx->cipher_info->key_bitlen != key_bitlen ) @@ -235,13 +235,13 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, MBEDTLS_MODE_OFB == ctx->cipher_info->mode || MBEDTLS_MODE_CTR == ctx->cipher_info->mode ) { - return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key, - ctx->key_bitlen ); + return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key, + ctx->key_bitlen ) ); } if( MBEDTLS_DECRYPT == operation ) - return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key, - ctx->key_bitlen ); + return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key, + ctx->key_bitlen ) ); return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } @@ -255,7 +255,7 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( ctx != NULL ); CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); /* avoid buffer overflow in ctx->iv */ if( iv_len > MBEDTLS_MAX_IV_LENGTH ) @@ -297,7 +297,7 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ) { CIPHER_VALIDATE_RET( ctx != NULL ); if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); ctx->unprocessed_len = 0; @@ -311,13 +311,13 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( ctx != NULL ); CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) { - return mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation, - ctx->iv, ctx->iv_size, ad, ad_len ); + return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation, + ctx->iv, ctx->iv_size, ad, ad_len ) ); } #endif @@ -337,8 +337,8 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, if ( result != 0 ) return( result ); - return mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx, - ad, ad_len ); + return( mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx, + ad, ad_len ) ); } #endif @@ -357,7 +357,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); *olen = 0; block_size = mbedtls_cipher_get_block_size( ctx ); @@ -382,8 +382,8 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM ) { *olen = ilen; - return mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input, - output ); + return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input, + output ) ); } #endif @@ -391,14 +391,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) { *olen = ilen; - return mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx, - ilen, input, output ); + return( mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx, + ilen, input, output ) ); } #endif if ( 0 == block_size ) { - return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; + return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT ); } if( input == output && @@ -461,7 +461,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i { if( 0 == block_size ) { - return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; + return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT ); } /* Encryption: only cache partial blocks @@ -766,7 +766,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); *olen = 0; @@ -835,8 +835,8 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, /* Set output size for decryption */ if( MBEDTLS_DECRYPT == ctx->operation ) - return ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ), - olen ); + return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ), + olen ) ); /* Set output size for encryption */ *olen = mbedtls_cipher_get_block_size( ctx ); @@ -854,10 +854,8 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode ) { CIPHER_VALIDATE_RET( ctx != NULL ); - if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; - if( MBEDTLS_MODE_CBC != ctx->cipher_info->mode ) + if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } @@ -908,14 +906,15 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( ctx != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); if( MBEDTLS_ENCRYPT != ctx->operation ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) - return mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, tag, tag_len ); + return( mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, + tag, tag_len ) ); #endif #if defined(MBEDTLS_CHACHAPOLY_C) @@ -925,8 +924,8 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, if ( tag_len != 16U ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - return mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx, - tag ); + return( mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx, + tag ) ); } #endif @@ -942,7 +941,7 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( ctx != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); if( MBEDTLS_DECRYPT != ctx->operation ) { @@ -1012,7 +1011,7 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 ) return( ret ); @@ -1050,7 +1049,7 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( olen != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) @@ -1107,7 +1106,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( olen != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); if( ctx->cipher_info == NULL ) - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) From 516897a44a19c862227e08b8bc5a7ef95a3d4a72 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 19 Dec 2018 17:07:02 +0100 Subject: [PATCH 330/415] Remove unnecessary parameter validation from the Cipher module --- library/cipher.c | 6 ------ tests/suites/test_suite_cipher.function | 22 ---------------------- 2 files changed, 28 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index abf268f31..273997577 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -1010,8 +1010,6 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 ) return( ret ); @@ -1048,8 +1046,6 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) @@ -1105,8 +1101,6 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( output != NULL ); CIPHER_VALIDATE_RET( olen != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 16327c387..6073421a9 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -267,12 +267,6 @@ void cipher_invalid_param( ) valid_buffer, valid_size, valid_buffer, valid_size, valid_buffer, &size_t_var ) ); - TEST_ASSERT( - mbedtls_cipher_crypt( &invalid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_crypt( &valid_ctx, @@ -308,14 +302,6 @@ void cipher_invalid_param( ) valid_buffer, valid_size, valid_buffer, &size_t_var, valid_buffer, valid_size ) ); - TEST_ASSERT( - mbedtls_cipher_auth_encrypt( &invalid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var, - valid_buffer, valid_size ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_auth_encrypt( &valid_ctx, @@ -374,14 +360,6 @@ void cipher_invalid_param( ) valid_buffer, valid_size, valid_buffer, &size_t_var, valid_buffer, valid_size ) ); - TEST_ASSERT( - mbedtls_cipher_auth_decrypt( &invalid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var, - valid_buffer, valid_size ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_auth_decrypt( &valid_ctx, From d54b97503b42198e3b7d9fe5d7cba82ebb03469e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 17:12:01 +0100 Subject: [PATCH 331/415] pk parse: the password is optional For mbedtls_pk_parse_key and mbedtls_pk_parse_keyfile, the password is optional. Clarify what this means: NULL is ok and means no password. Validate parameters and test accordingly. --- include/mbedtls/pk.h | 15 ++++++++++++--- tests/suites/test_suite_pk.function | 4 ---- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 310aeef5f..716070454 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -537,8 +537,13 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); * \param keylen Size of \b key in bytes. * For PEM data, this includes the terminating null byte, * so \p keylen must be equal to `strlen(key) + 1`. - * \param pwd password for decryption (optional) - * \param pwdlen size of the password + * \param pwd Optional password for decryption. + * Pass \c NULL if expecting a non-encrypted key. + * Pass a string of \p pwdlen bytes if expecting an encrypted + * key; a non-encrypted key will also be accepted. + * The empty password is not supported. + * \param pwdlen Size of the password in bytes. + * Ignored if \p pwd is \c NULL. * * \note On entry, ctx must be empty, either freshly initialised * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a @@ -583,7 +588,11 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, * * \param ctx key to be initialized * \param path filename to read the private key from - * \param password password to decrypt the file (can be NULL) + * \param password Optional password to decrypt the file. + * Pass \c NULL if expecting a non-encrypted key. + * Pass a null-terminated string if expecting an encrypted + * key; a non-encrypted key will also be accepted. + * The empty password is not supported. * * \note On entry, ctx must be empty, either freshly initialised * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 1f5d7d61a..bf3cf5dac 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -432,10 +432,6 @@ void invalid_parameters( ) mbedtls_pk_parse_key( &pk, NULL, sizeof( buf ), buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_key( &pk, - buf, sizeof( buf ), - NULL, sizeof( buf ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_parse_public_key( NULL, From 8c71b3ecb355d4967171236033ef14c270cb0d81 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 17:37:02 +0100 Subject: [PATCH 332/415] pk_parse*keyfile: explicitly validate path=NULL Don't rely on the check in pk_load_file, that's fragile. --- library/pkparse.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/pkparse.c b/library/pkparse.c index 127f9b840..ae210bca6 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -135,6 +135,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, unsigned char *buf; PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( path != NULL ); if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); @@ -161,6 +162,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) unsigned char *buf; PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( path != NULL ); if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); From f25ee7f79d79e1104329d493a66df069e387b23c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 16:51:02 +0000 Subject: [PATCH 333/415] Fix parameter validation for mbedtls_mpi_lsb() The MPI_VALIDATE_RET() macro cannot be used for parameter validation of mbedtls_mpi_lsb() because this function returns a size_t. Use the underlying MBEDTLS_INTERNAL_VALIDATE_RET() insteaed, returning 0 on failure. Also, add a test for this behaviour. --- library/bignum.c | 2 +- tests/suites/test_suite_mpi.function | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 0d0d922c1..f968a0ad7 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -380,7 +380,7 @@ cleanup: size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ) { size_t i, j, count = 0; - MPI_VALIDATE_RET( X != NULL ); + MBEDTLS_INTERNAL_VALIDATE_RET( X != NULL, 0 ); for( i = 0; i < X->n; i++ ) for( j = 0; j < biL; j++, count++ ) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 3379a999d..d1fa5a46c 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -216,6 +216,8 @@ void mpi_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_div_int( &X, &X, NULL, 42 ) ); + TEST_INVALID_PARAM_RET( 0, mbedtls_mpi_lsb( NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_mpi( NULL, &X, &X ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, From a85edd9415af509f949184a64a26c39235863ef6 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 19 Dec 2018 18:06:35 +0100 Subject: [PATCH 334/415] Split the unconditional and conditional parameter validation tests --- tests/suites/test_suite_cipher.function | 183 +++++++++++++++-------- tests/suites/test_suite_cipher.misc.data | 7 +- 2 files changed, 127 insertions(+), 63 deletions(-) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 6073421a9..4e616d3ef 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -21,10 +21,129 @@ void mbedtls_cipher_list( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void cipher_invalid_param( ) +/* BEGIN_CASE */ +void cipher_invalid_param_unconditional( ) { + mbedtls_cipher_context_t valid_ctx; mbedtls_cipher_context_t invalid_ctx; + mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; + mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; + unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; + int valid_size = sizeof(valid_buffer); + int valid_bitlen = valid_size * 8; + const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( + *( mbedtls_cipher_list() ) ); + size_t size_t_var; + + mbedtls_cipher_init( &valid_ctx ); + mbedtls_cipher_setup( &valid_ctx, valid_info ); + mbedtls_cipher_init( &invalid_ctx ); + + /* mbedtls_cipher_setup() */ + TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + /* mbedtls_cipher_get_block_size() */ + TEST_ASSERT( mbedtls_cipher_get_block_size( &invalid_ctx ) == 0 ); + + /* mbedtls_cipher_get_cipher_mode() */ + TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &invalid_ctx ) == + MBEDTLS_MODE_NONE ); + + /* mbedtls_cipher_get_iv_size() */ + TEST_ASSERT( mbedtls_cipher_get_iv_size( &invalid_ctx ) == 0 ); + + /* mbedtls_cipher_get_type() */ + TEST_ASSERT( + mbedtls_cipher_get_type( &invalid_ctx ) == + MBEDTLS_CIPHER_NONE); + + /* mbedtls_cipher_get_name() */ + TEST_ASSERT( mbedtls_cipher_get_name( &invalid_ctx ) == 0 ); + + /* mbedtls_cipher_get_key_bitlen() */ + TEST_ASSERT( mbedtls_cipher_get_key_bitlen( &invalid_ctx ) == + MBEDTLS_KEY_LENGTH_NONE ); + + /* mbedtls_cipher_get_operation() */ + TEST_ASSERT( mbedtls_cipher_get_operation( &invalid_ctx ) == + MBEDTLS_OPERATION_NONE ); + + /* mbedtls_cipher_setkey() */ + TEST_ASSERT( + mbedtls_cipher_setkey( &invalid_ctx, + valid_buffer, + valid_bitlen, + valid_operation ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + /* mbedtls_cipher_set_iv() */ + TEST_ASSERT( + mbedtls_cipher_set_iv( &invalid_ctx, + valid_buffer, + valid_size ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + /* mbedtls_cipher_reset() */ + TEST_ASSERT( mbedtls_cipher_reset( &invalid_ctx ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + +#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) + /* mbedtls_cipher_update_ad() */ + TEST_ASSERT( + mbedtls_cipher_update_ad( &invalid_ctx, + valid_buffer, + valid_size ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ + +#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) + /* mbedtls_cipher_set_padding_mode() */ + TEST_ASSERT( mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +#endif + + /* mbedtls_cipher_update() */ + TEST_ASSERT( + mbedtls_cipher_update( &invalid_ctx, + valid_buffer, + valid_size, + valid_buffer, + &size_t_var ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + /* mbedtls_cipher_finish() */ + TEST_ASSERT( + mbedtls_cipher_finish( &invalid_ctx, + valid_buffer, + &size_t_var ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + +#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) + /* mbedtls_cipher_write_tag() */ + TEST_ASSERT( + mbedtls_cipher_write_tag( &invalid_ctx, + valid_buffer, + valid_size ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + /* mbedtls_cipher_check_tag() */ + TEST_ASSERT( + mbedtls_cipher_check_tag( &invalid_ctx, + valid_buffer, + valid_size ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ + +exit: + mbedtls_cipher_free( &invalid_ctx ); + mbedtls_cipher_free( &valid_ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void cipher_invalid_param_conditional( ) +{ mbedtls_cipher_context_t valid_ctx; mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; @@ -39,58 +158,43 @@ void cipher_invalid_param( ) size_t size_t_var; /* mbedtls_cipher_init() */ - TEST_VALID_PARAM( mbedtls_cipher_init( &invalid_ctx ) ); TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) ); - TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) ); /* mbedtls_cipher_setup() */ + TEST_VALID_PARAM( mbedtls_cipher_setup( &valid_ctx, valid_info ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_setup( NULL, valid_info ) ); - TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); /* mbedtls_cipher_get_block_size() */ TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) ); - TEST_ASSERT( mbedtls_cipher_get_block_size( &invalid_ctx ) == 0 ); /* mbedtls_cipher_get_cipher_mode() */ TEST_INVALID_PARAM_RET( MBEDTLS_MODE_NONE, mbedtls_cipher_get_cipher_mode( NULL ) ); - TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &invalid_ctx ) == - MBEDTLS_MODE_NONE ); /* mbedtls_cipher_get_iv_size() */ TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) ); - TEST_ASSERT( mbedtls_cipher_get_iv_size( &invalid_ctx ) == 0 ); /* mbedtls_cipher_get_type() */ TEST_INVALID_PARAM_RET( MBEDTLS_CIPHER_NONE, mbedtls_cipher_get_type( NULL ) ); - TEST_ASSERT( - mbedtls_cipher_get_type( &invalid_ctx ) == - MBEDTLS_CIPHER_NONE); /* mbedtls_cipher_get_name() */ TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) ); - TEST_ASSERT( mbedtls_cipher_get_name( &invalid_ctx ) == 0 ); /* mbedtls_cipher_get_key_bitlen() */ TEST_INVALID_PARAM_RET( MBEDTLS_KEY_LENGTH_NONE, mbedtls_cipher_get_key_bitlen( NULL ) ); - TEST_ASSERT( mbedtls_cipher_get_key_bitlen( &invalid_ctx ) == - MBEDTLS_KEY_LENGTH_NONE ); /* mbedtls_cipher_get_operation() */ TEST_INVALID_PARAM_RET( MBEDTLS_OPERATION_NONE, mbedtls_cipher_get_operation( NULL ) ); - TEST_ASSERT( mbedtls_cipher_get_operation( &invalid_ctx ) == - MBEDTLS_OPERATION_NONE ); /* mbedtls_cipher_setkey() */ TEST_INVALID_PARAM_RET( @@ -99,12 +203,6 @@ void cipher_invalid_param( ) valid_buffer, valid_bitlen, valid_operation ) ); - TEST_ASSERT( - mbedtls_cipher_setkey( &invalid_ctx, - valid_buffer, - valid_bitlen, - valid_operation ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_setkey( &valid_ctx, @@ -124,11 +222,6 @@ void cipher_invalid_param( ) mbedtls_cipher_set_iv( NULL, valid_buffer, valid_size ) ); - TEST_ASSERT( - mbedtls_cipher_set_iv( &invalid_ctx, - valid_buffer, - valid_size ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_set_iv( &valid_ctx, @@ -138,8 +231,6 @@ void cipher_invalid_param( ) /* mbedtls_cipher_reset() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_reset( NULL ) ); - TEST_ASSERT( mbedtls_cipher_reset( &invalid_ctx ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) /* mbedtls_cipher_update_ad() */ @@ -148,11 +239,6 @@ void cipher_invalid_param( ) mbedtls_cipher_update_ad( NULL, valid_buffer, valid_size ) ); - TEST_ASSERT( - mbedtls_cipher_update_ad( &invalid_ctx, - valid_buffer, - valid_size ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_update_ad( &valid_ctx, @@ -164,8 +250,6 @@ void cipher_invalid_param( ) /* mbedtls_cipher_set_padding_mode() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_set_padding_mode( NULL, valid_mode ) ); - TEST_ASSERT( mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); #endif /* mbedtls_cipher_update() */ @@ -176,13 +260,6 @@ void cipher_invalid_param( ) valid_size, valid_buffer, &size_t_var ) ); - TEST_ASSERT( - mbedtls_cipher_update( &invalid_ctx, - valid_buffer, - valid_size, - valid_buffer, - &size_t_var ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_update( &valid_ctx, @@ -208,11 +285,6 @@ void cipher_invalid_param( ) mbedtls_cipher_finish( NULL, valid_buffer, &size_t_var ) ); - TEST_ASSERT( - mbedtls_cipher_finish( &invalid_ctx, - valid_buffer, - &size_t_var ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_finish( &valid_ctx, @@ -231,11 +303,6 @@ void cipher_invalid_param( ) mbedtls_cipher_write_tag( NULL, valid_buffer, valid_size ) ); - TEST_ASSERT( - mbedtls_cipher_write_tag( &invalid_ctx, - valid_buffer, - valid_size ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_write_tag( &valid_ctx, @@ -248,11 +315,6 @@ void cipher_invalid_param( ) mbedtls_cipher_check_tag( NULL, valid_buffer, valid_size ) ); - TEST_ASSERT( - mbedtls_cipher_check_tag( &invalid_ctx, - valid_buffer, - valid_size ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_check_tag( &valid_ctx, @@ -413,7 +475,6 @@ void cipher_invalid_param( ) /* mbedtls_cipher_free() */ TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) ); exit: - TEST_VALID_PARAM( mbedtls_cipher_free( &invalid_ctx ) ); TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_cipher.misc.data b/tests/suites/test_suite_cipher.misc.data index 07783c300..25bfd407d 100644 --- a/tests/suites/test_suite_cipher.misc.data +++ b/tests/suites/test_suite_cipher.misc.data @@ -1,2 +1,5 @@ -CIPHER - Invalid parameters -cipher_invalid_param: +CIPHER - Conditional invalid parameter checks +cipher_invalid_param_conditional: + +CIPHER - Unconditional invalid parameter checks +cipher_invalid_param_unconditional: From 6af45ec53e2c2e87e86e10079bc3d921b1ebde39 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Dec 2018 17:52:05 +0100 Subject: [PATCH 335/415] PK: document context validity requirements Document when a context must be initialized or not, when it must be set up or not, and whether it needs a private key or a public key will do. The implementation is sometimes more liberal than the documentation, accepting a non-set-up context as a context that can't perform the requested information. This preserves backward compatibility. --- include/mbedtls/pk.h | 77 +++++++++++++++++------------ library/pk.c | 5 ++ tests/suites/test_suite_pk.function | 6 ++- 3 files changed, 55 insertions(+), 33 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 716070454..91950f940 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -207,7 +207,7 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx ); /** * \brief Free the components of a #mbedtls_pk_context. * - * \param ctx The context to clear. + * \param ctx The context to clear. It must have been initialized. * If this is \c NULL, this function does nothing. */ void mbedtls_pk_free( mbedtls_pk_context *ctx ); @@ -224,7 +224,7 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ); /** * \brief Free the components of a restart context * - * \param ctx The context to clear. + * \param ctx The context to clear. It must have been initialized. * If this is \c NULL, this function does nothing. */ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ); @@ -234,7 +234,8 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ); * \brief Initialize a PK context with the information given * and allocates the type-specific PK subcontext. * - * \param ctx Context to initialize. Must be empty (type NONE). + * \param ctx Context to initialize. It must not have been set + * up yet (type #MBEDTLS_PK_NONE). * \param info Information to use * * \return 0 on success, @@ -250,7 +251,8 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); /** * \brief Initialize an RSA-alt context * - * \param ctx Context to initialize. Must be empty (type NONE). + * \param ctx Context to initialize. It must not have been set + * up yet (type #MBEDTLS_PK_NONE). * \param key RSA key pointer * \param decrypt_func Decryption function * \param sign_func Signing function @@ -270,7 +272,7 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, /** * \brief Get the size in bits of the underlying key * - * \param ctx Context to use + * \param ctx The context to query. It must have been initialized. * * \return Key size in bits, or 0 on error */ @@ -278,7 +280,8 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ); /** * \brief Get the length in bytes of the underlying key - * \param ctx Context to use + * + * \param ctx The context to query. It must have been initialized. * * \return Key length in bytes, or 0 on error */ @@ -290,18 +293,21 @@ static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx ) /** * \brief Tell if a context can do the operation given by type * - * \param ctx Context to test - * \param type Target type + * \param ctx The context to query. It must have been initialized. + * \param type The desired type. * - * \return 0 if context can't do the operations, - * 1 otherwise. + * \return 1 if the context can do operations on the given type. + * \return 0 if the context cannot do the operations on the given + * type. This is always the case for a context that has + * been initialized but not set up, or that has been + * cleared with mbedtls_pk_free(). */ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ); /** * \brief Verify signature (including padding if relevant). * - * \param ctx PK context to use + * \param ctx The PK context to use. It must have been set up. * \param md_alg Hash algorithm used (see notes) * \param hash Hash of the message to sign * \param hash_len Hash length or 0 (see notes) @@ -334,7 +340,7 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC * operations. For RSA, same as \c mbedtls_pk_verify(). * - * \param ctx PK context to use + * \param ctx The PK context to use. It must have been set up. * \param md_alg Hash algorithm used (see notes) * \param hash Hash of the message to sign * \param hash_len Hash length or 0 (see notes) @@ -358,7 +364,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, * * \param type Signature type (inc. possible padding type) to verify * \param options Pointer to type-specific options, or NULL - * \param ctx PK context to use + * \param ctx The PK context to use. It must have been set up. * \param md_alg Hash algorithm used (see notes) * \param hash Hash of the message to sign * \param hash_len Hash length or 0 (see notes) @@ -389,7 +395,8 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, /** * \brief Make signature, including padding if relevant. * - * \param ctx PK context to use - must hold a private key + * \param ctx The PK context to use. It must have been set up + * with a private key. * \param md_alg Hash algorithm used (see notes) * \param hash Hash of the message to sign * \param hash_len Hash length or 0 (see notes) @@ -423,7 +430,8 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC * operations. For RSA, same as \c mbedtls_pk_sign(). * - * \param ctx PK context to use - must hold a private key + * \param ctx The PK context to use. It must have been set up + * with a private key. * \param md_alg Hash algorithm used (see notes) * \param hash Hash of the message to sign * \param hash_len Hash length or 0 (see notes) @@ -447,7 +455,8 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, /** * \brief Decrypt message (including padding if relevant). * - * \param ctx PK context to use - must hold a private key + * \param ctx The PK context to use. It must have been set up + * with a private key. * \param input Input to decrypt * \param ilen Input size * \param output Decrypted output @@ -468,7 +477,7 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, /** * \brief Encrypt message (including padding if relevant). * - * \param ctx PK context to use + * \param ctx The PK context to use. It must have been set up. * \param input Message to encrypt * \param ilen Message size * \param output Encrypted output @@ -499,7 +508,7 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte /** * \brief Export debug information * - * \param ctx Context to use + * \param ctx The PK context to use. It must have been initialized. * \param items Place to write debug items * * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA @@ -509,7 +518,7 @@ int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *item /** * \brief Access the type name * - * \param ctx Context to use + * \param ctx The PK context to use. It must have been initialized. * * \return Type name on success, or "invalid PK" */ @@ -518,9 +527,10 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx ); /** * \brief Get the key type * - * \param ctx Context to use + * \param ctx The PK context to use. It must have been initialized. * - * \return Type on success, or MBEDTLS_PK_NONE + * \return Type on success. + * \return #MBEDTLS_PK_NONE for a context that has not been set up. */ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); @@ -529,7 +539,8 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); /** * \brief Parse a private key in PEM or DER format * - * \param ctx key to be initialized + * \param ctx The PK context to fill. It must have been initialized + * but not set up. * \param key Input buffer to parse. * The buffer must contain the input exactly, with no * extra trailing material. For PEM, the buffer must @@ -561,7 +572,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *ctx, /** * \brief Parse a public key in PEM or DER format * - * \param ctx key to be initialized + * \param ctx The PK context to fill. It must have been initialized + * but not set up. * \param key Input buffer to parse. * The buffer must contain the input exactly, with no * extra trailing material. For PEM, the buffer must @@ -586,7 +598,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, /** * \brief Load and parse a private key * - * \param ctx key to be initialized + * \param ctx The PK context to fill. It must have been initialized + * but not set up. * \param path filename to read the private key from * \param password Optional password to decrypt the file. * Pass \c NULL if expecting a non-encrypted key. @@ -609,7 +622,8 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, /** * \brief Load and parse a public key * - * \param ctx key to be initialized + * \param ctx The PK context to fill. It must have been initialized + * but not set up. * \param path filename to read the public key from * * \note On entry, ctx must be empty, either freshly initialised @@ -632,7 +646,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) * return value to determine where you should start * using the buffer * - * \param ctx private to write away + * \param ctx PK context which must contain a valid private key. * \param buf buffer to write to * \param size size of the buffer * @@ -647,7 +661,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_ * return value to determine where you should start * using the buffer * - * \param ctx public key to write away + * \param ctx PK context which must contain a valid public or private key. * \param buf buffer to write to * \param size size of the buffer * @@ -660,7 +674,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, si /** * \brief Write a public key to a PEM string * - * \param ctx Context containing the public key to write. + * \param ctx PK context which must contain a valid public or private key. * \param buf Buffer to write to. The output includes a * terminating null byte. * \param size Size of the buffer in bytes. @@ -672,7 +686,7 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, si /** * \brief Write a private key to a PKCS#1 or SEC1 PEM string * - * \param ctx Context containing the private key to write. + * \param ctx PK context which must contain a valid private key. * \param buf Buffer to write to. The output includes a * terminating null byte. * \param size Size of the buffer in bytes. @@ -694,7 +708,8 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_ * * \param p the position in the ASN.1 data * \param end end of the buffer - * \param pk the key to fill + * \param pk The PK context to fill. It must have been initialized + * but not set up. * * \return 0 if successful, or a specific PK error code */ @@ -709,7 +724,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, * * \param p reference to current position pointer * \param start start of the buffer (for bounds-checking) - * \param key public key to write away + * \param key PK context which must contain a valid public or private key. * * \return the length written or a negative error code */ diff --git a/library/pk.c b/library/pk.c index 66301ee2d..2658627c4 100644 --- a/library/pk.c +++ b/library/pk.c @@ -183,6 +183,9 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, */ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) { + /* A context with null pk_info is not set up yet and can't do anything. + * For backward compatibility, also accept NULL instead of a context + * pointer. */ if( ctx == NULL || ctx->pk_info == NULL ) return( 0 ); @@ -493,6 +496,8 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte */ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) { + /* For backward compatibility, accept NULL or a context that + * isn't set up yet, and return a fake value that should be safe. */ if( ctx == NULL || ctx->pk_info == NULL ) return( 0 ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index bf3cf5dac..8a09171e6 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -90,10 +90,12 @@ void valid_parameters( ) TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + /* In informational functions, we accept NULL where a context pointer + * is expected because that's what the library has done forever. + * We do not document that NULL is accepted, so we may wish to change + * the behavior in a future version. */ TEST_ASSERT( mbedtls_pk_get_bitlen( NULL ) == 0 ); - TEST_ASSERT( mbedtls_pk_get_len( NULL ) == 0 ); - TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 ); TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, From fb54360f8cf551117be19a5868d3482df083af23 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 19 Dec 2018 18:34:21 +0100 Subject: [PATCH 336/415] Prevent unused variable in some configurations --- tests/suites/test_suite_cipher.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 4e616d3ef..773c792ca 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -35,6 +35,8 @@ void cipher_invalid_param_unconditional( ) *( mbedtls_cipher_list() ) ); size_t size_t_var; + (void)valid_mode; /* In some configurations this is unused */ + mbedtls_cipher_init( &valid_ctx ); mbedtls_cipher_setup( &valid_ctx, valid_info ); mbedtls_cipher_init( &invalid_ctx ); @@ -157,6 +159,8 @@ void cipher_invalid_param_conditional( ) size_t size_t_var; + (void)valid_mode; /* In some configurations this is unused */ + /* mbedtls_cipher_init() */ TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) ); TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) ); From 26d365eb54fd3503562d218a019f28a79369ba07 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 11 Dec 2018 12:22:16 +0100 Subject: [PATCH 337/415] Add parameter validation for CCM --- include/mbedtls/ccm.h | 53 +++---- library/ccm.c | 29 ++++ tests/suites/test_suite_ccm.data | 3 + tests/suites/test_suite_ccm.function | 207 +++++++++++++++++++++++++++ 4 files changed, 267 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index dfb1b5e56..009231e23 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -57,7 +57,6 @@ /* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ - #ifdef __cplusplus extern "C" { #endif @@ -85,7 +84,7 @@ mbedtls_ccm_context; * to make references valid, and prepare the context * for mbedtls_ccm_setkey() or mbedtls_ccm_free(). * - * \param ctx The CCM context to initialize. + * \param ctx The CCM context to initialize. Must not be NULL. */ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); @@ -93,9 +92,9 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); * \brief This function initializes the CCM context set in the * \p ctx parameter and sets the encryption key. * - * \param ctx The CCM context to initialize. + * \param ctx The CCM context to initialize. Must not be NULL. * \param cipher The 128-bit block cipher to use. - * \param key The encryption key. + * \param key The encryption key. Must not be NULL. * \param keybits The key size in bits. This must be acceptable by the cipher. * * \return \c 0 on success. @@ -110,7 +109,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, * \brief This function releases and clears the specified CCM context * and underlying cipher sub-context. * - * \param ctx The CCM context to clear. + * \param ctx The CCM context to clear. Must not be NULL. */ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); @@ -123,19 +122,20 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * \p tag = \p output + \p length, and make sure that the * output buffer is at least \p length + \p tag_len wide. * - * \param ctx The CCM context to use for encryption. + * \param ctx The CCM context to use for encryption. Must not be NULL. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). + * \param iv Initialization vector (nonce). Must not be NULL. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. + * \param add The additional data field. Must not be NULL. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. + * \param input The buffer holding the input data. Must not be NULL. * \param output The buffer holding the output data. * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. + * \param tag The buffer holding the authentication field. Must not be + * NULL. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * @@ -161,19 +161,20 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * the tag length has to be encoded into the \p iv passed to * this function. * - * \param ctx The CCM context to use for encryption. + * \param ctx The CCM context to use for encryption. Must not be NULL. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). + * \param iv Initialization vector (nonce). Must not be NULL. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. + * \param add The additional data field. Must not be NULL. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. + * \param input The buffer holding the input data. Must not be NULL. * \param output The buffer holding the output data. * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. + * \param tag The buffer holding the authentication field. Must not be + * NULL. * \param tag_len The length of the authentication field to generate in Bytes: * 0, 4, 6, 8, 10, 12, 14 or 16. * @@ -193,19 +194,20 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \brief This function performs a CCM authenticated decryption of a * buffer. * - * \param ctx The CCM context to use for decryption. + * \param ctx The CCM context to use for decryption. Must not be NULL. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). + * \param iv Initialization vector (nonce). Must not be NULL. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. + * \param add The additional data field. Must not be NULL. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. + * \param input The buffer holding the input data. Must not be NULL. * \param output The buffer holding the output data. * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. + * \param tag The buffer holding the authentication field. Must not be + * NULL. * \param tag_len The length of the authentication field in Bytes. * 4, 6, 8, 10, 12, 14 or 16. * @@ -228,19 +230,20 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * this function as \p tag_len. (\p tag needs to be adjusted * accordingly.) * - * \param ctx The CCM context to use for decryption. + * \param ctx The CCM context to use for decryption. Must not be NULL. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). + * \param iv Initialization vector (nonce). Must not be NULL. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. + * \param add The additional data field. Must not be NULL. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. + * \param input The buffer holding the input data. Must not be NULL. * \param output The buffer holding the output data. * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. + * \param tag The buffer holding the authentication field. Must not be + * NULL. * \param tag_len The length of the authentication field in Bytes. * 0, 4, 6, 8, 10, 12, 14 or 16. * diff --git a/library/ccm.c b/library/ccm.c index 90cab8e14..4bb3642da 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -52,6 +52,11 @@ #if !defined(MBEDTLS_CCM_ALT) +#define CCM_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT ) +#define CCM_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #define CCM_ENCRYPT 0 #define CCM_DECRYPT 1 @@ -60,6 +65,7 @@ */ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ) { + CCM_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_ccm_context ) ); } @@ -71,6 +77,9 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, int ret; const mbedtls_cipher_info_t *cipher_info; + CCM_VALIDATE_RET( ctx != NULL ); + CCM_VALIDATE_RET( key != NULL ); + cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); if( cipher_info == NULL ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); @@ -97,6 +106,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, */ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) { + CCM_VALIDATE( ctx != NULL ); mbedtls_cipher_free( &ctx->cipher_ctx ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); } @@ -310,6 +320,12 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len ) { + CCM_VALIDATE_RET( ctx != NULL ); + CCM_VALIDATE_RET( iv != NULL ); + CCM_VALIDATE_RET( add != NULL ); + CCM_VALIDATE_RET( input != NULL ); + CCM_VALIDATE_RET( output != NULL ); + CCM_VALIDATE_RET( tag != NULL ); return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len, add, add_len, input, output, tag, tag_len ) ); } @@ -320,6 +336,12 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len ) { + CCM_VALIDATE_RET( ctx != NULL ); + CCM_VALIDATE_RET( iv != NULL ); + CCM_VALIDATE_RET( add != NULL ); + CCM_VALIDATE_RET( input != NULL ); + CCM_VALIDATE_RET( output != NULL ); + CCM_VALIDATE_RET( tag != NULL ); if( tag_len == 0 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); @@ -341,6 +363,13 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, unsigned char i; int diff; + CCM_VALIDATE_RET( ctx != NULL ); + CCM_VALIDATE_RET( iv != NULL ); + CCM_VALIDATE_RET( add != NULL ); + CCM_VALIDATE_RET( input != NULL ); + CCM_VALIDATE_RET( output != NULL ); + CCM_VALIDATE_RET( tag != NULL ); + if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length, iv, iv_len, add, add_len, input, output, check_tag, tag_len ) ) != 0 ) diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index a2d877841..a4771b3fe 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -1,6 +1,9 @@ CCM self test mbedtls_ccm_self_test: +CCM - Invalid parameters +ccm_invalid_param: + CCM init #1 AES-128: OK depends_on:MBEDTLS_AES_C mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0 diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 9951ca168..95ebe43b5 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -326,3 +326,210 @@ exit: mbedtls_ccm_free( &ctx ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void ccm_invalid_param( ) +{ + struct mbedtls_ccm_context ctx; + unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; + mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; + int valid_len = sizeof(valid_buffer); + int valid_bitlen = valid_len * 8; + + mbedtls_ccm_init( &ctx ); + + /* mbedtls_ccm_init() */ + TEST_INVALID_PARAM( mbedtls_ccm_init( NULL ) ); + + /* mbedtls_ccm_setkey() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) ); + + /* mbedtls_ccm_encrypt_and_tag() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, + NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + NULL, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + NULL, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, NULL, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + NULL, valid_len ) ); + + /* mbedtls_ccm_star_encrypt_and_tag() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, + NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + NULL, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + NULL, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, NULL, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + NULL, valid_len ) ); + + /* mbedtls_ccm_auth_decrypt() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( &ctx, valid_len, + NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + NULL, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + NULL, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, NULL, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + NULL, valid_len ) ); + + /* mbedtls_ccm_star_auth_decrypt() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, + NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + NULL, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + NULL, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, NULL, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + NULL, valid_len ) ); + + /* mbedtls_ccm_free() */ + TEST_INVALID_PARAM( mbedtls_ccm_free( NULL ) ); + +exit: + mbedtls_ccm_free( &ctx ); + return; +} +/* END_CASE */ From 438448e45fe5082d7123f6dc9d1d61aa7af0ba8f Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 11 Dec 2018 13:11:30 +0100 Subject: [PATCH 338/415] Format NULL occurrences in CCM's Doxygen comments --- include/mbedtls/ccm.h | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 009231e23..0eb1abe9c 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -84,7 +84,7 @@ mbedtls_ccm_context; * to make references valid, and prepare the context * for mbedtls_ccm_setkey() or mbedtls_ccm_free(). * - * \param ctx The CCM context to initialize. Must not be NULL. + * \param ctx The CCM context to initialize. Must not be \c NULL. */ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); @@ -92,9 +92,9 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); * \brief This function initializes the CCM context set in the * \p ctx parameter and sets the encryption key. * - * \param ctx The CCM context to initialize. Must not be NULL. + * \param ctx The CCM context to initialize. Must not be \c NULL. * \param cipher The 128-bit block cipher to use. - * \param key The encryption key. Must not be NULL. + * \param key The encryption key. Must not be \c NULL. * \param keybits The key size in bits. This must be acceptable by the cipher. * * \return \c 0 on success. @@ -109,7 +109,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, * \brief This function releases and clears the specified CCM context * and underlying cipher sub-context. * - * \param ctx The CCM context to clear. Must not be NULL. + * \param ctx The CCM context to clear. Must not be \c NULL. */ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); @@ -122,20 +122,20 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * \p tag = \p output + \p length, and make sure that the * output buffer is at least \p length + \p tag_len wide. * - * \param ctx The CCM context to use for encryption. Must not be NULL. + * \param ctx The CCM context to use for encryption. Must not be \c NULL. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must not be NULL. + * \param iv Initialization vector (nonce). Must not be \c NULL. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. Must not be NULL. + * \param add The additional data field. Must not be \c NULL. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. Must not be NULL. + * \param input The buffer holding the input data. Must not be \c NULL. * \param output The buffer holding the output data. * Must be at least \p length Bytes wide. * \param tag The buffer holding the authentication field. Must not be - * NULL. + * \c NULL. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * @@ -161,16 +161,16 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * the tag length has to be encoded into the \p iv passed to * this function. * - * \param ctx The CCM context to use for encryption. Must not be NULL. + * \param ctx The CCM context to use for encryption. Must not be \c NULL. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must not be NULL. + * \param iv Initialization vector (nonce). Must not be \c NULL. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. Must not be NULL. + * \param add The additional data field. Must not be \c NULL. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. Must not be NULL. + * \param input The buffer holding the input data. Must not be \c NULL. * \param output The buffer holding the output data. * Must be at least \p length Bytes wide. * \param tag The buffer holding the authentication field. Must not be @@ -194,16 +194,16 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \brief This function performs a CCM authenticated decryption of a * buffer. * - * \param ctx The CCM context to use for decryption. Must not be NULL. + * \param ctx The CCM context to use for decryption. Must not be \c NULL. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must not be NULL. + * \param iv Initialization vector (nonce). Must not be \c NULL. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. Must not be NULL. + * \param add The additional data field. Must not be \c NULL. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. Must not be NULL. + * \param input The buffer holding the input data. Must not be \c NULL. * \param output The buffer holding the output data. * Must be at least \p length Bytes wide. * \param tag The buffer holding the authentication field. Must not be @@ -230,16 +230,16 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * this function as \p tag_len. (\p tag needs to be adjusted * accordingly.) * - * \param ctx The CCM context to use for decryption. Must not be NULL. + * \param ctx The CCM context to use for decryption. Must not be \c NULL. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must not be NULL. + * \param iv Initialization vector (nonce). Must not be \c NULL. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. Must not be NULL. + * \param add The additional data field. Must not be \c NULL. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. Must not be NULL. + * \param input The buffer holding the input data. Must not be \c NULL. * \param output The buffer holding the output data. * Must be at least \p length Bytes wide. * \param tag The buffer holding the authentication field. Must not be From fd42d531ba20f9868397711a3e67d102111c9093 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 11 Dec 2018 14:37:51 +0100 Subject: [PATCH 339/415] Explicitly allow NULL as an argument to mbedtls_ccm_free() --- include/mbedtls/ccm.h | 4 +++- library/ccm.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 0eb1abe9c..6210c1f8c 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -109,7 +109,9 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, * \brief This function releases and clears the specified CCM context * and underlying cipher sub-context. * - * \param ctx The CCM context to clear. Must not be \c NULL. + * \param ctx The CCM context to clear. + * + * \note If ctx is \c NULL, the function has no effect. */ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); diff --git a/library/ccm.c b/library/ccm.c index 4bb3642da..ad0d71b00 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -106,7 +106,8 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, */ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) { - CCM_VALIDATE( ctx != NULL ); + if( ctx == NULL ) + return; mbedtls_cipher_free( &ctx->cipher_ctx ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); } From ff8a0989c80aaaac50213dc7de4530713a9ea79f Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 11 Dec 2018 15:56:55 +0100 Subject: [PATCH 340/415] Allow empty arguments in some CCM functions' parameter validation --- library/ccm.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/library/ccm.c b/library/ccm.c index ad0d71b00..97eed7bd8 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -323,9 +323,9 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, { CCM_VALIDATE_RET( ctx != NULL ); CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add != NULL ); - CCM_VALIDATE_RET( input != NULL ); - CCM_VALIDATE_RET( output != NULL ); + CCM_VALIDATE_RET( add_len == 0 || add != NULL ); + CCM_VALIDATE_RET( length == 0 || input != NULL ); + CCM_VALIDATE_RET( length == 0 || output != NULL ); CCM_VALIDATE_RET( tag != NULL ); return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len, add, add_len, input, output, tag, tag_len ) ); @@ -339,9 +339,9 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, { CCM_VALIDATE_RET( ctx != NULL ); CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add != NULL ); - CCM_VALIDATE_RET( input != NULL ); - CCM_VALIDATE_RET( output != NULL ); + CCM_VALIDATE_RET( add_len == 0 || add != NULL ); + CCM_VALIDATE_RET( length == 0 || input != NULL ); + CCM_VALIDATE_RET( length == 0 || output != NULL ); CCM_VALIDATE_RET( tag != NULL ); if( tag_len == 0 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); @@ -366,9 +366,9 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, CCM_VALIDATE_RET( ctx != NULL ); CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add != NULL ); - CCM_VALIDATE_RET( input != NULL ); - CCM_VALIDATE_RET( output != NULL ); + CCM_VALIDATE_RET( add_len == 0 || add != NULL ); + CCM_VALIDATE_RET( length == 0 || input != NULL ); + CCM_VALIDATE_RET( length == 0 || output != NULL ); CCM_VALIDATE_RET( tag != NULL ); if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length, From f7125348019b60e1a98171a75137867a3810c1d2 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 11 Dec 2018 15:57:19 +0100 Subject: [PATCH 341/415] Add missing validation code in CCM --- library/ccm.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ccm.c b/library/ccm.c index 97eed7bd8..78d04b2e3 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -397,6 +397,13 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len ) { + CCM_VALIDATE_RET( ctx != NULL ); + CCM_VALIDATE_RET( iv != NULL ); + CCM_VALIDATE_RET( add_len == 0 || add != NULL ); + CCM_VALIDATE_RET( length == 0 || input != NULL ); + CCM_VALIDATE_RET( length == 0 || output != NULL ); + CCM_VALIDATE_RET( tag != NULL ); + if( tag_len == 0 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); From 12f0d5c66d36e855d44f0eee5685c524d6aef760 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 11 Dec 2018 16:25:08 +0100 Subject: [PATCH 342/415] Improve the constraints definition in the doxygen comments in CCM --- include/mbedtls/ccm.h | 99 ++++++++++++++++++++++++++++--------------- 1 file changed, 64 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 6210c1f8c..b2c57a4ae 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -92,7 +92,8 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); * \brief This function initializes the CCM context set in the * \p ctx parameter and sets the encryption key. * - * \param ctx The CCM context to initialize. Must not be \c NULL. + * \param ctx The CCM context to initialize. Must be an initialized + * context. * \param cipher The 128-bit block cipher to use. * \param key The encryption key. Must not be \c NULL. * \param keybits The key size in bits. This must be acceptable by the cipher. @@ -109,7 +110,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, * \brief This function releases and clears the specified CCM context * and underlying cipher sub-context. * - * \param ctx The CCM context to clear. + * \param ctx The CCM context to clear. Must be an initialized context. * * \note If ctx is \c NULL, the function has no effect. */ @@ -124,20 +125,27 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * \p tag = \p output + \p length, and make sure that the * output buffer is at least \p length + \p tag_len wide. * - * \param ctx The CCM context to use for encryption. Must not be \c NULL. + * \param ctx The CCM context to use for encryption. Must be an + * initialized context. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must not be \c NULL. + * \param iv Initialization vector (nonce). Must be a readable buffer of + * at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. Must not be \c NULL. + * \param add The additional data field. If \p add_len is greater than + * zero, \p add must be a readable buffer of at least that + * length. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. Must not be \c NULL. - * \param output The buffer holding the output data. - * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. Must not be - * \c NULL. + * \param input The buffer holding the input data. If \p length is greater + * than zero, \p input must be a readable buffer of at least + * that length. + * \param output The buffer holding the output data. If \p length is greater + * than zero, \p output must be a writable buffer of at least + * that length. + * \param tag The buffer holding the authentication field. Must be a + * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * @@ -163,20 +171,27 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * the tag length has to be encoded into the \p iv passed to * this function. * - * \param ctx The CCM context to use for encryption. Must not be \c NULL. + * \param ctx The CCM context to use for encryption. Must be an + * initialized context. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must not be \c NULL. + * \param iv Initialization vector (nonce). Must be a readable buffer of + * at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. Must not be \c NULL. + * \param add The additional data field. If \p add_len is greater than + * zero, \p add must be a readable buffer of at least that + * length. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. Must not be \c NULL. - * \param output The buffer holding the output data. - * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. Must not be - * NULL. + * \param input The buffer holding the input data. If \p length is greater + * than zero, \p input must be a readable buffer of at least + * that length. + * \param output The buffer holding the output data. If \p length is greater + * than zero, \p output must be a writable buffer of at least + * that length. + * \param tag The buffer holding the authentication field. Must be a + * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 0, 4, 6, 8, 10, 12, 14 or 16. * @@ -196,21 +211,28 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \brief This function performs a CCM authenticated decryption of a * buffer. * - * \param ctx The CCM context to use for decryption. Must not be \c NULL. + * \param ctx The CCM context to use for decryption. Must be an + * initialized context. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must not be \c NULL. + * \param iv Initialization vector (nonce). Must be a readable buffer of + * at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. Must not be \c NULL. + * \param add The additional data field. If \p add_len is greater than + * zero, \p add must be a readable buffer of at least that + * length. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. Must not be \c NULL. - * \param output The buffer holding the output data. - * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. Must not be - * NULL. - * \param tag_len The length of the authentication field in Bytes. + * \param input The buffer holding the input data. If \p length is greater + * than zero, \p input must be a readable buffer of at least + * that length. + * \param output The buffer holding the output data. If \p length is greater + * than zero, \p output must be a writable buffer of at least + * that length. + * \param tag The buffer holding the authentication field. Must be a + * readable buffer of at least \p tag_len Bytes. + * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * * \return \c 0 on success. This indicates that the message is authentic. @@ -232,20 +254,27 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * this function as \p tag_len. (\p tag needs to be adjusted * accordingly.) * - * \param ctx The CCM context to use for decryption. Must not be \c NULL. + * \param ctx The CCM context to use for decryption. Must be an + * initialized context. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must not be \c NULL. + * \param iv Initialization vector (nonce). Must be a readable buffer of + * at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. Must not be \c NULL. + * \param add The additional data field. If \p add_len is greater than + * zero, \p add must be a readable buffer of at least that + * length. * \param add_len The length of additional data in Bytes. * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. Must not be \c NULL. - * \param output The buffer holding the output data. - * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. Must not be - * NULL. + * \param input The buffer holding the input data. If \p length is greater + * than zero, \p input must be a readable buffer of at least + * that length. + * \param output The buffer holding the output data. If \p length is greater + * than zero, \p output must be a writable buffer of at least + * that length. + * \param tag The buffer holding the authentication field. Must be a + * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field in Bytes. * 0, 4, 6, 8, 10, 12, 14 or 16. * From 508bcd96db210954ef0bc05a373482ff795bcf9a Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 11 Dec 2018 16:52:26 +0100 Subject: [PATCH 343/415] Remove unneeded test for the CCM free function --- tests/suites/test_suite_ccm.function | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 95ebe43b5..188633918 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -525,9 +525,6 @@ void ccm_invalid_param( ) valid_buffer, valid_buffer, NULL, valid_len ) ); - /* mbedtls_ccm_free() */ - TEST_INVALID_PARAM( mbedtls_ccm_free( NULL ) ); - exit: mbedtls_ccm_free( &ctx ); return; From dd63359daee8a0db2aef0889dcd742b289817910 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 12 Dec 2018 15:26:49 +0100 Subject: [PATCH 344/415] Add tests for valid NULL in ccm_free() --- tests/suites/test_suite_ccm.data | 3 +++ tests/suites/test_suite_ccm.function | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index a4771b3fe..819b3b71f 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -4,6 +4,9 @@ mbedtls_ccm_self_test: CCM - Invalid parameters ccm_invalid_param: +CCM - Valid parameters +ccm_valid_param: + CCM init #1 AES-128: OK depends_on:MBEDTLS_AES_C mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0 diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 188633918..16f9f8e3b 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -530,3 +530,12 @@ exit: return; } /* END_CASE */ + +/* BEGIN_CASE */ +void ccm_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_ccm_free( NULL ) ); +exit: + return; +} +/* END_CASE */ From b92f9334e4a102a5e117c39e7900a98a3df9603a Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Thu, 13 Dec 2018 11:13:51 +0100 Subject: [PATCH 345/415] Doxygen comments improvement --- include/mbedtls/ccm.h | 61 ++++++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index b2c57a4ae..3f3a25ddf 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -84,7 +84,7 @@ mbedtls_ccm_context; * to make references valid, and prepare the context * for mbedtls_ccm_setkey() or mbedtls_ccm_free(). * - * \param ctx The CCM context to initialize. Must not be \c NULL. + * \param ctx The CCM context to initialize. This must not be \c NULL. */ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); @@ -92,10 +92,10 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); * \brief This function initializes the CCM context set in the * \p ctx parameter and sets the encryption key. * - * \param ctx The CCM context to initialize. Must be an initialized + * \param ctx The CCM context to initialize. This must be an initialized * context. * \param cipher The 128-bit block cipher to use. - * \param key The encryption key. Must not be \c NULL. + * \param key The encryption key. This must not be \c NULL. * \param keybits The key size in bits. This must be acceptable by the cipher. * * \return \c 0 on success. @@ -110,7 +110,8 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, * \brief This function releases and clears the specified CCM context * and underlying cipher sub-context. * - * \param ctx The CCM context to clear. Must be an initialized context. + * \param ctx The CCM context to clear. This must be an initialized + * context. * * \note If ctx is \c NULL, the function has no effect. */ @@ -125,26 +126,26 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * \p tag = \p output + \p length, and make sure that the * output buffer is at least \p length + \p tag_len wide. * - * \param ctx The CCM context to use for encryption. Must be an + * \param ctx The CCM context to use for encryption. This must be an * initialized context. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must be a readable buffer of - * at least \p iv_len Bytes. + * \param iv Initialization vector (nonce). This must be a readable + * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. * \param add The additional data field. If \p add_len is greater than * zero, \p add must be a readable buffer of at least that - * length. + * length. If `pad_len == 0`, this may be \c NULL. * \param add_len The length of additional data in Bytes. - * Must be less than 2^16 - 2^8. + * This must be less than 2^16 - 2^8. * \param input The buffer holding the input data. If \p length is greater * than zero, \p input must be a readable buffer of at least * that length. * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. Must be a + * \param tag The buffer holding the authentication field. This must be a * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. @@ -171,31 +172,31 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * the tag length has to be encoded into the \p iv passed to * this function. * - * \param ctx The CCM context to use for encryption. Must be an + * \param ctx The CCM context to use for encryption. This must be an * initialized context. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must be a readable buffer of - * at least \p iv_len Bytes. + * \param iv Initialization vector (nonce). This must be a readable + * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. * \param add The additional data field. If \p add_len is greater than * zero, \p add must be a readable buffer of at least that - * length. + * length. If `pad_len == 0`, this may be \c NULL. * \param add_len The length of additional data in Bytes. - * Must be less than 2^16 - 2^8. + * This must be less than 2^16 - 2^8. * \param input The buffer holding the input data. If \p length is greater * than zero, \p input must be a readable buffer of at least * that length. * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. Must be a + * \param tag The buffer holding the authentication field. This must be a * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 0, 4, 6, 8, 10, 12, 14 or 16. * - * \warning Passing 0 as \p tag_len means that the message is no + * \warning Passing \c 0 as \p tag_len means that the message is no * longer authenticated. * * \return \c 0 on success. @@ -211,26 +212,26 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \brief This function performs a CCM authenticated decryption of a * buffer. * - * \param ctx The CCM context to use for decryption. Must be an + * \param ctx The CCM context to use for decryption. This must be an * initialized context. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must be a readable buffer of - * at least \p iv_len Bytes. + * \param iv Initialization vector (nonce). This must be a readable + * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. * \param add The additional data field. If \p add_len is greater than * zero, \p add must be a readable buffer of at least that - * length. + * length. If `pad_len == 0`, this may be \c NULL. * \param add_len The length of additional data in Bytes. - * Must be less than 2^16 - 2^8. + * This must be less than 2^16 - 2^8. * \param input The buffer holding the input data. If \p length is greater * than zero, \p input must be a readable buffer of at least * that length. * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. Must be a + * \param tag The buffer holding the authentication field. This must be a * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. @@ -254,31 +255,31 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * this function as \p tag_len. (\p tag needs to be adjusted * accordingly.) * - * \param ctx The CCM context to use for decryption. Must be an + * \param ctx The CCM context to use for decryption. This must be an * initialized context. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). Must be a readable buffer of - * at least \p iv_len Bytes. + * \param iv Initialization vector (nonce). This must be a readable + * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. * \param add The additional data field. If \p add_len is greater than * zero, \p add must be a readable buffer of at least that - * length. + * length. If `pad_len == 0`, this may be \c NULL. * \param add_len The length of additional data in Bytes. - * Must be less than 2^16 - 2^8. + * This must be less than 2^16 - 2^8. * \param input The buffer holding the input data. If \p length is greater * than zero, \p input must be a readable buffer of at least * that length. * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. Must be a + * \param tag The buffer holding the authentication field. This must be a * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field in Bytes. * 0, 4, 6, 8, 10, 12, 14 or 16. * - * \warning Passing 0 as \p tag_len means that the message is no + * \warning Passing \c 0 as \p tag_len means that the message is nos * longer authenticated. * * \return \c 0 on success. From 270a125946e648fb4103f081e59e8e4b6c7f4801 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Thu, 13 Dec 2018 11:14:04 +0100 Subject: [PATCH 346/415] Add a change log entry --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 0ead78009..9f0bb400a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,7 @@ API Changes in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. * Deprecate the Blowfish error MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH in favour of a new generic error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. + * Add validation checks for input parameters to functions in the CCM module. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update From 373a660193f00a9954c907b51fd4c80163c8226f Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Thu, 13 Dec 2018 14:50:17 +0100 Subject: [PATCH 347/415] Fix a documentation typo --- include/mbedtls/ccm.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 3f3a25ddf..21ba098a7 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -136,7 +136,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * 15 - \p iv_len. * \param add The additional data field. If \p add_len is greater than * zero, \p add must be a readable buffer of at least that - * length. If `pad_len == 0`, this may be \c NULL. + * length. If `add_len == 0`, this may be \c NULL. * \param add_len The length of additional data in Bytes. * This must be less than 2^16 - 2^8. * \param input The buffer holding the input data. If \p length is greater @@ -182,7 +182,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * 15 - \p iv_len. * \param add The additional data field. If \p add_len is greater than * zero, \p add must be a readable buffer of at least that - * length. If `pad_len == 0`, this may be \c NULL. + * length. If `add_len == 0`, this may be \c NULL. * \param add_len The length of additional data in Bytes. * This must be less than 2^16 - 2^8. * \param input The buffer holding the input data. If \p length is greater @@ -222,7 +222,7 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * 15 - \p iv_len. * \param add The additional data field. If \p add_len is greater than * zero, \p add must be a readable buffer of at least that - * length. If `pad_len == 0`, this may be \c NULL. + * length. If `add_len == 0`, this may be \c NULL. * \param add_len The length of additional data in Bytes. * This must be less than 2^16 - 2^8. * \param input The buffer holding the input data. If \p length is greater @@ -265,7 +265,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * 15 - \p iv_len. * \param add The additional data field. If \p add_len is greater than * zero, \p add must be a readable buffer of at least that - * length. If `pad_len == 0`, this may be \c NULL. + * length. If `add_len == 0`, this may be \c NULL. * \param add_len The length of additional data in Bytes. * This must be less than 2^16 - 2^8. * \param input The buffer holding the input data. If \p length is greater From 9da5d7cd83c89d42b197f9f37667f164202fff4f Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Thu, 13 Dec 2018 17:19:48 +0100 Subject: [PATCH 348/415] Adjust mbedtls_ccm_free() documentation --- include/mbedtls/ccm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 21ba098a7..112da44f3 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -110,8 +110,8 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, * \brief This function releases and clears the specified CCM context * and underlying cipher sub-context. * - * \param ctx The CCM context to clear. This must be an initialized - * context. + * \param ctx The CCM context to clear. If this is \c NULL, the function + * has no effect. Otherwise, this must be initialized. * * \note If ctx is \c NULL, the function has no effect. */ From 6adb0574eacee6e7fa8612dc8ee20f9fd2fbceb7 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 18 Dec 2018 10:22:34 +0100 Subject: [PATCH 349/415] Improve details of CCM parameter validation and documentation --- include/mbedtls/ccm.h | 46 +++++++++++++++++++++++-------------------- library/ccm.c | 8 ++++---- 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 112da44f3..20730d891 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -126,10 +126,10 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * \p tag = \p output + \p length, and make sure that the * output buffer is at least \p length + \p tag_len wide. * - * \param ctx The CCM context to use for encryption. This must be an - * initialized context. + * \param ctx The CCM context to use for encryption. This must be + * initialized and bound to a key. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). This must be a readable + * \param iv The initialization vector (nonce). This must be a readable * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is @@ -138,15 +138,16 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * zero, \p add must be a readable buffer of at least that * length. If `add_len == 0`, this may be \c NULL. * \param add_len The length of additional data in Bytes. - * This must be less than 2^16 - 2^8. + * This must be less than `2^16 - 2^8`. * \param input The buffer holding the input data. If \p length is greater * than zero, \p input must be a readable buffer of at least * that length. * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. This must be a - * readable buffer of at least \p tag_len Bytes. + * \param tag The buffer holding the authentication field. If + * `tag_len > 0`, then this must be a readable buffer of at + * least \p tag_len Bytes. Otherwise, this may be \c NULL. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * @@ -172,10 +173,10 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * the tag length has to be encoded into the \p iv passed to * this function. * - * \param ctx The CCM context to use for encryption. This must be an - * initialized context. + * \param ctx The CCM context to use for encryption. This must be + * initialized and bound to a key. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). This must be a readable + * \param iv The initialization vector (nonce). This must be a readable * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is @@ -191,8 +192,9 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. This must be a - * readable buffer of at least \p tag_len Bytes. + * \param tag The buffer holding the authentication field. If + * `tag_len > 0`, then this must be a readable buffer of at + * least \p tag_len Bytes. Otherwise, this may be \c NULL. * \param tag_len The length of the authentication field to generate in Bytes: * 0, 4, 6, 8, 10, 12, 14 or 16. * @@ -212,10 +214,10 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \brief This function performs a CCM authenticated decryption of a * buffer. * - * \param ctx The CCM context to use for decryption. This must be an - * initialized context. + * \param ctx The CCM context to use for decryption. This must be + * initialized and bound to a key. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). This must be a readable + * \param iv The initialization vector (nonce). This must be a readable * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is @@ -231,8 +233,9 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. This must be a - * readable buffer of at least \p tag_len Bytes. + * \param tag The buffer holding the authentication field. If + * `tag_len > 0`, then this must be a readable buffer of at + * least \p tag_len Bytes. Otherwise, this may be \c NULL. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * @@ -255,10 +258,10 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * this function as \p tag_len. (\p tag needs to be adjusted * accordingly.) * - * \param ctx The CCM context to use for decryption. This must be an - * initialized context. + * \param ctx The CCM context to use for decryption. This must be + * initialized and bound to a key. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). This must be a readable + * \param iv The initialization vector (nonce). This must be a readable * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is @@ -274,8 +277,9 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. This must be a - * readable buffer of at least \p tag_len Bytes. + * \param tag The buffer holding the authentication field. If + * `tag_len > 0`, then this must be a readable buffer of at + * least \p tag_len Bytes. Otherwise, this may be \c NULL. * \param tag_len The length of the authentication field in Bytes. * 0, 4, 6, 8, 10, 12, 14 or 16. * diff --git a/library/ccm.c b/library/ccm.c index 78d04b2e3..01e58b043 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -326,7 +326,7 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, CCM_VALIDATE_RET( add_len == 0 || add != NULL ); CCM_VALIDATE_RET( length == 0 || input != NULL ); CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag != NULL ); + CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len, add, add_len, input, output, tag, tag_len ) ); } @@ -342,7 +342,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, CCM_VALIDATE_RET( add_len == 0 || add != NULL ); CCM_VALIDATE_RET( length == 0 || input != NULL ); CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag != NULL ); + CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); if( tag_len == 0 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); @@ -369,7 +369,7 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, CCM_VALIDATE_RET( add_len == 0 || add != NULL ); CCM_VALIDATE_RET( length == 0 || input != NULL ); CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag != NULL ); + CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length, iv, iv_len, add, add_len, @@ -402,7 +402,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, CCM_VALIDATE_RET( add_len == 0 || add != NULL ); CCM_VALIDATE_RET( length == 0 || input != NULL ); CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag != NULL ); + CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); if( tag_len == 0 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); From 247a782668a59d44f817163881bb259eeca5b459 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 19 Dec 2018 13:36:03 +0100 Subject: [PATCH 350/415] Increase strictness of NULL parameter validity in CCM's doxygen --- include/mbedtls/ccm.h | 39 +++++++++++++++------------------------ 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 20730d891..3f6b8f670 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -112,8 +112,6 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, * * \param ctx The CCM context to clear. If this is \c NULL, the function * has no effect. Otherwise, this must be initialized. - * - * \note If ctx is \c NULL, the function has no effect. */ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); @@ -136,7 +134,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * 15 - \p iv_len. * \param add The additional data field. If \p add_len is greater than * zero, \p add must be a readable buffer of at least that - * length. If `add_len == 0`, this may be \c NULL. + * length. * \param add_len The length of additional data in Bytes. * This must be less than `2^16 - 2^8`. * \param input The buffer holding the input data. If \p length is greater @@ -145,9 +143,8 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. If - * `tag_len > 0`, then this must be a readable buffer of at - * least \p tag_len Bytes. Otherwise, this may be \c NULL. + * \param tag The buffer holding the authentication field. This must be a + * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * @@ -181,9 +178,8 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. If \p add_len is greater than - * zero, \p add must be a readable buffer of at least that - * length. If `add_len == 0`, this may be \c NULL. + * \param add The additional data field. This must be a readable buffer of + * at least \p add_len Bytes. * \param add_len The length of additional data in Bytes. * This must be less than 2^16 - 2^8. * \param input The buffer holding the input data. If \p length is greater @@ -192,9 +188,8 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. If - * `tag_len > 0`, then this must be a readable buffer of at - * least \p tag_len Bytes. Otherwise, this may be \c NULL. + * \param tag The buffer holding the authentication field. This must be a + * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 0, 4, 6, 8, 10, 12, 14 or 16. * @@ -222,9 +217,8 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. If \p add_len is greater than - * zero, \p add must be a readable buffer of at least that - * length. If `add_len == 0`, this may be \c NULL. + * \param add The additional data field. This must be a readable buffer + * of at least that \p add_len Bytes.. * \param add_len The length of additional data in Bytes. * This must be less than 2^16 - 2^8. * \param input The buffer holding the input data. If \p length is greater @@ -233,9 +227,8 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. If - * `tag_len > 0`, then this must be a readable buffer of at - * least \p tag_len Bytes. Otherwise, this may be \c NULL. + * \param tag The buffer holding the authentication field. This must be a + * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * @@ -266,9 +259,8 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. If \p add_len is greater than - * zero, \p add must be a readable buffer of at least that - * length. If `add_len == 0`, this may be \c NULL. + * \param add The additional data field. This must be a readable buffer of + * at least that \p add_len Bytes. * \param add_len The length of additional data in Bytes. * This must be less than 2^16 - 2^8. * \param input The buffer holding the input data. If \p length is greater @@ -277,9 +269,8 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * \param output The buffer holding the output data. If \p length is greater * than zero, \p output must be a writable buffer of at least * that length. - * \param tag The buffer holding the authentication field. If - * `tag_len > 0`, then this must be a readable buffer of at - * least \p tag_len Bytes. Otherwise, this may be \c NULL. + * \param tag The buffer holding the authentication field. This must be a + * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field in Bytes. * 0, 4, 6, 8, 10, 12, 14 or 16. * From 73b79841b2f60e83119c47885d957f0fb45a65bd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Dec 2018 09:51:13 +0000 Subject: [PATCH 351/415] Remove parameter validation for deprecated function in ECDSA module --- tests/suites/test_suite_ecdsa.function | 27 -------------------------- 1 file changed, 27 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index d091a354d..22d92b6df 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -155,33 +155,6 @@ void ecdsa_invalid_param( ) rnd_std_rand, NULL, NULL ) ); -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_DEPRECATED_REMOVED) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_det( NULL, - buf, - sizeof( buf ), - buf, &slen, - valid_md ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_det( &ctx, - NULL, - sizeof( buf ), - buf, &slen, - valid_md ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_det( &ctx, - buf, - sizeof( buf ), - NULL, &slen, - valid_md ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_det( &ctx, - buf, - sizeof( buf ), - buf, NULL, - valid_md ) ); -#endif /* MBEDTLS_ECDSA_DETERMINISTIC && !MBEDTLS_DEPRECATED_REMOVED */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_read_signature( NULL, buf, sizeof( buf ), From b3c70230d23ae8dff73e552a7f6820ab8335ea12 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Dec 2018 10:18:05 +0000 Subject: [PATCH 352/415] Move SHA1_VALIDATE[_RET] outside of MBEDTLS_SHA1_ALT guard Somehow, mbedtls_sha1_ret() is defined even if MBEDTLS_SHA1_ALT is set, and it is using SHA1_VALIDATE_RET. The documentation should be enhanced to indicate that MBEDTLS_SHA1_ALT does _not_ replace the entire module, but only the core SHA-1 functions. --- library/sha1.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/sha1.c b/library/sha1.c index 8863ea385..e8d4096fb 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -46,6 +46,11 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ +#define SHA1_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA ) + +#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) + #if !defined(MBEDTLS_SHA1_ALT) /* @@ -71,11 +76,6 @@ } #endif -#define SHA1_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA ) - -#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) - void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) { SHA1_VALIDATE( ctx != NULL ); From c756049dc32d9845ec6b5c1f7b6b8b8467ce0b43 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Dec 2018 10:23:39 +0000 Subject: [PATCH 353/415] Move SHA512_VALIDATE[_RET] outside of MBEDTLS_SHA512_ALT guard Somehow, mbedtls_sha512_ret() is defined even if MBEDTLS_SHA512_ALT is set, and it is using SHA512_VALIDATE_RET. The documentation should be enhanced to indicate that MBEDTLS_SHA512_ALT does _not_ replace the entire module, but only the core SHA-512 functions. --- library/sha512.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/sha512.c b/library/sha512.c index e7b2c5093..941ecda76 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -55,6 +55,10 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ +#define SHA512_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA ) +#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) + #if !defined(MBEDTLS_SHA512_ALT) /* @@ -88,10 +92,6 @@ } #endif /* PUT_UINT64_BE */ -#define SHA512_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA ) -#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) - void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) { SHA512_VALIDATE( ctx != NULL ); From 2f6de42622988d80335c8c014a2d54a935e79e7d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Dec 2018 10:22:32 +0000 Subject: [PATCH 354/415] Move SHA256_VALIDATE[_RET] outside of MBEDTLS_SHA256_ALT guard Somehow, mbedtls_sha256_ret() is defined even if MBEDTLS_SHA256_ALT is set, and it is using SHA256_VALIDATE_RET. The documentation should be enhanced to indicate that MBEDTLS_SHA256_ALT does _not_ replace the entire module, but only the core SHA-256 functions. --- library/sha256.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 9967d52f6..8a540adfb 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -49,6 +49,10 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ +#define SHA256_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) +#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) + #if !defined(MBEDTLS_SHA256_ALT) /* @@ -74,10 +78,6 @@ do { \ } while( 0 ) #endif -#define SHA256_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) -#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) - void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { SHA256_VALIDATE( ctx != NULL ); From 01d4b76b7eb1c0f1d2a436de37541a933417bafc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Dec 2018 12:09:07 +0100 Subject: [PATCH 355/415] Remove faulty cipher_finish calls from nist_kw The calls to cipher_finish didn't actually do anything: - the cipher mode is always ECB - in that case cipher_finish() only sets *olen to zero, and returns either 0 or an error depending on whether there was pending data - olen is a local variable in the caller, so setting it to zero right before returning is not essential - the return value of cipher_finis() was not checked by the caller so that's not useful either - the cipher layer does not have ALT implementations so the behaviour described above is unconditional on ALT implementations (in particular, cipher_finish() can't be useful to hardware as (with ECB) it doesn't call any functions from lower-level modules that could release resources for example) Since the calls are causing issues with parameter validation, and were no serving any functional purpose, it's simpler to just remove them. --- library/nist_kw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/nist_kw.c b/library/nist_kw.c index 176af9fe0..317a2426a 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -311,7 +311,7 @@ cleanup: } mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 ); mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 ); - mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen ); + return( ret ); } @@ -528,7 +528,7 @@ cleanup: mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) ); mbedtls_platform_zeroize( &diff, sizeof( diff ) ); mbedtls_platform_zeroize( A, sizeof( A ) ); - mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen ); + return( ret ); } From d6027119bedf0583203947ae3bf714774af9b045 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Dec 2018 12:15:41 +0100 Subject: [PATCH 356/415] Fix dependencies on MBEDTLS_FS_IO --- tests/suites/test_suite_pk.function | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 8a09171e6..fac7e6143 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -200,7 +200,9 @@ void invalid_parameters( ) unsigned char *null_buf = NULL; unsigned char buf[1]; unsigned char *p = buf; +#if defined(MBEDTLS_FS_IO) char str[1] = {0}; +#endif mbedtls_pk_context pk; mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; void *options = buf; @@ -398,6 +400,7 @@ void invalid_parameters( ) mbedtls_pk_debug( NULL, NULL ) ); #if defined(MBEDTLS_PK_PARSE_C) +#if defined(MBEDTLS_FS_IO) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_load_file( NULL, &p, &len ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, @@ -405,7 +408,6 @@ void invalid_parameters( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_load_file( str, &p, NULL ) ); -#if defined(MBEDTLS_FS_IO) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_parse_keyfile( NULL, str, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, From 88ca3a244e1d9b0cb31f95d0d306b992a79a36af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Dec 2018 12:26:16 +0100 Subject: [PATCH 357/415] Avoid unused-variable warnings in some configurations --- tests/suites/test_suite_pk.function | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index fac7e6143..231a74d63 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -207,6 +207,9 @@ void invalid_parameters( ) mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; void *options = buf; + (void) null_buf; + (void) p; + mbedtls_pk_init( &pk ); TEST_INVALID_PARAM( mbedtls_pk_init( NULL ) ); From 743e3988dcf6c63403cfbdf3b824166542ccbb15 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Dec 2018 12:29:48 +0100 Subject: [PATCH 358/415] Avoid unused-variable warnings for str as well The exact guard is FS_IO && PK_PARSE_C. Just keep it simple. --- tests/suites/test_suite_pk.function | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 231a74d63..4e6ab172c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -200,15 +200,14 @@ void invalid_parameters( ) unsigned char *null_buf = NULL; unsigned char buf[1]; unsigned char *p = buf; -#if defined(MBEDTLS_FS_IO) char str[1] = {0}; -#endif mbedtls_pk_context pk; mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; void *options = buf; (void) null_buf; (void) p; + (void) str; mbedtls_pk_init( &pk ); From e046053ba1779ee0073fa70b4bd384e4e94ccdda Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 20 Dec 2018 16:17:02 +0000 Subject: [PATCH 359/415] Clarify ChangeLog old versions and param validations Clarified and made more coherent the parameter validation feature, it's scope and what has changed. Added version 2.14.1 to the history which was released on a branch. --- ChangeLog | 78 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 42 insertions(+), 36 deletions(-) diff --git a/ChangeLog b/ChangeLog index 582867eb3..c0e92c4e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,26 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.xx.x branch released xxxx-xx-xx -Security - * Fix timing variations and memory access variations in RSA PKCS#1 v1.5 - decryption that could lead to a Bleichenbacher-style padding oracle - attack. In TLS, this affects servers that accept ciphersuites based on - RSA decryption (i.e. ciphersuites whose name contains RSA but not - (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham - (University of Adelaide), Daniel Genkin (University of Michigan), - Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom - (University of Adelaide, Data61). The attack is described in more detail - in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608 - * In mbedtls_mpi_write_binary(), don't leak the exact size of the number - via branching and memory access patterns. An attacker who could submit - a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing - of the decryption and not its result could nonetheless decrypt RSA - plaintexts and forge RSA signatures. Other asymmetric algorithms may - have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham, - Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom. - * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG - modules. - Features * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables validation of parameters in the API. This allows detection of obvious misuses of the @@ -41,22 +21,19 @@ API Changes mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() * Extend ECDH interface to enable alternative implementations. - * Deprecate the ARIA error MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH - in favour of a new generic error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. - * Deprecate the CAMELLIA error MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH - in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. - * Deprecate the Blowfish error MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH - in favour of a new generic error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. - * Add validation checks for input parameters to functions in the CCM module. - * Add validation checks for input parameters to functions in the GCM module. - * Add validation checks for input parameters to functions in the SHA-1 - module. - * Add validation checks for input parameters to functions in the SHA-256 - module. - * Add validation checks for input parameters to functions in the SHA-512 - module. - * Add validation checks for input parameters to functions in the Cipher - module. + * Deprecate error codes of the form MBEDTLS_ERR_xxx_INVALID_KEY_LENGTH for + ARIA, CAMELLIA and Blowfish. These error codes will be replaced by + the more generic per-module error codes MBEDTLS_ERR_xxx_BAD_INPUT_DATA. + * Additional parameter validation checks have been added for the following + modules - AES, ARIA, Blowfish, CAMELLIA, CCM, GCM, DHM, ECP, ECDSA, ECDH, + ECJPAKE, SHA, Chacha20 and Poly1305, cipher, pk, RSA, and MPI. + Where modules have had parameter validation added, existing parameter + checks may have changed. Some modules, such as Chacha20 had existing + parameter validation whereas other modules had little. This has now been + changed so that the same level of validation is present in all modules, and + that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default + is off. That means that checks which were previously present by default + will no longer be. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update @@ -80,6 +57,35 @@ Bugfix * Clarify documentation of mbedtls_ssl_set_own_cert() regarding the absence of check for certificate/key matching. Reported by Attila Molnar, #507. += mbed TLS 2.14.1 branch released 2018-11-30 + +Security + * Fix timing variations and memory access variations in RSA PKCS#1 v1.5 + decryption that could lead to a Bleichenbacher-style padding oracle + attack. In TLS, this affects servers that accept ciphersuites based on + RSA decryption (i.e. ciphersuites whose name contains RSA but not + (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham + (University of Adelaide), Daniel Genkin (University of Michigan), + Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom + (University of Adelaide, Data61). The attack is described in more detail + in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608 + * In mbedtls_mpi_write_binary(), don't leak the exact size of the number + via branching and memory access patterns. An attacker who could submit + a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing + of the decryption and not its result could nonetheless decrypt RSA + plaintexts and forge RSA signatures. Other asymmetric algorithms may + have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham, + Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom. + * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG + modules. + +API Changes + * The new functions mbedtls_ctr_drbg_update_ret() and + mbedtls_hmac_drbg_update_ret() are similar to mbedtls_ctr_drbg_update() + and mbedtls_hmac_drbg_update() respectively, but the new functions + report errors whereas the old functions return void. We recommend that + applications use the new functions. + = mbed TLS 2.14.0 branch released 2018-11-19 Security From 6c164e754b7acb82c1535184c9c79fbd545a7080 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Dec 2018 10:51:51 +0000 Subject: [PATCH 360/415] Update the version of the library to 2.16.0 --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index c0e92c4e6..be28645d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.xx.x branch released xxxx-xx-xx += mbed TLS 2.16.0 branch released 2018-12-21 Features * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables validation diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 44280d252..ffc3cecbe 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.14.0 source code documentation + * @mainpage mbed TLS v2.16.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index fd22cdbc9..574db8d46 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.14.0" +PROJECT_NAME = "mbed TLS v2.16.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 492fde38a..56e7398a2 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 14 +#define MBEDTLS_VERSION_MINOR 16 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x020E0000 -#define MBEDTLS_VERSION_STRING "2.14.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.14.0" +#define MBEDTLS_VERSION_NUMBER 0x02100000 +#define MBEDTLS_VERSION_STRING "2.16.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index ea5136339..c33c1cd5b 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -159,15 +159,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.14.0 SOVERSION 3) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.0 SOVERSION 3) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.14.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.16.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.14.0 SOVERSION 12) + set_target_properties(mbedtls PROPERTIES VERSION 2.16.0 SOVERSION 12) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 3fe549ab7..62bb78212 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.14.0" +check_compiletime_version:"2.16.0" Check runtime library version -check_runtime_version:"2.14.0" +check_runtime_version:"2.16.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 983acb75f00165c79d1ecfb2f25f98718d90cfdb Mon Sep 17 00:00:00 2001 From: GuHaijun <243297288@qq.com> Date: Fri, 28 Dec 2018 11:11:10 +0800 Subject: [PATCH 361/415] Fix include file path --- include/mbedtls/cipher.h | 2 +- include/mbedtls/platform_util.h | 4 ++-- include/mbedtls/poly1305.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 922b6c32c..082a69174 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -36,7 +36,7 @@ #endif #include -#include "mbedtls/platform_util.h" +#include "platform_util.h" #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) #define MBEDTLS_CIPHER_MODE_AEAD diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index b0e72ad14..dba6d4598 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -26,14 +26,14 @@ #define MBEDTLS_PLATFORM_UTIL_H #if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" +#include "config.h" #else #include MBEDTLS_CONFIG_FILE #endif #include #if defined(MBEDTLS_HAVE_TIME_DATE) -#include "mbedtls/platform_time.h" +#include "platform_time.h" #include #endif /* MBEDTLS_HAVE_TIME_DATE */ diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index 05866a2da..f0ec44c96 100644 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -34,7 +34,7 @@ #define MBEDTLS_POLY1305_H #if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" +#include "config.h" #else #include MBEDTLS_CONFIG_FILE #endif From f7e742d3cec0a232e458037610a41e6202d26a5d Mon Sep 17 00:00:00 2001 From: GuHaijun <243297288@qq.com> Date: Fri, 28 Dec 2018 13:22:33 +0800 Subject: [PATCH 362/415] Update ChangeLog --- ChangeLog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index be28645d6..2dedd50c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.xx.x branch released xxxx-xx-xx + +Bugfix + * Fix for file not found, which was reporting in header files. + In header files at mbedlts/include folder, The include path has prefix + "mbedtls/" may cause the header file not be found in the case of + mbedtls as a dynamic/static library. + = mbed TLS 2.16.0 branch released 2018-12-21 Features From a306979ce120823574e1c4dd549d6f85d5618ff4 Mon Sep 17 00:00:00 2001 From: GuHaijun <243297288@qq.com> Date: Fri, 28 Dec 2018 14:06:29 +0800 Subject: [PATCH 363/415] Fix ChangeLog formate --- ChangeLog | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2dedd50c6..3fd66676e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,10 +3,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.xx.x branch released xxxx-xx-xx Bugfix - * Fix for file not found, which was reporting in header files. - In header files at mbedlts/include folder, The include path has prefix - "mbedtls/" may cause the header file not be found in the case of - mbedtls as a dynamic/static library. + * Fix for file not found, which was reporting in header files. + In header files at mbedlts/include folder, The include path has prefix + "mbedtls/" may cause the header file not be found in the case of + mbedtls as a dynamic/static library. = mbed TLS 2.16.0 branch released 2018-12-21 From f81f41a3b5852ec003b9d6fd54196e8df2cd8868 Mon Sep 17 00:00:00 2001 From: GuHaijun <243297288@qq.com> Date: Fri, 28 Dec 2018 18:28:18 +0800 Subject: [PATCH 364/415] Fix ChangeLog formate --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3fd66676e..f31137c14 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,11 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.xx.x branch released xxxx-xx-xx - + Bugfix * Fix for file not found, which was reporting in header files. - In header files at mbedlts/include folder, The include path has prefix - "mbedtls/" may cause the header file not be found in the case of + In header files at mbedlts/include folder, The include path has prefix + "mbedtls/" may cause the header file not be found in the case of mbedtls as a dynamic/static library. = mbed TLS 2.16.0 branch released 2018-12-21 From 0caddf770fa187938f14c11e1808169ba1093c9f Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 2 Jan 2019 10:58:25 +0200 Subject: [PATCH 365/415] Update the LTS branch list in the contributing doc 1. Remove the reference to `mbedtls-2.1` since it's End Of Life. 2. Add reference to `mbedtls-2.16` since it's a new LTS branch. --- CONTRIBUTING.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3433ed001..010dffc63 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -56,9 +56,9 @@ It would be highly appreciated if contributions are backported to LTS branches i Currently maintained LTS branches are: -1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1) +1. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7) -2. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7) +1. [mbedtls-2.16](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16) Tests From da1655a48e197230d7507881a74d1e38e54b8137 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 18 Oct 2017 14:21:44 +0100 Subject: [PATCH 366/415] Remove temporary stack-buffer from mbedtls_mpi_fill_random() Context: The function `mbedtls_mpi_fill_random()` uses a temporary stack buffer to hold the random data before reading it into the target MPI. Problem: This is inefficient both computationally and memory-wise. Memory-wise, it may lead to a stack overflow on constrained devices with limited stack. Fix: This commit introduces the following changes to get rid of the temporary stack buffer entirely: 1. It modifies the call to the PRNG to output the random data directly into the target MPI's data buffer. This alone, however, constitutes a change of observable behaviour: The previous implementation guaranteed to interpret the bytes emitted by the PRNG in a big-endian fashion, while rerouting the PRNG output into the target MPI's limb array leads to an interpretation that depends on the endianness of the host machine. As a remedy, the following change is applied, too: 2. Reorder the bytes emitted from the PRNG within the target MPI's data buffer to ensure big-endian semantics. Luckily, the byte reordering was already implemented as part of `mbedtls_mpi_read_binary()`, so: 3. Extract bigendian-to-host byte reordering from `mbedtls_mpi_read_binary()` to a separate internal function `mpi_bigendian_to_host()` to be used by `mbedtls_mpi_read_binary()` and `mbedtls_mpi_fill_random()`. --- library/bignum.c | 89 ++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 78 insertions(+), 11 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index f968a0ad7..d141a17e4 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -715,14 +715,70 @@ cleanup: } #endif /* MBEDTLS_FS_IO */ + +/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint + * into the storage form used by mbedtls_mpi. */ +static int mpi_bigendian_to_host( unsigned char * const buf, size_t size ) +{ + mbedtls_mpi_uint * const p = (mbedtls_mpi_uint *) buf; + size_t const limbs = size / ciL; + size_t i; + + unsigned char *cur_byte_left; + unsigned char *cur_byte_right; + + mbedtls_mpi_uint *cur_limb_left; + mbedtls_mpi_uint *cur_limb_right; + + mbedtls_mpi_uint tmp_left, tmp_right; + + if( size % ciL != 0 || limbs == 0 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + /* + * Traverse limbs and + * - adapt byte-order in each limb + * - swap the limbs themselves. + * For that, simultaneously traverse the limbs from left to right + * and from right to left, as long as the left index is not bigger + * than the right index (it's not a problem if limbs is odd and the + * indices coincide in the last iteration). + */ + + for( cur_limb_left = p, cur_limb_right = p + ( limbs - 1 ); + cur_limb_left <= cur_limb_right; + cur_limb_left++, cur_limb_right-- ) + { + cur_byte_left = (unsigned char*) cur_limb_left; + cur_byte_right = (unsigned char*) cur_limb_right; + + tmp_left = 0; + tmp_right = 0; + + for( i = 0; i < ciL; i++ ) + { + tmp_left |= ( (mbedtls_mpi_uint) *cur_byte_left++ ) + << ( ( ciL - 1 - i ) << 3 ); + tmp_right |= ( (mbedtls_mpi_uint) *cur_byte_right++ ) + << ( ( ciL - 1 - i ) << 3 ); + } + + *cur_limb_right = tmp_left; + *cur_limb_left = tmp_right; + } + + return( 0 ); +} + /* * Import X from unsigned binary data, big endian */ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) { int ret; - size_t i, j; - size_t const limbs = CHARS_TO_LIMBS( buflen ); + size_t const limbs = CHARS_TO_LIMBS( buflen ); + size_t const overhead = ( limbs * ciL ) - buflen; + unsigned char *Xp; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); @@ -734,11 +790,12 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t bu mbedtls_mpi_init( X ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) ); } - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - for( i = buflen, j = 0; i > 0; i--, j++ ) - X->p[j / ciL] |= ((mbedtls_mpi_uint) buf[i - 1]) << ((j % ciL) << 3); + Xp = (unsigned char*) X->p; + memcpy( Xp + overhead, buf, buflen ); + + MBEDTLS_MPI_CHK( mpi_bigendian_to_host( Xp, limbs * ciL ) ); cleanup: @@ -2008,18 +2065,28 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, void *p_rng ) { int ret; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; + size_t const limbs CHARS_TO_LIMBS( size ); + size_t const overhead = ( limbs * ciL ) - size; + unsigned char *Xp; + MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( f_rng != NULL ); - if( size > MBEDTLS_MPI_MAX_SIZE ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + /* Ensure that target MPI has exactly the necessary number of limbs */ + if( X->n != limbs ) + { + mbedtls_mpi_free( X ); + mbedtls_mpi_init( X ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) ); + } + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - MBEDTLS_MPI_CHK( f_rng( p_rng, buf, size ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) ); + Xp = (unsigned char*) X->p; + f_rng( p_rng, Xp + overhead, size ); + + MBEDTLS_MPI_CHK( mpi_bigendian_to_host( Xp, limbs * ciL ) ); cleanup: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } From 2be8a55f724489af502401ac6cac5e15ea0180ac Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Oct 2018 12:40:09 +0100 Subject: [PATCH 367/415] Change signature of mpi_bigendian_to_host() to reflect usage --- library/bignum.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index d141a17e4..402a3d5c1 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -718,10 +718,8 @@ cleanup: /* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint * into the storage form used by mbedtls_mpi. */ -static int mpi_bigendian_to_host( unsigned char * const buf, size_t size ) +static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) { - mbedtls_mpi_uint * const p = (mbedtls_mpi_uint *) buf; - size_t const limbs = size / ciL; size_t i; unsigned char *cur_byte_left; @@ -732,8 +730,8 @@ static int mpi_bigendian_to_host( unsigned char * const buf, size_t size ) mbedtls_mpi_uint tmp_left, tmp_right; - if( size % ciL != 0 || limbs == 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if( limbs == 0 ) + return; /* * Traverse limbs and @@ -767,7 +765,7 @@ static int mpi_bigendian_to_host( unsigned char * const buf, size_t size ) *cur_limb_left = tmp_right; } - return( 0 ); + return; } /* @@ -795,7 +793,7 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t bu Xp = (unsigned char*) X->p; memcpy( Xp + overhead, buf, buflen ); - MBEDTLS_MPI_CHK( mpi_bigendian_to_host( Xp, limbs * ciL ) ); + mpi_bigendian_to_host( X->p, limbs ); cleanup: @@ -2084,7 +2082,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, Xp = (unsigned char*) X->p; f_rng( p_rng, Xp + overhead, size ); - MBEDTLS_MPI_CHK( mpi_bigendian_to_host( Xp, limbs * ciL ) ); + mpi_bigendian_to_host( X->p, limbs ); cleanup: return( ret ); From 8116ef7c81e8258fd8530f6ee726f65304df2756 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Oct 2018 12:42:08 +0100 Subject: [PATCH 368/415] Adapt ChangeLog --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index be28645d6..33d4147db 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.xx.x branch released xxxx-xx-xx + +Bugfix + * Reduce the stack consumption of mbedtls_mpi_fill_random() which could + previously lead to a stack overflow on constrained targets. + = mbed TLS 2.16.0 branch released 2018-12-21 Features From f872007782fd166e2016fdbd0ba5d48232d55e35 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 8 Nov 2018 11:53:49 +0000 Subject: [PATCH 369/415] Optimize mpi_bigendian_to_host() for speed and size Use GCC / Clang builtins for byte swapping. --- library/bignum.c | 82 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 55 insertions(+), 27 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 402a3d5c1..c83f06d32 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -718,18 +718,59 @@ cleanup: /* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint * into the storage form used by mbedtls_mpi. */ + +static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c( mbedtls_mpi_uint x ) +{ + uint8_t i; + mbedtls_mpi_uint tmp = 0; + /* This works regardless of the endianness. */ + for( i = 0; i < ciL; i++, x >>= 8 ) + tmp |= ( x & 0xFF ) << ( ( ciL - 1 - i ) << 3 ); + return( tmp ); +} + +static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x ) +{ +#if defined(__BYTE_ORDER__) + +/* Nothing to do on bigendian systems. */ +#if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ ) + return( x ); +#endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */ + +#if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ) + +/* For GCC and Clang, have builtins for byte swapping. */ +#if( defined(__GNUC__) && __GNUC_PREREQ(4,3) ) +#define have_bswap +#elif defined(__clang__) && \ + defined(__has_builtin) && \ + __has_builtin(__builtin_bswap32) && \ + __has_builtin(__builtin_bswap64) +#define have_bswap +#endif +#if defined(have_bswap) + /* The compiler is hopefully able to statically evaluate this! */ + switch( sizeof(mbedtls_mpi_uint) ) + { + case 4: + return( __builtin_bswap32(x) ); + case 8: + return( __builtin_bswap64(x) ); + } +#endif +#endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */ +#endif /* __BYTE_ORDER__ */ + + /* Fall back to C-based reordering if we don't know the byte order + * or we couldn't use a compiler-specific builtin. */ + return( mpi_uint_bigendian_to_host_c( x ) ); +} + static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) { - size_t i; - - unsigned char *cur_byte_left; - unsigned char *cur_byte_right; - mbedtls_mpi_uint *cur_limb_left; mbedtls_mpi_uint *cur_limb_right; - - mbedtls_mpi_uint tmp_left, tmp_right; - if( limbs == 0 ) return; @@ -742,30 +783,17 @@ static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) * than the right index (it's not a problem if limbs is odd and the * indices coincide in the last iteration). */ - for( cur_limb_left = p, cur_limb_right = p + ( limbs - 1 ); cur_limb_left <= cur_limb_right; cur_limb_left++, cur_limb_right-- ) { - cur_byte_left = (unsigned char*) cur_limb_left; - cur_byte_right = (unsigned char*) cur_limb_right; - - tmp_left = 0; - tmp_right = 0; - - for( i = 0; i < ciL; i++ ) - { - tmp_left |= ( (mbedtls_mpi_uint) *cur_byte_left++ ) - << ( ( ciL - 1 - i ) << 3 ); - tmp_right |= ( (mbedtls_mpi_uint) *cur_byte_right++ ) - << ( ( ciL - 1 - i ) << 3 ); - } - - *cur_limb_right = tmp_left; - *cur_limb_left = tmp_right; + mbedtls_mpi_uint tmp; + /* Note that if cur_limb_left == cur_limb_right, + * this code effectively swaps the bytes only once. */ + tmp = mpi_uint_bigendian_to_host( *cur_limb_left ); + *cur_limb_left = mpi_uint_bigendian_to_host( *cur_limb_right ); + *cur_limb_right = tmp; } - - return; } /* From 5d91c0bbee6270c0c524afc111f265c198088105 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 2 Jan 2019 11:24:30 +0000 Subject: [PATCH 370/415] Add missing macro existence check in byte swapping code in bignum.c --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index c83f06d32..91c82323b 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -741,7 +741,7 @@ static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x ) #if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ) /* For GCC and Clang, have builtins for byte swapping. */ -#if( defined(__GNUC__) && __GNUC_PREREQ(4,3) ) +#if( defined(__GNUC__) && defined(__GNUC_PREREQ) && __GNUC_PREREQ(4,3) ) #define have_bswap #elif defined(__clang__) && \ defined(__has_builtin) && \ From 6dab6200c678386bdf8951f57b9b769d80810bb3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 2 Jan 2019 16:42:29 +0000 Subject: [PATCH 371/415] Fix typo after rebase --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 91c82323b..503ec537d 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2091,7 +2091,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, void *p_rng ) { int ret; - size_t const limbs CHARS_TO_LIMBS( size ); + size_t const limbs = CHARS_TO_LIMBS( size ); size_t const overhead = ( limbs * ciL ) - size; unsigned char *Xp; From 8f073121248d8af5f3b51c0a0f74fd81c3a14a34 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 15:58:47 +0100 Subject: [PATCH 372/415] Move the code into functions. No behavior change. Move almost all the code of this script into functions. There is no intended behavior change. The goal of this commit is to make subsequent improvements easier to follow. A very large number of lines have been reintended. To see what's going on, ignore whitespace differences (e.g. diff -w). I followed the following rules: * Minimize the amount of code that gets moved. * Don't change anything to what gets executed or displayed. * Almost all the code must end up in a function. * One function does one thing. For most of the code, that's from one "cleanup" to the next. * The test sequence functions (run_XXX) are independent. The change mostly amounts to putting chunks of code into a function and calling the functions in order. A few test runs are conditional; in those cases the conditional is around the function call. --- tests/scripts/all.sh | 1425 ++++++++++++++++++++++++------------------ 1 file changed, 819 insertions(+), 606 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 19baf5e8a..a2afab3a0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -55,6 +55,16 @@ # Notes for maintainers # --------------------- # +# The bulk of the code is organized into functions that follow one of the +# following naming conventions: +# * pre_XXX: things to do before running the tests, in order. +# * component_XXX: independent components. They can be run in any order. +# * component_check_XXX: quick tests that aren't worth parallelizing +# * component_build_XXX: build things but don't run them +# * component_test_XXX: build and test +# * post_XXX: things to do after running the tests. +# * other: miscellaneous support functions. +# # The tests are roughly in order from fastest to slowest. This doesn't # have to be exact, but in general you should add slower tests towards # the end and fast checks near the beginning. @@ -80,38 +90,42 @@ # Abort on errors (and uninitialised variables) set -eu -if [ "$( uname )" != "Linux" ]; then - echo "This script only works in Linux" >&2 - exit 1 -elif [ -d library -a -d include -a -d tests ]; then :; else - echo "Must be run from mbed TLS root" >&2 - exit 1 -fi +pre_check_environment () { + if [ "$( uname )" != "Linux" ]; then + echo "This script only works in Linux" >&2 + exit 1 + elif [ -d library -a -d include -a -d tests ]; then :; else + echo "Must be run from mbed TLS root" >&2 + exit 1 + fi +} -CONFIG_H='include/mbedtls/config.h' -CONFIG_BAK="$CONFIG_H.bak" +pre_initialize_variables () { + CONFIG_H='include/mbedtls/config.h' + CONFIG_BAK="$CONFIG_H.bak" -MEMORY=0 -FORCE=0 -KEEP_GOING=0 -RUN_ARMCC=1 + MEMORY=0 + FORCE=0 + KEEP_GOING=0 + RUN_ARMCC=1 -# Default commands, can be overriden by the environment -: ${OPENSSL:="openssl"} -: ${OPENSSL_LEGACY:="$OPENSSL"} -: ${OPENSSL_NEXT:="$OPENSSL"} -: ${GNUTLS_CLI:="gnutls-cli"} -: ${GNUTLS_SERV:="gnutls-serv"} -: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} -: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} -: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} -: ${ARMC5_BIN_DIR:=/usr/bin} -: ${ARMC6_BIN_DIR:=/usr/bin} + # Default commands, can be overriden by the environment + : ${OPENSSL:="openssl"} + : ${OPENSSL_LEGACY:="$OPENSSL"} + : ${OPENSSL_NEXT:="$OPENSSL"} + : ${GNUTLS_CLI:="gnutls-cli"} + : ${GNUTLS_SERV:="gnutls-serv"} + : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} + : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} + : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} + : ${ARMC5_BIN_DIR:=/usr/bin} + : ${ARMC6_BIN_DIR:=/usr/bin} -# if MAKEFLAGS is not set add the -j option to speed up invocations of make -if [ -n "${MAKEFLAGS+set}" ]; then - export MAKEFLAGS="-j" -fi + # if MAKEFLAGS is not set add the -j option to speed up invocations of make + if [ -n "${MAKEFLAGS+set}" ]; then + export MAKEFLAGS="-j" + fi +} usage() { @@ -197,17 +211,15 @@ msg() current_section=$1 } -if [ $RUN_ARMCC -ne 0 ]; then - armc6_build_test() - { - FLAGS="$1" +armc6_build_test() +{ + FLAGS="$1" - msg "build: ARM Compiler 6 ($FLAGS), make" - ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ - WARNING_CFLAGS='-xc -std=c99' make lib - make clean - } -fi + msg "build: ARM Compiler 6 ($FLAGS), make" + ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ + WARNING_CFLAGS='-xc -std=c99' make lib + make clean +} err_msg() { @@ -232,61 +244,64 @@ check_headers_in_cpp () { rm headers.txt } -while [ $# -gt 0 ]; do - case "$1" in - --armcc) RUN_ARMCC=1;; - --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; - --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; - --force|-f) FORCE=1;; - --gnutls-cli) shift; GNUTLS_CLI="$1";; - --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; - --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; - --gnutls-serv) shift; GNUTLS_SERV="$1";; - --help|-h) usage; exit;; - --keep-going|-k) KEEP_GOING=1;; - --memory|-m) MEMORY=1;; - --no-armcc) RUN_ARMCC=0;; - --no-force) FORCE=0;; - --no-keep-going) KEEP_GOING=0;; - --no-memory) MEMORY=0;; - --openssl) shift; OPENSSL="$1";; - --openssl-legacy) shift; OPENSSL_LEGACY="$1";; - --openssl-next) shift; OPENSSL_NEXT="$1";; - --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; - --random-seed) unset SEED;; - --release-test|-r) SEED=1;; - --seed|-s) shift; SEED="$1";; - *) - echo >&2 "Unknown option: $1" - echo >&2 "Run $0 --help for usage." - exit 120 - ;; - esac - shift -done +pre_parse_command_line () { + while [ $# -gt 0 ]; do + case "$1" in + --armcc) RUN_ARMCC=1;; + --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; + --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; + --force|-f) FORCE=1;; + --gnutls-cli) shift; GNUTLS_CLI="$1";; + --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; + --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; + --gnutls-serv) shift; GNUTLS_SERV="$1";; + --help|-h) usage; exit;; + --keep-going|-k) KEEP_GOING=1;; + --memory|-m) MEMORY=1;; + --no-armcc) RUN_ARMCC=0;; + --no-force) FORCE=0;; + --no-keep-going) KEEP_GOING=0;; + --no-memory) MEMORY=0;; + --openssl) shift; OPENSSL="$1";; + --openssl-legacy) shift; OPENSSL_LEGACY="$1";; + --openssl-next) shift; OPENSSL_NEXT="$1";; + --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; + --random-seed) unset SEED;; + --release-test|-r) SEED=1;; + --seed|-s) shift; SEED="$1";; + *) + echo >&2 "Unknown option: $1" + echo >&2 "Run $0 --help for usage." + exit 120 + ;; + esac + shift + done +} -if [ $FORCE -eq 1 ]; then - git checkout-index -f -q $CONFIG_H - cleanup -else +pre_check_git () { + if [ $FORCE -eq 1 ]; then + git checkout-index -f -q $CONFIG_H + cleanup + else - if [ -d "$OUT_OF_SOURCE_DIR" ]; then - echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 - echo "You can either delete this directory manually, or force the test by rerunning" - echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" - exit 1 + if [ -d "$OUT_OF_SOURCE_DIR" ]; then + echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 + echo "You can either delete this directory manually, or force the test by rerunning" + echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" + exit 1 + fi + + if ! git diff-files --quiet include/mbedtls/config.h; then + err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " + echo "You can either delete or preserve your work, or force the test by rerunning the" + echo "script as: $0 --force" + exit 1 + fi fi +} - if ! git diff-files --quiet include/mbedtls/config.h; then - err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " - echo "You can either delete or preserve your work, or force the test by rerunning the" - echo "script as: $0 --force" - exit 1 - fi -fi - -build_status=0 -if [ $KEEP_GOING -eq 1 ]; then +pre_setup_keep_going () { failure_summary= failure_count=0 start_red= @@ -340,11 +355,8 @@ $text" echo "Killed by SIG$1." fi } -else - record_status () { - "$@" - } -fi +} + if_build_succeeded () { if [ $build_status -eq 0 ]; then record_status "$@" @@ -357,45 +369,48 @@ not() { ! "$@" } -msg "info: $0 configuration" -echo "MEMORY: $MEMORY" -echo "FORCE: $FORCE" -echo "SEED: ${SEED-"UNSET"}" -echo "OPENSSL: $OPENSSL" -echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" -echo "OPENSSL_NEXT: $OPENSSL_NEXT" -echo "GNUTLS_CLI: $GNUTLS_CLI" -echo "GNUTLS_SERV: $GNUTLS_SERV" -echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" -echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" -echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" -echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" +pre_print_configuration () { + msg "info: $0 configuration" + echo "MEMORY: $MEMORY" + echo "FORCE: $FORCE" + echo "SEED: ${SEED-"UNSET"}" + echo "OPENSSL: $OPENSSL" + echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" + echo "OPENSSL_NEXT: $OPENSSL_NEXT" + echo "GNUTLS_CLI: $GNUTLS_CLI" + echo "GNUTLS_SERV: $GNUTLS_SERV" + echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" + echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" + echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" + echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" +} -ARMC5_CC="$ARMC5_BIN_DIR/armcc" -ARMC5_AR="$ARMC5_BIN_DIR/armar" -ARMC6_CC="$ARMC6_BIN_DIR/armclang" -ARMC6_AR="$ARMC6_BIN_DIR/armar" +pre_check_tools () { + ARMC5_CC="$ARMC5_BIN_DIR/armcc" + ARMC5_AR="$ARMC5_BIN_DIR/armar" + ARMC6_CC="$ARMC6_BIN_DIR/armclang" + ARMC6_AR="$ARMC6_BIN_DIR/armar" -# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh -# we just export the variables they require -export OPENSSL_CMD="$OPENSSL" -export GNUTLS_CLI="$GNUTLS_CLI" -export GNUTLS_SERV="$GNUTLS_SERV" + # To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh + # we just export the variables they require + export OPENSSL_CMD="$OPENSSL" + export GNUTLS_CLI="$GNUTLS_CLI" + export GNUTLS_SERV="$GNUTLS_SERV" -# Avoid passing --seed flag in every call to ssl-opt.sh -if [ -n "${SEED-}" ]; then - export SEED -fi - -# Make sure the tools we need are available. -check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ - "$GNUTLS_CLI" "$GNUTLS_SERV" \ - "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" -if [ $RUN_ARMCC -ne 0 ]; then - check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" -fi + # Avoid passing --seed flag in every call to ssl-opt.sh + if [ -n "${SEED-}" ]; then + export SEED + fi + # Make sure the tools we need are available. + check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ + "$GNUTLS_CLI" "$GNUTLS_SERV" \ + "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ + "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" + if [ $RUN_ARMCC -ne 0 ]; then + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" + fi +} ################################################################ @@ -413,32 +428,46 @@ fi # # Indicative running times are given for reference. -msg "info: output_env.sh" -OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ - GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ - GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \ - ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh +pre_print_tools () { + msg "info: output_env.sh" + OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ + GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ + GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \ + ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh +} -msg "test: recursion.pl" # < 1s -record_status tests/scripts/recursion.pl library/*.c +component_check_recursion () { + msg "test: recursion.pl" # < 1s + record_status tests/scripts/recursion.pl library/*.c +} -msg "test: freshness of generated source files" # < 1s -record_status tests/scripts/check-generated-files.sh +component_check_generated_files () { + msg "test: freshness of generated source files" # < 1s + record_status tests/scripts/check-generated-files.sh +} -msg "test: doxygen markup outside doxygen blocks" # < 1s -record_status tests/scripts/check-doxy-blocks.pl +component_check_doxy_blocks () { + msg "test: doxygen markup outside doxygen blocks" # < 1s + record_status tests/scripts/check-doxy-blocks.pl +} -msg "test: check-files.py" # < 1s -cleanup -record_status tests/scripts/check-files.py +component_check_files () { + msg "test: check-files.py" # < 1s + cleanup + record_status tests/scripts/check-files.py +} -msg "test/build: declared and exported names" # < 3s -cleanup -record_status tests/scripts/check-names.sh +component_check_names () { + msg "test/build: declared and exported names" # < 3s + cleanup + record_status tests/scripts/check-names.sh +} -msg "test: doxygen warnings" # ~ 3s -cleanup -record_status tests/scripts/doxygen.sh +component_check_doxygen_warnings () { + msg "test: doxygen warnings" # ~ 3s + cleanup + record_status tests/scripts/doxygen.sh +} @@ -446,319 +475,374 @@ record_status tests/scripts/doxygen.sh #### Build and test many configurations and targets ################################################################ -msg "build: cmake, gcc, ASan" # ~ 1 min 50s -cleanup -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_test_default_cmake_gcc_asan () { + msg "build: cmake, gcc, ASan" # ~ 1 min 50s + cleanup + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s -make test + msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s + make test -msg "test: ssl-opt.sh (ASan build)" # ~ 1 min -if_build_succeeded tests/ssl-opt.sh + msg "test: ssl-opt.sh (ASan build)" # ~ 1 min + if_build_succeeded tests/ssl-opt.sh -msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s -record_status tests/scripts/test-ref-configs.pl + msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s + record_status tests/scripts/test-ref-configs.pl -msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min -make + msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min + make -msg "test: compat.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/compat.sh + msg "test: compat.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/compat.sh +} -msg "build: Default + SSLv3 (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_test_sslv3 () { + msg "build: Default + SSLv3 (ASan build)" # ~ 6 min + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s -make test + msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s + make test -msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' -if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' + msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' -msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/ssl-opt.sh + msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/ssl-opt.sh +} -msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_test_no_renegotiation () { + msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s -make test + msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s + make test -msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/ssl-opt.sh + msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/ssl-opt.sh +} -msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_RSA_NO_CRT -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_test_rsa_no_crt () { + msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_RSA_NO_CRT + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s -make test + msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s + make test -msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s -if_build_succeeded tests/ssl-opt.sh -f RSA + msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s + if_build_succeeded tests/ssl-opt.sh -f RSA -msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min -if_build_succeeded tests/compat.sh -t RSA + msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min + if_build_succeeded tests/compat.sh -t RSA +} -msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 -scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_test_small_ssl_out_content_len () { + msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 + scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet" + msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet" +} -msg "build: small SSL_IN_CONTENT_LEN (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096 -scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_test_small_ssl_in_content_len () { + msg "build: small SSL_IN_CONTENT_LEN (ASan build)" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096 + scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment" + msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment" +} -msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_test_small_ssl_dtls_max_buffering () { + msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" -if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" + msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" + if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" +} -msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_test_small_mbedtls_ssl_dtls_max_buffering () { + msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" -if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" + msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" + if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" +} -msg "build: cmake, full config, clang" # ~ 50s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . -make +component_test_full_cmake_clang () { + msg "build: cmake, full config, clang" # ~ 50s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . + make -msg "test: main suites (full config)" # ~ 5s -make test + msg "test: main suites (full config)" # ~ 5s + make test -msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s -if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' + msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s + if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' -msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min -if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' + msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' -msg "test: compat.sh ARIA + ChachaPoly" -if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' + msg "test: compat.sh ARIA + ChachaPoly" + if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' +} -msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl set MBEDTLS_DEPRECATED_WARNING -# Build with -O -Wextra to catch a maximum of issues. -make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs -make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests +component_build_deprecated () { + msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl set MBEDTLS_DEPRECATED_WARNING + # Build with -O -Wextra to catch a maximum of issues. + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests -msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s -# No cleanup, just tweak the configuration and rebuild -make clean -scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING -scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED -# Build with -O -Wextra to catch a maximum of issues. -make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs -make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests + msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s + # No cleanup, just tweak the configuration and rebuild + make clean + scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING + scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED + # Build with -O -Wextra to catch a maximum of issues. + make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs + make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests +} -msg "test/build: curves.pl (gcc)" # ~ 4 min -cleanup -record_status tests/scripts/curves.pl -msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min -cleanup -record_status tests/scripts/depends-hashes.pl +component_test_depends_curves () { + msg "test/build: curves.pl (gcc)" # ~ 4 min + cleanup + record_status tests/scripts/curves.pl +} -msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min -cleanup -record_status tests/scripts/depends-pkalgs.pl +component_test_depends_hashes () { + msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min + cleanup + record_status tests/scripts/depends-hashes.pl +} -msg "test/build: key-exchanges (gcc)" # ~ 1 min -cleanup -record_status tests/scripts/key-exchanges.pl +component_test_depends_pkalgs () { + msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min + cleanup + record_status tests/scripts/depends-pkalgs.pl +} -msg "build: Unix make, -Os (gcc)" # ~ 30s -cleanup -make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' +component_build_key_exchanges () { + msg "test/build: key-exchanges (gcc)" # ~ 1 min + cleanup + record_status tests/scripts/key-exchanges.pl +} -msg "test: verify header list in cpp_dummy_build.cpp" -record_status check_headers_in_cpp +component_build_default_make_gcc_and_cxx () { + msg "build: Unix make, -Os (gcc)" # ~ 30s + cleanup + make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' -msg "build: Unix make, incremental g++" -make TEST_CPP=1 + msg "test: verify header list in cpp_dummy_build.cpp" + record_status check_headers_in_cpp -# Full configuration build, without platform support, file IO and net sockets. -# This should catch missing mbedtls_printf definitions, and by disabling file -# IO, it should catch missing '#include ' -msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_PLATFORM_C -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY -scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C -scripts/config.pl unset MBEDTLS_FS_IO -# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, -# to re-enable platform integration features otherwise disabled in C99 builds -make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' test + msg "build: Unix make, incremental g++" + make TEST_CPP=1 +} -# catch compile bugs in _uninit functions -msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +component_test_no_platform () { + # Full configuration build, without platform support, file IO and net sockets. + # This should catch missing mbedtls_printf definitions, and by disabling file + # IO, it should catch missing '#include ' + msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_PLATFORM_C + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY + scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl unset MBEDTLS_FS_IO + # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, + # to re-enable platform integration features otherwise disabled in C99 builds + make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' test +} -msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_SSL_SRV_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +component_build_no_std_function () { + # catch compile bugs in _uninit functions + msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +} -msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_SSL_CLI_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +component_build_no_ssl_srv () { + msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_SSL_SRV_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +} -# Note, C99 compliance can also be tested with the sockets support disabled, -# as that requires a POSIX platform (which isn't the same as C99). -msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib +component_build_no_ssl_cli () { + msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_SSL_CLI_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +} -# Run max fragment length tests with MFL disabled -msg "build: default config except MFL extension (ASan build)" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_build_no_sockets () { + # Note, C99 compliance can also be tested with the sockets support disabled, + # as that requires a POSIX platform (which isn't the same as C99). + msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib +} -msg "test: ssl-opt.sh, MFL-related tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment length" +component_test_no_max_fragment_length () { + # Run max fragment length tests with MFL disabled + msg "build: default config except MFL extension (ASan build)" # ~ 30s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 -scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make + msg "test: ssl-opt.sh, MFL-related tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment length" +} -msg "test: MFL tests (disabled MFL extension case) & large packet tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer" +component_test_no_max_fragment_length_small_ssl_out_content_len () { + msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 + scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY -scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -scripts/config.pl set MBEDTLS_ENTROPY_C -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT -scripts/config.pl unset MBEDTLS_HAVEGE_C -CC=gcc cmake -D UNSAFE_BUILD=ON -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . -make + msg "test: MFL tests (disabled MFL extension case) & large packet tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer" +} -msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" -make test +component_test_null_entropy () { + msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY + scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + scripts/config.pl set MBEDTLS_ENTROPY_C + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT + scripts/config.pl unset MBEDTLS_HAVEGE_C + CC=gcc cmake -D UNSAFE_BUILD=ON -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . + make -msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_PLATFORM_MEMORY -scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc -scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make + msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" + make test +} -msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" -make test +component_test_platform_calloc_macro () { + msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_PLATFORM_MEMORY + scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc + scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "build: default config with AES_FEWER_TABLES enabled" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_AES_FEWER_TABLES -make CC=gcc CFLAGS='-Werror -Wall -Wextra' + msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" + make test +} -msg "test: AES_FEWER_TABLES" -make test +component_test_aes_fewer_tables () { + msg "build: default config with AES_FEWER_TABLES enabled" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_AES_FEWER_TABLES + make CC=gcc CFLAGS='-Werror -Wall -Wextra' -msg "build: default config with AES_ROM_TABLES enabled" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_AES_ROM_TABLES -make CC=gcc CFLAGS='-Werror -Wall -Wextra' + msg "test: AES_FEWER_TABLES" + make test +} -msg "test: AES_ROM_TABLES" -make test +component_test_aes_rom_tables () { + msg "build: default config with AES_ROM_TABLES enabled" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_AES_ROM_TABLES + make CC=gcc CFLAGS='-Werror -Wall -Wextra' -msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_AES_FEWER_TABLES -scripts/config.pl set MBEDTLS_AES_ROM_TABLES -make CC=gcc CFLAGS='-Werror -Wall -Wextra' + msg "test: AES_ROM_TABLES" + make test +} -msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" -make test +component_test_aes_fewer_tables_and_rom_tables () { + msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_AES_FEWER_TABLES + scripts/config.pl set MBEDTLS_AES_ROM_TABLES + make CC=gcc CFLAGS='-Werror -Wall -Wextra' -if uname -a | grep -F Linux >/dev/null; then + msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" + make test +} + +component_test_make_shared () { msg "build/test: make shared" # ~ 40s cleanup make SHARED=1 all check -fi +} -if uname -a | grep -F x86_64 >/dev/null; then +component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s cleanup @@ -768,7 +852,9 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "test: i386, make, gcc -O0 (ASan build)" make test +} +component_test_m32_o1 () { # Build again with -O1, to compile in the i386 specific inline assembly msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s cleanup @@ -778,7 +864,9 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "test: i386, make, gcc -O1 (ASan build)" make test +} +component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -787,187 +875,204 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "test: 64-bit ILP32, make, gcc" make test -fi # x86_64 +} -msg "build: gcc, force 32-bit bignum limbs" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' +component_test_have_int32 () { + msg "build: gcc, force 32-bit bignum limbs" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' -msg "test: gcc, force 32-bit bignum limbs" -make test + msg "test: gcc, force 32-bit bignum limbs" + make test +} -msg "build: gcc, force 64-bit bignum limbs" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' +component_test_have_int64 () { + msg "build: gcc, force 64-bit bignum limbs" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' -msg "test: gcc, force 64-bit bignum limbs" -make test + msg "test: gcc, force 64-bit bignum limbs" + make test +} +component_test_no_udbl_division () { + msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION + make CFLAGS='-Werror -O1' -msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION -make CFLAGS='-Werror -O1' + msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s + make test +} -msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s -make test +component_test_no_64bit_multiplication () { + msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION + make CFLAGS='-Werror -O1' + msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s + make test +} -msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION -make CFLAGS='-Werror -O1' +component_build_arm_none_eabi_gcc () { + msg "build: arm-none-eabi-gcc, make" # ~ 10s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib +} -msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s -make test +component_build_arm_none_eabi_gcc_no_udbl_division () { + msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION + make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + echo "Checking that software 64-bit division is not required" + if_build_succeeded not grep __aeabi_uldiv library/*.o +} +component_build_arm_none_eabi_gcc_no_64bit_multiplication () { + msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION + make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib + echo "Checking that software 64-bit multiplication is not required" + if_build_succeeded not grep __aeabi_lmul library/*.o +} -msg "build: arm-none-eabi-gcc, make" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib +component_build_armcc () { + msg "build: ARM Compiler 5, make" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_HAVE_TIME + scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME -msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION -make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib -echo "Checking that software 64-bit division is not required" -if_build_succeeded not grep __aeabi_uldiv library/*.o + if [ $RUN_ARMCC -ne 0 ]; then + make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib + make clean -msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION -make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib -echo "Checking that software 64-bit multiplication is not required" -if_build_succeeded not grep __aeabi_lmul library/*.o + # ARM Compiler 6 - Target ARMv7-A + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" -msg "build: ARM Compiler 5, make" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl unset MBEDTLS_HAVE_TIME -scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME + # ARM Compiler 6 - Target ARMv7-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" -if [ $RUN_ARMCC -ne 0 ]; then - make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib - make clean + # ARM Compiler 6 - Target ARMv8-A - AArch32 + armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" - # ARM Compiler 6 - Target ARMv7-A - armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + # ARM Compiler 6 - Target ARMv8-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" - # ARM Compiler 6 - Target ARMv7-M - armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + # ARM Compiler 6 - Target ARMv8-A - AArch64 + armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" + fi +} - # ARM Compiler 6 - Target ARMv8-A - AArch32 - armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" +component_test_allow_sha1 () { + msg "build: allow SHA1 in certificates by default" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES + make CFLAGS='-Werror -Wall -Wextra' + msg "test: allow SHA1 in certificates by default" + make test + if_build_succeeded tests/ssl-opt.sh -f SHA-1 +} - # ARM Compiler 6 - Target ARMv8-M - armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" +component_test_rsa_no_crt () { + msg "build: Default + MBEDTLS_RSA_NO_CRT (ASan build)" # ~ 6 min + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl set MBEDTLS_RSA_NO_CRT + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make - # ARM Compiler 6 - Target ARMv8-A - AArch64 - armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" -fi + msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" + make test +} -msg "build: allow SHA1 in certificates by default" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES -make CFLAGS='-Werror -Wall -Wextra' -msg "test: allow SHA1 in certificates by default" -make test -if_build_succeeded tests/ssl-opt.sh -f SHA-1 +component_build_mingw () { + msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s + cleanup + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs -msg "build: Default + MBEDTLS_RSA_NO_CRT (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_RSA_NO_CRT -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make + # note Make tests only builds the tests, but doesn't run them + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests + make WINDOWS_BUILD=1 clean -msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" -make test - -msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s -cleanup -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs - -# note Make tests only builds the tests, but doesn't run them -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests -make WINDOWS_BUILD=1 clean - -msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests -make WINDOWS_BUILD=1 clean - -# MemSan currently only available on Linux 64 bits -if uname -a | grep 'Linux.*x86_64' >/dev/null; then + msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests + make WINDOWS_BUILD=1 clean +} +component_test_memsan () { msg "build: MSan (clang)" # ~ 1 min 20s cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -987,9 +1092,9 @@ if uname -a | grep 'Linux.*x86_64' >/dev/null; then msg "test: compat.sh (MSan)" # ~ 6 min 20s if_build_succeeded tests/compat.sh fi +} -else # no MemSan - +component_test_memcheck () { msg "build: Release (clang)" cleanup CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . @@ -1011,63 +1116,171 @@ else # no MemSan msg "test: compat.sh --memcheck (Release)" if_build_succeeded tests/compat.sh --memcheck fi +} -fi # MemSan +component_test_cmake_out_of_source () { + msg "build: cmake 'out-of-source' build" + cleanup + MBEDTLS_ROOT_DIR="$PWD" + mkdir "$OUT_OF_SOURCE_DIR" + cd "$OUT_OF_SOURCE_DIR" + cmake "$MBEDTLS_ROOT_DIR" + make -msg "build: cmake 'out-of-source' build" -cleanup -MBEDTLS_ROOT_DIR="$PWD" -mkdir "$OUT_OF_SOURCE_DIR" -cd "$OUT_OF_SOURCE_DIR" -cmake "$MBEDTLS_ROOT_DIR" -make + msg "test: cmake 'out-of-source' build" + make test + # Test an SSL option that requires an auxiliary script in test/scripts/. + # Also ensure that there are no error messages such as + # "No such file or directory", which would indicate that some required + # file is missing (ssl-opt.sh tolerates the absence of some files so + # may exit with status 0 but emit errors). + if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err + if [ -s ssl-opt.err ]; then + cat ssl-opt.err >&2 + record_status [ ! -s ssl-opt.err ] + rm ssl-opt.err + fi + cd "$MBEDTLS_ROOT_DIR" + rm -rf "$OUT_OF_SOURCE_DIR" + unset MBEDTLS_ROOT_DIR +} -msg "test: cmake 'out-of-source' build" -make test -# Test an SSL option that requires an auxiliary script in test/scripts/. -# Also ensure that there are no error messages such as -# "No such file or directory", which would indicate that some required -# file is missing (ssl-opt.sh tolerates the absence of some files so -# may exit with status 0 but emit errors). -if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err -if [ -s ssl-opt.err ]; then - cat ssl-opt.err >&2 - record_status [ ! -s ssl-opt.err ] - rm ssl-opt.err -fi -cd "$MBEDTLS_ROOT_DIR" -rm -rf "$OUT_OF_SOURCE_DIR" -unset MBEDTLS_ROOT_DIR - -# Test that the function mbedtls_platform_zeroize() is not optimized away by -# different combinations of compilers and optimization flags by using an -# auxiliary GDB script. Unfortunately, GDB does not return error values to the -# system in all cases that the script fails, so we must manually search the -# output to check whether the pass string is present and no failure strings -# were printed. -for optimization_flag in -O2 -O3 -Ofast -Os; do - for compiler in clang gcc; do - msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" - cleanup - make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log - if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log - if_build_succeeded not grep -i "error" test_zeroize.log - rm -f test_zeroize.log +component_test_zeroize () { + # Test that the function mbedtls_platform_zeroize() is not optimized away by + # different combinations of compilers and optimization flags by using an + # auxiliary GDB script. Unfortunately, GDB does not return error values to the + # system in all cases that the script fails, so we must manually search the + # output to check whether the pass string is present and no failure strings + # were printed. + for optimization_flag in -O2 -O3 -Ofast -Os; do + for compiler in clang gcc; do + msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" + cleanup + make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" + if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log + if_build_succeeded not grep -i "error" test_zeroize.log + rm -f test_zeroize.log + done done -done +} -msg "Lint: Python scripts" -record_status tests/scripts/check-python-files.sh +component_check_python_files () { + msg "Lint: Python scripts" + record_status tests/scripts/check-python-files.sh +} -msg "uint test: generate_test_code.py" -record_status ./tests/scripts/test_generate_test_code.py +component_check_generate_test_code () { + msg "uint test: generate_test_code.py" + record_status ./tests/scripts/test_generate_test_code.py +} ################################################################ #### Termination ################################################################ -msg "Done, cleaning up" -cleanup +post_report () { + msg "Done, cleaning up" + cleanup -final_report + final_report +} + + + +################################################################ +#### Run all the things +################################################################ + +# Run one component. Currently trivial. +run_component () { + "$@" +} + +# Preliminary setup +pre_check_environment +pre_initialize_variables +pre_parse_command_line "$@" +pre_check_git +build_status=0 +if [ $KEEP_GOING -eq 1 ]; then + pre_setup_keep_going +else + record_status () { + "$@" + } +fi +pre_print_configuration +pre_check_tools +pre_print_tools + +# Small things +run_component component_check_recursion +run_component component_check_generated_files +run_component component_check_doxy_blocks +run_component component_check_files +run_component component_check_names +run_component component_check_doxygen_warnings + +# Test many different configurations +run_component component_test_default_cmake_gcc_asan +run_component component_test_sslv3 +run_component component_test_no_renegotiation +run_component component_test_rsa_no_crt +run_component component_test_small_ssl_out_content_len +run_component component_test_small_ssl_in_content_len +run_component component_test_small_ssl_dtls_max_buffering +run_component component_test_small_mbedtls_ssl_dtls_max_buffering +run_component component_test_full_cmake_clang +run_component component_build_deprecated +run_component component_test_depends_curves +run_component component_test_depends_hashes +run_component component_test_depends_pkalgs +run_component component_build_key_exchanges +run_component component_build_default_make_gcc_and_cxx +run_component component_test_no_platform +run_component component_build_no_std_function +run_component component_build_no_ssl_srv +run_component component_build_no_ssl_cli +run_component component_build_no_sockets +run_component component_test_no_max_fragment_length +run_component component_test_no_max_fragment_length_small_ssl_out_content_len +run_component component_test_null_entropy +run_component component_test_platform_calloc_macro +run_component component_test_aes_fewer_tables +run_component component_test_aes_rom_tables +run_component component_test_aes_fewer_tables_and_rom_tables +if uname -a | grep -F Linux >/dev/null; then + run_component component_test_make_shared +fi +if uname -a | grep -F x86_64 >/dev/null; then + run_component component_test_m32_o0 + run_component component_test_m32_o1 + run_component component_test_mx32 +fi +run_component component_test_have_int32 +run_component component_test_have_int64 +run_component component_test_no_udbl_division +run_component component_test_no_64bit_multiplication +run_component component_build_arm_none_eabi_gcc +run_component component_build_arm_none_eabi_gcc_no_udbl_division +run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication +run_component component_build_armcc +run_component component_test_allow_sha1 +run_component component_test_rsa_no_crt +run_component component_build_mingw +# MemSan currently only available on Linux 64 bits +if uname -a | grep 'Linux.*x86_64' >/dev/null; then + run_component component_test_memsan +else # no MemSan + run_component component_test_memcheck +fi +run_component component_test_cmake_out_of_source + +# More small things +run_component component_test_zeroize +run_component component_check_python_files +run_component component_check_generate_test_code + +# We're done. +post_report From 9f8f92ca9b1cd65fab0f78e0b164bb703ab7b873 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 15:59:31 +0100 Subject: [PATCH 373/415] Remove duplicate component for RSA_NO_CRT --- tests/scripts/all.sh | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a2afab3a0..a521c74b1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1045,18 +1045,6 @@ component_test_allow_sha1 () { if_build_succeeded tests/ssl-opt.sh -f SHA-1 } -component_test_rsa_no_crt () { - msg "build: Default + MBEDTLS_RSA_NO_CRT (ASan build)" # ~ 6 min - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" - scripts/config.pl set MBEDTLS_RSA_NO_CRT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" - make test -} - component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup @@ -1267,7 +1255,6 @@ run_component component_build_arm_none_eabi_gcc_no_udbl_division run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication run_component component_build_armcc run_component component_test_allow_sha1 -run_component component_test_rsa_no_crt run_component component_build_mingw # MemSan currently only available on Linux 64 bits if uname -a | grep 'Linux.*x86_64' >/dev/null; then From e48351a33f4fd129694bd2cc87d7a6b617265d82 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 16:06:30 +0100 Subject: [PATCH 374/415] Move cleanup into the common wrapper function Call cleanup from run_component instead of calling it from each individual component function. Clean up after each component rather than before. With the new structure it makes more sense for each component to leave the place clean. Run cleanup once at the beginning to start from a clean slate. --- tests/scripts/all.sh | 53 ++++---------------------------------------- 1 file changed, 4 insertions(+), 49 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a521c74b1..1b33c65be 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -453,19 +453,16 @@ component_check_doxy_blocks () { component_check_files () { msg "test: check-files.py" # < 1s - cleanup record_status tests/scripts/check-files.py } component_check_names () { msg "test/build: declared and exported names" # < 3s - cleanup record_status tests/scripts/check-names.sh } component_check_doxygen_warnings () { msg "test: doxygen warnings" # ~ 3s - cleanup record_status tests/scripts/doxygen.sh } @@ -477,7 +474,6 @@ component_check_doxygen_warnings () { component_test_default_cmake_gcc_asan () { msg "build: cmake, gcc, ASan" # ~ 1 min 50s - cleanup CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -499,7 +495,6 @@ component_test_default_cmake_gcc_asan () { component_test_sslv3 () { msg "build: Default + SSLv3 (ASan build)" # ~ 6 min - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -518,7 +513,6 @@ component_test_sslv3 () { component_test_no_renegotiation () { msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -533,7 +527,6 @@ component_test_no_renegotiation () { component_test_rsa_no_crt () { msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_RSA_NO_CRT CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -551,7 +544,6 @@ component_test_rsa_no_crt () { component_test_small_ssl_out_content_len () { msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 @@ -564,7 +556,6 @@ component_test_small_ssl_out_content_len () { component_test_small_ssl_in_content_len () { msg "build: small SSL_IN_CONTENT_LEN (ASan build)" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096 scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 @@ -577,7 +568,6 @@ component_test_small_ssl_in_content_len () { component_test_small_ssl_dtls_max_buffering () { msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -589,7 +579,6 @@ component_test_small_ssl_dtls_max_buffering () { component_test_small_mbedtls_ssl_dtls_max_buffering () { msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -601,7 +590,6 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { component_test_full_cmake_clang () { msg "build: cmake, full config, clang" # ~ 50s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests @@ -623,7 +611,6 @@ component_test_full_cmake_clang () { component_build_deprecated () { msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_DEPRECATED_WARNING @@ -644,31 +631,26 @@ component_build_deprecated () { component_test_depends_curves () { msg "test/build: curves.pl (gcc)" # ~ 4 min - cleanup record_status tests/scripts/curves.pl } component_test_depends_hashes () { msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min - cleanup record_status tests/scripts/depends-hashes.pl } component_test_depends_pkalgs () { msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min - cleanup record_status tests/scripts/depends-pkalgs.pl } component_build_key_exchanges () { msg "test/build: key-exchanges (gcc)" # ~ 1 min - cleanup record_status tests/scripts/key-exchanges.pl } component_build_default_make_gcc_and_cxx () { msg "build: Unix make, -Os (gcc)" # ~ 30s - cleanup make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' msg "test: verify header list in cpp_dummy_build.cpp" @@ -683,7 +665,6 @@ component_test_no_platform () { # This should catch missing mbedtls_printf definitions, and by disabling file # IO, it should catch missing '#include ' msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_PLATFORM_C @@ -706,7 +687,6 @@ component_test_no_platform () { component_build_no_std_function () { # catch compile bugs in _uninit functions msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS @@ -716,7 +696,6 @@ component_build_no_std_function () { component_build_no_ssl_srv () { msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_SRV_C @@ -725,7 +704,6 @@ component_build_no_ssl_srv () { component_build_no_ssl_cli () { msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C @@ -736,7 +714,6 @@ component_build_no_sockets () { # Note, C99 compliance can also be tested with the sockets support disabled, # as that requires a POSIX platform (which isn't the same as C99). msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. @@ -747,7 +724,6 @@ component_build_no_sockets () { component_test_no_max_fragment_length () { # Run max fragment length tests with MFL disabled msg "build: default config except MFL extension (ASan build)" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -759,7 +735,6 @@ component_test_no_max_fragment_length () { component_test_no_max_fragment_length_small_ssl_out_content_len () { msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 @@ -773,7 +748,6 @@ component_test_no_max_fragment_length_small_ssl_out_content_len () { component_test_null_entropy () { msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES @@ -790,7 +764,6 @@ component_test_null_entropy () { component_test_platform_calloc_macro () { msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_PLATFORM_MEMORY scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc @@ -804,7 +777,6 @@ component_test_platform_calloc_macro () { component_test_aes_fewer_tables () { msg "build: default config with AES_FEWER_TABLES enabled" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES make CC=gcc CFLAGS='-Werror -Wall -Wextra' @@ -815,7 +787,6 @@ component_test_aes_fewer_tables () { component_test_aes_rom_tables () { msg "build: default config with AES_ROM_TABLES enabled" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_ROM_TABLES make CC=gcc CFLAGS='-Werror -Wall -Wextra' @@ -826,7 +797,6 @@ component_test_aes_rom_tables () { component_test_aes_fewer_tables_and_rom_tables () { msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES scripts/config.pl set MBEDTLS_AES_ROM_TABLES @@ -838,14 +808,12 @@ component_test_aes_fewer_tables_and_rom_tables () { component_test_make_shared () { msg "build/test: make shared" # ~ 40s - cleanup make SHARED=1 all check } component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' @@ -857,7 +825,6 @@ component_test_m32_o0 () { component_test_m32_o1 () { # Build again with -O1, to compile in the i386 specific inline assembly msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' @@ -868,7 +835,6 @@ component_test_m32_o1 () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' @@ -879,7 +845,6 @@ component_test_mx32 () { component_test_have_int32 () { msg "build: gcc, force 32-bit bignum limbs" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C @@ -892,7 +857,6 @@ component_test_have_int32 () { component_test_have_int64 () { msg "build: gcc, force 64-bit bignum limbs" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C @@ -905,7 +869,6 @@ component_test_have_int64 () { component_test_no_udbl_division () { msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests @@ -918,7 +881,6 @@ component_test_no_udbl_division () { component_test_no_64bit_multiplication () { msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests @@ -931,7 +893,6 @@ component_test_no_64bit_multiplication () { component_build_arm_none_eabi_gcc () { msg "build: arm-none-eabi-gcc, make" # ~ 10s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C @@ -950,7 +911,6 @@ component_build_arm_none_eabi_gcc () { component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C @@ -972,7 +932,6 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { component_build_arm_none_eabi_gcc_no_64bit_multiplication () { msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C @@ -994,7 +953,6 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { component_build_armcc () { msg "build: ARM Compiler 5, make" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C @@ -1036,7 +994,6 @@ component_build_armcc () { component_test_allow_sha1 () { msg "build: allow SHA1 in certificates by default" - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES make CFLAGS='-Werror -Wall -Wextra' @@ -1047,7 +1004,6 @@ component_test_allow_sha1 () { component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s - cleanup make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs # note Make tests only builds the tests, but doesn't run them @@ -1062,7 +1018,6 @@ component_build_mingw () { component_test_memsan () { msg "build: MSan (clang)" # ~ 1 min 20s - cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . @@ -1084,7 +1039,6 @@ component_test_memsan () { component_test_memcheck () { msg "build: Release (clang)" - cleanup CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . make @@ -1108,7 +1062,6 @@ component_test_memcheck () { component_test_cmake_out_of_source () { msg "build: cmake 'out-of-source' build" - cleanup MBEDTLS_ROOT_DIR="$PWD" mkdir "$OUT_OF_SOURCE_DIR" cd "$OUT_OF_SOURCE_DIR" @@ -1143,12 +1096,12 @@ component_test_zeroize () { for optimization_flag in -O2 -O3 -Ofast -Os; do for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" - cleanup make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log if_build_succeeded not grep -i "error" test_zeroize.log rm -f test_zeroize.log + make clean done done } @@ -1180,9 +1133,10 @@ post_report () { #### Run all the things ################################################################ -# Run one component. Currently trivial. +# Run one component and clean up afterwards. run_component () { "$@" + cleanup } # Preliminary setup @@ -1201,6 +1155,7 @@ fi pre_print_configuration pre_check_tools pre_print_tools +cleanup # Small things run_component component_check_recursion From 782f411bf501af065a216899abeac17b39b69136 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 16:11:09 +0100 Subject: [PATCH 375/415] Move test-ref-configs into its own component --- tests/scripts/all.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1b33c65be..17f900270 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -483,16 +483,16 @@ component_test_default_cmake_gcc_asan () { msg "test: ssl-opt.sh (ASan build)" # ~ 1 min if_build_succeeded tests/ssl-opt.sh - msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s - record_status tests/scripts/test-ref-configs.pl - - msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min - make - msg "test: compat.sh (ASan build)" # ~ 6 min if_build_succeeded tests/compat.sh } +component_test_ref_configs () { + msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + record_status tests/scripts/test-ref-configs.pl +} + component_test_sslv3 () { msg "build: Default + SSLv3 (ASan build)" # ~ 6 min cp "$CONFIG_H" "$CONFIG_BAK" @@ -1167,6 +1167,7 @@ run_component component_check_doxygen_warnings # Test many different configurations run_component component_test_default_cmake_gcc_asan +run_component component_test_ref_configs run_component component_test_sslv3 run_component component_test_no_renegotiation run_component component_test_rsa_no_crt From 348fb9a597da3b1c85af30f60b8c820e5e9f61ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 17:04:29 +0100 Subject: [PATCH 376/415] New option --list-components Add an option to list the available components. This is not useful yet, but a subsequent commit will add the ability to run specific components. --- tests/scripts/all.sh | 57 ++++++++++++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 17f900270..645cdd9a2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -106,6 +106,7 @@ pre_initialize_variables () { MEMORY=0 FORCE=0 + INTROSPECTION_MODE= KEEP_GOING=0 RUN_ARMCC=1 @@ -131,7 +132,11 @@ usage() { cat < Date: Tue, 27 Nov 2018 18:15:35 +0100 Subject: [PATCH 377/415] all.sh: with non-option arguments, run only these components --- tests/scripts/all.sh | 152 +++++++++++++++++++++++-------------------- 1 file changed, 83 insertions(+), 69 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 645cdd9a2..f56b23bcf 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -104,6 +104,7 @@ pre_initialize_variables () { CONFIG_H='include/mbedtls/config.h' CONFIG_BAK="$CONFIG_H.bak" + COMPONENTS= MEMORY=0 FORCE=0 INTROSPECTION_MODE= @@ -131,8 +132,9 @@ pre_initialize_variables () { usage() { cat <&2 "Unknown option: $1" echo >&2 "Run $0 --help for usage." exit 120 ;; + *) + COMPONENTS="$COMPONENTS $1";; esac shift done @@ -1139,6 +1143,76 @@ post_report () { #### Run all the things ################################################################ +run_all_components () { + # Small things + run_component component_check_recursion + run_component component_check_generated_files + run_component component_check_doxy_blocks + run_component component_check_files + run_component component_check_names + run_component component_check_doxygen_warnings + + # Test many different configurations + run_component component_test_default_cmake_gcc_asan + run_component component_test_ref_configs + run_component component_test_sslv3 + run_component component_test_no_renegotiation + run_component component_test_rsa_no_crt + run_component component_test_small_ssl_out_content_len + run_component component_test_small_ssl_in_content_len + run_component component_test_small_ssl_dtls_max_buffering + run_component component_test_small_mbedtls_ssl_dtls_max_buffering + run_component component_test_full_cmake_clang + run_component component_build_deprecated + run_component component_test_depends_curves + run_component component_test_depends_hashes + run_component component_test_depends_pkalgs + run_component component_build_key_exchanges + run_component component_build_default_make_gcc_and_cxx + run_component component_test_no_platform + run_component component_build_no_std_function + run_component component_build_no_ssl_srv + run_component component_build_no_ssl_cli + run_component component_build_no_sockets + run_component component_test_no_max_fragment_length + run_component component_test_no_max_fragment_length_small_ssl_out_content_len + run_component component_test_null_entropy + run_component component_test_platform_calloc_macro + run_component component_test_aes_fewer_tables + run_component component_test_aes_rom_tables + run_component component_test_aes_fewer_tables_and_rom_tables + if uname -a | grep -F Linux >/dev/null; then + run_component component_test_make_shared + fi + if uname -a | grep -F x86_64 >/dev/null; then + run_component component_test_m32_o0 + run_component component_test_m32_o1 + run_component component_test_mx32 + fi + run_component component_test_have_int32 + run_component component_test_have_int64 + run_component component_test_no_udbl_division + run_component component_test_no_64bit_multiplication + run_component component_build_arm_none_eabi_gcc + run_component component_build_arm_none_eabi_gcc_no_udbl_division + run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication + run_component component_build_armcc + run_component component_test_allow_sha1 + run_component component_build_mingw + # MemSan currently only available on Linux 64 bits + if uname -a | grep 'Linux.*x86_64' >/dev/null; then + run_component component_test_memsan + else # no MemSan + run_component component_test_memcheck + fi + run_component component_test_cmake_out_of_source + + # More small things + run_component component_test_zeroize + run_component component_check_python_files + run_component component_check_generate_test_code +} + # Run one component and clean up afterwards. run_component () { "$@" @@ -1156,7 +1230,7 @@ case "$INTROSPECTION_MODE" in newline=' ' run_component () { - components="${components}${newline}${1}" + components="${components}${newline}${1#component_}" } ;; @@ -1177,73 +1251,13 @@ case "$INTROSPECTION_MODE" in ;; esac -# Small things -run_component component_check_recursion -run_component component_check_generated_files -run_component component_check_doxy_blocks -run_component component_check_files -run_component component_check_names -run_component component_check_doxygen_warnings - -# Test many different configurations -run_component component_test_default_cmake_gcc_asan -run_component component_test_ref_configs -run_component component_test_sslv3 -run_component component_test_no_renegotiation -run_component component_test_rsa_no_crt -run_component component_test_small_ssl_out_content_len -run_component component_test_small_ssl_in_content_len -run_component component_test_small_ssl_dtls_max_buffering -run_component component_test_small_mbedtls_ssl_dtls_max_buffering -run_component component_test_full_cmake_clang -run_component component_build_deprecated -run_component component_test_depends_curves -run_component component_test_depends_hashes -run_component component_test_depends_pkalgs -run_component component_build_key_exchanges -run_component component_build_default_make_gcc_and_cxx -run_component component_test_no_platform -run_component component_build_no_std_function -run_component component_build_no_ssl_srv -run_component component_build_no_ssl_cli -run_component component_build_no_sockets -run_component component_test_no_max_fragment_length -run_component component_test_no_max_fragment_length_small_ssl_out_content_len -run_component component_test_null_entropy -run_component component_test_platform_calloc_macro -run_component component_test_aes_fewer_tables -run_component component_test_aes_rom_tables -run_component component_test_aes_fewer_tables_and_rom_tables -if uname -a | grep -F Linux >/dev/null; then - run_component component_test_make_shared +if [ -n "$COMPONENTS" ]; then + for component in $COMPONENTS; do + run_component "component_$component" + done +else + run_all_components fi -if uname -a | grep -F x86_64 >/dev/null; then - run_component component_test_m32_o0 - run_component component_test_m32_o1 - run_component component_test_mx32 -fi -run_component component_test_have_int32 -run_component component_test_have_int64 -run_component component_test_no_udbl_division -run_component component_test_no_64bit_multiplication -run_component component_build_arm_none_eabi_gcc -run_component component_build_arm_none_eabi_gcc_no_udbl_division -run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication -run_component component_build_armcc -run_component component_test_allow_sha1 -run_component component_build_mingw -# MemSan currently only available on Linux 64 bits -if uname -a | grep 'Linux.*x86_64' >/dev/null; then - run_component component_test_memsan -else # no MemSan - run_component component_test_memcheck -fi -run_component component_test_cmake_out_of_source - -# More small things -run_component component_test_zeroize -run_component component_check_python_files -run_component component_check_generate_test_code # We're done. case "$INTROSPECTION_MODE" in From 81b96ed6034441960ba54ffe33989ad5b2b8ac69 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 21:37:53 +0100 Subject: [PATCH 378/415] Add --except mode: run all components except a list Allow the list to use wildcards, e.g. you can run the sanity checks with all.sh --except "test_*" "build_*" --- tests/scripts/all.sh | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f56b23bcf..2799b6689 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -105,6 +105,7 @@ pre_initialize_variables () { CONFIG_BAK="$CONFIG_H.bak" COMPONENTS= + ALL_EXCEPT=0 MEMORY=0 FORCE=0 INTROSPECTION_MODE= @@ -129,6 +130,19 @@ pre_initialize_variables () { fi } +# Test whether $1 is excluded via $COMPONENTS (a space-separated list of +# wildcard patterns). +component_is_excluded() +{ + set -f + for pattern in $COMPONENTS; do + set +f + case ${1#component_} in $pattern) return 0;; esac + done + set +f + return 1 +} + usage() { cat < Date: Tue, 4 Dec 2018 12:49:28 +0100 Subject: [PATCH 379/415] Add the current component name to msg output and the final report --- tests/scripts/all.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2799b6689..5dd2acf99 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -229,12 +229,16 @@ trap 'fatal_signal TERM' TERM msg() { + if [ -n "${current_component:-}" ]; then + current_section="${current_component#component_}: $1" + else + current_section="$1" + fi echo "" echo "******************************************************************" - echo "* $1 " + echo "* $current_section " printf "* "; date echo "******************************************************************" - current_section=$1 } armc6_build_test() @@ -1238,6 +1242,7 @@ run_component () { if [ $ALL_EXCEPT -ne 0 ] && component_is_excluded "$1"; then return fi + current_component="$1" "$@" cleanup } From 9f6d16ad791e5468ecdb33509cf830577d7aa97a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 2 Jan 2019 17:15:06 +0000 Subject: [PATCH 380/415] Fix preprocessor macro existence check in bignum.c --- library/bignum.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 503ec537d..bdd6af85c 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -741,14 +741,19 @@ static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x ) #if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ) /* For GCC and Clang, have builtins for byte swapping. */ -#if( defined(__GNUC__) && defined(__GNUC_PREREQ) && __GNUC_PREREQ(4,3) ) -#define have_bswap -#elif defined(__clang__) && \ - defined(__has_builtin) && \ - __has_builtin(__builtin_bswap32) && \ - __has_builtin(__builtin_bswap64) +#if defined(__GNUC__) && defined(__GNUC_PREREQ) +#if __GNUC_PREREQ(4,3) #define have_bswap #endif +#endif + +#if defined(__clang__) && defined(__has_builtin) +#if __has_builtin(__builtin_bswap32) && \ + __has_builtin(__builtin_bswap64) +#define have_bswap +#endif +#endif + #if defined(have_bswap) /* The compiler is hopefully able to statically evaluate this! */ switch( sizeof(mbedtls_mpi_uint) ) From 608953eb8c1d50563dfc709b31e883851595683d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Jan 2019 18:57:02 +0100 Subject: [PATCH 381/415] Back up and restore config.h systematically In all.sh, always save config.h before running a component, instead of doing it manually in each component that requires it (except when we forget, which has happened). This would break a script that requires config.h.bak not to exist, but we don't have any of those. --- tests/scripts/all.sh | 37 +++---------------------------------- 1 file changed, 3 insertions(+), 34 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5dd2acf99..d63a948a3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -529,7 +529,6 @@ component_test_ref_configs () { component_test_sslv3 () { msg "build: Default + SSLv3 (ASan build)" # ~ 6 min - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -547,7 +546,6 @@ component_test_sslv3 () { component_test_no_renegotiation () { msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -561,7 +559,6 @@ component_test_no_renegotiation () { component_test_rsa_no_crt () { msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_RSA_NO_CRT CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -578,7 +575,6 @@ component_test_rsa_no_crt () { component_test_small_ssl_out_content_len () { msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -590,7 +586,6 @@ component_test_small_ssl_out_content_len () { component_test_small_ssl_in_content_len () { msg "build: small SSL_IN_CONTENT_LEN (ASan build)" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096 scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . @@ -602,7 +597,6 @@ component_test_small_ssl_in_content_len () { component_test_small_ssl_dtls_max_buffering () { msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -613,7 +607,6 @@ component_test_small_ssl_dtls_max_buffering () { component_test_small_mbedtls_ssl_dtls_max_buffering () { msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -624,7 +617,6 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { component_test_full_cmake_clang () { msg "build: cmake, full config, clang" # ~ 50s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . @@ -645,7 +637,6 @@ component_test_full_cmake_clang () { component_build_deprecated () { msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_DEPRECATED_WARNING # Build with -O -Wextra to catch a maximum of issues. @@ -699,7 +690,6 @@ component_test_no_platform () { # This should catch missing mbedtls_printf definitions, and by disabling file # IO, it should catch missing '#include ' msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_PLATFORM_C scripts/config.pl unset MBEDTLS_NET_C @@ -721,7 +711,6 @@ component_test_no_platform () { component_build_no_std_function () { # catch compile bugs in _uninit functions msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED @@ -730,7 +719,6 @@ component_build_no_std_function () { component_build_no_ssl_srv () { msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_SRV_C make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' @@ -738,7 +726,6 @@ component_build_no_ssl_srv () { component_build_no_ssl_cli () { msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' @@ -748,7 +735,6 @@ component_build_no_sockets () { # Note, C99 compliance can also be tested with the sockets support disabled, # as that requires a POSIX platform (which isn't the same as C99). msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux @@ -758,7 +744,6 @@ component_build_no_sockets () { component_test_no_max_fragment_length () { # Run max fragment length tests with MFL disabled msg "build: default config except MFL extension (ASan build)" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -769,7 +754,6 @@ component_test_no_max_fragment_length () { component_test_no_max_fragment_length_small_ssl_out_content_len () { msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 @@ -782,7 +766,6 @@ component_test_no_max_fragment_length_small_ssl_out_content_len () { component_test_null_entropy () { msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES scripts/config.pl set MBEDTLS_ENTROPY_C @@ -798,7 +781,6 @@ component_test_null_entropy () { component_test_platform_calloc_macro () { msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_PLATFORM_MEMORY scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free @@ -811,7 +793,6 @@ component_test_platform_calloc_macro () { component_test_aes_fewer_tables () { msg "build: default config with AES_FEWER_TABLES enabled" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES make CC=gcc CFLAGS='-Werror -Wall -Wextra' @@ -821,7 +802,6 @@ component_test_aes_fewer_tables () { component_test_aes_rom_tables () { msg "build: default config with AES_ROM_TABLES enabled" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_ROM_TABLES make CC=gcc CFLAGS='-Werror -Wall -Wextra' @@ -831,7 +811,6 @@ component_test_aes_rom_tables () { component_test_aes_fewer_tables_and_rom_tables () { msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES scripts/config.pl set MBEDTLS_AES_ROM_TABLES make CC=gcc CFLAGS='-Werror -Wall -Wextra' @@ -848,7 +827,6 @@ component_test_make_shared () { component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' @@ -859,7 +837,6 @@ component_test_m32_o0 () { component_test_m32_o1 () { # Build again with -O1, to compile in the i386 specific inline assembly msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' @@ -869,7 +846,6 @@ component_test_m32_o1 () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' @@ -879,7 +855,6 @@ component_test_mx32 () { component_test_have_int32 () { msg "build: gcc, force 32-bit bignum limbs" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C @@ -891,7 +866,6 @@ component_test_have_int32 () { component_test_have_int64 () { msg "build: gcc, force 64-bit bignum limbs" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C @@ -903,7 +877,6 @@ component_test_have_int64 () { component_test_no_udbl_division () { msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION @@ -915,7 +888,6 @@ component_test_no_udbl_division () { component_test_no_64bit_multiplication () { msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION @@ -927,7 +899,6 @@ component_test_no_64bit_multiplication () { component_build_arm_none_eabi_gcc () { msg "build: arm-none-eabi-gcc, make" # ~ 10s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -945,7 +916,6 @@ component_build_arm_none_eabi_gcc () { component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -966,7 +936,6 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { component_build_arm_none_eabi_gcc_no_64bit_multiplication () { msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -987,7 +956,6 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { component_build_armcc () { msg "build: ARM Compiler 5, make" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -1028,7 +996,6 @@ component_build_armcc () { component_test_allow_sha1 () { msg "build: allow SHA1 in certificates by default" - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES make CFLAGS='-Werror -Wall -Wextra' msg "test: allow SHA1 in certificates by default" @@ -1052,7 +1019,6 @@ component_build_mingw () { component_test_memsan () { msg "build: MSan (clang)" # ~ 1 min 20s - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . make @@ -1242,6 +1208,9 @@ run_component () { if [ $ALL_EXCEPT -ne 0 ] && component_is_excluded "$1"; then return fi + # Back up the configuration in case the component modifies it. + # The cleanup function will restore it. + cp -p "$CONFIG_H" "$CONFIG_BAK" current_component="$1" "$@" cleanup From fbda6126d63798724f6a7d463a6c526671a2022a Mon Sep 17 00:00:00 2001 From: Masashi Honma Date: Fri, 28 Dec 2018 05:40:17 +0900 Subject: [PATCH 382/415] Remove duplicate #include Signed-off-by: Masashi Honma --- ChangeLog | 5 +++++ programs/pkey/rsa_sign_pss.c | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index be28645d6..599651e21 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.xx.x branch released xxxx-xx-xx + +Bugfix + * Remove a duplicate #include in a sample program. Fixed by Masashi Honma #2326. + = mbed TLS 2.16.0 branch released 2018-12-21 Features diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index ad03a91bb..51317457b 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -55,7 +55,6 @@ int main( void ) #include "mbedtls/ctr_drbg.h" #include "mbedtls/md.h" #include "mbedtls/rsa.h" -#include "mbedtls/md.h" #include "mbedtls/x509.h" #include From 0e810b9648c3bc240d08ecfd01564f725e35ff2d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 3 Jan 2019 17:13:11 +0000 Subject: [PATCH 383/415] Don't call memcpy with NULL pointer in mbedtls_mpi_read_binary() mbedtls_mpi_read_binary() calls memcpy() with the source pointer being the source pointer passed to mbedtls_mpi_read_binary(), the latter may be NULL if the buffer length is 0 (and this happens e.g. in the ECJPAKE test suite). The behavior of memcpy(), in contrast, is undefined when called with NULL source buffer, even if the length of the copy operation is 0. This commit fixes this by explicitly checking that the source pointer is not NULL before calling memcpy(), and skipping the call otherwise. --- library/bignum.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index bdd6af85c..d3d02b1a0 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -823,10 +823,15 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t bu } MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - Xp = (unsigned char*) X->p; - memcpy( Xp + overhead, buf, buflen ); + /* Avoid calling `memcpy` with NULL source argument, + * even if buflen is 0. */ + if( buf != NULL ) + { + Xp = (unsigned char*) X->p; + memcpy( Xp + overhead, buf, buflen ); - mpi_bigendian_to_host( X->p, limbs ); + mpi_bigendian_to_host( X->p, limbs ); + } cleanup: From 4896c6bee51cd221a082752eeb9d1cda13bf7a77 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 4 Jan 2019 07:47:05 +0800 Subject: [PATCH 384/415] Update ChangeLog Co-Authored-By: amisare <243297288@qq.com> --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f31137c14..1469cf08d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,7 +6,8 @@ Bugfix * Fix for file not found, which was reporting in header files. In header files at mbedlts/include folder, The include path has prefix "mbedtls/" may cause the header file not be found in the case of - mbedtls as a dynamic/static library. + * Remove the mbedtls namespacing from the header file, to fix a "file not found"build error. Fixed by Haijun Gu + #2319. = mbed TLS 2.16.0 branch released 2018-12-21 From 5c0b5b53a3e68b3e474637556373eb3ad99eeffb Mon Sep 17 00:00:00 2001 From: amisare <243297288@qq.com> Date: Fri, 4 Jan 2019 08:15:46 +0800 Subject: [PATCH 385/415] Update ChangeLog --- ChangeLog | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1469cf08d..d94de7262 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,11 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.xx.x branch released xxxx-xx-xx Bugfix - * Fix for file not found, which was reporting in header files. - In header files at mbedlts/include folder, The include path has prefix - "mbedtls/" may cause the header file not be found in the case of - * Remove the mbedtls namespacing from the header file, to fix a "file not found"build error. Fixed by Haijun Gu - #2319. + * Remove the mbedtls namespacing from the header file, to fix a "file not found" + build error. Fixed by Haijun Gu #2319. = mbed TLS 2.16.0 branch released 2018-12-21 From a7064c3b8c118c04b6fc25f7b428dfac3d08ccea Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Fri, 4 Jan 2019 16:18:06 +0000 Subject: [PATCH 386/415] Move ecp_restartable definitions out of the MBEDTLS_ECP_ALT guards As there are some definitions that are defined regardless of whether MBEDTLS_ECP_RESTARTABLE is defined or not, these definitions need to be moved outside the MBEDTLS_ECP_ALT guards. This is a simple move as MBEDTLS_ECP_ALT and MBEDTLS_ECP_RESTARTABLE are mutually exclusive options. --- include/mbedtls/ecp.h | 124 +++++++++++++++++++++--------------------- 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index de3a343cb..1a9642662 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -189,6 +189,68 @@ typedef struct mbedtls_ecp_group } mbedtls_ecp_group; +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h, or define them using the compiler command line. + * \{ + */ + +#if !defined(MBEDTLS_ECP_MAX_BITS) +/** + * The maximum size of the groups, that is, of \c N and \c P. + */ +#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ +#endif + +#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) +#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) + +#if !defined(MBEDTLS_ECP_WINDOW_SIZE) +/* + * Maximum "window" size used for point multiplication. + * Default: 6. + * Minimum value: 2. Maximum value: 7. + * + * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) + * points used for point multiplication. This value is directly tied to EC + * peak memory usage, so decreasing it by one should roughly cut memory usage + * by two (if large curves are in use). + * + * Reduction in size may reduce speed, but larger curves are impacted first. + * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): + * w-size: 6 5 4 3 2 + * 521 145 141 135 120 97 + * 384 214 209 198 177 146 + * 256 320 320 303 262 226 + * 224 475 475 453 398 342 + * 192 640 640 633 587 476 + */ +#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */ +#endif /* MBEDTLS_ECP_WINDOW_SIZE */ + +#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) +/* + * Trade memory for speed on fixed-point multiplication. + * + * This speeds up repeated multiplication of the generator (that is, the + * multiplication in ECDSA signatures, and half of the multiplications in + * ECDSA verification and ECDHE) by a factor roughly 3 to 4. + * + * The cost is increasing EC peak memory usage by a factor roughly 2. + * + * Change this value to 0 to reduce peak memory usage. + */ +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ +#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ + +/* \} name SECTION: Module settings */ + +#else /* MBEDTLS_ECP_ALT */ +#include "ecp_alt.h" +#endif /* MBEDTLS_ECP_ALT */ + #if defined(MBEDTLS_ECP_RESTARTABLE) /** @@ -253,68 +315,6 @@ typedef void mbedtls_ecp_restart_ctx; #endif /* MBEDTLS_ECP_RESTARTABLE */ -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in config.h, or define them using the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_ECP_MAX_BITS) -/** - * The maximum size of the groups, that is, of \c N and \c P. - */ -#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ -#endif - -#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) -#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) - -#if !defined(MBEDTLS_ECP_WINDOW_SIZE) -/* - * Maximum "window" size used for point multiplication. - * Default: 6. - * Minimum value: 2. Maximum value: 7. - * - * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) - * points used for point multiplication. This value is directly tied to EC - * peak memory usage, so decreasing it by one should roughly cut memory usage - * by two (if large curves are in use). - * - * Reduction in size may reduce speed, but larger curves are impacted first. - * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): - * w-size: 6 5 4 3 2 - * 521 145 141 135 120 97 - * 384 214 209 198 177 146 - * 256 320 320 303 262 226 - * 224 475 475 453 398 342 - * 192 640 640 633 587 476 - */ -#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */ -#endif /* MBEDTLS_ECP_WINDOW_SIZE */ - -#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) -/* - * Trade memory for speed on fixed-point multiplication. - * - * This speeds up repeated multiplication of the generator (that is, the - * multiplication in ECDSA signatures, and half of the multiplications in - * ECDSA verification and ECDHE) by a factor roughly 3 to 4. - * - * The cost is increasing EC peak memory usage by a factor roughly 2. - * - * Change this value to 0 to reduce peak memory usage. - */ -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ -#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ - -/* \} name SECTION: Module settings */ - -#else /* MBEDTLS_ECP_ALT */ -#include "ecp_alt.h" -#endif /* MBEDTLS_ECP_ALT */ - /** * \brief The ECP key-pair structure. * From eb7f1b54c92bf1caa7e61a4699776f9856282016 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Mon, 7 Jan 2019 13:05:37 +0000 Subject: [PATCH 387/415] Add ChangeLog entry --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index be28645d6..072113f8f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Bugfix + * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined + when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242. + = mbed TLS 2.16.0 branch released 2018-12-21 Features From 6b5ef48bf70fbe574810d2029edbef4fd3ca6e66 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Mon, 7 Jan 2019 16:53:29 +0100 Subject: [PATCH 388/415] Add a configuration fix for vsnprintf for non-conforming platforms --- include/mbedtls/check_config.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 4689f3a4d..a2a16408c 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -50,6 +50,11 @@ !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) #define MBEDTLS_PLATFORM_SNPRINTF_ALT #endif + +#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \ + !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) +#define MBEDTLS_PLATFORM_VSNPRINTF_ALT +#endif #endif /* _WIN32 */ #if defined(TARGET_LIKE_MBED) && \ From 55f7c9443031f82ffaac289ac48cfca6b0b0582d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jan 2019 22:28:21 +0100 Subject: [PATCH 389/415] Fix inconsistent indentation Only whitespace changes in this commit. --- tests/scripts/all.sh | 86 ++++++++++++++++++++++---------------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3bac81a9c..49073b5db 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -276,40 +276,40 @@ check_headers_in_cpp () { pre_parse_command_line () { while [ $# -gt 0 ]; do - case "$1" in - --armcc) RUN_ARMCC=1;; - --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; - --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; - --except) ALL_EXCEPT=1;; - --force|-f) FORCE=1;; - --gnutls-cli) shift; GNUTLS_CLI="$1";; - --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; - --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; - --gnutls-serv) shift; GNUTLS_SERV="$1";; - --help|-h) usage; exit;; - --keep-going|-k) KEEP_GOING=1;; - --list-components) INTROSPECTION_MODE=list_components;; - --memory|-m) MEMORY=1;; - --no-armcc) RUN_ARMCC=0;; - --no-force) FORCE=0;; - --no-keep-going) KEEP_GOING=0;; - --no-memory) MEMORY=0;; - --openssl) shift; OPENSSL="$1";; - --openssl-legacy) shift; OPENSSL_LEGACY="$1";; - --openssl-next) shift; OPENSSL_NEXT="$1";; - --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; - --random-seed) unset SEED;; - --release-test|-r) SEED=1;; - --seed|-s) shift; SEED="$1";; - -*) - echo >&2 "Unknown option: $1" - echo >&2 "Run $0 --help for usage." - exit 120 - ;; - *) - COMPONENTS="$COMPONENTS $1";; - esac - shift + case "$1" in + --armcc) RUN_ARMCC=1;; + --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; + --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; + --except) ALL_EXCEPT=1;; + --force|-f) FORCE=1;; + --gnutls-cli) shift; GNUTLS_CLI="$1";; + --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; + --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; + --gnutls-serv) shift; GNUTLS_SERV="$1";; + --help|-h) usage; exit;; + --keep-going|-k) KEEP_GOING=1;; + --list-components) INTROSPECTION_MODE=list_components;; + --memory|-m) MEMORY=1;; + --no-armcc) RUN_ARMCC=0;; + --no-force) FORCE=0;; + --no-keep-going) KEEP_GOING=0;; + --no-memory) MEMORY=0;; + --openssl) shift; OPENSSL="$1";; + --openssl-legacy) shift; OPENSSL_LEGACY="$1";; + --openssl-next) shift; OPENSSL_NEXT="$1";; + --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; + --random-seed) unset SEED;; + --release-test|-r) SEED=1;; + --seed|-s) shift; SEED="$1";; + -*) + echo >&2 "Unknown option: $1" + echo >&2 "Run $0 --help for usage." + exit 120 + ;; + *) + COMPONENTS="$COMPONENTS $1";; + esac + shift done } @@ -1118,15 +1118,15 @@ component_test_zeroize () { # output to check whether the pass string is present and no failure strings # were printed. for optimization_flag in -O2 -O3 -Ofast -Os; do - for compiler in clang gcc; do - msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" - make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log - if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log - if_build_succeeded not grep -i "error" test_zeroize.log - rm -f test_zeroize.log - make clean - done + for compiler in clang gcc; do + msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" + make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" + if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log + if_build_succeeded not grep -i "error" test_zeroize.log + rm -f test_zeroize.log + make clean + done done } From 5fa32a7a7ada3577ce5af92901018a62c8bc43eb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 19:48:30 +0000 Subject: [PATCH 390/415] Use CMAKE_BUILD_TYPE to do Asan builds Use `cmake -D CMAKE_BUILD_TYPE=Asan` rather than manually setting `-fsanitize=address`. This lets cmake determine the necessary compiler and linker flags. With UNSAFE_BUILD on, force -Wno-error. This is necessary to build with MBEDTLS_TEST_NULL_ENTROPY. --- library/CMakeLists.txt | 6 ++++++ tests/scripts/all.sh | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index c33c1cd5b..f3c804481 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -98,6 +98,12 @@ if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") endif(CMAKE_COMPILER_IS_CLANG) +if(UNSAFE_BUILD) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error") + set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error") + set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error") +endif(UNSAFE_BUILD) + if(WIN32) set(libs ${libs} ws2_32) endif(WIN32) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 49073b5db..73006aade 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -796,7 +796,7 @@ component_test_null_entropy () { scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT scripts/config.pl unset MBEDTLS_HAVEGE_C - CC=gcc cmake -D UNSAFE_BUILD=ON -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . make msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" From 4976e82a9e1cff956e4d1f2f68ed6da9a1e6cb8d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 19:52:22 +0000 Subject: [PATCH 391/415] Gdb script: improve portability of ASLR disabling disabling Call `set disable-randomization off` only if it seems to be supported. The goal is to neither get an error about disable-randomization not being supported (e.g. on FreeBSD), nor get an error if it is supported but fails (e.g. on Ubuntu). Only fiddle with disable-randomization from all.sh, which cares because it reports the failure of ASLR disabling as an error. If a developer invokes the Gdb script manually, a warning about ASLR doesn't matter. --- tests/scripts/all.sh | 12 +++++++++++- tests/scripts/test_zeroize.gdb | 2 -- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 73006aade..862a5f462 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1117,17 +1117,27 @@ component_test_zeroize () { # system in all cases that the script fails, so we must manually search the # output to check whether the pass string is present and no failure strings # were printed. + + # Don't try to disable ASLR. We don't care about ASLR here. We do care + # about a spurious message if Gdb tries and fails, so suppress that. + gdb_disable_aslr= + if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then + gdb_disable_aslr='set disable-randomization off' + fi + for optimization_flag in -O2 -O3 -Ofast -Os; do for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + if_build_succeeded gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log if_build_succeeded not grep -i "error" test_zeroize.log rm -f test_zeroize.log make clean done done + + unset gdb_disable_aslr } component_check_python_files () { diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 77c812a0b..2f995d2a3 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -41,8 +41,6 @@ # number does not need to be updated often. set confirm off -# We don't need to turn off ASLR, so don't try. -set disable-randomization off file ./programs/test/zeroize break zeroize.c:100 From a16c2b1ff1cf70e862b3fcb6590ad56d536f0993 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 19:58:02 +0000 Subject: [PATCH 392/415] all.sh: don't insist on Linux; always run Valgrind Don't bail out of all.sh if the OS isn't Linux. We only expect everything to pass on a recent Linux x86_64, but it's useful to call all.sh to run some components on any platform. In all.sh, always run both MemorySanitizer and Valgrind. Valgrind is slower than ASan and MSan but finds some things that they don't. Run MSan unconditionally, not just on Linux/x86_64. MSan is supported on some other OSes and CPUs these days. Use `all.sh --except test_memsan` if you want to omit MSan because it isn't supported on your platform. Use `all.sh --except test_memcheck` if you want to omit Valgrind because it's too slow. Make the test scripts more portable (tested on FreeBSD): don't insist on GNU sed, and recognize amd64 as well as x86_64 for `uname -m`. The `make` utility must still be GNU make. --- tests/scripts/all.sh | 29 +++++++++++------------------ tests/ssl-opt.sh | 2 +- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 862a5f462..89d3774f0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -91,10 +91,7 @@ set -eu pre_check_environment () { - if [ "$( uname )" != "Linux" ]; then - echo "This script only works in Linux" >&2 - exit 1 - elif [ -d library -a -d include -a -d tests ]; then :; else + if [ -d library -a -d include -a -d tests ]; then :; else echo "Must be run from mbed TLS root" >&2 exit 1 fi @@ -1207,14 +1204,14 @@ run_all_components () { run_component component_test_aes_fewer_tables run_component component_test_aes_rom_tables run_component component_test_aes_fewer_tables_and_rom_tables - if uname -a | grep -F Linux >/dev/null; then - run_component component_test_make_shared - fi - if uname -a | grep -F x86_64 >/dev/null; then - run_component component_test_m32_o0 - run_component component_test_m32_o1 - run_component component_test_mx32 - fi + run_component component_test_make_shared + case $(uname -m) in + amd64|x86_64) + run_component component_test_m32_o0 + run_component component_test_m32_o1 + run_component component_test_mx32 + ;; + esac run_component component_test_have_int32 run_component component_test_have_int64 run_component component_test_no_udbl_division @@ -1225,12 +1222,8 @@ run_all_components () { run_component component_build_armcc run_component component_test_allow_sha1 run_component component_build_mingw - # MemSan currently only available on Linux 64 bits - if uname -a | grep 'Linux.*x86_64' >/dev/null; then - run_component component_test_memsan - else # no MemSan - run_component component_test_memcheck - fi + run_component component_test_memsan + run_component component_test_memcheck run_component component_test_cmake_out_of_source # More small things diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 335f59d02..42f57e946 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -167,7 +167,7 @@ requires_config_disabled() { get_config_value_or_default() { NAME="$1" DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h | - sed 's/^.*\s\([0-9]*\)$/\1/' ) + sed 's/^.* \([0-9]*\)$/\1/' ) ../scripts/config.pl get $NAME || echo "$DEF_VAL" } From a1fc4b5ead6e6e4165288987122d0d735a1740cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 20:15:26 +0000 Subject: [PATCH 393/415] all.sh: fix MAKEFLAGS setting MAKEFLAGS was set to -j if it was already set, instead of being set if not previously set as intended. So now all.sh will do parallel builds if invoked without MAKEFLAGS in the environment. --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 89d3774f0..5fdb1412d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -122,7 +122,7 @@ pre_initialize_variables () { : ${ARMC6_BIN_DIR:=/usr/bin} # if MAKEFLAGS is not set add the -j option to speed up invocations of make - if [ -n "${MAKEFLAGS+set}" ]; then + if [ -z "${MAKEFLAGS+set}" ]; then export MAKEFLAGS="-j" fi } From adb5234aa9a7e5c758edf2ea9f7998c778b88606 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 17 Dec 2018 10:06:12 +0200 Subject: [PATCH 394/415] Return error code of underlying function. Return the error code if failed, instead of returning value `1`. If not failed, return the call of the underlying function, in `mbedtls_ecdsa_genkey()`. --- library/ecdsa.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index 1204ef994..dc19384d6 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -800,11 +800,16 @@ cleanup: int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { + int ret = 0; ECDSA_VALIDATE_RET( ctx != NULL ); ECDSA_VALIDATE_RET( f_rng != NULL ); - return( mbedtls_ecp_group_load( &ctx->grp, gid ) || - mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); + ret = mbedtls_ecp_group_load( &ctx->grp, gid ); + if( ret != 0 ) + return( ret ); + + return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, + &ctx->Q, f_rng, p_rng ) ); } #endif /* !MBEDTLS_ECDSA_GENKEY_ALT */ From a81f3bd297f79a73b2f686141372ec1539a96cc0 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 17 Dec 2018 10:12:55 +0200 Subject: [PATCH 395/415] Add entry describing the bug fix Add entry describing the bug fix in `mbedtls_ecdsa_genkey()`. --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index be28645d6..6a783f604 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.xx.x branch released xxxx-xx-xx + +Bugfix + * Fix returning the value 1 when mbedtls_ecdsa_genkey failed. + = mbed TLS 2.16.0 branch released 2018-12-21 Features From 783f9c3514779334aea617c6bfd2af7b94107765 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 20 Nov 2018 12:12:31 +0000 Subject: [PATCH 396/415] Fix signed-to-unsigned integer conversion warning in X.509 module Fixes #2212. --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 76558342e..3c32d1bde 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -368,7 +368,7 @@ static void x509_crt_verify_chain_reset( for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) { ver_chain->items[i].crt = NULL; - ver_chain->items[i].flags = -1; + ver_chain->items[i].flags = -1u; } ver_chain->len = 0; From a9375b35c08f89f4953bd8068119e39dddc5f529 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 10 Jan 2019 09:19:26 +0000 Subject: [PATCH 397/415] Avoid MSVC compiler warning MSVC warns about use of unary `-` operator on unsigned integers. --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 3c32d1bde..325bbc0b1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -368,7 +368,7 @@ static void x509_crt_verify_chain_reset( for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) { ver_chain->items[i].crt = NULL; - ver_chain->items[i].flags = -1u; + ver_chain->items[i].flags = (uint32_t) -1; } ver_chain->len = 0; From 1b6d2b228d38101f33486b5f29fbc57ac907fe18 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 10 Jan 2019 09:22:16 +0000 Subject: [PATCH 398/415] Adapt ChangeLog --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index be28645d6..5703b960e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.xx.x branch released xxxx-xx-xx + +Bugfix + * Fix signed-to-unsigned integer conversion warning + in X.509 module. Fixes #2212. + = mbed TLS 2.16.0 branch released 2018-12-21 Features From 878cf6017242afca8d6072bc2b09af74d345b100 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 20:50:38 +0000 Subject: [PATCH 399/415] all.sh: list components automatically Extract the list of available components by looking for definitions of functions called component_xxx. The previous code explicitly listed all components in run_all_components, which opened the risk of forgetting to list a component there. Add a conditional execution facility: if a function support_xxx exists and returns false then component_xxx is not executed (except when the command line lists an explicit set of components to execute). --- tests/scripts/all.sh | 176 ++++++++++++++++--------------------------- 1 file changed, 63 insertions(+), 113 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5fdb1412d..41a6f8816 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -62,6 +62,8 @@ # * component_check_XXX: quick tests that aren't worth parallelizing # * component_build_XXX: build things but don't run them # * component_test_XXX: build and test +# * support_XXX: if support_XXX exists and returns false then +# component_XXX is not run by default. # * post_XXX: things to do after running the tests. # * other: miscellaneous support functions. # @@ -105,7 +107,6 @@ pre_initialize_variables () { ALL_EXCEPT=0 MEMORY=0 FORCE=0 - INTROSPECTION_MODE= KEEP_GOING=0 RUN_ARMCC=1 @@ -125,12 +126,29 @@ pre_initialize_variables () { if [ -z "${MAKEFLAGS+set}" ]; then export MAKEFLAGS="-j" fi + + # Gather the list of available components. These are the functions + # defined in this script whose name starts with "component_". + # Parse the script with sed, because in sh there is no way to list + # defined functions. + ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") + + # Exclude components that are not supported on this platform. + SUPPORTED_COMPONENTS= + for component in $ALL_COMPONENTS; do + case $(type "support_$component" 2>&1) in + *' function'*) + if ! support_$component; then continue; fi;; + esac + SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" + done } -# Test whether $1 is excluded via $COMPONENTS (a space-separated list of -# wildcard patterns). -component_is_excluded() +# Test whether $1 is excluded via the command line. +is_component_excluded() { + # Is $1 excluded via $COMPONENTS (a space-separated list of wildcard + # patterns)? set -f for pattern in $COMPONENTS; do set +f @@ -149,7 +167,8 @@ By default, run all tests. With one or more COMPONENT, run only those. Special options: -h|--help Print this help and exit. - --list-components List available test components and exit. + --list-all-components List all available test components and exit. + --list-components List components supported on this platform and exit. General options: -f|--force Force the tests to overwrite any modified files. @@ -285,7 +304,8 @@ pre_parse_command_line () { --gnutls-serv) shift; GNUTLS_SERV="$1";; --help|-h) usage; exit;; --keep-going|-k) KEEP_GOING=1;; - --list-components) INTROSPECTION_MODE=list_components;; + --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; + --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; --memory|-m) MEMORY=1;; --no-armcc) RUN_ARMCC=0;; --no-force) FORCE=0;; @@ -854,6 +874,12 @@ component_test_m32_o0 () { msg "test: i386, make, gcc -O0 (ASan build)" make test } +support_test_m32_o0 () { + case $(uname -m) in + *64*) true;; + *) false;; + esac +} component_test_m32_o1 () { # Build again with -O1, to compile in the i386 specific inline assembly @@ -864,6 +890,9 @@ component_test_m32_o1 () { msg "test: i386, make, gcc -O1 (ASan build)" make test } +support_test_m32_o1 () { + support_test_m32_o0 "$@" +} component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s @@ -873,6 +902,12 @@ component_test_mx32 () { msg "test: 64-bit ILP32, make, gcc" make test } +support_test_mx32 () { + case $(uname -m) in + amd64|x86_64) true;; + *) false;; + esac +} component_test_have_int32 () { msg "build: gcc, force 32-bit bignum limbs" @@ -1164,79 +1199,8 @@ post_report () { #### Run all the things ################################################################ -run_all_components () { - # Small things - run_component component_check_recursion - run_component component_check_generated_files - run_component component_check_doxy_blocks - run_component component_check_files - run_component component_check_names - run_component component_check_doxygen_warnings - - # Test many different configurations - run_component component_test_default_cmake_gcc_asan - run_component component_test_ref_configs - run_component component_test_sslv3 - run_component component_test_no_renegotiation - run_component component_test_rsa_no_crt - run_component component_test_small_ssl_out_content_len - run_component component_test_small_ssl_in_content_len - run_component component_test_small_ssl_dtls_max_buffering - run_component component_test_small_mbedtls_ssl_dtls_max_buffering - run_component component_test_full_cmake_clang - run_component component_build_deprecated - run_component component_test_depends_curves - run_component component_test_depends_hashes - run_component component_test_depends_pkalgs - run_component component_build_key_exchanges - run_component component_build_default_make_gcc_and_cxx - run_component component_test_check_params_without_platform - run_component component_test_check_params_silent - run_component component_test_no_platform - run_component component_build_no_std_function - run_component component_build_no_ssl_srv - run_component component_build_no_ssl_cli - run_component component_build_no_sockets - run_component component_test_no_max_fragment_length - run_component component_test_no_max_fragment_length_small_ssl_out_content_len - run_component component_test_null_entropy - run_component component_test_platform_calloc_macro - run_component component_test_aes_fewer_tables - run_component component_test_aes_rom_tables - run_component component_test_aes_fewer_tables_and_rom_tables - run_component component_test_make_shared - case $(uname -m) in - amd64|x86_64) - run_component component_test_m32_o0 - run_component component_test_m32_o1 - run_component component_test_mx32 - ;; - esac - run_component component_test_have_int32 - run_component component_test_have_int64 - run_component component_test_no_udbl_division - run_component component_test_no_64bit_multiplication - run_component component_build_arm_none_eabi_gcc - run_component component_build_arm_none_eabi_gcc_no_udbl_division - run_component component_build_arm_none_eabi_gcc_no_64bit_multiplication - run_component component_build_armcc - run_component component_test_allow_sha1 - run_component component_build_mingw - run_component component_test_memsan - run_component component_test_memcheck - run_component component_test_cmake_out_of_source - - # More small things - run_component component_test_zeroize - run_component component_check_python_files - run_component component_check_generate_test_code -} - # Run one component and clean up afterwards. run_component () { - if [ $ALL_EXCEPT -ne 0 ] && component_is_excluded "$1"; then - return - fi # Back up the configuration in case the component modifies it. # The cleanup function will restore it. cp -p "$CONFIG_H" "$CONFIG_BAK" @@ -1250,47 +1214,33 @@ pre_check_environment pre_initialize_variables pre_parse_command_line "$@" -case "$INTROSPECTION_MODE" in - list_components) - components= - newline=' -' - run_component () { - components="${components}${newline}${1#component_}" - } - ;; - - *) - pre_check_git - build_status=0 - if [ $KEEP_GOING -eq 1 ]; then - pre_setup_keep_going - else - record_status () { - "$@" - } - fi - pre_print_configuration - pre_check_tools - pre_print_tools - cleanup - ;; -esac +pre_check_git +build_status=0 +if [ $KEEP_GOING -eq 1 ]; then + pre_setup_keep_going +else + record_status () { + "$@" + } +fi +pre_print_configuration +pre_check_tools +pre_print_tools +cleanup if [ -n "$COMPONENTS" ] && [ $ALL_EXCEPT -eq 0 ]; then + # Run the components passed on the command line. for component in $COMPONENTS; do - run_component "component_$component" + run_component "component_$component" done else - run_all_components + # Run all components except those excluded on the command line. + for component in $SUPPORTED_COMPONENTS; do + if ! is_component_excluded "$component"; then + run_component "component_$component" + fi + done fi # We're done. -case "$INTROSPECTION_MODE" in - list_components) - echo "$components" | sort - ;; - *) - post_report - ;; -esac +post_report From beb3a815883e3dc7ed04f21892bfbade792ff1b2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 22:11:25 +0000 Subject: [PATCH 400/415] all.sh: Always build the list of components to run Build the list of components to run in $RUN_COMPONENTS as part of command line parsing. After parsing the command line, it no longer matters how this list was built. --- tests/scripts/all.sh | 47 ++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 41a6f8816..a9ac3be66 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -103,8 +103,6 @@ pre_initialize_variables () { CONFIG_H='include/mbedtls/config.h' CONFIG_BAK="$CONFIG_H.bak" - COMPONENTS= - ALL_EXCEPT=0 MEMORY=0 FORCE=0 KEEP_GOING=0 @@ -150,7 +148,7 @@ is_component_excluded() # Is $1 excluded via $COMPONENTS (a space-separated list of wildcard # patterns)? set -f - for pattern in $COMPONENTS; do + for pattern in $COMMAND_LINE_COMPONENTS; do set +f case ${1#component_} in $pattern) return 0;; esac done @@ -291,12 +289,15 @@ check_headers_in_cpp () { } pre_parse_command_line () { + COMMAND_LINE_COMPONENTS= + all_except= + while [ $# -gt 0 ]; do case "$1" in --armcc) RUN_ARMCC=1;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; - --except) ALL_EXCEPT=1;; + --except) all_except=1;; --force|-f) FORCE=1;; --gnutls-cli) shift; GNUTLS_CLI="$1";; --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; @@ -323,11 +324,28 @@ pre_parse_command_line () { echo >&2 "Run $0 --help for usage." exit 120 ;; - *) - COMPONENTS="$COMPONENTS $1";; + *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";; esac shift done + + if [ -z "$COMMAND_LINE_COMPONENTS" ]; then + all_except=1 + fi + + # Build the list of components to run. + if [ -n "$all_except" ]; then + RUN_COMPONENTS= + for component in $SUPPORTED_COMPONENTS; do + if ! is_component_excluded "$component"; then + RUN_COMPONENTS="$RUN_COMPONENTS $component" + fi + done + else + RUN_COMPONENTS="$COMMAND_LINE_COMPONENTS" + fi + + unset all_except } pre_check_git () { @@ -1228,19 +1246,10 @@ pre_check_tools pre_print_tools cleanup -if [ -n "$COMPONENTS" ] && [ $ALL_EXCEPT -eq 0 ]; then - # Run the components passed on the command line. - for component in $COMPONENTS; do - run_component "component_$component" - done -else - # Run all components except those excluded on the command line. - for component in $SUPPORTED_COMPONENTS; do - if ! is_component_excluded "$component"; then - run_component "component_$component" - fi - done -fi +# Run the requested tests. +for component in $RUN_COMPONENTS; do + run_component "component_$component" +done # We're done. post_report From 5331c6e0b1ad2ace14798e5d93b96cf66eb48ac7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 22:23:42 +0000 Subject: [PATCH 401/415] all.sh: only look for armcc if it is used Only look for armcc if component_build_armcc is to be executed, instead of requiring the option --no-armcc. You can still pass --no-armcc, but it's no longer required when listing components to run. With no list of components or an exclude list on the command line, --no-armcc is equivalent to having build_armcc in the exclude list. --- tests/scripts/all.sh | 60 ++++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 24 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a9ac3be66..dc7556e98 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -106,7 +106,6 @@ pre_initialize_variables () { MEMORY=0 FORCE=0 KEEP_GOING=0 - RUN_ARMCC=1 # Default commands, can be overriden by the environment : ${OPENSSL:="openssl"} @@ -291,10 +290,11 @@ check_headers_in_cpp () { pre_parse_command_line () { COMMAND_LINE_COMPONENTS= all_except= + no_armcc= while [ $# -gt 0 ]; do case "$1" in - --armcc) RUN_ARMCC=1;; + --armcc) no_armcc=;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; --except) all_except=1;; @@ -308,7 +308,7 @@ pre_parse_command_line () { --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; --memory|-m) MEMORY=1;; - --no-armcc) RUN_ARMCC=0;; + --no-armcc) no_armcc=1;; --no-force) FORCE=0;; --no-keep-going) KEEP_GOING=0;; --no-memory) MEMORY=0;; @@ -333,6 +333,12 @@ pre_parse_command_line () { all_except=1 fi + # --no-armcc is a legacy option. The modern way is --except '*_armcc*'. + # Ignore it if components are listed explicitly on the command line. + if [ -n "$no_armcc" ] && [ -n "$all_except" ]; then + COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" + fi + # Build the list of components to run. if [ -n "$all_except" ]; then RUN_COMPONENTS= @@ -346,6 +352,7 @@ pre_parse_command_line () { fi unset all_except + unset no_armcc } pre_check_git () { @@ -476,9 +483,10 @@ pre_check_tools () { "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" - if [ $RUN_ARMCC -ne 0 ]; then - check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" - fi + case $RUN_COMPONENTS in + *_armcc*) + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; + esac } @@ -499,10 +507,16 @@ pre_check_tools () { pre_print_tools () { msg "info: output_env.sh" - OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ - GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ - GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \ - ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh + set env + set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" + set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" + set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" + case $RUN_COMPONENTS in + *_armcc*) + set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; + *) set "$@" RUN_ARMCC=0;; + esac + "$@" scripts/output_env.sh } component_check_recursion () { @@ -1047,25 +1061,23 @@ component_build_armcc () { scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME - if [ $RUN_ARMCC -ne 0 ]; then - make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib - make clean + make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib + make clean - # ARM Compiler 6 - Target ARMv7-A - armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + # ARM Compiler 6 - Target ARMv7-A + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" - # ARM Compiler 6 - Target ARMv7-M - armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + # ARM Compiler 6 - Target ARMv7-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" - # ARM Compiler 6 - Target ARMv8-A - AArch32 - armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + # ARM Compiler 6 - Target ARMv8-A - AArch32 + armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" - # ARM Compiler 6 - Target ARMv8-M - armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" + # ARM Compiler 6 - Target ARMv8-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" - # ARM Compiler 6 - Target ARMv8-A - AArch64 - armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" - fi + # ARM Compiler 6 - Target ARMv8-A - AArch64 + armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" } component_test_allow_sha1 () { From 879642663af37b18e6372f39350d312b4ca41f82 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 22:40:00 +0000 Subject: [PATCH 402/415] all.sh: only check tools that are going to be used Don't require openssl, mingw, etc. if we aren't going to run a component that uses them. --- tests/scripts/all.sh | 58 +++++++++++++++++++++++++++++--------------- 1 file changed, 39 insertions(+), 19 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index dc7556e98..89b3cc87f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -461,30 +461,50 @@ pre_print_configuration () { echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" } +# Make sure the tools we need are available. pre_check_tools () { - ARMC5_CC="$ARMC5_BIN_DIR/armcc" - ARMC5_AR="$ARMC5_BIN_DIR/armar" - ARMC6_CC="$ARMC6_BIN_DIR/armclang" - ARMC6_AR="$ARMC6_BIN_DIR/armar" + case " $RUN_COMPONENTS " in + # Require OpenSSL and GnuTLS if running any tests (as opposed to + # only doing builds). Not all tests run OpenSSL and GnuTLS, but this + # is a good enough approximation in practice. + *" test_"*) + # To avoid setting OpenSSL and GnuTLS for each call to compat.sh + # and ssl-opt.sh, we just export the variables they require. + export OPENSSL_CMD="$OPENSSL" + export GNUTLS_CLI="$GNUTLS_CLI" + export GNUTLS_SERV="$GNUTLS_SERV" + # Avoid passing --seed flag in every call to ssl-opt.sh + if [ -n "${SEED-}" ]; then + export SEED + fi + check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ + "$GNUTLS_CLI" "$GNUTLS_SERV" \ + "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" + ;; + esac - # To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh - # we just export the variables they require - export OPENSSL_CMD="$OPENSSL" - export GNUTLS_CLI="$GNUTLS_CLI" - export GNUTLS_SERV="$GNUTLS_SERV" + case " $RUN_COMPONENTS " in + *_doxygen[_\ ]*) check_tools "doxygen" "dot";; + esac - # Avoid passing --seed flag in every call to ssl-opt.sh - if [ -n "${SEED-}" ]; then - export SEED - fi + case " $RUN_COMPONENTS " in + *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";; + esac - # Make sure the tools we need are available. - check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ - "$GNUTLS_CLI" "$GNUTLS_SERV" \ - "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" - case $RUN_COMPONENTS in + case " $RUN_COMPONENTS " in + *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";; + esac + + case " $RUN_COMPONENTS " in + *" test_zeroize "*) check_tools "gdb";; + esac + + case " $RUN_COMPONENTS " in *_armcc*) + ARMC5_CC="$ARMC5_BIN_DIR/armcc" + ARMC5_AR="$ARMC5_BIN_DIR/armar" + ARMC6_CC="$ARMC6_BIN_DIR/armclang" + ARMC6_AR="$ARMC6_BIN_DIR/armar" check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; esac } From cc9f0b956e123cdf869f433309c327320afeb8ba Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 6 Jan 2019 22:46:21 +0000 Subject: [PATCH 403/415] Merge the code to call output_env.sh into pre_check_tools It's all about tool detection. --- tests/scripts/all.sh | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 89b3cc87f..1347a46b0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -463,6 +463,9 @@ pre_print_configuration () { # Make sure the tools we need are available. pre_check_tools () { + # Build the list of variables to pass to output_env.sh. + set env + case " $RUN_COMPONENTS " in # Require OpenSSL and GnuTLS if running any tests (as opposed to # only doing builds). Not all tests run OpenSSL and GnuTLS, but this @@ -477,6 +480,10 @@ pre_check_tools () { if [ -n "${SEED-}" ]; then export SEED fi + set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" + set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" + set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" + set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" @@ -507,9 +514,18 @@ pre_check_tools () { ARMC6_AR="$ARMC6_BIN_DIR/armar" check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; esac + + msg "info: output_env.sh" + case $RUN_COMPONENTS in + *_armcc*) + set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; + *) set "$@" RUN_ARMCC=0;; + esac + "$@" scripts/output_env.sh } + ################################################################ #### Basic checks ################################################################ @@ -525,20 +541,6 @@ pre_check_tools () { # # Indicative running times are given for reference. -pre_print_tools () { - msg "info: output_env.sh" - set env - set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" - set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" - set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" - case $RUN_COMPONENTS in - *_armcc*) - set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; - *) set "$@" RUN_ARMCC=0;; - esac - "$@" scripts/output_env.sh -} - component_check_recursion () { msg "test: recursion.pl" # < 1s record_status tests/scripts/recursion.pl library/*.c @@ -1275,7 +1277,6 @@ else fi pre_print_configuration pre_check_tools -pre_print_tools cleanup # Run the requested tests. From c70637a5f01cfa15353161f4c092091635c89c5a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jan 2019 22:29:17 +0100 Subject: [PATCH 404/415] all.sh: Update the maintainer documentation --- tests/scripts/all.sh | 43 ++++++++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1347a46b0..047d96be4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -59,29 +59,42 @@ # following naming conventions: # * pre_XXX: things to do before running the tests, in order. # * component_XXX: independent components. They can be run in any order. -# * component_check_XXX: quick tests that aren't worth parallelizing -# * component_build_XXX: build things but don't run them -# * component_test_XXX: build and test +# * component_check_XXX: quick tests that aren't worth parallelizing. +# * component_build_XXX: build things but don't run them. +# * component_test_XXX: build and test. # * support_XXX: if support_XXX exists and returns false then # component_XXX is not run by default. # * post_XXX: things to do after running the tests. # * other: miscellaneous support functions. # +# Each component must start by invoking `msg` with a short informative message. +# +# The framework performs some cleanup tasks after each component. This +# means that components can assume that the working directory is in a +# cleaned-up state, and don't need to perform the cleanup themselves. +# * Run `make clean`. +# * Restore `include/mbedtks/config.h` from a backup made before running +# the component. +# * Check out `Makefile`, `library/Makefile`, `programs/Makefile` and +# `tests/Makefile` from git. This cleans up after an in-tree use of +# CMake. +# +# Any command that is expected to fail must be protected so that the +# script keeps running in --keep-going mode despite `set -e`. In keep-going +# mode, if a protected command fails, this is logged as a failure and the +# script will exit with a failure status once it has run all components. +# Commands can be protected in any of the following ways: +# * `make` is a function which runs the `make` command with protection. +# Note that you must write `make VAR=value`, not `VAR=value make`, +# because the `VAR=value make` syntax doesn't work with functions. +# * Put `report_status` before the command to protect it. +# * Put `if_build_successful` before a command. This protects it, and +# additionally skips it if a prior invocation of `make` in the same +# component failed. +# # The tests are roughly in order from fastest to slowest. This doesn't # have to be exact, but in general you should add slower tests towards # the end and fast checks near the beginning. -# -# Sanity checks have the following form: -# 1. msg "short description of what is about to be done" -# 2. run sanity check (failure stops the script) -# -# Build or build-and-test steps have the following form: -# 1. msg "short description of what is about to be done" -# 2. cleanup -# 3. preparation (config.pl, cmake, ...) (failure stops the script) -# 4. make -# 5. Run tests if relevant. All tests must be prefixed with -# if_build_successful for the sake of --keep-going. From d1174cf0151738393d939de37787b6a91ca4b056 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jan 2019 22:30:01 +0100 Subject: [PATCH 405/415] Fix sometimes-spurious warning about changed config.h After backing up and restoring config.h, `git diff-files` may report it as potentially-changed because it isn't sure whether the index is up to date. Use `git diff` instead: it actually reads the file. --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 047d96be4..642128af2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -381,7 +381,7 @@ pre_check_git () { exit 1 fi - if ! git diff-files --quiet include/mbedtls/config.h; then + if ! git diff --quiet include/mbedtls/config.h; then err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " echo "You can either delete or preserve your work, or force the test by rerunning the" echo "script as: $0 --force" From 53190e6160414c5ee1caee6edcebc95c686f140b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jan 2019 23:17:35 +0100 Subject: [PATCH 406/415] Delete $OUT_OF_SOURCE_DIR under --force The deletion of "$OUT_OF_SOURCE_DIR" had mistakenly been lumped together with Yotta and then removed when Yotta support was removed. Bring it back. --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 642128af2..b95429b29 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -370,6 +370,7 @@ pre_parse_command_line () { pre_check_git () { if [ $FORCE -eq 1 ]; then + rm -rf "$OUT_OF_SOURCE_DIR" git checkout-index -f -q $CONFIG_H cleanup else From a28db923d95a7a0ca169992cbdfb91043b17b0c6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jan 2019 00:05:18 +0100 Subject: [PATCH 407/415] Support wildcard patterns with a positive list of components to run Wildcard patterns now work with command line COMPONENT arguments without --except as well as with. You can now run e.g. `all.sh "check_*` to run all the sanity checks. --- tests/scripts/all.sh | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b95429b29..55f554b3a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -154,11 +154,9 @@ pre_initialize_variables () { done } -# Test whether $1 is excluded via the command line. -is_component_excluded() +# Test whether the component $1 is included in the command line patterns. +is_component_included() { - # Is $1 excluded via $COMPONENTS (a space-separated list of wildcard - # patterns)? set -f for pattern in $COMMAND_LINE_COMPONENTS; do set +f @@ -174,6 +172,13 @@ usage() Usage: $0 [OPTION]... [COMPONENT]... Run mbedtls release validation tests. By default, run all tests. With one or more COMPONENT, run only those. +COMPONENT can be the name of a component or a shell wildcard pattern. + +Examples: + $0 "check_*" + Run all sanity checks. + $0 --no-armcc --except test_memsan + Run everything except builds that require armcc and MemSan. Special options: -h|--help Print this help and exit. @@ -185,11 +190,8 @@ General options: -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. --armcc Run ARM Compiler builds (on by default). - --except If some components are passed on the command line, - run all the tests except for these components. In - this mode, you can pass shell wildcard patterns as - component names, e.g. "$0 --except 'test_*'" to - exclude all components that run tests. + --except Exclude the COMPONENTs listed on the command line, + instead of running only those. --no-armcc Skip ARM Compiler builds. --no-force Refuse to overwrite modified files (default). --no-keep-going Stop at the first error (default). @@ -302,7 +304,7 @@ check_headers_in_cpp () { pre_parse_command_line () { COMMAND_LINE_COMPONENTS= - all_except= + all_except=0 no_armcc= while [ $# -gt 0 ]; do @@ -342,27 +344,24 @@ pre_parse_command_line () { shift done + # With no list of components, run everything. if [ -z "$COMMAND_LINE_COMPONENTS" ]; then all_except=1 fi # --no-armcc is a legacy option. The modern way is --except '*_armcc*'. # Ignore it if components are listed explicitly on the command line. - if [ -n "$no_armcc" ] && [ -n "$all_except" ]; then + if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" fi # Build the list of components to run. - if [ -n "$all_except" ]; then - RUN_COMPONENTS= - for component in $SUPPORTED_COMPONENTS; do - if ! is_component_excluded "$component"; then - RUN_COMPONENTS="$RUN_COMPONENTS $component" - fi - done - else - RUN_COMPONENTS="$COMMAND_LINE_COMPONENTS" - fi + RUN_COMPONENTS= + for component in $SUPPORTED_COMPONENTS; do + if is_component_included "$component"; [ $? -eq $all_except ]; then + RUN_COMPONENTS="$RUN_COMPONENTS $component" + fi + done unset all_except unset no_armcc From 69f190e8ddf375b22fe9373daef57947945dfd96 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jan 2019 00:11:42 +0100 Subject: [PATCH 408/415] Rename test_memcheck to test_valgrind Valgrind is what it does. `memcheck` is how it's implemented. --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 55f554b3a..039b1b887 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1158,7 +1158,7 @@ component_test_memsan () { fi } -component_test_memcheck () { +component_test_valgrind () { msg "build: Release (clang)" CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . make From 2f70e4b2f9a095a1bd4fed4a1afb8f6f1a247a9a Mon Sep 17 00:00:00 2001 From: Jeffrey Martin Date: Tue, 14 Aug 2018 14:41:57 -0500 Subject: [PATCH 409/415] add hints for mips registers that may need restore Signed-off-by: Jeffrey Martin --- include/mbedtls/bn_mul.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index 2f7b72fe4..69298f084 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -750,7 +750,7 @@ "sw $10, %2 \n\t" \ : "=m" (c), "=m" (d), "=m" (s) \ : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "$9", "$10", "$11", "$12", "$13", "$14", "$15" \ + : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "$lo", "$hi" \ ); #endif /* MIPS */ From a661be35932ecaa0d51cf48df7fab673bfae5c34 Mon Sep 17 00:00:00 2001 From: Jeffrey Martin Date: Mon, 14 Jan 2019 16:40:59 -0600 Subject: [PATCH 410/415] Add fix of #1722 to ChangLog Signed-off-by: Jeffrey Martin --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index b39b95391..a82d1f401 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,10 @@ Bugfix previously lead to a stack overflow on constrained targets. * Add `MBEDTLS_SELF_TEST` for the mbedtls_self_test functions in the header files, which missed the precompilation check. #971 + * Extend register cleanup needed on MIPS assembly optimizations. Adds hi, lo + registers hints to the compiler for usage with the embedded MIPS assembly. + Reported in #1722, fix suggested by @aurel32 and submitted + by Jeffrey Martin, #1949. = mbed TLS 2.16.0 branch released 2018-12-21 From d25fd8d4c9c3e1889d17da39a044036679466dac Mon Sep 17 00:00:00 2001 From: Jeffrey Martin Date: Mon, 14 Jan 2019 18:01:40 -0600 Subject: [PATCH 411/415] MIPS register hints without `$` for compatibility Signed-off-by: Jeffrey Martin --- include/mbedtls/bn_mul.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index 69298f084..26cfa77de 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -750,7 +750,7 @@ "sw $10, %2 \n\t" \ : "=m" (c), "=m" (d), "=m" (s) \ : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "$lo", "$hi" \ + : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \ ); #endif /* MIPS */ From d20a0e2d9f371ed20d6379d50654724580c58655 Mon Sep 17 00:00:00 2001 From: Jeffrey Martin Date: Tue, 15 Jan 2019 09:01:31 -0600 Subject: [PATCH 412/415] update ChangLog per comments Signed-off-by: Jeffrey Martin --- ChangeLog | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index a82d1f401..d19ec9495 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,10 +11,11 @@ Bugfix previously lead to a stack overflow on constrained targets. * Add `MBEDTLS_SELF_TEST` for the mbedtls_self_test functions in the header files, which missed the precompilation check. #971 - * Extend register cleanup needed on MIPS assembly optimizations. Adds hi, lo - registers hints to the compiler for usage with the embedded MIPS assembly. - Reported in #1722, fix suggested by @aurel32 and submitted - by Jeffrey Martin, #1949. + * Fix clobber list in MIPS assembly for large integer multiplication. + Previously, this could lead to functionally incorrect assembly being + produced by some optimizing compilers, showing up as failures in + e.g. RSA or ECC signature operations. Reported in #1722, fix suggested + by @aurel32 and submitted by Jeffrey Martin. = mbed TLS 2.16.0 branch released 2018-12-21 From 801217e057aa64b379be22e4cbdca3d2f2d1fccc Mon Sep 17 00:00:00 2001 From: Jeffrey Martin Date: Wed, 16 Jan 2019 09:25:36 -0600 Subject: [PATCH 413/415] update ChangLog credit Signed-off-by: Jeffrey Martin --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d19ec9495..99bdf39f7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,7 +15,7 @@ Bugfix Previously, this could lead to functionally incorrect assembly being produced by some optimizing compilers, showing up as failures in e.g. RSA or ECC signature operations. Reported in #1722, fix suggested - by @aurel32 and submitted by Jeffrey Martin. + by Aurelien Jarno and submitted by Jeffrey Martin. = mbed TLS 2.16.0 branch released 2018-12-21 From 36e89b5b71735bf38c02c1046828fd2ad26dc30b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonin=20D=C3=A9cimo?= Date: Wed, 23 Jan 2019 15:24:37 +0100 Subject: [PATCH 414/415] Fix #2370, minor typos and spelling mistakes --- CONTRIBUTING.md | 2 +- ChangeLog | 10 +++++----- README.md | 2 +- include/mbedtls/check_config.h | 2 +- include/mbedtls/config.h | 12 ++++++------ include/mbedtls/hmac_drbg.h | 2 +- include/mbedtls/rsa.h | 6 +++--- include/mbedtls/ssl.h | 4 ++-- include/mbedtls/ssl_ticket.h | 4 ++-- include/mbedtls/x509.h | 6 +++--- include/mbedtls/x509_crl.h | 4 ++-- library/Makefile | 2 +- library/ecjpake.c | 2 +- library/error.c | 2 +- library/ssl_srv.c | 2 +- library/ssl_tls.c | 2 +- library/x509.c | 2 +- library/x509_crt.c | 2 +- tests/compat.sh | 2 +- tests/scripts/all.sh | 2 +- tests/scripts/test_zeroize.gdb | 2 +- tests/ssl-opt.sh | 20 ++++++++++---------- tests/suites/test_suite_ccm.data | 2 +- tests/suites/test_suite_ecdh.function | 2 +- tests/suites/test_suite_nist_kw.function | 2 +- tests/suites/test_suite_rsa.data | 6 +++--- 26 files changed, 53 insertions(+), 53 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 010dffc63..18851db41 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -50,7 +50,7 @@ When backporting to these branches please observe the following rules: 2. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted. - 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be addtional test cases or quality improvements such as changes to build or test scripts. + 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts. It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors. diff --git a/ChangeLog b/ChangeLog index b39b95391..2a385c738 100644 --- a/ChangeLog +++ b/ChangeLog @@ -321,7 +321,7 @@ Security 1.2, that allowed a local attacker, able to execute code on the local machine as well as manipulate network packets, to partially recover the plaintext of messages under some conditions by using a cache attack - targetting an internal MD/SHA buffer. With TLS or if + targeting an internal MD/SHA buffer. With TLS or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only worked if the same secret (for example a HTTP Cookie) has been repeatedly sent over connections manipulated by the attacker. Connections using GCM or CCM @@ -1207,7 +1207,7 @@ Bugfix * Fix potential build failures related to the 'apidoc' target, introduced in the previous patch release. Found by Robert Scheck. #390 #391 * Fix issue in Makefile that prevented building using armar. #386 - * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and + * Fix memory leak that occurred only when ECJPAKE was enabled and ECDHE and ECDSA was disabled in config.h . The leak didn't occur by default. * Fix an issue that caused valid certificates to be rejected whenever an expired or not yet valid certificate was parsed before a valid certificate @@ -1449,7 +1449,7 @@ API Changes You now need to link to all of them if you use TLS for example. * All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace. Some names have been further changed to make them more consistent. - Migration helpers scripts/rename.pl and include/mbedlts/compat-1.3.h are + Migration helpers scripts/rename.pl and include/mbedtls/compat-1.3.h are provided. Full list of renamings in scripts/data_files/rename-1.3-2.0.txt * Renamings of fields inside structures, not covered by the previous list: mbedtls_cipher_info_t.key_length -> key_bitlen @@ -1504,7 +1504,7 @@ API Changes * net_accept() gained new arguments for the size of the client_ip buffer. * In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now return void. - * ecdsa_write_signature() gained an addtional md_alg argument and + * ecdsa_write_signature() gained an additional md_alg argument and ecdsa_write_signature_det() was deprecated. * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA. * Last argument of x509_crt_check_key_usage() and @@ -3039,7 +3039,7 @@ XySSL ChangeLog not swapped on PadLock; also fixed compilation on older versions of gcc (bug reported by David Barrett) * Correctly handle the case in padlock_xcryptcbc() when input or - ouput data is non-aligned by falling back to the software + output data is non-aligned by falling back to the software implementation, as VIA Nehemiah cannot handle non-aligned buffers * Fixed a memory leak in x509parse_crt() which was reported by Greg Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to diff --git a/README.md b/README.md index d7a0e9d6b..4fa6242bb 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if th Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved. -Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line. +Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overridden from the command line. Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b86e5807e..0f72c17a1 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -691,7 +691,7 @@ /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the - * #if defined(MBEDTLS_xxx_C) that results in emtpy translation units. + * #if defined(MBEDTLS_xxx_C) that results in empty translation units. */ typedef int mbedtls_iso_c_forbids_empty_translation_units; diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 91cc5bddf..c5d7bfe30 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -139,7 +139,7 @@ * * System has time.h, time(), and an implementation for * mbedtls_platform_gmtime_r() (see below). - * The time needs to be correct (not necesarily very accurate, but at least + * The time needs to be correct (not necessarily very accurate, but at least * the date should be correct). This is used to verify the validity period of * X.509 certificates. * @@ -401,7 +401,7 @@ * \note Because of a signature change, the core AES encryption and decryption routines are * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, * respectively. When setting up alternative implementations, these functions should - * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt + * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt * must stay untouched. * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set @@ -1538,7 +1538,7 @@ * \def MBEDTLS_SSL_SESSION_TICKETS * * Enable support for RFC 5077 session tickets in SSL. - * Client-side, provides full support for session tickets (maintainance of a + * Client-side, provides full support for session tickets (maintenance of a * session store remains the responsibility of the application, though). * Server-side, you also need to provide callbacks for writing and parsing * tickets, including authenticated encryption and key management. Example @@ -1704,7 +1704,7 @@ * * \warning TLS-level compression MAY REDUCE SECURITY! See for example the * CRIME attack. Before enabling this option, you should examine with care if - * CRIME or similar exploits may be a applicable to your use case. + * CRIME or similar exploits may be applicable to your use case. * * \note Currently compression can't be used with DTLS. * @@ -3016,7 +3016,7 @@ //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ +/* Note: your snprintf must correctly zero-terminate the buffer! */ //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ @@ -3033,7 +3033,7 @@ //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ +/* Note: your snprintf must correctly zero-terminate the buffer! */ //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 146367b9d..c81df8cc9 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -76,7 +76,7 @@ extern "C" { */ typedef struct mbedtls_hmac_drbg_context { - /* Working state: the key K is not stored explicitely, + /* Working state: the key K is not stored explicitly, * but is implied by the HMAC context */ mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */ unsigned char V[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */ diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 906c42733..4ff5bdd83 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -150,13 +150,13 @@ mbedtls_rsa_context; * \note The choice of padding mode is strictly enforced for private key * operations, since there might be security concerns in * mixing padding modes. For public key operations it is - * a default value, which can be overriden by calling specific + * a default value, which can be overridden by calling specific * \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions. * * \note The hash selected in \p hash_id is always used for OEAP * encryption. For PSS signatures, it is always used for - * making signatures, but can be overriden for verifying them. - * If set to #MBEDTLS_MD_NONE, it is always overriden. + * making signatures, but can be overridden for verifying them. + * If set to #MBEDTLS_MD_NONE, it is always overridden. * * \param ctx The RSA context to initialize. This must not be \c NULL. * \param padding The padding mode to use. This must be either diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8106bb4ab..199bba9b3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2033,7 +2033,7 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, * provision more than one cert/key pair (eg one ECDSA, one * RSA with SHA-256, one RSA with SHA-1). An adequate * certificate will be selected according to the client's - * advertised capabilities. In case mutliple certificates are + * advertised capabilities. In case multiple certificates are * adequate, preference is given to the one set by the first * call to this function, then second, etc. * @@ -3200,7 +3200,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); * mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free(). * * \note You need to call mbedtls_ssl_config_defaults() unless you - * manually set all of the relevent fields yourself. + * manually set all of the relevant fields yourself. * * \param conf SSL configuration context */ diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index b2686df09..0f9ee3ee7 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -111,14 +111,14 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, /** * \brief Implementation of the ticket write callback * - * \note See \c mbedlts_ssl_ticket_write_t for description + * \note See \c mbedtls_ssl_ticket_write_t for description */ mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write; /** * \brief Implementation of the ticket parse callback * - * \note See \c mbedlts_ssl_ticket_parse_t for description + * \note See \c mbedtls_ssl_ticket_parse_t for description */ mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 9ae825c18..63aae32d8 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -77,7 +77,7 @@ #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */ #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */ -#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */ +#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occurred, eg the chain is too long or the vrfy callback failed. */ /* \} name */ /** @@ -250,7 +250,7 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se * * \param to mbedtls_x509_time to check * - * \return 1 if the given time is in the past or an error occured, + * \return 1 if the given time is in the past or an error occurred, * 0 otherwise. */ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); @@ -264,7 +264,7 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); * * \param from mbedtls_x509_time to check * - * \return 1 if the given time is in the future or an error occured, + * \return 1 if the given time is in the future or an error occurred, * 0 otherwise. */ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index 08a4283a6..fa838d68c 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -111,7 +111,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, /** * \brief Parse one or more CRLs and append them to the chained list * - * \note Mutliple CRLs are accepted only if using PEM format + * \note Multiple CRLs are accepted only if using PEM format * * \param chain points to the start of the chain * \param buf buffer holding the CRL data in PEM or DER format @@ -126,7 +126,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s /** * \brief Load one or more CRLs and append them to the chained list * - * \note Mutliple CRLs are accepted only if using PEM format + * \note Multiple CRLs are accepted only if using PEM format * * \param chain points to the start of the chain * \param path filename to read the CRLs from (in PEM or DER encoding) diff --git a/library/Makefile b/library/Makefile index 430c59881..1e1b0358a 100644 --- a/library/Makefile +++ b/library/Makefile @@ -39,7 +39,7 @@ SOEXT_TLS=so.12 SOEXT_X509=so.0 SOEXT_CRYPTO=so.3 -# Set AR_DASH= (empty string) to use an ar implentation that does not accept +# Set AR_DASH= (empty string) to use an ar implementation that does not accept # the - prefix for command line options (e.g. llvm-ar) AR_DASH ?= - diff --git a/library/ecjpake.c b/library/ecjpake.c index be941b14b..b276514e8 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -951,7 +951,7 @@ static const unsigned char ecjpake_test_pms[] = { 0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51 }; -/* Load my private keys and generate the correponding public keys */ +/* Load my private keys and generate the corresponding public keys */ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx, const unsigned char *xm1, size_t len1, const unsigned char *xm2, size_t len2 ) diff --git a/library/error.c b/library/error.c index 12312a056..c596f0bcc 100644 --- a/library/error.c +++ b/library/error.c @@ -567,7 +567,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) ) mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" ); if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) ) - mbedtls_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" ); + mbedtls_snprintf( buf, buflen, "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" ); #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ // END generated code diff --git a/library/ssl_srv.c b/library/ssl_srv.c index bc77f8020..5825970c4 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1449,7 +1449,7 @@ read_record_header: */ /* - * Minimal length (with everything empty and extensions ommitted) is + * Minimal length (with everything empty and extensions omitted) is * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can * read at least up to session id length without worrying. */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 38690fa66..8710a5076 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2606,7 +2606,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) } /* - * A record can't be split accross datagrams. If we need to read but + * A record can't be split across datagrams. If we need to read but * are not at the beginning of a new record, the caller did something * wrong. */ diff --git a/library/x509.c b/library/x509.c index 52b5b649f..6b7899fe0 100644 --- a/library/x509.c +++ b/library/x509.c @@ -116,7 +116,7 @@ int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, } /* - * Parse an algorithm identifier with (optional) paramaters + * Parse an algorithm identifier with (optional) parameters */ int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params ) diff --git a/library/x509_crt.c b/library/x509_crt.c index 76558342e..024faf4e7 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2237,7 +2237,7 @@ static int x509_crt_check_ee_locally_trusted( * Tests for (aspects of) this function should include at least: * - trusted EE * - EE -> trusted root - * - EE -> intermedate CA -> trusted root + * - EE -> intermediate CA -> trusted root * - if relevant: EE untrusted * - if relevant: EE -> intermediate, untrusted * with the aspect under test checked at each relevant level (EE, int, root). diff --git a/tests/compat.sh b/tests/compat.sh index bf65e5e61..181452803 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -21,7 +21,7 @@ FAILED=0 SKIPPED=0 SRVMEM=0 -# default commands, can be overriden by the environment +# default commands, can be overridden by the environment : ${M_SRV:=../programs/ssl/ssl_server2} : ${M_CLI:=../programs/ssl/ssl_client2} : ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c5c0c3add..3f1a32b6c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -96,7 +96,7 @@ FORCE=0 KEEP_GOING=0 RUN_ARMCC=1 -# Default commands, can be overriden by the environment +# Default commands, can be overridden by the environment : ${OPENSSL:="openssl"} : ${OPENSSL_LEGACY:="$OPENSSL"} : ${OPENSSL_NEXT:="$OPENSSL"} diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 77c812a0b..67ca2e833 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -17,7 +17,7 @@ # seem to be a mechanism to reliably check whether the zeroize calls are being # eliminated by compiler optimizations from within the compiled program. The # problem is that a compiler would typically remove what it considers to be -# "unecessary" assignments as part of redundant code elimination. To identify +# "unnecessary" assignments as part of redundant code elimination. To identify # such code, the compilar will create some form dependency graph between # reads and writes to variables (among other situations). It will then use this # data structure to remove redundant code that does not have an impact on the diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 335f59d02..544446c75 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -26,7 +26,7 @@ if cd $( dirname $0 ); then :; else exit 1 fi -# default values, can be overriden by the environment +# default values, can be overridden by the environment : ${P_SRV:=../programs/ssl/ssl_server2} : ${P_CLI:=../programs/ssl/ssl_client2} : ${P_PXY:=../programs/test/udp_proxy} @@ -671,7 +671,7 @@ run_test() { # The filtering in the following two options (-u and -U) do the following # - ignore valgrind output - # - filter out everything but lines right after the pattern occurances + # - filter out everything but lines right after the pattern occurrences # - keep one of each non-unique line # - count how many lines remain # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 @@ -2740,7 +2740,7 @@ run_test "Authentication: server max_int chain, client default" \ key_file=data_files/dir-maxpath/09.key" \ "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ 0 \ - -C "X509 - A fatal error occured" + -C "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: server max_int+1 chain, client default" \ @@ -2748,7 +2748,7 @@ run_test "Authentication: server max_int+1 chain, client default" \ key_file=data_files/dir-maxpath/10.key" \ "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ 1 \ - -c "X509 - A fatal error occured" + -c "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: server max_int+1 chain, client optional" \ @@ -2757,7 +2757,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \ "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ auth_mode=optional" \ 1 \ - -c "X509 - A fatal error occured" + -c "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: server max_int+1 chain, client none" \ @@ -2766,7 +2766,7 @@ run_test "Authentication: server max_int+1 chain, client none" \ "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ auth_mode=none" \ 0 \ - -C "X509 - A fatal error occured" + -C "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: client max_int+1 chain, server default" \ @@ -2774,7 +2774,7 @@ run_test "Authentication: client max_int+1 chain, server default" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ 0 \ - -S "X509 - A fatal error occured" + -S "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: client max_int+1 chain, server optional" \ @@ -2782,7 +2782,7 @@ run_test "Authentication: client max_int+1 chain, server optional" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ 1 \ - -s "X509 - A fatal error occured" + -s "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: client max_int+1 chain, server required" \ @@ -2790,7 +2790,7 @@ run_test "Authentication: client max_int+1 chain, server required" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ 1 \ - -s "X509 - A fatal error occured" + -s "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: client max_int chain, server required" \ @@ -2798,7 +2798,7 @@ run_test "Authentication: client max_int chain, server required" \ "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ 0 \ - -S "X509 - A fatal error occured" + -S "X509 - A fatal error occurred" # Tests for CA list in CertificateRequest messages diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index ac9c565da..46c172bbb 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -41,7 +41,7 @@ ccm_lengths:5:10:5:18:MBEDTLS_ERR_CCM_BAD_INPUT CCM lengths #6 tag length not even ccm_lengths:5:10:5:7:MBEDTLS_ERR_CCM_BAD_INPUT -CCM lenghts #7 AD too long (2^16 - 2^8 + 1) +CCM lengths #7 AD too long (2^16 - 2^8 + 1) depends_on:!MBEDTLS_CCM_ALT ccm_lengths:5:10:65281:8:MBEDTLS_ERR_CCM_BAD_INPUT diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 08a1686e5..7db0ed16e 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -351,7 +351,7 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, mbedtls_ecdh_enable_restart( &cli ); } - /* server writes its paramaters */ + /* server writes its parameters */ memset( buf, 0x00, sizeof( buf ) ); len = 0; diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function index ae3ef8062..f1acde91a 100644 --- a/tests/suites/test_suite_nist_kw.function +++ b/tests/suites/test_suite_nist_kw.function @@ -30,7 +30,7 @@ void mbedtls_nist_kw_mix_contexts( ) memset( key, 0, sizeof( key ) ); /* - * 1. Check wrap and unwrap with two seperate contexts + * 1. Check wrap and unwrap with two separate contexts */ mbedtls_nist_kw_init( &ctx1 ); mbedtls_nist_kw_init( &ctx2 ); diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index a25d61c85..cc11b808a 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -477,7 +477,7 @@ mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bb RSA Import (N,-,-,D,E) mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0:0 -RSA Import (N,-,-,D,E), succesive +RSA Import (N,-,-,D,E), successive mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0:0 RSA Import (N,P,Q,-,E) @@ -564,7 +564,7 @@ mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7 RSA Export (N,-,-,D,E) mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 -RSA Export (N,-,-,D,E), succesive +RSA Export (N,-,-,D,E), successive mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1 RSA Export (N,P,Q,-,E) @@ -585,7 +585,7 @@ mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f RSA Export Raw (N,-,-,D,E) mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 -RSA Export Raw (N,-,-,D,E), succesive +RSA Export Raw (N,-,-,D,E), successive mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1 RSA Export Raw (N,P,Q,-,E) From ad88be05b69d887fd833138527302e87a42ac820 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 30 Jan 2019 13:18:45 +0000 Subject: [PATCH 415/415] Add ChangeLog entry for #2371 --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 062dab93b..2789704f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,7 @@ Changes Inserted as an enhancement for #1371 * Add support for alternative CSR headers, as used by Microsoft and defined in RFC 7468. Found by Michael Ernst. Fixes #767. + * Correct many misspellings. Fixed by MisterDA #2371. = mbed TLS 2.16.0 branch released 2018-12-21