diff --git a/ext/polarssl-1.3/ChangeLog b/ext/polarssl-1.3/ChangeLog index f5a3867ba1..b436c29224 100644 --- a/ext/polarssl-1.3/ChangeLog +++ b/ext/polarssl-1.3/ChangeLog @@ -1,5 +1,571 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.3.22 branch released 2018-02-03 + +Security + * Fix a heap corruption issue in the implementation of the truncated HMAC + extension. When the truncated HMAC extension is enabled and CBC is used, + sending a malicious application packet could be used to selectively corrupt + 6 bytes on the peer's heap, which could potentially lead to crash or remote + code execution. The issue could be triggered remotely from either side in + both TLS and DTLS. CVE-2018-0488 + * Fix a buffer overflow in RSA-PSS verification when the hash was too large + for the key size, which could potentially lead to crash or remote code + execution. Found by Seth Terashima, Qualcomm Product Security Initiative, + Qualcomm Technologies Inc. CVE-2018-0487 + * Fix buffer overflow in RSA-PSS verification when the unmasked data is all + zeros. + * Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding + 64 KiB to the address of the SSL buffer and causing a wrap around. + * Add a provision to prevent compiler optimizations breaking the time + constancy of the internal function safer_memcmp(). + * Ensure that buffers are cleared after use if they contain sensitive data. + Changes were introduced in multiple places in the library. + * Set PEM buffer to zero before freeing it, to avoid decoded private keys + being leaked to memory after release. + * Fix dhm_check_range() failing to detect trivial subgroups and potentially + leaking 1 bit of the private key. Reported by prashantkspatil. + * Make mpi_read_binary() constant-time with respect to the input + data. Previously, trailing zero bytes were detected and omitted for the + sake of saving memory, but potentially leading to slight timing + differences. Reported by Marco Macchetti, Kudelski Group. + * Wipe stack buffer temporarily holding EC private exponent + after keypair generation. + * Change default choice of DHE parameters from untrustworthy RFC 5114 + to RFC 3526 containing parameters generated in a nothing-up-my-sleeve + manner. + * Fix a potential heap buffer over-read in ALPN extension parsing + (server-side). Could result in application crash, but only if an ALPN + name larger than 16 bytes had been configured on the server. + +Features + * Allow comments in test data files. + +Bugfix + * Fix typo in ssl.h leading to a too small value of SSL_MAC_ADD + in case CBC is disabled but ARC4 is enabled. + * Fix memory leak in ssl_set_hostname() when called multiple times. + Found by projectgus and jethrogb, #836. + * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. + * Fix Visual Studio implicit cast compilation warnings in the net.c and + x509.c modules and some sample applications. + * Parse signature algorithm extension when renegotiating. Previously, + renegotiated handshakes would only accept signatures using SHA-1 + regardless of the peer's preferences, or fail if SHA-1 was disabled. + * Fix leap year calculation in x509_date_is_valid() to ensure that invalid + dates on leap years with 100 and 400 intervals are handled correctly. Found + by Nicholas Wilson. #694 + * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were + accepted. Generating these signatures required the private key. + * Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys. + Found independently by Florian in the mbed TLS forum and by Mishamax. + #878, #1019. + * Fix build problems on Windows. Contributed by Nicholas Wilson. + * Fix unchecked return codes from AES, DES and 3DES functions in + pem_aes_decrypt(), pem_des_decrypt() and pem_des3_decrypt() respectively. + If a call to one of the functions of the cryptographic primitive modules + failed, the error may not be noticed by the function pem_read_buffer() + causing it to return invalid values. Found by Guido Vranken. #756 + * Include configuration file in md.h, to fix compilation warnings. + Reported by aaronmdjones in #1001 + * Correct extraction of signature-type from PK instance in X.509 CRT and CSR + writing routines that prevented these functions to work with alternative + RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011. + * Don't print X.509 version tag for v1 CRT's, and omit extensions for + non-v3 CRT's. + * Fix bugs in RSA test suite under POLARSSL_NO_PLATFORM_ENTROPY. #1023 #1024 + * Fix net_would_block() to avoid modification by errno through fcntl() call. + Found by nkolban. Fixes #845. + * Fix handling of handshake messages in ssl_read() in case + POLARSSL_SSL_DISABLE_RENEGOTIATION is set. Found by erja-gp. + * Add a check for invalid private parameters in ecdsa_sign(). + Reported by Yolan Romailler. + * Fix word size check in in pk.c to not depend on POLARSSL_HAVE_INT64. + * Fix crash when calling ssl_cache_free() twice. Found by MilenkoMitrovic. + #1104 + * Fix set_alarm(0) on Unix and MinGW. + * Fix use of uninitialized memory in get_timer() when reset=1. + * Fix issue in RSA key generation program programs/x509/rsa_genkey + where the failure of CTR DRBG initialization lead to freeing an + RSA context without proper initialization beforehand. + * Fix an issue in the cipher decryption with the mode + POLARSSL_PADDING_ONE_AND_ZEROS that sometimes accepted invalid padding. + Note, this padding mode is not used by the TLS protocol. Found and fixed by + Micha Kraus. + +Changes + * Extend cert_write example program by options to set the CRT version + and the message digest. Further, allow enabling/disabling of authority + identifier, subject identifier and basic constraints extensions. + * Improve makefiles on Windows: don't run find, and call perl explicitly. + * Add explicit warnings for the use of MD2, MD4, MD5, SHA-1, DES and ARC4 + throughout the library. + += mbed TLS 1.3.21 branch released 2017-08-10 + +Security + * Fix authentication bypass in SSL/TLS: when authmode is set to optional, + ssl_get_verify_result() would incorrectly return 0 when the peer's + X.509 certificate chain had more than POLARSSL_X509_MAX_INTERMEDIATE_CA + (default: 8) intermediates, even when it was not trusted. This could be + triggered remotely from either side. (With authmode set to 'required' + (the default), the handshake was correctly aborted). + * Reliably zeroize sensitive data after use in AES example applications + programs/aes/aescrypt2 and programs/aes/crypt_and_hash. + Found by Laurent Simon. + +API Changes + * Certificate verification functions now set flags to -1 in case the full + chain was not verified due to an internal error (including in the verify + callback) or chain length limitations. + * With authmode set to optional, the TLS handshake is now aborted if the + verification of the peer's certificate failed due to an overlong chain or + a fatal error in the verify callback. + +Bugfix + * Add a check if iv_len is zero in GCM, and return an error if it is zero. + Reported by roberto. #716 + * Replace preprocessor condition from #if defined(POLARSSL_THREADING_PTHREAD) + to #if defined(POLARSSL_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 + * Fix a resource leak on Windows platforms in x509_crt_parse_path(), in the + case of an error. Found by redplait. #590 + * Add MPI_CHK to check for error value of mpi_fill_random. + Backported from a report and fix suggestion by guidovranken in #740 + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. + * Fix potential integer overflow in the version verification for DER + encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America + +Changes + * Avoid shadowing of time and index functions through mbed TLS function + arguments. Found by inestlerode. Fixes #557. + * Improve documentation of PKCS1 decryption functions. + += mbed TLS 1.3.20 branch released 2017-06-21 + +Security + * Fixed unlimited overread of heap-based buffer in ssl_read(). + The issue could only happen client-side with renegotiation enabled. + Could result in DoS (application crash) or information leak + (if the application layer sent data read from ssl_read() + back to the server or to a third party). Can be triggered remotely. + * Add exponent blinding to RSA private operations as a countermeasure + against side-channel attacks like the cache attack described in + https://arxiv.org/abs/1702.08719v2. + Found and fix proposed by Michael Schwarz, Samuel Weiser, Daniel Gruss, + Clémentine Maurice and Stefan Mangard. + * Wipe stack buffers in RSA private key operations + (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt). Found by Laurent + Simon. + * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a + potential Bleichenbacher/BERserk-style attack. + * Remove support for X509 certificates signed with MD5. + Issue raised by Harm Verhagen + +Bugfix + * Disable use of extensions for SSLv3, previously causing the + "SSLv3 with extensions" test from ssl-opt.sh to fail. + * Fix insufficient support for signature-hash-algorithm extension, + resulting in compatibility problems with Chrome. Found by hfloyrd. #823 + * Accept empty trusted CA chain in authentication mode + SSL_VERIFY_OPTIONAL. Found by jethrogb. #864. + * Fix implementation of ssl_parse_certificate() to not annihilate fatal + errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to reflect + bad EC curves within verification result. + * Fix bug that caused the modular inversion function to accept the invalid + modulus 1 and therefore to hang. Found by blaufish. #641. + * Fix incorrect sign computation in modular exponentiation when the base is + a negative MPI. Previously the result was always negative. Found by Guido + Vranken. + * Fix a numerical underflow leading to stack overflow in mpi_read_file() + that was triggered uppon reading an empty line. Found by Guido Vranken. + +Changes + * Clarify ECDSA documentation and improve the sample code to avoid + misunderstanding and potentially dangerous use of the API. Pointed out + by Jean-Philippe Aumasson. + * Add new config.h flag POLARSSL_X509_MIN_VERIFY_MD_ALG to set the minimum + hash accepted when verifying certificate chains. Defaults to SHA1, which + means SHA1 is accepted but MD5 and below are rejected. + += mbed TLS 1.3.19 branch released 2017-03-08 + +Security + * Add checks to prevent signature forgeries for very large messages while + using RSA through the PK module in 64-bit systems. The issue was caused by + some data loss when casting a size_t to an unsigned int value in the + functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and + pk_sign(). Found by Jean-Philippe Aumasson. + * Fixed potential livelock during the parsing of a CRL in PEM format in + mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing + characters after the footer could result in the execution of an infinite + loop. The issue can be triggered remotely. Found by Greg Zaverucha, + Microsoft. + * Fixed a bug that caused freeing a buffer that was allocated on the stack, + when verifying the validity of a key on secp224k1. This could be + triggered remotely for example with a maliciously constructed certificate + and potentially could lead to remote code execution on some platforms. + Reported independently by rongsaws and Aleksandar Nikolic, Cisco Talos + team. #569 CVE-2017-2784 + +Bugfix + * Fix output certificate verification flags set by x509_crt_verify_top() when + traversing a chain of trusted CA. The issue would cause both flags, + BADCERT_NOT_TRUSTED and BADCERT_EXPIRED, to be set when the verification + conditions are not met regardless of the cause. Found by Harm Verhagen and + inestlerode. #665 #561 + * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing + the input string in PEM format to extract the different components. Found + by Eyal Itkin. + * Fix unused variable/function compilation warnings in pem.c and x509_csr.c + that are reported when building mbed TLS with a config.h that does not + define POLARSSL_PEM_PARSE_C. Found by omnium21. #562 + * Fixed potential arithmetic overflow in ctr_drbg_reseed() that could cause + buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in cipher_update() that could cause + buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in md2_update() that could cause buffer + bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in base64_decode() that could cause + buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fix potential memory leak in x509_crl_parse(). The leak was caused by + missing calls to pem_free() in cases when a + POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and + fix proposed by Guido Vranken. #722 + * Fixed the templates used to generate project and solution files for Visual + Studio 2015 as well as the files themselves, to remove a build warning + generated in Visual Studio 2015. Reported by Steve Valliere. #742 + * Fix 1 byte buffer overflow in mpi_write_string() when the MPI number to + write in hexadecimal is negative and requires an odd number of digits. + Found and fixed by Guido Vranken. + * Fix unlisted DES configuration dependency in some pkparse test cases. Found + by inestlerode. #555 + += mbed TLS 1.3.18 branch 2016-10-17 + +Security + * Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant + with RFC-5116 and could lead to session key recovery in very long TLS + sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in + TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic. + https://eprint.iacr.org/2016/475.pdf + * Fixed potential stack corruption in mbedtls_x509write_crt_der() and + mbedtls_x509write_csr_der() when the signature is copied to the buffer + without checking whether there is enough space in the destination. The + issue cannot be triggered remotely. Found by Jethro Beekman. + +Bugfix + * Fix an issue that caused valid certificates being rejected whenever an + expired or not yet valid version of the trusted certificate was before the + valid version in the trusted certificate list. + * Fix incorrect handling of block lengths in crypt_and_hash.c sample program, + when GCM is used. Found by udf2457. #441 + * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't + enabled unless others were also present. Found by David Fernandez. #428 + * Fixed cert_app.c sample program for debug output and for use when no root + certificates are provided. + * Fix conditional statement that would cause a 1 byte overread in + mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599 + * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for + builds where the configuration POLARSSL_PEM_WRITE_C is not defined. Found + by inestlerode. #559. + * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf + data structure until after error checks are successful. Found by + subramanyam-c. #622 + * Fix documentation and implementation missmatch for function arguments of + mbedtls_gcm_finish(). Found by cmiatpaar. #602 + * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 + * Fix check for validity of date when parsing in mbedtls_x509_get_time(). + Found by subramanyam-c. #626 + * Fix missing return code check after call to md_init_ctx() that could + result in usage of invalid md_ctx in rsa_rsaes_oaep_encrypt(), + rsa_rsaes_oaep_decrypt(), rsa_rsassa_pss_sign() and + rsa_rsassa_pss_verify_ext(). Fixed by Brian J. Murray. #502 + +Changes + * Add compile time option for relaxed X.509 time verification to enable + accepting certificates with non-standard time format (that is without + seconds or with a time zone). Patch provided by James Yonan of OpenVPN. + += mbed TLS 1.3.17 branch 2016-06-28 + +Security + * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt + required by PKCS1 v2.2 + * Fix a potential integer underflow to buffer overread in + mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in + SSL/TLS. + * Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + +Bugfix + * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three + arguments where the same (in-place doubling). Found and fixed by Janos + Follath. #309 + * Fix issue in Makefile that prevented building using armar. #386 + * Fix issue that caused a hang up when generating RSA keys of odd bitlength + * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer + dereference possible. + * Fix issue that caused a crash if invalid curves were passed to + mbedtls_ssl_conf_curves. #373 + +Changes + * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, + don't use the optimized assembly for bignum multiplication. This removes + the need to pass -fomit-frame-pointer to avoid a build error with -O0. + * Disabled SSLv3 in the default configuration. + * Fix non-compliance server extension handling. Extensions for SSLv3 are now + ignored, as required by RFC6101. + += mbed TLS 1.3.16 released 2016-01-05 + +Security + * Fix potential double free when mbedtls_asn1_store_named_data() fails to + allocate memory. Only used for certificate generation, not triggerable + remotely in SSL/TLS. Found by Rafał Przywara. #367 + * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the + SLOTH attack on TLS 1.2 server authentication (other attacks from the + SLOTH paper do not apply to any version of mbed TLS or PolarSSL). + https://www.mitls.org/pages/attacks/SLOTH + +Bugfix + * Fix over-restricive length limit in GCM. Found by Andreas-N. #362 + * Fix bug in certificate validation that caused valid chains to be rejected + when the first intermediate certificate has pathLenConstraint=0. Found by + Nicholas Wilson. Introduced in mbed TLS 1.3.15. #280 + * Removed potential leak in rsa_rsassa_pkcs1_v15_sign(), found by + JayaraghavendranK. #372 + +Changes + * Add config.h option POLARSSL_SSL_ENABLE_MD5_SIGNATURES controlling + use of MD5-based signatures for TLS 1.2 handshake (disabled by default). + += mbed TLS 1.3.15 released 2015-11-04 + +Security + * Fix potential double free if ssl_set_psk() is called more than once and + some allocation fails. Cannot be forced remotely. Found by Guido Vranken, + Intelworks. + * Fix potential heap corruption on Windows when + x509_crt_parse_path() is passed a path longer than 2GB. Cannot be + triggered remotely. Found by Guido Vranken, Intelworks. + * Fix potential buffer overflow in some asn1_write_xxx() functions. + Cannot be triggered remotely unless you create X.509 certificates based + on untrusted input or write keys of untrusted origin. Found by Guido + Vranken, Intelworks. + * The X509 max_pathlen constraint was not enforced on intermediate + certificates. Found by Nicholas Wilson, fix and tests provided by + Janos Follath. #280 and #319 + +Bugfix + * Self-signed certificates were not excluded from pathlen counting, + resulting in some valid X.509 being incorrectly rejected. Found and fix + provided by Janos Follath. #319 + * Fix bug causing some handshakes to fail due to some non-fatal alerts not + begin properly ignored. Found by mancha and Kasom Koht-arsa, #308 + * Fix build error with configurations where ECDHE-PSK is the only key + exchange. Found and fix provided by Chris Hammond. #270 + * Fix failures in MPI on Sparc(64) due to use of bad assembly code. + Found by Kurt Danielson. #292 + * Fix typo in name of the extKeyUsage OID. Found by inestlerode, #314 + * Fix bug in ASN.1 encoding of booleans that caused generated CA + certificates to be rejected by some applications, including OS X + Keychain. Found and fixed by Jonathan Leroy, Inikup. + * Fix "Destination buffer is too small" error in cert_write program. + Found and fixed by Jonathan Leroy, Inikup. + += mbed TLS 1.3.14 released 2015-10-06 + +Security + * Added fix for CVE-2015-5291 to prevent heap corruption due to buffer + overflow of the hostname or session ticket. Found by Guido Vranken, + Intelworks. + * Fix stack buffer overflow in pkcs12 decryption (used by + mbedtls_pk_parse_key(file)() when the password is > 129 bytes. Found by + Guido Vranken, Intelworks. Not triggerable remotely. + * Fix potential buffer overflow in mbedtls_mpi_read_string(). + Found by Guido Vranken, Intelworks. Not exploitable remotely in the context + of TLS, but might be in other uses. On 32 bit machines, requires reading a + string of close to or larger than 1GB to exploit; on 64 bit machines, would + require reading a string of close to or larger than 2^62 bytes. + * Fix potential random memory allocation in mbedtls_pem_read_buffer() + on crafted PEM input data. Found and fix provided by Guido Vranken, + Intelworks. Not triggerable remotely in TLS. Triggerable remotely if you + accept PEM data from an untrusted source. + * Fix potential double-free if ssl_set_psk() is called repeatedly on + the same ssl_context object and some memory allocations fail. Found by + Guido Vranken, Intelworks. Can not be forced remotely. + * Fix possible heap buffer overflow in base64_encode() when the input + buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken, + Intelworks. Found by Guido Vranken. Not trigerrable remotely in TLS. + * Fix potential heap buffer overflow in servers that perform client + authentication against a crafted CA cert. Cannot be triggered remotely + unless you allow third parties to pick trust CAs for client auth. Found by + Guido Vranken, Intelworks. + +Bugfix + * Fix compile error in net.c with musl libc. Found and patch provided by + zhasha (#278). + * Fix macroization of 'inline' keywork when building as C++. (#279) + +Changes + * Added checking of hostname length in ssl_set_hostname() to ensure domain + names are compliant with RFC 1035. + += mbed TLS 1.3.13 released 2015-09-17 + +Security + * Fix possible client-side NULL pointer dereference (read) when the client + tries to continue the handshake after it failed (a misuse of the API). + (Found and patch provided by Fabian Foerg, Gotham Digital Science using afl-fuzz.) + * Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5 + signatures. (Found by Florian Weimer, Red Hat.) + https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ + +Bugfix + * Setting SSL_MIN_DHM_BYTES in config.h had no effect (overriden in ssl.h) + (found by Fabio Solari) (#256) + * Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could + result trying to unlock an unlocked mutex on invalid input (found by + Fredrik Axelsson) (#257) + * Fix -Wshadow warnings (found by hnrkp) (#240) + * Fix unused function warning when using MBEDTLS_MDx_ALT or + MBEDTLS_SHAxxx_ALT (found by Henrik) (#239) + * Fix memory corruption in pkey programs (found by yankuncheng) (#210) + * Fix memory corruption on client with overlong PSK identity, around + SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by + Aleksandrs Saveljevs) (#238) + * Fix off-by-one error in parsing Supported Point Format extension that + caused some handshakes to fail. + +Changes + * When verifying a certificate chain, if an intermediate certificate is + trusted, no later cert is checked. (suggested by hannes-landeholm) + (#220). + += mbed TLS 1.3.12 released 2015-08-11 + +Security + * Increase the minimum size of Diffie-Hellman parameters accepted by the + client to 1024 bits, to protect against Logjam attack. + * Increase the size of default Diffie-Hellman parameters on the server to + 2048 bits. This can be changed with ssl_set_dh_params(). + +Bugfix + * Fix thread-safety issue in SSL debug module (found by Edwin van Vliet). + * Some example programs were not built using make, not included in Visual + Studio projects (found by Kristian Bendiksen). + * Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo + Leisink). + * Fix missing -static-ligcc when building shared libraries for Windows with + make. + * Fix compile error with armcc5 --gnu. + +Changes + * Add SSL_MIN_DHM_BYTES configuration parameter in config.h to choose the + minimum size of Diffie-Hellman parameters accepted by the client. + * The PEM parser now accepts a trailing space at end of lines (#226). + += mbed TLS 1.3.11 released 2015-06-04 + +Security + * With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and + extendedKeyUsage on the leaf certificate was lost (results not accessible + via ssl_get_verify_results()). + * Add countermeasure against "Lucky 13 strikes back" cache-based attack, + https://dl.acm.org/citation.cfm?id=2714625 + +Features + * Improve ECC performance by using more efficient doubling formulas + (contributed by Peter Dettman). + * Add x509_crt_verify_info() to display certificate verification results. + * Add support for reading DH parameters with privateValueLength included + (contributed by Daniel Kahn Gillmor). + * Add support for bit strings in X.509 names (request by Fredrik Axelsson). + * Add support for id-at-uniqueIdentifier in X.509 names. + * Add support for overriding snprintf() (except on Windows) and exit() in + the platform layer. + * Add an option to use macros instead of function pointers in the platform + layer (helps get rid of unwanted references). + * Improved Makefiles for Windows targets by fixing library targets and making + cross-compilation easier (thanks to Alon Bar-Lev). + * The benchmark program also prints heap usage for public-key primitives + if POLARSSL_MEMORY_BUFFER_ALLOC_C and POLARSSL_MEMORY_DEBUG are defined. + * New script ecc-heap.sh helps measuring the impact of ECC parameters on + speed and RAM (heap only for now) usage. + * New script memory.sh helps measuring the ROM and RAM requirements of two + reduced configurations (PSK-CCM and NSA suite B). + * Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce + warnings on use of deprecated functions (with GCC and Clang only). + * Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce + errors on use of deprecated functions. + +Bugfix + * Fix compile errors with PLATFORM_NO_STD_FUNCTIONS. + * Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara). + * Fix bug in entropy.c when THREADING_C is also enabled that caused + entropy_free() to crash (thanks to Rafał Przywara). + * Fix memory leak when gcm_setkey() and ccm_setkey() are used more than + once on the same context. + * Fix bug in ssl_mail_client when password is longer that username (found + by Bruno Pape). + * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules + (detected by Clang's 3.6 UBSan). + * mpi_size() and mpi_msb() would segfault when called on an mpi that is + initialized but not set (found by pravic). + * Fix detection of support for getrandom() on Linux (reported by syzzer) by + doing it at runtime (using uname) rather that compile time. + * Fix handling of symlinks by "make install" (found by Gaël PORTAY). + * Fix potential NULL pointer dereference (not trigerrable remotely) when + ssl_write() is called before the handshake is finished (introduced in + 1.3.10) (first reported by Martin Blumenstingl). + * Fix bug in pk_parse_key() that caused some valid private EC keys to be + rejected. + * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos). + * Fix thread safety bug in RSA operations (found by Fredrik Axelsson). + * Fix hardclock() (only used in the benchmarking program) with some + versions of mingw64 (found by kxjhlele). + * Fix warnings from mingw64 in timing.c (found by kxjklele). + * Fix potential unintended sign extension in asn1_get_len() on 64-bit + platforms. + * Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid). + * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and + POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced + in 1.3.10). + * Add missing extern "C" guard in aesni.h (reported by amir zamani). + * Add missing dependency on SHA-256 in some x509 programs (reported by + Gergely Budai). + * Fix bug related to ssl_set_curves(): the client didn't check that the + curve picked by the server was actually allowed. + +Changes + * Remove bias in mpi_gen_prime (contributed by Pascal Junod). + * Remove potential sources of timing variations (some contributed by Pascal + Junod). + * Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated. + * Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated. + * compat-1.2.h and openssl.h are deprecated. + * Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now + more flexible (warning: OFLAGS is not used any more) (see the README) + (contributed by Alon Bar-Lev). + * ssl_set_own_cert() no longer calls pk_check_pair() since the + performance impact was bad for some users (this was introduced in 1.3.10). + * Move from SHA-1 to SHA-256 in example programs using signatures + (suggested by Thorsten Mühlfelder). + * Remove some unneeded inclusions of header files from the standard library + "minimize" others (eg use stddef.h if only size_t is needed). + * Change #include lines in test files to use double quotes instead of angle + brackets for uniformity with the rest of the code. + * Remove dependency on sscanf() in X.509 parsing modules. + = mbed TLS 1.3.10 released 2015-02-09 Security * NULL pointer dereference in the buffer-based allocator when the buffer is @@ -29,7 +595,7 @@ Features length of an X.509 verification chain. * Support for renegotiation can now be disabled at compile-time * Support for 1/n-1 record splitting, a countermeasure against BEAST. - * Certificate selection based on signature hash, prefering SHA-1 over SHA-2 + * Certificate selection based on signature hash, preferring SHA-1 over SHA-2 for pre-1.2 clients when multiple certificates are available. * Add support for getrandom() syscall on recent Linux kernels with Glibc or a compatible enough libc (eg uClibc). @@ -504,6 +1070,67 @@ Security * RSA blinding on CRT operations to counter timing attacks (found by Cyril Arnaud and Pierre-Alain Fouque) + += Version 1.2.14 released 2015-05-?? + +Security + * Fix potential invalid memory read in the server, that allows a client to + crash it remotely (found by Caj Larsson). + * Fix potential invalid memory read in certificate parsing, that allows a + client to crash the server remotely if client authentication is enabled + (found using Codenomicon Defensics). + * Add countermeasure against "Lucky 13 strikes back" cache-based attack, + https://dl.acm.org/citation.cfm?id=2714625 + +Bugfix + * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos). + * Fix hardclock() (only used in the benchmarking program) with some + versions of mingw64 (found by kxjhlele). + * Fix warnings from mingw64 in timing.c (found by kxjklele). + * Fix potential unintended sign extension in asn1_get_len() on 64-bit + platforms (found with Coverity Scan). + += Version 1.2.13 released 2015-02-16 +Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting + this will be made in the 1.2 branch at this point. + +Security + * Fix remotely-triggerable uninitialised pointer dereference caused by + crafted X.509 certificate (TLS server is not affected if it doesn't ask + for a client certificate) (found using Codenomicon Defensics). + * Fix remotely-triggerable memory leak caused by crafted X.509 certificates + (TLS server is not affected if it doesn't ask for a client certificate) + (found using Codenomicon Defensics). + * Fix potential stack overflow while parsing crafted X.509 certificates + (TLS server is not affected if it doesn't ask for a client certificate) + found using Codenomicon Defensics). + * Fix buffer overread of size 1 when parsing crafted X.509 certificates + (TLS server is not affected if it doesn't ask for a client certificate). + +Bugfix + * Fix potential undefined behaviour in Camellia. + * Fix memory leaks in PKCS#5 and PKCS#12. + * Stack buffer overflow if ctr_drbg_update() is called with too large + add_len (found by Jean-Philippe Aumasson) (not triggerable remotely). + * Fix bug in MPI/bignum on s390/s390x (reported by Dan Horák) (introduced + in 1.2.12). + * Fix unchecked return code in x509_crt_parse_path() on Windows (found by + Peter Vaskovic). + * Fix assembly selection for MIPS64 (thanks to James Cowgill). + * ssl_get_verify_result() now works even if the handshake was aborted due + to a failed verification (found by Fredrik Axelsson). + * Skip writing and parsing signature_algorithm extension if none of the + key exchanges enabled needs certificates. This fixes a possible interop + issue with some servers when a zero-length extension was sent. (Reported + by Peter Dettman.) + * On a 0-length input, base64_encode() did not correctly set output length + (found by Hendrik van den Boogaard). + +Changes + * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined. + * Forbid repeated extensions in X.509 certificates. + * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the + length of an X.509 verification chain (default = 8). = Version 1.2.12 released 2014-10-24 Security @@ -704,7 +1331,7 @@ Security Changes * Allow enabling of dummy error_strerror() to support some use-cases * Debug messages about padding errors during SSL message decryption are - disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL + disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL * Sending of security-relevant alert messages that do not break interoperability can be switched on/off with the flag POLARSSL_SSL_ALL_ALERT_MESSAGES @@ -733,7 +1360,7 @@ Bugfix Changes * Added p_hw_data to ssl_context for context specific hardware acceleration data - * During verify trust-CA is only checked for expiration and CRL presence + * During verify trust-CA is only checked for expiration and CRL presence Bugfixes * Fixed client authentication compatibility @@ -1031,9 +1658,9 @@ Features with random data (Fixed ticket #10) Changes - * Debug print of MPI now removes leading zero octets and + * Debug print of MPI now removes leading zero octets and displays actual bit size of the value. - * x509parse_key() (and as a consequence x509parse_keyfile()) + * x509parse_key() (and as a consequence x509parse_keyfile()) does not zeroize memory in advance anymore. Use rsa_init() before parsing a key or keyfile! @@ -1055,7 +1682,7 @@ Features printing of X509 CRLs from file Changes - * Parsing of PEM files moved to separate module (Fixes + * Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding @@ -1198,7 +1825,7 @@ Bug fixes * Fixed HMAC-MD2 by modifying md2_starts(), so that the required HMAC ipad and opad variables are not cleared. (found by code coverage tests) - * Prevented use of long long in bignum if + * Prevented use of long long in bignum if POLARSSL_HAVE_LONGLONG not defined (found by Giles Bathgate). * Fixed incorrect handling of negative strings in @@ -1239,7 +1866,7 @@ Bug fixes * Made definition of net_htons() endian-clean for big endian systems (Found by Gernot). * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in - padlock and timing code. + padlock and timing code. * Fixed an off-by-one buffer allocation in ssl_set_hostname() responsible for crashes and unwanted behaviour. * Added support for Certificate Revocation List (CRL) parsing. @@ -1413,4 +2040,3 @@ XySSL ChangeLog who maintains the Debian package :-) = Version 0.1 released on 2006-11-01 - diff --git a/ext/polarssl-1.3/README.rst b/ext/polarssl-1.3/README.rst index 8e2a53ff12..59ca2c67da 100644 --- a/ext/polarssl-1.3/README.rst +++ b/ext/polarssl-1.3/README.rst @@ -35,7 +35,11 @@ In order to run the tests, enter:: make check -Depending on your platform, you might run into some issues. Please check the Makefiles in *library/*, *programs/* and *tests/* for options to manually add or remove for specific platforms. You can also check `the mbed TLS Knowledge Base `_ for articles on your platform or issue. +In order to build for a Windows platform, you should use WINDOWS_BUILD=1 if the target is Windows but the build environment is Unix-like (eg when cross-compiling, or compiling from an MSYS shell), and WINDOWS=1 if the build environment is a Windows shell. + +Setting the variable SHARED in your environment will build a shared library in addition to the static library. Setting DEBUG gives you a debug build. You can override CFLAGS and LDFLAGS by setting them in your environment or on the make command line; if you do so, essential parts such as -I will still be preserved. Warning options may be overridden separately using WARNING_CFLAGS. + +Depending on your platform, you might run into some issues. Please check the Makefiles in *library/*, *programs/* and *tests/* for options to manually add or remove for specific platforms. You can also check `the mbed TLS Knowledge Base `_ for articles on your platform or issue. In case you find that you need to do something else as well, please let us know what, so we can add it to the KB. @@ -59,18 +63,18 @@ There are many different build modes available within the CMake buildsystem. Mos - ASan. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) - (With recent version of clang, this mode also intruments the code with + (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.) - ASanDbg. Same as ASan but slower, with debug information and better stack traces. - MemSan. - This intruments the code with MemorySanitizer to check for uninitialised + This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86_64. - MemSanDbg. Same as ASan but slower, with debug information, better stack traces and origin tracking. - Check. - This activates the compiler warnings that depend on optimisation and treats + This activates the compiler warnings that depend on optimization and treats all warnings as errors. Switching build modes in CMake is simple. For debug mode, enter at the command line: @@ -103,7 +107,7 @@ Tests mbed TLS includes an elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generates from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the template for each test function. The **data file** contains the test cases, specified as parameters that should be pushed into a template function. -For machines with a Unix shell and OpenSSL (and optionnally GnuTLS) installed, additional test scripts are available: +For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available: - *tests/ssl-opt.sh* runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations. - *tests/compat.sh* tests interoperability of every ciphersuite with other implementations. @@ -126,10 +130,10 @@ For larger contributions, e.g. a new feature, the code possible falls under copy Process ------- -#. `Check for open issues `_ or - `start a discussion `_ around a feature +#. `Check for open issues `_ or + `start a discussion `_ around a feature idea or a bug. -#. Fork the `mbed TLS repository on Github `_ +#. Fork the `mbed TLS repository on Github `_ to start making your changes. #. Write a test which shows that the bug was fixed or that the feature works as expected. diff --git a/ext/polarssl-1.3/include/polarssl/aes.h b/ext/polarssl-1.3/include/polarssl/aes.h index 1b3f1e8075..8bcc039362 100644 --- a/ext/polarssl-1.3/include/polarssl/aes.h +++ b/ext/polarssl-1.3/include/polarssl/aes.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,7 +30,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include diff --git a/ext/polarssl-1.3/include/polarssl/aesni.h b/ext/polarssl-1.3/include/polarssl/aesni.h index 7125d6ac8f..02419eda5a 100644 --- a/ext/polarssl-1.3/include/polarssl/aesni.h +++ b/ext/polarssl-1.3/include/polarssl/aesni.h @@ -5,7 +5,7 @@ * * Copyright (C) 2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -37,6 +37,10 @@ #if defined(POLARSSL_HAVE_X86_64) +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief AES-NI features detection routine * @@ -99,6 +103,10 @@ int aesni_setkey_enc( unsigned char *rk, const unsigned char *key, size_t bits ); +#ifdef __cplusplus +} +#endif + #endif /* POLARSSL_HAVE_X86_64 */ #endif /* POLARSSL_AESNI_H */ diff --git a/ext/polarssl-1.3/include/polarssl/arc4.h b/ext/polarssl-1.3/include/polarssl/arc4.h index 6c9788c7ef..49cc37cdfa 100644 --- a/ext/polarssl-1.3/include/polarssl/arc4.h +++ b/ext/polarssl-1.3/include/polarssl/arc4.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,6 +20,10 @@ * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. + * */ #ifndef POLARSSL_ARC4_H #define POLARSSL_ARC4_H @@ -30,7 +34,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if !defined(POLARSSL_ARC4_ALT) // Regular implementation @@ -42,6 +46,11 @@ extern "C" { /** * \brief ARC4 context structure + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. + * */ typedef struct { @@ -55,6 +64,11 @@ arc4_context; * \brief Initialize ARC4 context * * \param ctx ARC4 context to be initialized + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. + * */ void arc4_init( arc4_context *ctx ); @@ -62,6 +76,11 @@ void arc4_init( arc4_context *ctx ); * \brief Clear ARC4 context * * \param ctx ARC4 context to be cleared + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. + * */ void arc4_free( arc4_context *ctx ); @@ -71,6 +90,11 @@ void arc4_free( arc4_context *ctx ); * \param ctx ARC4 context to be setup * \param key the secret key * \param keylen length of the key, in bytes + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. + * */ void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen ); @@ -84,6 +108,11 @@ void arc4_setup( arc4_context *ctx, const unsigned char *key, * \param output buffer for the output data * * \return 0 if successful + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. + * */ int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input, unsigned char *output ); @@ -104,6 +133,11 @@ extern "C" { * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. + * */ int arc4_self_test( int verbose ); diff --git a/ext/polarssl-1.3/include/polarssl/asn1.h b/ext/polarssl-1.3/include/polarssl/asn1.h index 0a657e1c2a..5f236a5913 100644 --- a/ext/polarssl-1.3/include/polarssl/asn1.h +++ b/ext/polarssl-1.3/include/polarssl/asn1.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,12 +30,12 @@ #include POLARSSL_CONFIG_FILE #endif +#include + #if defined(POLARSSL_BIGNUM_C) #include "bignum.h" #endif -#include - /** * \addtogroup asn1_module * \{ @@ -60,7 +60,7 @@ /** * \name DER constants - * These constants comply with DER encoded the ANS1 type tags. + * These constants comply with the DER encoded ASN.1 type tags. * DER encoding uses hexadecimal representation. * An example DER sequence is:\n * - 0x02 -- tag indicating INTEGER diff --git a/ext/polarssl-1.3/include/polarssl/asn1write.h b/ext/polarssl-1.3/include/polarssl/asn1write.h index ecb82cee88..154a6ba201 100644 --- a/ext/polarssl-1.3/include/polarssl/asn1write.h +++ b/ext/polarssl-1.3/include/polarssl/asn1write.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/include/polarssl/base64.h b/ext/polarssl-1.3/include/polarssl/base64.h index 2da935b946..bdd0c41066 100644 --- a/ext/polarssl-1.3/include/polarssl/base64.h +++ b/ext/polarssl-1.3/include/polarssl/base64.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,7 +24,7 @@ #ifndef POLARSSL_BASE64_H #define POLARSSL_BASE64_H -#include +#include #define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */ #define POLARSSL_ERR_BASE64_INVALID_CHARACTER -0x002C /**< Invalid character in input. */ @@ -44,6 +44,8 @@ extern "C" { * \return 0 if successful, or POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL. * *dlen is always updated to reflect the amount * of data that has (or would have) been written. + * If that length cannot be represented, then no data is + * written to the buffer and *dlen is set to SIZE_T_MAX. * * \note Call this function with *dlen = 0 to obtain the * required buffer size in *dlen diff --git a/ext/polarssl-1.3/include/polarssl/bignum.h b/ext/polarssl-1.3/include/polarssl/bignum.h index 8ffd5627f2..c11db96dcd 100644 --- a/ext/polarssl-1.3/include/polarssl/bignum.h +++ b/ext/polarssl-1.3/include/polarssl/bignum.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,14 +24,14 @@ #ifndef POLARSSL_BIGNUM_H #define POLARSSL_BIGNUM_H -#include - #if !defined(POLARSSL_CONFIG_FILE) #include "config.h" #else #include POLARSSL_CONFIG_FILE #endif +#include + #if defined(POLARSSL_FS_IO) #include #endif @@ -152,6 +152,7 @@ typedef uint32_t t_udbl; #define POLARSSL_HAVE_INT64 typedef int64_t t_sint; typedef uint64_t t_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ typedef unsigned int t_udbl __attribute__((mode(TI))); #define POLARSSL_HAVE_UDBL #else @@ -188,7 +189,9 @@ typedef struct mpi; /** - * \brief Initialize one MPI + * \brief Initialize one MPI (make internal references valid) + * This just makes it ready to be set or freed, + * but does not define a value for the MPI. * * \param X One MPI to initialize. */ @@ -374,7 +377,7 @@ int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen ); #if defined(POLARSSL_FS_IO) /** - * \brief Read X from an opened file + * \brief Read MPI from a line in an opened file * * \param X Destination MPI * \param radix Input numeric base @@ -383,6 +386,14 @@ int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen ); * \return 0 if successful, POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if * the file read buffer is too small or a * POLARSSL_ERR_MPI_XXX error code + * + * \note On success, this function advances the file stream + * to the end of the current line or to EOF. + * + * The function returns 0 on an empty line. + * + * Leading whitespaces are ignored, as is a + * '0x' prefix for radix 16. */ int mpi_read_file( mpi *X, int radix, FILE *fin ); @@ -688,6 +699,8 @@ int mpi_fill_random( mpi *X, size_t size, * * \return 0 if successful, * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed + * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is <= 1, + * POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N. */ int mpi_gcd( mpi *G, const mpi *A, const mpi *B ); diff --git a/ext/polarssl-1.3/include/polarssl/blowfish.h b/ext/polarssl-1.3/include/polarssl/blowfish.h index a03d6d76a1..21ba7d463f 100644 --- a/ext/polarssl-1.3/include/polarssl/blowfish.h +++ b/ext/polarssl-1.3/include/polarssl/blowfish.h @@ -5,7 +5,7 @@ * * Copyright (C) 2012-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,7 +30,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include diff --git a/ext/polarssl-1.3/include/polarssl/bn_mul.h b/ext/polarssl-1.3/include/polarssl/bn_mul.h index 55cf24caaf..78777416df 100644 --- a/ext/polarssl-1.3/include/polarssl/bn_mul.h +++ b/ext/polarssl-1.3/include/polarssl/bn_mul.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2010, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -42,7 +42,9 @@ #if defined(POLARSSL_HAVE_ASM) -#if defined(__GNUC__) +/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ +#if defined(__GNUC__) && \ + ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) #if defined(__i386__) #define MULADDC_INIT \ @@ -407,10 +409,11 @@ #endif /* PPC32 */ /* - * The Sparc64 assembly is reported to be broken. + * The Sparc(64) assembly is reported to be broken. * Disable it for now, until we're able to fix it. */ -#if 0 && defined(__sparc__) && defined(__sparc64__) +#if 0 && defined(__sparc__) +#if defined(__sparc64__) #define MULADDC_INIT \ asm( \ @@ -441,9 +444,8 @@ : "g1", "o0", "o1", "o2", "o3", "o4", \ "o5" \ ); -#endif /* SPARCv9 */ -#if defined(__sparc__) && !defined(__sparc64__) +#else /* __sparc64__ */ #define MULADDC_INIT \ asm( \ @@ -475,7 +477,8 @@ "o5" \ ); -#endif /* SPARCv8 */ +#endif /* __sparc64__ */ +#endif /* __sparc__ */ #if defined(__microblaze__) || defined(microblaze) @@ -557,7 +560,23 @@ #endif /* TriCore */ -#if defined(__arm__) +/* + * gcc -O0 by default uses r7 for the frame pointer, so it complains about our + * use of r7 below, unless -fomit-frame-pointer is passed. Unfortunately, + * passing that option is not easy when building with yotta. + * + * On the other hand, -fomit-frame-pointer is implied by any -Ox options with + * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by + * clang and armcc5 under the same conditions). + * + * So, only use the optimized assembly below for optimized build, which avoids + * the build error and is pretty reasonable anyway. + */ +#if defined(__GNUC__) && !defined(__OPTIMIZE__) +#define CANNOT_USE_R7 +#endif + +#if defined(__arm__) && !defined(CANNOT_USE_R7) #if defined(__thumb__) && !defined(__thumb2__) diff --git a/ext/polarssl-1.3/include/polarssl/camellia.h b/ext/polarssl-1.3/include/polarssl/camellia.h index dedfba9c88..03218d18e0 100644 --- a/ext/polarssl-1.3/include/polarssl/camellia.h +++ b/ext/polarssl-1.3/include/polarssl/camellia.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,7 +30,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include diff --git a/ext/polarssl-1.3/include/polarssl/ccm.h b/ext/polarssl-1.3/include/polarssl/ccm.h index 47c7f590fb..f1f24bda05 100644 --- a/ext/polarssl-1.3/include/polarssl/ccm.h +++ b/ext/polarssl-1.3/include/polarssl/ccm.h @@ -5,7 +5,7 @@ * * Copyright (C) 2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/include/polarssl/certs.h b/ext/polarssl-1.3/include/polarssl/certs.h index 5a432e4c04..d2216602f6 100644 --- a/ext/polarssl-1.3/include/polarssl/certs.h +++ b/ext/polarssl-1.3/include/polarssl/certs.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2010, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/include/polarssl/check_config.h b/ext/polarssl-1.3/include/polarssl/check_config.h index 51b124d6df..bd126a68b6 100644 --- a/ext/polarssl-1.3/include/polarssl/check_config.h +++ b/ext/polarssl-1.3/include/polarssl/check_config.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,6 +30,65 @@ #ifndef POLARSSL_CHECK_CONFIG_H #define POLARSSL_CHECK_CONFIG_H +#if defined(POLARSSL_DEPRECATED_WARNING) && \ + !defined(__GNUC__) && !defined(__clang__) +#error "POLARSSL_DEPRECATED_WARNING only works with GCC and Clang" +#endif + +#if defined(POLARSSL_NET_C) && !defined(POLARSSL_HAVE_IPV6) +#if defined(POLARSSL_DEPRECATED_WARNING) +#warning "Using POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated" +#endif +#if defined(POLARSSL_DEPRECATED_REMOVED) +#define POLARSSL_HAVE_IPV6 +#endif +#endif /* POLARSSL_NET_C && !POLARSSL_HAVE_IPV6 */ + +#if defined(POLARSSL_ERROR_STRERROR_BC) +#if defined(POLARSSL_DEPRECATED_WARNING) +#warning "POLARSSL_ERROR_STRERROR_BC is deprecated" +#endif +#if defined(POLARSSL_DEPRECATED_REMOVED) +#error "POLARSSL_ERROR_STRERROR_BC is deprecated" +#endif +#endif /* POLARSSL_ERROR_STRERROR_BC */ + +#if defined(POLARSSL_MEMORY_C) +#if defined(POLARSSL_DEPRECATED_WARNING) +#warning "POLARSSL_MEMORY_C is deprecated" +#endif +#if defined(POLARSSL_DEPRECATED_REMOVED) +#error "POLARSSL_MEMORY_C is deprecated" +#endif +#endif /* POLARSSL_MEMORY_C */ + +#if defined(POLARSSL_PBKDF2_C) +#if defined(POLARSSL_DEPRECATED_WARNING) +#warning "POLARSSL_PBKDF2_C is deprecated" +#endif +#if defined(POLARSSL_DEPRECATED_REMOVED) +#error "POLARSSL_PBKDF2_C is deprecated" +#endif +#endif /* POLARSSL_PBKDF2_C */ + +#if defined(POLARSSL_HAVE_INT8) +#if defined(POLARSSL_DEPRECATED_WARNING) +#warning "POLARSSL_HAVE_INT8 is deprecated" +#endif +#if defined(POLARSSL_DEPRECATED_REMOVED) +#error "POLARSSL_HAVE_INT8 is deprecated" +#endif +#endif /* POLARSSL_HAVE_INT8 */ + +#if defined(POLARSSL_HAVE_INT16) +#if defined(POLARSSL_DEPRECATED_WARNING) +#warning "POLARSSL_HAVE_INT16 is deprecated" +#endif +#if defined(POLARSSL_DEPRECATED_REMOVED) +#error "POLARSSL_HAVE_INT16 is deprecated" +#endif +#endif /* POLARSSL_HAVE_INT16 */ + #if defined(POLARSSL_AESNI_C) && !defined(POLARSSL_HAVE_ASM) #error "POLARSSL_AESNI_C defined, but not all prerequisites" #endif @@ -145,13 +204,13 @@ #endif #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ - ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\ + ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \ !defined(POLARSSL_PKCS1_V15) ) #error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites" #endif #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ - ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\ + ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \ !defined(POLARSSL_PKCS1_V15) ) #error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" #endif @@ -198,6 +257,136 @@ #error "POLARSSL_PKCS11_C defined, but not all prerequisites" #endif +#if defined(POLARSSL_PLATFORM_EXIT_ALT) && !defined(POLARSSL_PLATFORM_C) +#error "POLARSSL_PLATFORM_EXIT_ALT defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_EXIT_MACRO) && !defined(POLARSSL_PLATFORM_C) +#error "POLARSSL_PLATFORM_EXIT_MACRO defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_EXIT_MACRO) &&\ + ( defined(POLARSSL_PLATFORM_STD_EXIT) ||\ + defined(POLARSSL_PLATFORM_EXIT_ALT) ) +#error "POLARSSL_PLATFORM_EXIT_MACRO and POLARSSL_PLATFORM_STD_EXIT/POLARSSL_PLATFORM_EXIT_ALT cannot be defined simultaneously" +#endif + +#if defined(POLARSSL_PLATFORM_FPRINTF_ALT) && !defined(POLARSSL_PLATFORM_C) +#error "POLARSSL_PLATFORM_FPRINTF_ALT defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_FPRINTF_MACRO) && !defined(POLARSSL_PLATFORM_C) +#error "POLARSSL_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_FPRINTF_MACRO) &&\ + ( defined(POLARSSL_PLATFORM_STD_FPRINTF) ||\ + defined(POLARSSL_PLATFORM_FPRINTF_ALT) ) +#error "POLARSSL_PLATFORM_FPRINTF_MACRO and POLARSSL_PLATFORM_STD_FPRINTF/POLARSSL_PLATFORM_FPRINTF_ALT cannot be defined simultaneously" +#endif + +#if defined(POLARSSL_PLATFORM_FREE_MACRO) &&\ + ( !defined(POLARSSL_PLATFORM_C) || !defined(POLARSSL_PLATFORM_MEMORY) ) +#error "POLARSSL_PLATFORM_FREE_MACRO defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_FREE_MACRO) &&\ + defined(POLARSSL_PLATFORM_STD_FREE) +#error "POLARSSL_PLATFORM_FREE_MACRO and POLARSSL_PLATFORM_STD_FREE cannot be defined simultaneously" +#endif + +#if defined(POLARSSL_PLATFORM_FREE_MACRO) && !defined(POLARSSL_PLATFORM_MALLOC_MACRO) +#error "POLARSSL_PLATFORM_MALLOC_MACRO must be defined if POLARSSL_PLATFORM_FREE_MACRO is" +#endif + +#if defined(POLARSSL_PLATFORM_MALLOC_MACRO) &&\ + ( !defined(POLARSSL_PLATFORM_C) || !defined(POLARSSL_PLATFORM_MEMORY) ) +#error "POLARSSL_PLATFORM_MALLOC_MACRO defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_MALLOC_MACRO) &&\ + defined(POLARSSL_PLATFORM_STD_MALLOC) +#error "POLARSSL_PLATFORM_MALLOC_MACRO and POLARSSL_PLATFORM_STD_MALLOC cannot be defined simultaneously" +#endif + +#if defined(POLARSSL_PLATFORM_MALLOC_MACRO) && !defined(POLARSSL_PLATFORM_FREE_MACRO) +#error "POLARSSL_PLATFORM_FREE_MACRO must be defined if POLARSSL_PLATFORM_MALLOC_MACRO is" +#endif + +#if defined(POLARSSL_PLATFORM_MEMORY) && !defined(POLARSSL_PLATFORM_C) +#error "POLARSSL_PLATFORM_MEMORY defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_PRINTF_ALT) && !defined(POLARSSL_PLATFORM_C) +#error "POLARSSL_PLATFORM_PRINTF_ALT defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_PRINTF_MACRO) && !defined(POLARSSL_PLATFORM_C) +#error "POLARSSL_PLATFORM_PRINTF_MACRO defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_PRINTF_MACRO) &&\ + ( defined(POLARSSL_PLATFORM_STD_PRINTF) ||\ + defined(POLARSSL_PLATFORM_PRINTF_ALT) ) +#error "POLARSSL_PLATFORM_PRINTF_MACRO and POLARSSL_PLATFORM_STD_PRINTF/POLARSSL_PLATFORM_PRINTF_ALT cannot be defined simultaneously" +#endif + +#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT) && !defined(POLARSSL_PLATFORM_C) +#error "POLARSSL_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT) && ( defined(_WIN32)\ + && !defined(EFIX64) && !defined(EFI32) ) +#error "POLARSSL_PLATFORM_SNPRINTF_ALT defined but not available on Windows" +#endif + +#if defined(POLARSSL_PLATFORM_SNPRINTF_MACRO) && !defined(POLARSSL_PLATFORM_C) +#error "POLARSSL_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_SNPRINTF_MACRO) &&\ + ( defined(POLARSSL_PLATFORM_STD_SNPRINTF) ||\ + defined(POLARSSL_PLATFORM_SNPRINTF_ALT) ) +#error "POLARSSL_PLATFORM_SNPRINTF_MACRO and POLARSSL_PLATFORM_STD_SNPRINTF/POLARSSL_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously" +#endif + +#if defined(POLARSSL_PLATFORM_STD_MEM_HDR) &&\ + !defined(POLARSSL_PLATFORM_NO_STD_FUNCTIONS) +#error "POLARSSL_PLATFORM_STD_MEM_HDR defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_STD_MALLOC) && !defined(POLARSSL_PLATFORM_MEMORY) +#error "POLARSSL_PLATFORM_STD_MALLOC defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_STD_MALLOC) && !defined(POLARSSL_PLATFORM_MEMORY) +#error "POLARSSL_PLATFORM_STD_MALLOC defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_STD_FREE) && !defined(POLARSSL_PLATFORM_MEMORY) +#error "POLARSSL_PLATFORM_STD_FREE defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_STD_EXIT) &&\ + !defined(POLARSSL_PLATFORM_EXIT_ALT) +#error "POLARSSL_PLATFORM_STD_EXIT defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_STD_FPRINTF) &&\ + !defined(POLARSSL_PLATFORM_FPRINTF_ALT) +#error "POLARSSL_PLATFORM_STD_FPRINTF defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_STD_PRINTF) &&\ + !defined(POLARSSL_PLATFORM_PRINTF_ALT) +#error "POLARSSL_PLATFORM_STD_PRINTF defined, but not all prerequisites" +#endif + +#if defined(POLARSSL_PLATFORM_STD_SNPRINTF) &&\ + !defined(POLARSSL_PLATFORM_SNPRINTF_ALT) +#error "POLARSSL_PLATFORM_STD_SNPRINTF defined, but not all prerequisites" +#endif + #if defined(POLARSSL_RSA_C) && ( !defined(POLARSSL_BIGNUM_C) || \ !defined(POLARSSL_OID_C) ) #error "POLARSSL_RSA_C defined, but not all prerequisites" diff --git a/ext/polarssl-1.3/include/polarssl/cipher.h b/ext/polarssl-1.3/include/polarssl/cipher.h index 999d24b508..9695b3b152 100644 --- a/ext/polarssl-1.3/include/polarssl/cipher.h +++ b/ext/polarssl-1.3/include/polarssl/cipher.h @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,6 +33,8 @@ #include POLARSSL_CONFIG_FILE #endif +#include + #if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C) #define POLARSSL_CIPHER_MODE_AEAD #endif @@ -41,15 +43,14 @@ #define POLARSSL_CIPHER_MODE_WITH_PADDING #endif -#include +#if defined(POLARSSL_ARC4_C) +#define POLARSSL_CIPHER_MODE_STREAM +#endif -#if defined(_MSC_VER) && !defined(inline) -#define inline _inline -#else -#if defined(__ARMCC_VERSION) && !defined(inline) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline -#endif /* __ARMCC_VERSION */ -#endif /*_MSC_VER */ +#endif #define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< The selected feature is not available. */ #define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Bad input parameters to function. */ @@ -65,17 +66,32 @@ extern "C" { #endif +/** + * \brief Enumeration of supported ciphers + * + * \warning ARC4 and DES are considered weak ciphers and their use + * constitutes a security risk. We recommend considering stronger + * ciphers instead. + */ typedef enum { POLARSSL_CIPHER_ID_NONE = 0, POLARSSL_CIPHER_ID_NULL, POLARSSL_CIPHER_ID_AES, POLARSSL_CIPHER_ID_DES, - POLARSSL_CIPHER_ID_3DES, + POLARSSL_CIPHER_ID_3DES, /* Unused! */ POLARSSL_CIPHER_ID_CAMELLIA, POLARSSL_CIPHER_ID_BLOWFISH, POLARSSL_CIPHER_ID_ARC4, } cipher_id_t; +/** + * \brief Enumeration of supported (cipher,mode) pairs + * + * \warning ARC4 and DES are considered weak ciphers and their use + * constitutes a security risk. We recommend considering stronger + * ciphers instead. + * + */ typedef enum { POLARSSL_CIPHER_NONE = 0, POLARSSL_CIPHER_NULL, @@ -182,24 +198,32 @@ typedef struct { int (*ecb_func)( void *ctx, operation_t mode, const unsigned char *input, unsigned char *output ); +#if defined(POLARSSL_CIPHER_MODE_CBC) /** Encrypt using CBC */ int (*cbc_func)( void *ctx, operation_t mode, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ); +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) /** Encrypt using CFB (Full length) */ int (*cfb_func)( void *ctx, operation_t mode, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output ); +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) /** Encrypt using CTR */ int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block, const unsigned char *input, unsigned char *output ); +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) /** Encrypt using STREAM */ int (*stream_func)( void *ctx, size_t length, const unsigned char *input, unsigned char *output ); +#endif /** Set key for encryption purposes */ int (*setkey_enc_func)( void *ctx, const unsigned char *key, @@ -262,9 +286,11 @@ typedef struct { /** Operation that the context's key has been initialised for */ operation_t operation; +#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING) /** Padding functions to use, if relevant for cipher mode */ void (*add_padding)( unsigned char *output, size_t olen, size_t data_len ); int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len ); +#endif /** Buffer for data that hasn't been encrypted yet */ unsigned char unprocessed_data[POLARSSL_MAX_BLOCK_LENGTH]; @@ -358,17 +384,25 @@ void cipher_free( cipher_context_t *ctx ); */ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info ); +#if ! defined(POLARSSL_DEPRECATED_REMOVED) +#if defined(POLARSSL_DEPRECATED_WARNING) +#define DEPRECATED __attribute__((deprecated)) +#else +#define DEPRECATED +#endif /** * \brief Free the cipher-specific context of ctx. Freeing ctx * itself remains the responsibility of the caller. * - * \note Deprecated: Redirects to cipher_free() + * \deprecated Use cipher_free() instead * * \param ctx Free the cipher-specific context * * \returns 0 */ -int cipher_free_ctx( cipher_context_t *ctx ); +int cipher_free_ctx( cipher_context_t *ctx ) DEPRECATED; +#undef DEPRECATED +#endif /* POLARSSL_DEPRECATED_REMOVED */ /** * \brief Returns the block size of the given cipher. @@ -463,7 +497,7 @@ static inline const char *cipher_get_name( const cipher_context_t *ctx ) * POLARSSL_KEY_LENGTH_NONE if ctx has not been * initialised. */ -static inline int cipher_get_key_size ( const cipher_context_t *ctx ) +static inline int cipher_get_key_size( const cipher_context_t *ctx ) { if( NULL == ctx || NULL == ctx->cipher_info ) return POLARSSL_KEY_LENGTH_NONE; diff --git a/ext/polarssl-1.3/include/polarssl/cipher_wrap.h b/ext/polarssl-1.3/include/polarssl/cipher_wrap.h index 94ba5785f9..3e685b13ee 100644 --- a/ext/polarssl-1.3/include/polarssl/cipher_wrap.h +++ b/ext/polarssl-1.3/include/polarssl/cipher_wrap.h @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,6 +31,7 @@ #else #include POLARSSL_CONFIG_FILE #endif + #include "cipher.h" #ifdef __cplusplus diff --git a/ext/polarssl-1.3/include/polarssl/compat-1.2.h b/ext/polarssl-1.3/include/polarssl/compat-1.2.h index 47a4516793..37df5412f6 100644 --- a/ext/polarssl-1.3/include/polarssl/compat-1.2.h +++ b/ext/polarssl-1.3/include/polarssl/compat-1.2.h @@ -3,9 +3,11 @@ * * \brief Backwards compatibility header for PolarSSL-1.2 from PolarSSL-1.3 * + * \deprecated Use native PolarSSL 1.3 functions instead. + * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,6 +23,12 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#if ! defined(POLARSSL_DEPRECATED_REMOVED) + +#if defined(POLARSSL_DEPRECATED_WARNING) +#warning "Including compat-1.2.h is deprecated" +#endif + #ifndef POLARSSL_COMPAT_1_2_H #define POLARSSL_COMPAT_1_2_H @@ -33,13 +41,10 @@ // Comment out to disable prototype change warnings #define SHOW_PROTOTYPE_CHANGE_WARNINGS -#if defined(_MSC_VER) && !defined(inline) -#define inline _inline -#else -#if defined(__ARMCC_VERSION) && !defined(inline) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline -#endif /* __ARMCC_VERSION */ -#endif /* _MSC_VER */ +#endif #if defined(_MSC_VER) // MSVC does not support #warning @@ -384,3 +389,4 @@ static inline int x509_write_key_der( unsigned char *buf, size_t len, rsa_contex } #endif /* POLARSSL_PK_WRITE_C && POLARSSL_RSA_C */ #endif /* compat-1.2.h */ +#endif /* POLARSSL_DEPRECATED_REMOVED */ diff --git a/ext/polarssl-1.3/include/polarssl/config.h b/ext/polarssl-1.3/include/polarssl/config.h index 8bb47e78f3..03b99608d3 100644 --- a/ext/polarssl-1.3/include/polarssl/config.h +++ b/ext/polarssl-1.3/include/polarssl/config.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -44,6 +44,10 @@ * * The system uses 8-bit wide native integers. * + * \deprecated The compiler should be able to generate code for 32-bit + * arithmetic (required by C89). This code is likely to be at least as + * efficient as ours. + * * Uncomment if native integers are 8-bit wide. */ //#define POLARSSL_HAVE_INT8 @@ -53,6 +57,10 @@ * * The system uses 16-bit wide native integers. * + * \deprecated The compiler should be able to generate code for 32-bit + * arithmetic (required by C89). This code is likely to be at least as + * efficient as ours. + * * Uncomment if native integers are 16-bit wide. */ //#define POLARSSL_HAVE_INT16 @@ -97,7 +105,7 @@ * * Comment if your system does not support time functions #define POLARSSL_HAVE_TIME - */ +*/ /** * \def POLARSSL_HAVE_IPV6 @@ -107,9 +115,12 @@ * * Note: on Windows/MingW, XP or higher is required. * + * \warning As of 1.3.11, *not* using this flag when POLARSSL_NET_C is + * defined, is deprecated. The alternative legacy code will be removed in 2.0. + * * Comment if your system does not support the IPv6 socket interface #define POLARSSL_HAVE_IPV6 - */ +*/ /** * \def POLARSSL_PLATFORM_MEMORY @@ -120,8 +131,14 @@ * This allows different allocators (self-implemented or provided) to be * provided to the platform abstraction layer. * - * Enabling POLARSSL_PLATFORM_MEMORY will provide "platform_set_malloc_free()" - * to allow you to set an alternative malloc() and free() function pointer. + * Enabling POLARSSL_PLATFORM_MEMORY without the + * POLARSSL_PLATFORM_{FREE,MALLOC}_MACROs will provide + * "platform_set_malloc_free()" allowing you to set an alternative malloc() and + * free() function pointer at runtime. + * + * Enabling POLARSSL_PLATFORM_MEMORY and specifying + * POLARSSL_PLATFORM_{MALLOC,FREE}_MACROs will allow you to specify the + * alternate function at compile time. * * Requires: POLARSSL_PLATFORM_C * @@ -138,7 +155,8 @@ * This makes sure there are no linking errors on platforms that do not support * these functions. You will HAVE to provide alternatives, either at runtime * via the platform_set_xxx() functions or at compile time by setting - * the POLARSSL_PLATFORM_STD_XXX defines. + * the POLARSSL_PLATFORM_STD_XXX defines, or enabling a + * POLARSSL_PLATFORM_XXX_MACRO. * * Requires: POLARSSL_PLATFORM_C * @@ -159,11 +177,47 @@ * * All these define require POLARSSL_PLATFORM_C to be defined! * + * WARNING: POLARSSL_PLATFORM_SNPRINTF_ALT is not available on Windows + * for compatibility reasons. + * + * WARNING: POLARSSL_PLATFORM_XXX_ALT cannot be defined at the same time as + * POLARSSL_PLATFORM_XXX_MACRO! + * * Uncomment a macro to enable alternate implementation of specific base * platform function */ -//#define POLARSSL_PLATFORM_PRINTF_ALT +//#define POLARSSL_PLATFORM_EXIT_ALT //#define POLARSSL_PLATFORM_FPRINTF_ALT +//#define POLARSSL_PLATFORM_PRINTF_ALT +//#define POLARSSL_PLATFORM_SNPRINTF_ALT + +/** + * \def POLARSSL_DEPRECATED_WARNING + * + * Mark deprecated functions so that they generate a warning if used. + * Functions deprecated in one version will usually be removed in the next + * version. You can enable this to help you prepare the transition to a new + * major version by making sure your code is not using these functions. + * + * This only works with GCC and Clang. With other compilers, you may want to + * use POLARSSL_DEPRECATED_REMOVED + * + * Uncomment to get warnings on using deprecated functions. + */ +//#define POLARSSL_DEPRECATED_WARNING + +/** + * \def POLARSSL_DEPRECATED_REMOVED + * + * Remove deprecated functions so that they generate an error if used. + * Functions deprecated in one version will usually be removed in the next + * version. You can enable this to help you prepare the transition to a new + * major version by making sure your code is not using these functions. + * + * Uncomment to get errors on using deprecated functions. + */ +//#define POLARSSL_DEPRECATED_REMOVED + /* \} name SECTION: System support */ /** @@ -202,6 +256,12 @@ * * Uncomment a macro to enable alternate implementation for core algorithm * functions + * + * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their + * use constitutes a security risk. If possible, we recommend + * avoiding dependencies on them, and considering stronger message + * digests and ciphers instead. + * */ //#define POLARSSL_AES_ALT //#define POLARSSL_ARC4_ALT @@ -223,10 +283,18 @@ * Store the AES tables in ROM. * * Uncomment this macro to store the AES tables in ROM. - * */ //#define POLARSSL_AES_ROM_TABLES +/** + * \def POLARSSL_CAMELLIA_SMALL_MEMORY + * + * Use less ROM for the Camellia implementation (saves about 768 bytes). + * + * Uncomment this macro to use less memory for Camellia. + */ +//#define POLARSSL_CAMELLIA_SMALL_MEMORY + /** * \def POLARSSL_CIPHER_MODE_CBC * @@ -308,6 +376,9 @@ * TLS_DHE_RSA_WITH_DES_CBC_SHA * * Uncomment this macro to enable weak ciphersuites + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. */ //#define POLARSSL_ENABLE_WEAK_CIPHERSUITES @@ -635,11 +706,9 @@ * Make available the backward compatible error_strerror() next to the * current polarssl_strerror(). * - * For new code, it is recommended to use polarssl_strerror() instead and - * disable this. + * \deprecated Do not define this and use polarssl_strerror() instead * - * Disable if you run into name conflicts and want to really remove the - * error_strerror() + * Disable if you want to really remove the error_strerror() name */ #define POLARSSL_ERROR_STRERROR_BC @@ -775,20 +844,8 @@ * \def POLARSSL_SELF_TEST * * Enable the checkup functions (*_self_test). - */ -//#define POLARSSL_SELF_TEST - -/** - * \def POLARSSL_SSL_AEAD_RANDOM_IV - * - * Generate a random IV rather than using the record sequence number as a - * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). - * - * Using the sequence number is generally recommended. - * - * Uncomment this macro to always use random IVs with AEAD ciphersuites. - */ -//#define POLARSSL_SSL_AEAD_RANDOM_IV +#define POLARSSL_SELF_TEST +*/ /** * \def POLARSSL_SSL_ALL_ALERT_MESSAGES @@ -952,7 +1009,7 @@ * * Comment this macro to disable support for SSL 3.0 */ -#define POLARSSL_SSL_PROTO_SSL3 +//#define POLARSSL_SSL_PROTO_SSL3 /** * \def POLARSSL_SSL_PROTO_TLS1 @@ -1032,6 +1089,19 @@ */ #define POLARSSL_SSL_TRUNCATED_HMAC +/** + * \def POLARSSL_SSL_ENABLE_MD5_SIGNATURES + * + * Offer, accept and do MD5-based signatures in the TLS 1.2 handshake. + * Has no effect on which algorithms are accepted for certificates. + * Has no effect on other SSL/TLS versions. + * + * \warning Enabling this could be a security risk! + * + * Uncomment to enable MD5 signatures in TLS 1.2 + */ +//#define POLARSSL_SSL_ENABLE_MD5_SIGNATURES + /** * \def POLARSSL_SSL_SET_CURVES * @@ -1097,10 +1167,23 @@ * If set, the X509 parser will not break-off when parsing an X509 certificate * and encountering an unknown critical extension. * + * \warning Depending on your PKI use, enabling this can be a security risk! + * * Uncomment to prevent an error. */ //#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +/** + * \def POLARSSL_X509_ALLOW_RELAXED_DATE + * + * If set, the X509 parser will not break-off when parsing an X509 certificate + * and encountering ASN.1 UTCTime or ASN.1 GeneralizedTime without seconds or + * with a time zone. + * + * Uncomment to prevent an error. + */ +//#define POLARSSL_X509_ALLOW_RELAXED_DATE + /** * \def POLARSSL_X509_CHECK_KEY_USAGE * @@ -1275,6 +1358,11 @@ * TLS_RSA_WITH_RC4_128_MD5 * TLS_RSA_PSK_WITH_RC4_128_SHA * TLS_PSK_WITH_RC4_128_SHA + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. If possible, we recommend avoiding dependencies on + * it, and considering stronger ciphers instead. + * */ #define POLARSSL_ARC4_C @@ -1489,6 +1577,9 @@ * TLS_PSK_WITH_3DES_EDE_CBC_SHA * * PEM_PARSE uses DES/3DES for decrypting encrypted keys. + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. */ #define POLARSSL_DES_C @@ -1648,6 +1739,11 @@ * Caller: * * Uncomment to enable support for (rare) MD2-signed X.509 certs. + * + * \warning MD2 is considered a weak message digest and its use constitutes a + * security risk. If possible, we recommend avoiding dependencies on + * it, and considering stronger message digests instead. + * */ //#define POLARSSL_MD2_C @@ -1660,6 +1756,11 @@ * Caller: * * Uncomment to enable support for (rare) MD4-signed X.509 certs. + * + * \warning MD4 is considered a weak message digest and its use constitutes a + * security risk. If possible, we recommend avoiding dependencies on + * it, and considering stronger message digests instead. + * */ #define POLARSSL_MD4_C @@ -1673,14 +1774,23 @@ * library/pem.c * library/ssl_tls.c * - * This module is required for SSL/TLS and X.509. - * PEM_PARSE uses MD5 for decrypting encrypted keys. + * This module is required for SSL/TLS up to version 1.1, and it can be used in + * TLS 1.2 through the choice on handshake parameters. Further, it is used for + * checking MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded + * encrypted keys. + * + * \warning MD5 is considered a weak message digest and its use constitutes a + * security risk. If possible, we recommend avoiding dependencies on + * it, and considering stronger message digests instead. + * */ #define POLARSSL_MD5_C /** * \def POLARSSL_MEMORY_C - * Deprecated since 1.3.5. Please use POLARSSL_PLATFORM_MEMORY instead. + * + * \deprecated Use POLARSSL_PLATFORM_MEMORY instead. + * * Depends on: POLARSSL_PLATFORM_C */ //#define POLARSSL_MEMORY_C @@ -1706,6 +1816,9 @@ * * Enable the TCP/IP networking routines. * + * \warning As of 1.3.11, it is deprecated to enable this module without + * POLARSSL_HAVE_IPV6. The alternative legacy code will be removed in 2.0. + * * Module: library/net.c * * This module provides TCP/IP networking routines. @@ -1755,7 +1868,8 @@ * \def POLARSSL_PBKDF2_C * * Enable PKCS#5 PBKDF2 key derivation function. - * DEPRECATED: Use POLARSSL_PKCS5_C instead + * + * \deprecated Use POLARSSL_PKCS5_C instead * * Module: library/pbkdf2.c * @@ -1892,7 +2006,11 @@ * \def POLARSSL_PLATFORM_C * * Enable the platform abstraction layer that allows you to re-assign - * functions like malloc(), free(), printf(), fprintf() + * functions like malloc(), free(), snprintf(), printf(), fprintf(), exit() + * + * Enabling POLARSSL_PLATFORM_C enables to use of POLARSSL_PLATFORM_XXX_ALT + * or POLARSSL_PLATFORM_XXX_MACRO directives, allowing the functions mentioned + * above to be specified at runtime or compile time respectively. * * Module: library/platform.c * Caller: Most other .c files @@ -1943,6 +2061,11 @@ * library/x509write_crt.c * * This module is required for SSL/TLS and SHA1-signed certificates. + * + * \warning SHA-1 is considered a weak message digest and its use constitutes + * a security risk. If possible, we recommend avoiding dependencies + * on it, and considering stronger message digests instead. + * */ #define POLARSSL_SHA1_C @@ -2237,11 +2360,22 @@ //#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ /* Platform options */ -//#define POLARSSL_PLATFORM_STD_MEM_HDR /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ -//#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */ -//#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ -//#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ -//#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ +//#define POLARSSL_PLATFORM_STD_MEM_HDR /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ +//#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */ +//#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ +//#define POLARSSL_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ +//#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ +//#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ +//#define POLARSSL_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ + +/* To Use Function Macros POLARSSL_PLATFORM_C must be enabled */ +/* POLARSSL_PLATFORM_XXX_MACRO and POLARSSL_PLATFORM_XXX_ALT cannot both be defined */ +//#define POLARSSL_PLATFORM_MALLOC_MACRO malloc /**< Default allocator macro to use, can be undefined */ +//#define POLARSSL_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ +//#define POLARSSL_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ +//#define POLARSSL_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ +//#define POLARSSL_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ +//#define POLARSSL_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ /* SSL Cache options */ //#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ @@ -2249,6 +2383,7 @@ /* SSL options */ //#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ +//#define SSL_MIN_DHM_BYTES 128 /**< Min size of the Diffie-Hellman prime */ //#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ //#define POLARSSL_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ @@ -2272,6 +2407,29 @@ /* X509 options */ //#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ +/** + * \def POLARSSL_X509_MIN_VERIFY_MD_ALG + * + * Minimal hash algorithm accepted in X.509 chain verification. + * + * The value should be one of the enumerations in md_type_t defined in md.h + * Only algorithms with a value equal or higher are accepted. + * + * typedef enum { + * POLARSSL_MD_NONE=0, + * POLARSSL_MD_MD2, + * POLARSSL_MD_MD4, + * POLARSSL_MD_MD5, + * POLARSSL_MD_SHA1, + * POLARSSL_MD_SHA224, + * POLARSSL_MD_SHA256, + * POLARSSL_MD_SHA384, + * POLARSSL_MD_SHA512, + * POLARSSL_MD_RIPEMD160, + * } md_type_t; + */ +//#define POLARSSL_X509_MIN_VERIFY_MD_ALG POLARSSL_MD_SHA1 + /* \} name SECTION: Module configuration options */ #include "check_config.h" diff --git a/ext/polarssl-1.3/include/polarssl/ctr_drbg.h b/ext/polarssl-1.3/include/polarssl/ctr_drbg.h index 1424bd741b..ebab55f29f 100644 --- a/ext/polarssl-1.3/include/polarssl/ctr_drbg.h +++ b/ext/polarssl-1.3/include/polarssl/ctr_drbg.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,8 +24,6 @@ #ifndef POLARSSL_CTR_DRBG_H #define POLARSSL_CTR_DRBG_H -#include - #include "aes.h" #define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */ diff --git a/ext/polarssl-1.3/include/polarssl/debug.h b/ext/polarssl-1.3/include/polarssl/debug.h index a9d00f5efb..2dd89a2276 100644 --- a/ext/polarssl-1.3/include/polarssl/debug.h +++ b/ext/polarssl-1.3/include/polarssl/debug.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -29,7 +29,9 @@ #else #include POLARSSL_CONFIG_FILE #endif + #include "ssl.h" + #if defined(POLARSSL_ECP_C) #include "ecp.h" #endif @@ -55,7 +57,7 @@ #define SSL_DEBUG_MSG( level, args ) \ - debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args ); + debug_print_msg_free( ssl, level, __FILE__, __LINE__, debug_fmt args ); #define SSL_DEBUG_RET( level, text, ret ) \ debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret ); @@ -113,6 +115,9 @@ void debug_set_threshold( int threshold ); char *debug_fmt( const char *format, ... ); +void debug_print_msg_free( const ssl_context *ssl, int level, + const char *file, int line, char *text ); + void debug_print_msg( const ssl_context *ssl, int level, const char *file, int line, const char *text ); diff --git a/ext/polarssl-1.3/include/polarssl/des.h b/ext/polarssl-1.3/include/polarssl/des.h index b18ca0307c..59538a3823 100644 --- a/ext/polarssl-1.3/include/polarssl/des.h +++ b/ext/polarssl-1.3/include/polarssl/des.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,6 +20,10 @@ * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. + * */ #ifndef POLARSSL_DES_H #define POLARSSL_DES_H @@ -30,7 +34,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include @@ -56,6 +60,10 @@ extern "C" { /** * \brief DES context structure + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ typedef struct { @@ -78,6 +86,10 @@ des3_context; * \brief Initialize DES context * * \param ctx DES context to be initialized + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ void des_init( des_context *ctx ); @@ -85,6 +97,10 @@ void des_init( des_context *ctx ); * \brief Clear DES context * * \param ctx DES context to be cleared + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ void des_free( des_context *ctx ); @@ -109,6 +125,10 @@ void des3_free( des3_context *ctx ); * a parity bit to allow verification. * * \param key 8-byte secret key + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ void des_key_set_parity( unsigned char key[DES_KEY_SIZE] ); @@ -121,6 +141,10 @@ void des_key_set_parity( unsigned char key[DES_KEY_SIZE] ); * \param key 8-byte secret key * * \return 0 is parity was ok, 1 if parity was not correct. + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] ); @@ -130,6 +154,10 @@ int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] ); * \param key 8-byte secret key * * \return 0 if no weak key was found, 1 if a weak key was identified. + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] ); @@ -140,6 +168,10 @@ int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] ); * \param key 8-byte secret key * * \return 0 + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] ); @@ -150,6 +182,10 @@ int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] ); * \param key 8-byte secret key * * \return 0 + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] ); @@ -205,6 +241,10 @@ int des3_set3key_dec( des3_context *ctx, * \param output 64-bit output block * * \return 0 if successful + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int des_crypt_ecb( des_context *ctx, const unsigned char input[8], @@ -228,6 +268,10 @@ int des_crypt_ecb( des_context *ctx, * \param iv initialization vector (updated after use) * \param input buffer holding the input data * \param output buffer holding the output data + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int des_crypt_cbc( des_context *ctx, int mode, diff --git a/ext/polarssl-1.3/include/polarssl/dhm.h b/ext/polarssl-1.3/include/polarssl/dhm.h index 8d01915ff5..e8ea1725c8 100644 --- a/ext/polarssl-1.3/include/polarssl/dhm.h +++ b/ext/polarssl-1.3/include/polarssl/dhm.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -55,6 +55,12 @@ * RFC 3526 4. 3072-bit MODP Group * RFC 5114 2.1. 1024-bit MODP Group with 160-bit Prime Order Subgroup * RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup + * + * \warning The primes from RFC 5114 do not come together with information + * on how they were generated and are therefore not considered + * trustworthy. It is recommended to avoid them and to use the + * nothing-up-my-sleeve primes from RFC 3526 instead. + * */ #define POLARSSL_DHM_RFC2409_MODP_1024_P \ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ diff --git a/ext/polarssl-1.3/include/polarssl/ecdh.h b/ext/polarssl-1.3/include/polarssl/ecdh.h index 20698f59aa..60f913d98c 100644 --- a/ext/polarssl-1.3/include/polarssl/ecdh.h +++ b/ext/polarssl-1.3/include/polarssl/ecdh.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/include/polarssl/ecdsa.h b/ext/polarssl-1.3/include/polarssl/ecdsa.h index c5290f6a60..47b644ef6c 100644 --- a/ext/polarssl-1.3/include/polarssl/ecdsa.h +++ b/ext/polarssl-1.3/include/polarssl/ecdsa.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -25,10 +25,24 @@ #define POLARSSL_ECDSA_H #include "ecp.h" - -#if defined(POLARSSL_ECDSA_DETERMINISTIC) #include "md.h" -#endif +/* + * RFC 4492 page 20: + * + * Ecdsa-Sig-Value ::= SEQUENCE { + * r INTEGER, + * s INTEGER + * } + * + * Size is at most + * 1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s, + * twice that + 1 (tag) + 2 (len) for the sequence + * (assuming ECP_MAX_BYTES is less than 126 for r and s, + * and less than 124 (total len <= 255) for the sequence) + * + */ +/** Maximum size of an ECDSA signature in bytes */ +#define POLARSSL_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + POLARSSL_ECP_MAX_BYTES ) ) /** * \brief ECDSA context structure @@ -61,6 +75,10 @@ extern "C" { * \param f_rng RNG function * \param p_rng RNG parameter * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated as + * prescribed by SEC1 4.1.3 step 5. + * * \return 0 if successful, * or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code */ @@ -81,6 +99,10 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s, * \param blen Length of buf * \param md_alg MD algorithm used to hash the message * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated as + * prescribed by SEC1 4.1.3 step 5. + * * \return 0 if successful, * or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code */ @@ -99,6 +121,10 @@ int ecdsa_sign_det( ecp_group *grp, mpi *r, mpi *s, * \param r First integer of the signature * \param s Second integer of the signature * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated as + * prescribed by SEC1 4.1.4 step 3. + * * \return 0 if successful, * POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid * or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code @@ -124,6 +150,10 @@ int ecdsa_verify( ecp_group *grp, * size of the curve used, plus 7 (eg. 71 bytes if a 256-bit * curve is used). * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated as + * prescribed by SEC1 4.1.3 step 5. + * * \return 0 if successful, * or a POLARSSL_ERR_ECP, POLARSSL_ERR_MPI or * POLARSSL_ERR_ASN1 error code @@ -171,6 +201,10 @@ int ecdsa_write_signature_det( ecdsa_context *ctx, * \param sig Signature to read and verify * \param slen Size of sig * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated as + * prescribed by SEC1 4.1.4 step 3. + * * \return 0 if successful, * POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid, * POLARSSL_ERR_ECP_SIG_LEN_MISTMATCH if the signature is diff --git a/ext/polarssl-1.3/include/polarssl/ecp.h b/ext/polarssl-1.3/include/polarssl/ecp.h index b7707d767e..9bea64e878 100644 --- a/ext/polarssl-1.3/include/polarssl/ecp.h +++ b/ext/polarssl-1.3/include/polarssl/ecp.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -412,7 +412,7 @@ int ecp_point_read_binary( const ecp_group *grp, ecp_point *P, * * \note buf is updated to point right after the ECPoint on exit * - * \return O if successful, + * \return 0 if successful, * POLARSSL_ERR_MPI_XXX if initialization failed * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid */ @@ -460,16 +460,16 @@ int ecp_group_read_string( ecp_group *grp, int radix, * \brief Set a group using well-known domain parameters * * \param grp Destination group - * \param index Index in the list of well-known domain parameters + * \param id Index in the list of well-known domain parameters * - * \return O if successful, + * \return 0 if successful, * POLARSSL_ERR_MPI_XXX if initialization failed * POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups * * \note Index should be a value of RFC 4492's enum NamdeCurve, * possibly in the form of a POLARSSL_ECP_DP_XXX macro. */ -int ecp_use_known_dp( ecp_group *grp, ecp_group_id index ); +int ecp_use_known_dp( ecp_group *grp, ecp_group_id id ); /** * \brief Set a group from a TLS ECParameters record @@ -480,7 +480,7 @@ int ecp_use_known_dp( ecp_group *grp, ecp_group_id index ); * * \note buf is updated to point right after ECParameters on exit * - * \return O if successful, + * \return 0 if successful, * POLARSSL_ERR_MPI_XXX if initialization failed * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid */ @@ -642,7 +642,7 @@ int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key, * \param pub Keypair structure holding a public key * \param prv Keypair structure holding a private (plus public) key * - * \return 0 if successfull (keys are valid and match), or + * \return 0 if successful (keys are valid and match), or * POLARSSL_ERR_ECP_BAD_INPUT_DATA, or * a POLARSSL_ERR_ECP_XXX or POLARSSL_ERR_MPI_XXX code. */ diff --git a/ext/polarssl-1.3/include/polarssl/entropy.h b/ext/polarssl-1.3/include/polarssl/entropy.h index 92aa5a5bea..aa23a0372c 100644 --- a/ext/polarssl-1.3/include/polarssl/entropy.h +++ b/ext/polarssl-1.3/include/polarssl/entropy.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,14 +24,14 @@ #ifndef POLARSSL_ENTROPY_H #define POLARSSL_ENTROPY_H -#include - #if !defined(POLARSSL_CONFIG_FILE) #include "config.h" #else #include POLARSSL_CONFIG_FILE #endif +#include + #if defined(POLARSSL_SHA512_C) && !defined(POLARSSL_ENTROPY_FORCE_SHA256) #include "sha512.h" #define POLARSSL_ENTROPY_SHA512_ACCUMULATOR diff --git a/ext/polarssl-1.3/include/polarssl/entropy_poll.h b/ext/polarssl-1.3/include/polarssl/entropy_poll.h index 9c349da2a9..94b5a6eff9 100644 --- a/ext/polarssl-1.3/include/polarssl/entropy_poll.h +++ b/ext/polarssl-1.3/include/polarssl/entropy_poll.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,14 +24,14 @@ #ifndef POLARSSL_ENTROPY_POLL_H #define POLARSSL_ENTROPY_POLL_H -#include - #if !defined(POLARSSL_CONFIG_FILE) #include "config.h" #else #include POLARSSL_CONFIG_FILE #endif +#include + #ifdef __cplusplus extern "C" { #endif diff --git a/ext/polarssl-1.3/include/polarssl/error.h b/ext/polarssl-1.3/include/polarssl/error.h index b642c0886e..3041155456 100644 --- a/ext/polarssl-1.3/include/polarssl/error.h +++ b/ext/polarssl-1.3/include/polarssl/error.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,7 +24,7 @@ #ifndef POLARSSL_ERROR_H #define POLARSSL_ERROR_H -#include +#include /** * Error code layout. diff --git a/ext/polarssl-1.3/include/polarssl/gcm.h b/ext/polarssl-1.3/include/polarssl/gcm.h index b61d4a902e..3326919ff4 100644 --- a/ext/polarssl-1.3/include/polarssl/gcm.h +++ b/ext/polarssl-1.3/include/polarssl/gcm.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -186,8 +186,8 @@ int gcm_update( gcm_context *ctx, * 16 bytes. * * \param ctx GCM context - * \param tag buffer for holding the tag (may be NULL if tag_len is 0) - * \param tag_len length of the tag to generate + * \param tag buffer for holding the tag + * \param tag_len length of the tag to generate (must be at least 4) * * \return 0 if successful or POLARSSL_ERR_GCM_BAD_INPUT */ diff --git a/ext/polarssl-1.3/include/polarssl/havege.h b/ext/polarssl-1.3/include/polarssl/havege.h index 1bad2b95ef..825a1daab9 100644 --- a/ext/polarssl-1.3/include/polarssl/havege.h +++ b/ext/polarssl-1.3/include/polarssl/havege.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,7 +24,7 @@ #ifndef POLARSSL_HAVEGE_H #define POLARSSL_HAVEGE_H -#include +#include #define COLLECT_SIZE 1024 diff --git a/ext/polarssl-1.3/include/polarssl/hmac_drbg.h b/ext/polarssl-1.3/include/polarssl/hmac_drbg.h index 1df8221702..0fe7b0311b 100644 --- a/ext/polarssl-1.3/include/polarssl/hmac_drbg.h +++ b/ext/polarssl-1.3/include/polarssl/hmac_drbg.h @@ -5,7 +5,7 @@ * * Copyright (C) 2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/include/polarssl/md.h b/ext/polarssl-1.3/include/polarssl/md.h index 33a67a332c..3e6d63fb9a 100644 --- a/ext/polarssl-1.3/include/polarssl/md.h +++ b/ext/polarssl-1.3/include/polarssl/md.h @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,15 +26,17 @@ #ifndef POLARSSL_MD_H #define POLARSSL_MD_H -#include - -#if defined(_MSC_VER) && !defined(inline) -#define inline _inline +#include +#if !defined(POLARSSL_CONFIG_FILE) +#include "config.h" #else -#if defined(__ARMCC_VERSION) && !defined(inline) +#include POLARSSL_CONFIG_FILE +#endif + +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline -#endif /* __ARMCC_VERSION */ -#endif /*_MSC_VER */ +#endif #define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */ #define POLARSSL_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ @@ -45,6 +47,13 @@ extern "C" { #endif +/** + * \brief Enumeration of supported message digests + * + * \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and + * their use constitutes a security risk. We recommend considering + * stronger message digests instead. + */ typedef enum { POLARSSL_MD_NONE=0, POLARSSL_MD_MD2, @@ -200,17 +209,25 @@ void md_free( md_context_t *ctx ); */ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ); +#if ! defined(POLARSSL_DEPRECATED_REMOVED) +#if defined(POLARSSL_DEPRECATED_WARNING) +#define DEPRECATED __attribute__((deprecated)) +#else +#define DEPRECATED +#endif /** * \brief Free the message-specific context of ctx. Freeing ctx itself * remains the responsibility of the caller. * - * \note Deprecated: Redirects to md_free() + * \deprecated Use md_free() instead * * \param ctx Free the message-specific context * * \returns 0 */ -int md_free_ctx( md_context_t *ctx ); +int md_free_ctx( md_context_t *ctx ) DEPRECATED; +#undef DEPRECATED +#endif /* POLARSSL_DEPRECATED_REMOVED */ /** * \brief Returns the size of the message digest output. diff --git a/ext/polarssl-1.3/include/polarssl/md2.h b/ext/polarssl-1.3/include/polarssl/md2.h index 6727ed26f6..03f2b18fce 100644 --- a/ext/polarssl-1.3/include/polarssl/md2.h +++ b/ext/polarssl-1.3/include/polarssl/md2.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,6 +20,11 @@ * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * \warning MD2 is considered a weak message digest and its use constitutes a + * security risk. We recommend considering stronger message digests + * instead. + * */ #ifndef POLARSSL_MD2_H #define POLARSSL_MD2_H @@ -30,7 +35,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #define POLARSSL_ERR_MD2_FILE_IO_ERROR -0x0070 /**< Read/write error in file. */ @@ -44,6 +49,11 @@ extern "C" { /** * \brief MD2 context structure + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ typedef struct { @@ -61,6 +71,11 @@ md2_context; * \brief Initialize MD2 context * * \param ctx MD2 context to be initialized + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md2_init( md2_context *ctx ); @@ -68,6 +83,11 @@ void md2_init( md2_context *ctx ); * \brief Clear MD2 context * * \param ctx MD2 context to be cleared + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md2_free( md2_context *ctx ); @@ -75,6 +95,11 @@ void md2_free( md2_context *ctx ); * \brief MD2 context setup * * \param ctx context to be initialized + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md2_starts( md2_context *ctx ); @@ -84,6 +109,11 @@ void md2_starts( md2_context *ctx ); * \param ctx MD2 context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen ); @@ -92,6 +122,11 @@ void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen ); * * \param ctx MD2 context * \param output MD2 checksum result + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md2_finish( md2_context *ctx, unsigned char output[16] ); @@ -113,6 +148,11 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output MD2 checksum result + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] ); @@ -123,6 +163,11 @@ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] ); * \param output MD2 checksum result * * \return 0 if successful, or POLARSSL_ERR_MD2_FILE_IO_ERROR + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int md2_file( const char *path, unsigned char output[16] ); @@ -132,6 +177,11 @@ int md2_file( const char *path, unsigned char output[16] ); * \param ctx HMAC context to be initialized * \param key HMAC secret key * \param keylen length of the HMAC key + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md2_hmac_starts( md2_context *ctx, const unsigned char *key, size_t keylen ); @@ -142,6 +192,11 @@ void md2_hmac_starts( md2_context *ctx, const unsigned char *key, * \param ctx HMAC context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md2_hmac_update( md2_context *ctx, const unsigned char *input, size_t ilen ); @@ -151,6 +206,11 @@ void md2_hmac_update( md2_context *ctx, const unsigned char *input, * * \param ctx HMAC context * \param output MD2 HMAC checksum result + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md2_hmac_finish( md2_context *ctx, unsigned char output[16] ); @@ -158,6 +218,11 @@ void md2_hmac_finish( md2_context *ctx, unsigned char output[16] ); * \brief MD2 HMAC context reset * * \param ctx HMAC context to be reset + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md2_hmac_reset( md2_context *ctx ); @@ -169,6 +234,11 @@ void md2_hmac_reset( md2_context *ctx ); * \param input buffer holding the data * \param ilen length of the input data * \param output HMAC-MD2 result + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md2_hmac( const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, @@ -178,6 +248,11 @@ void md2_hmac( const unsigned char *key, size_t keylen, * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int md2_self_test( int verbose ); diff --git a/ext/polarssl-1.3/include/polarssl/md4.h b/ext/polarssl-1.3/include/polarssl/md4.h index 774300d939..f690ea6b19 100644 --- a/ext/polarssl-1.3/include/polarssl/md4.h +++ b/ext/polarssl-1.3/include/polarssl/md4.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,6 +20,11 @@ * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * \warning MD4 is considered a weak message digest and its use constitutes a + * security risk. We recommend considering stronger message digests + * instead. + * */ #ifndef POLARSSL_MD4_H #define POLARSSL_MD4_H @@ -30,7 +35,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include @@ -51,6 +56,11 @@ extern "C" { /** * \brief MD4 context structure + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ typedef struct { @@ -67,6 +77,11 @@ md4_context; * \brief Initialize MD4 context * * \param ctx MD4 context to be initialized + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md4_init( md4_context *ctx ); @@ -74,6 +89,11 @@ void md4_init( md4_context *ctx ); * \brief Clear MD4 context * * \param ctx MD4 context to be cleared + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md4_free( md4_context *ctx ); @@ -81,6 +101,11 @@ void md4_free( md4_context *ctx ); * \brief MD4 context setup * * \param ctx context to be initialized + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md4_starts( md4_context *ctx ); @@ -90,6 +115,11 @@ void md4_starts( md4_context *ctx ); * \param ctx MD4 context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md4_update( md4_context *ctx, const unsigned char *input, size_t ilen ); @@ -98,6 +128,11 @@ void md4_update( md4_context *ctx, const unsigned char *input, size_t ilen ); * * \param ctx MD4 context * \param output MD4 checksum result + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md4_finish( md4_context *ctx, unsigned char output[16] ); @@ -119,6 +154,11 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output MD4 checksum result + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] ); @@ -129,6 +169,11 @@ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] ); * \param output MD4 checksum result * * \return 0 if successful, or POLARSSL_ERR_MD4_FILE_IO_ERROR + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int md4_file( const char *path, unsigned char output[16] ); @@ -138,6 +183,11 @@ int md4_file( const char *path, unsigned char output[16] ); * \param ctx HMAC context to be initialized * \param key HMAC secret key * \param keylen length of the HMAC key + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md4_hmac_starts( md4_context *ctx, const unsigned char *key, size_t keylen ); @@ -148,6 +198,11 @@ void md4_hmac_starts( md4_context *ctx, const unsigned char *key, * \param ctx HMAC context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md4_hmac_update( md4_context *ctx, const unsigned char *input, size_t ilen ); @@ -157,6 +212,11 @@ void md4_hmac_update( md4_context *ctx, const unsigned char *input, * * \param ctx HMAC context * \param output MD4 HMAC checksum result + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md4_hmac_finish( md4_context *ctx, unsigned char output[16] ); @@ -164,6 +224,11 @@ void md4_hmac_finish( md4_context *ctx, unsigned char output[16] ); * \brief MD4 HMAC context reset * * \param ctx HMAC context to be reset + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md4_hmac_reset( md4_context *ctx ); @@ -175,6 +240,11 @@ void md4_hmac_reset( md4_context *ctx ); * \param input buffer holding the data * \param ilen length of the input data * \param output HMAC-MD4 result + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md4_hmac( const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, @@ -184,6 +254,11 @@ void md4_hmac( const unsigned char *key, size_t keylen, * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int md4_self_test( int verbose ); diff --git a/ext/polarssl-1.3/include/polarssl/md5.h b/ext/polarssl-1.3/include/polarssl/md5.h index 6566eb3ffc..915fe5186b 100644 --- a/ext/polarssl-1.3/include/polarssl/md5.h +++ b/ext/polarssl-1.3/include/polarssl/md5.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,6 +20,11 @@ * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * \warning MD5 is considered a weak message digest and its use constitutes a + * security risk. We recommend considering stronger message digests + * instead. + * */ #ifndef POLARSSL_MD5_H #define POLARSSL_MD5_H @@ -30,7 +35,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include @@ -51,6 +56,11 @@ extern "C" { /** * \brief MD5 context structure + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ typedef struct { @@ -67,6 +77,11 @@ md5_context; * \brief Initialize MD5 context * * \param ctx MD5 context to be initialized + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md5_init( md5_context *ctx ); @@ -74,6 +89,11 @@ void md5_init( md5_context *ctx ); * \brief Clear MD5 context * * \param ctx MD5 context to be cleared + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md5_free( md5_context *ctx ); @@ -81,6 +101,11 @@ void md5_free( md5_context *ctx ); * \brief MD5 context setup * * \param ctx context to be initialized + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md5_starts( md5_context *ctx ); @@ -90,6 +115,11 @@ void md5_starts( md5_context *ctx ); * \param ctx MD5 context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen ); @@ -98,6 +128,11 @@ void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen ); * * \param ctx MD5 context * \param output MD5 checksum result + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md5_finish( md5_context *ctx, unsigned char output[16] ); @@ -122,6 +157,11 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output MD5 checksum result + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] ); @@ -132,6 +172,11 @@ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] ); * \param output MD5 checksum result * * \return 0 if successful, or POLARSSL_ERR_MD5_FILE_IO_ERROR + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int md5_file( const char *path, unsigned char output[16] ); @@ -141,6 +186,11 @@ int md5_file( const char *path, unsigned char output[16] ); * \param ctx HMAC context to be initialized * \param key HMAC secret key * \param keylen length of the HMAC key + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md5_hmac_starts( md5_context *ctx, const unsigned char *key, size_t keylen ); @@ -151,6 +201,11 @@ void md5_hmac_starts( md5_context *ctx, * \param ctx HMAC context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md5_hmac_update( md5_context *ctx, const unsigned char *input, size_t ilen ); @@ -160,6 +215,11 @@ void md5_hmac_update( md5_context *ctx, * * \param ctx HMAC context * \param output MD5 HMAC checksum result + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md5_hmac_finish( md5_context *ctx, unsigned char output[16] ); @@ -167,6 +227,11 @@ void md5_hmac_finish( md5_context *ctx, unsigned char output[16] ); * \brief MD5 HMAC context reset * * \param ctx HMAC context to be reset + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md5_hmac_reset( md5_context *ctx ); @@ -178,6 +243,11 @@ void md5_hmac_reset( md5_context *ctx ); * \param input buffer holding the data * \param ilen length of the input data * \param output HMAC-MD5 result + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void md5_hmac( const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, @@ -187,6 +257,11 @@ void md5_hmac( const unsigned char *key, size_t keylen, * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int md5_self_test( int verbose ); diff --git a/ext/polarssl-1.3/include/polarssl/md_wrap.h b/ext/polarssl-1.3/include/polarssl/md_wrap.h index 7aeb27a84b..dd5fd6cf93 100644 --- a/ext/polarssl-1.3/include/polarssl/md_wrap.h +++ b/ext/polarssl-1.3/include/polarssl/md_wrap.h @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,6 +31,7 @@ #else #include POLARSSL_CONFIG_FILE #endif + #include "md.h" #ifdef __cplusplus diff --git a/ext/polarssl-1.3/include/polarssl/memory.h b/ext/polarssl-1.3/include/polarssl/memory.h index 5b8a3044c0..8b8ac5dc4b 100644 --- a/ext/polarssl-1.3/include/polarssl/memory.h +++ b/ext/polarssl-1.3/include/polarssl/memory.h @@ -1,11 +1,13 @@ /** * \file memory.h * - * \brief Memory allocation layer (Deprecated to platform layer) + * \brief Memory allocation layer + * + * \deprecated Use the platform layer instead * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,11 +37,26 @@ #include "platform.h" #include "memory_buffer_alloc.h" +#if ! defined(POLARSSL_DEPRECATED_REMOVED) +#if defined(POLARSSL_DEPRECATED_WARNING) +#define DEPRECATED __attribute__((deprecated)) +#else +#define DEPRECATED +#endif +/** + * \brief Set malloc() / free() callback + * + * \deprecated Use platform_set_malloc_free instead + */ +int memory_set_own( void * (*malloc_func)( size_t ), + void (*free_func)( void * ) ) DEPRECATED; int memory_set_own( void * (*malloc_func)( size_t ), void (*free_func)( void * ) ) { return platform_set_malloc_free( malloc_func, free_func ); } +#undef DEPRECATED +#endif /* POLARSSL_DEPRECATED_REMOVED */ #endif /* memory.h */ diff --git a/ext/polarssl-1.3/include/polarssl/memory_buffer_alloc.h b/ext/polarssl-1.3/include/polarssl/memory_buffer_alloc.h index 5f8e32970d..19abe55fa5 100644 --- a/ext/polarssl-1.3/include/polarssl/memory_buffer_alloc.h +++ b/ext/polarssl-1.3/include/polarssl/memory_buffer_alloc.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,7 +30,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include /** * \name SECTION: Module settings @@ -97,6 +97,27 @@ void memory_buffer_set_verify( int verify ); * trace if POLARSSL_MEMORY_BACKTRACE is defined. */ void memory_buffer_alloc_status( void ); + +/** + * \brief Get the peak heap usage so far + * + * \param max_used Peak number of bytes reauested by the application + * \param max_blocks Peak number of blocks reauested by the application + */ +void memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ); + +/** + * \brief Reset peak statistics + */ +void memory_buffer_alloc_max_reset( void ); + +/** + * \brief Get the current heap usage + * + * \param cur_used Number of bytes reauested by the application + * \param cur_blocks Number of blocks reauested by the application + */ +void memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ); #endif /* POLARSSL_MEMORY_DEBUG */ /** diff --git a/ext/polarssl-1.3/include/polarssl/net.h b/ext/polarssl-1.3/include/polarssl/net.h index d86732f102..d70639d1fb 100644 --- a/ext/polarssl-1.3/include/polarssl/net.h +++ b/ext/polarssl-1.3/include/polarssl/net.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,7 +24,7 @@ #ifndef POLARSSL_NET_H #define POLARSSL_NET_H -#include +#include #define POLARSSL_ERR_NET_UNKNOWN_HOST -0x0056 /**< Failed to get an IP address for the given hostname. */ #define POLARSSL_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */ diff --git a/ext/polarssl-1.3/include/polarssl/oid.h b/ext/polarssl-1.3/include/polarssl/oid.h index 309d8c5189..11330f251e 100644 --- a/ext/polarssl-1.3/include/polarssl/oid.h +++ b/ext/polarssl-1.3/include/polarssl/oid.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,14 +24,17 @@ #ifndef POLARSSL_OID_H #define POLARSSL_OID_H -#include #if !defined(POLARSSL_CONFIG_FILE) #include "config.h" #else #include POLARSSL_CONFIG_FILE #endif + #include "asn1.h" #include "pk.h" + +#include + #if defined(POLARSSL_CIPHER_C) #include "cipher.h" #endif @@ -119,6 +122,7 @@ #define OID_AT_GIVEN_NAME OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */ #define OID_AT_INITIALS OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */ #define OID_AT_GENERATION_QUALIFIER OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */ +#define OID_AT_UNIQUE_IDENTIFIER OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */ #define OID_AT_DN_QUALIFIER OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */ #define OID_AT_PSEUDONYM OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */ @@ -392,7 +396,7 @@ typedef struct { * \param oid OID to translate * * \return Length of the string written (excluding final NULL) or - * POLARSSL_ERR_OID_BUF_TO_SMALL in case of error + * POLARSSL_ERR_OID_BUF_TOO_SMALL in case of error */ int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid ); diff --git a/ext/polarssl-1.3/include/polarssl/openssl.h b/ext/polarssl-1.3/include/polarssl/openssl.h index 039f4989a3..233a093249 100644 --- a/ext/polarssl-1.3/include/polarssl/openssl.h +++ b/ext/polarssl-1.3/include/polarssl/openssl.h @@ -3,9 +3,11 @@ * * \brief OpenSSL wrapper (definitions, inline functions). * + * \deprecated Use native mbed TLS functions instead + * * Copyright (C) 2006-2010, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,9 +23,17 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ + /* * OpenSSL wrapper contributed by David Barett */ + +#if ! defined(POLARSSL_DEPRECATED_REMOVED) + +#if defined(POLARSSL_DEPRECATED_WARNING) +#warning "Including openssl.h is deprecated" +#endif + #ifndef POLARSSL_OPENSSL_H #define POLARSSL_OPENSSL_H @@ -135,3 +145,4 @@ inline int RSA_private_encrypt( int size, unsigned char* input, unsigned char* o #endif #endif /* openssl.h */ +#endif /* POLARSSL_DEPRECATED_REMOVED */ diff --git a/ext/polarssl-1.3/include/polarssl/padlock.h b/ext/polarssl-1.3/include/polarssl/padlock.h index af84d6348a..c4ac54cb97 100644 --- a/ext/polarssl-1.3/include/polarssl/padlock.h +++ b/ext/polarssl-1.3/include/polarssl/padlock.h @@ -6,7 +6,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -29,7 +29,15 @@ #define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */ -#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) +#if defined(__has_feature) +#if __has_feature(address_sanitizer) +#define POLARSSL_HAVE_ASAN +#endif +#endif + +/* Some versions of ASan result in errors about not enough registers */ +#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \ + !defined(POLARSSL_HAVE_ASAN) #ifndef POLARSSL_HAVE_X86 #define POLARSSL_HAVE_X86 @@ -42,7 +50,6 @@ typedef INT32 int32_t; #include #endif - #define PADLOCK_RNG 0x000C #define PADLOCK_ACE 0x00C0 #define PADLOCK_PHE 0x0C00 diff --git a/ext/polarssl-1.3/include/polarssl/pbkdf2.h b/ext/polarssl-1.3/include/polarssl/pbkdf2.h index 0548ad0327..28987b3f7f 100644 --- a/ext/polarssl-1.3/include/polarssl/pbkdf2.h +++ b/ext/polarssl-1.3/include/polarssl/pbkdf2.h @@ -2,13 +2,14 @@ * \file pbkdf2.h * * \brief Password-Based Key Derivation Function 2 (from PKCS#5) - * DEPRECATED: use pkcs5.h instead. + * + * \deprecated Use pkcs5.h instead. * * \author Mathias Olsson * * Copyright (C) 2006-2012, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,10 +28,10 @@ #ifndef POLARSSL_PBKDF2_H #define POLARSSL_PBKDF2_H -#include - #include "md.h" +#include + #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include typedef UINT32 uint32_t; @@ -44,9 +45,16 @@ typedef UINT32 uint32_t; extern "C" { #endif +#if ! defined(POLARSSL_DEPRECATED_REMOVED) +#if defined(POLARSSL_DEPRECATED_WARNING) +#define DEPRECATED __attribute__((deprecated)) +#else +#define DEPRECATED +#endif /** * \brief PKCS#5 PBKDF2 using HMAC - * DEPRECATED: Use pkcs5_pbkdf2_hmac() instead! + * + * \deprecated Use pkcs5_pbkdf2_hmac() instead * * \param ctx Generic HMAC context * \param password Password to use when generating key @@ -62,15 +70,18 @@ extern "C" { int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, size_t plen, const unsigned char *salt, size_t slen, unsigned int iteration_count, - uint32_t key_length, unsigned char *output ); + uint32_t key_length, unsigned char *output ) DEPRECATED; /** * \brief Checkup routine - * DEPRECATED: Use pkcs5_self_test() instead! + * + * \deprecated Use pkcs5_self_test() instead * * \return 0 if successful, or 1 if the test failed */ -int pbkdf2_self_test( int verbose ); +int pbkdf2_self_test( int verbose ) DEPRECATED; +#undef DEPRECATED +#endif /* POLARSSL_DEPRECATED_REMOVED */ #ifdef __cplusplus } diff --git a/ext/polarssl-1.3/include/polarssl/pem.h b/ext/polarssl-1.3/include/polarssl/pem.h index c0775d05e7..b47e0e9fc5 100644 --- a/ext/polarssl-1.3/include/polarssl/pem.h +++ b/ext/polarssl-1.3/include/polarssl/pem.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,7 +24,7 @@ #ifndef POLARSSL_PEM_H #define POLARSSL_PEM_H -#include +#include /** * \name PEM Error codes diff --git a/ext/polarssl-1.3/include/polarssl/pk.h b/ext/polarssl-1.3/include/polarssl/pk.h index 45066168aa..8d9407c417 100644 --- a/ext/polarssl-1.3/include/polarssl/pk.h +++ b/ext/polarssl-1.3/include/polarssl/pk.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/include/polarssl/pk_wrap.h b/ext/polarssl-1.3/include/polarssl/pk_wrap.h index 94611029ac..3677250073 100644 --- a/ext/polarssl-1.3/include/polarssl/pk_wrap.h +++ b/ext/polarssl-1.3/include/polarssl/pk_wrap.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/include/polarssl/pkcs11.h b/ext/polarssl-1.3/include/polarssl/pkcs11.h index 5cf21a1546..4ca4a4cdf8 100644 --- a/ext/polarssl-1.3/include/polarssl/pkcs11.h +++ b/ext/polarssl-1.3/include/polarssl/pkcs11.h @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -38,13 +38,10 @@ #include -#if defined(_MSC_VER) && !defined(inline) -#define inline _inline -#else -#if defined(__ARMCC_VERSION) && !defined(inline) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline -#endif /* __ARMCC_VERSION */ -#endif /*_MSC_VER */ +#endif #ifdef __cplusplus extern "C" { diff --git a/ext/polarssl-1.3/include/polarssl/pkcs12.h b/ext/polarssl-1.3/include/polarssl/pkcs12.h index 4a1310250b..cb53fe2472 100644 --- a/ext/polarssl-1.3/include/polarssl/pkcs12.h +++ b/ext/polarssl-1.3/include/polarssl/pkcs12.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,12 +24,12 @@ #ifndef POLARSSL_PKCS12_H #define POLARSSL_PKCS12_H -#include - #include "md.h" #include "cipher.h" #include "asn1.h" +#include + #define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */ #define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */ #define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */ diff --git a/ext/polarssl-1.3/include/polarssl/pkcs5.h b/ext/polarssl-1.3/include/polarssl/pkcs5.h index d9b6856b12..6a21af10b4 100644 --- a/ext/polarssl-1.3/include/polarssl/pkcs5.h +++ b/ext/polarssl-1.3/include/polarssl/pkcs5.h @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,11 +26,11 @@ #ifndef POLARSSL_PKCS5_H #define POLARSSL_PKCS5_H -#include - #include "asn1.h" #include "md.h" +#include + #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include typedef UINT32 uint32_t; diff --git a/ext/polarssl-1.3/include/polarssl/platform.h b/ext/polarssl-1.3/include/polarssl/platform.h index 4473d50519..639b180e33 100644 --- a/ext/polarssl-1.3/include/polarssl/platform.h +++ b/ext/polarssl-1.3/include/polarssl/platform.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,13 +30,11 @@ #include POLARSSL_CONFIG_FILE #endif -/* Temporary compability hack for to keep the deprecated MEMORY_C working */ +/* Temporary compatibility hack for to keep MEMORY_C working */ #if defined(POLARSSL_MEMORY_C) && !defined(POLARSSL_PLATFORM_MEMORY) #define POLARSSL_PLATFORM_MEMORY #endif -#include - #ifdef __cplusplus extern "C" { #endif @@ -50,7 +48,11 @@ extern "C" { */ #if !defined(POLARSSL_PLATFORM_NO_STD_FUNCTIONS) +#include #include +#if !defined(POLARSSL_PLATFORM_STD_SNPRINTF) +#define POLARSSL_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use */ +#endif #if !defined(POLARSSL_PLATFORM_STD_PRINTF) #define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use */ #endif @@ -63,6 +65,9 @@ extern "C" { #if !defined(POLARSSL_PLATFORM_STD_FREE) #define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use */ #endif +#if !defined(POLARSSL_PLATFORM_STD_EXIT) +#define POLARSSL_PLATFORM_STD_EXIT exit /**< Default free to use */ +#endif #else /* POLARSSL_PLATFORM_NO_STD_FUNCTIONS */ #if defined(POLARSSL_PLATFORM_STD_MEM_HDR) #include POLARSSL_PLATFORM_STD_MEM_HDR @@ -75,6 +80,13 @@ extern "C" { * The function pointers for malloc and free */ #if defined(POLARSSL_PLATFORM_MEMORY) +#if defined(POLARSSL_PLATFORM_FREE_MACRO) && \ + defined(POLARSSL_PLATFORM_MALLOC_MACRO) +#define polarssl_free POLARSSL_PLATFORM_FREE_MACRO +#define polarssl_malloc POLARSSL_PLATFORM_MALLOC_MACRO +#else +/* For size_t */ +#include extern void * (*polarssl_malloc)( size_t len ); extern void (*polarssl_free)( void *ptr ); @@ -88,10 +100,36 @@ extern void (*polarssl_free)( void *ptr ); */ int platform_set_malloc_free( void * (*malloc_func)( size_t ), void (*free_func)( void * ) ); -#else /* POLARSSL_PLATFORM_ENTROPY */ -#define polarssl_malloc malloc +#endif /* POLARSSL_PLATFORM_FREE_MACRO && POLARSSL_PLATFORM_MALLOC_MACRO */ +#else /* !POLARSSL_PLATFORM_MEMORY */ #define polarssl_free free -#endif /* POLARSSL_PLATFORM_ENTROPY */ +#define polarssl_malloc malloc +#endif /* POLARSSL_PLATFORM_MEMORY && !POLARSSL_PLATFORM_{FREE,MALLOC}_MACRO */ + +/* + * The function pointers for fprintf + */ +#if defined(POLARSSL_PLATFORM_FPRINTF_ALT) +/* We need FILE * */ +#include +extern int (*polarssl_fprintf)( FILE *stream, const char *format, ... ); + +/** + * \brief Set your own fprintf function pointer + * + * \param fprintf_func the fprintf function implementation + * + * \return 0 + */ +int platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *, + ... ) ); +#else +#if defined(POLARSSL_PLATFORM_FPRINTF_MACRO) +#define polarssl_fprintf POLARSSL_PLATFORM_FPRINTF_MACRO +#else +#define polarssl_fprintf fprintf +#endif /* POLARSSL_PLATFORM_FPRINTF_MACRO */ +#endif /* POLARSSL_PLATFORM_FPRINTF_ALT */ /* * The function pointers for printf @@ -107,21 +145,58 @@ extern int (*polarssl_printf)( const char *format, ... ); * \return 0 */ int platform_set_printf( int (*printf_func)( const char *, ... ) ); -#else /* POLARSSL_PLATFORM_PRINTF_ALT */ +#else /* !POLARSSL_PLATFORM_PRINTF_ALT */ +#if defined(POLARSSL_PLATFORM_PRINTF_MACRO) +#define polarssl_printf POLARSSL_PLATFORM_PRINTF_MACRO +#else #define polarssl_printf printf +#endif /* POLARSSL_PLATFORM_PRINTF_MACRO */ #endif /* POLARSSL_PLATFORM_PRINTF_ALT */ /* - * The function pointers for fprintf + * The function pointers for snprintf */ -#if defined(POLARSSL_PLATFORM_FPRINTF_ALT) -extern int (*polarssl_fprintf)( FILE *stream, const char *format, ... ); +#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT) +extern int (*polarssl_snprintf)( char * s, size_t n, const char * format, ... ); -int platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *, - ... ) ); +/** + * \brief Set your own snprintf function pointer + * + * \param snprintf_func the snprintf function implementation + * + * \return 0 + */ +int platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, + const char * format, ... ) ); +#else /* POLARSSL_PLATFORM_SNPRINTF_ALT */ +#if defined(POLARSSL_PLATFORM_SNPRINTF_MACRO) +#define polarssl_snprintf POLARSSL_PLATFORM_SNPRINTF_MACRO #else -#define polarssl_fprintf fprintf -#endif +#define polarssl_snprintf snprintf +#endif /* POLARSSL_PLATFORM_SNPRINTF_MACRO */ +#endif /* POLARSSL_PLATFORM_SNPRINTF_ALT */ + +/* + * The function pointers for exit + */ +#if defined(POLARSSL_PLATFORM_EXIT_ALT) +extern void (*polarssl_exit)( int status ); + +/** + * \brief Set your own exit function pointer + * + * \param exit_func the exit function implementation + * + * \return 0 + */ +int platform_set_exit( void (*exit_func)( int status ) ); +#else +#if defined(POLARSSL_PLATFORM_EXIT_MACRO) +#define polarssl_exit POLARSSL_PLATFORM_EXIT_MACRO +#else +#define polarssl_exit exit +#endif /* POLARSSL_PLATFORM_EXIT_MACRO */ +#endif /* POLARSSL_PLATFORM_EXIT_ALT */ #ifdef __cplusplus } diff --git a/ext/polarssl-1.3/include/polarssl/ripemd160.h b/ext/polarssl-1.3/include/polarssl/ripemd160.h index 49c36c04c3..2555eb407f 100644 --- a/ext/polarssl-1.3/include/polarssl/ripemd160.h +++ b/ext/polarssl-1.3/include/polarssl/ripemd160.h @@ -5,7 +5,7 @@ * * Copyright (C) 2014-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,7 +30,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include diff --git a/ext/polarssl-1.3/include/polarssl/rsa.h b/ext/polarssl-1.3/include/polarssl/rsa.h index 53b81eadad..5c2d875c2d 100644 --- a/ext/polarssl-1.3/include/polarssl/rsa.h +++ b/ext/polarssl-1.3/include/polarssl/rsa.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -43,7 +43,7 @@ #define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */ #define POLARSSL_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */ #define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */ -#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the libraries validity check. */ +#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the library's validity check. */ #define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */ #define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */ #define POLARSSL_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ @@ -199,6 +199,7 @@ int rsa_check_pub_priv( const rsa_context *pub, const rsa_context *prv ); /** * \brief Do an RSA public key operation + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx RSA context * \param input input buffer @@ -219,6 +220,7 @@ int rsa_public( rsa_context *ctx, /** * \brief Do an RSA private key operation + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx RSA context * \param f_rng RNG function (Needed for blinding) @@ -241,6 +243,7 @@ int rsa_private( rsa_context *ctx, * \brief Generic wrapper to perform a PKCS#1 encryption using the * mode from the context. Add the message padding, then do an * RSA operation. + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx RSA context * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding @@ -265,6 +268,7 @@ int rsa_pkcs1_encrypt( rsa_context *ctx, /** * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx RSA context * \param f_rng RNG function (Needed for padding and RSA_PRIVATE) @@ -288,6 +292,7 @@ int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx, /** * \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT) + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx RSA context * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding @@ -318,6 +323,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx, * \brief Generic wrapper to perform a PKCS#1 decryption using the * mode from the context. Do an RSA operation, then remove * the message padding + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx RSA context * \param f_rng RNG function (Only needed for RSA_PRIVATE) @@ -330,9 +336,15 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx, * * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int rsa_pkcs1_decrypt( rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -344,6 +356,7 @@ int rsa_pkcs1_decrypt( rsa_context *ctx, /** * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx RSA context * \param f_rng RNG function (Only needed for RSA_PRIVATE) @@ -356,9 +369,16 @@ int rsa_pkcs1_decrypt( rsa_context *ctx, * * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * */ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -370,6 +390,7 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx, /** * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx RSA context * \param f_rng RNG function (Only needed for RSA_PRIVATE) @@ -384,9 +405,16 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx, * * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * */ int rsa_rsaes_oaep_decrypt( rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -402,6 +430,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx, * \brief Generic wrapper to perform a PKCS#1 signature using the * mode from the context. Do a private RSA operation to sign * a message digest + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx RSA context * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for @@ -460,6 +489,7 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx, /** * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx RSA context * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for @@ -495,6 +525,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx, * \brief Generic wrapper to perform a PKCS#1 verification using the * mode from the context. Do a public RSA operation and check * the message digest + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx points to an RSA public key * \param f_rng RNG function (Only needed for RSA_PRIVATE) @@ -525,6 +556,7 @@ int rsa_pkcs1_verify( rsa_context *ctx, /** * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx points to an RSA public key * \param f_rng RNG function (Only needed for RSA_PRIVATE) @@ -553,6 +585,7 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx, /** * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) * (This is the "simple" version.) + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx points to an RSA public key * \param f_rng RNG function (Only needed for RSA_PRIVATE) @@ -587,6 +620,7 @@ int rsa_rsassa_pss_verify( rsa_context *ctx, /** * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) * (This is the version with "full" options.) + * (Thread-safe if POLARSSL_THREADING_C is enabled) * * \param ctx points to an RSA public key * \param f_rng RNG function (Only needed for RSA_PRIVATE) diff --git a/ext/polarssl-1.3/include/polarssl/sha1.h b/ext/polarssl-1.3/include/polarssl/sha1.h index 258a3de222..49ccb9720d 100644 --- a/ext/polarssl-1.3/include/polarssl/sha1.h +++ b/ext/polarssl-1.3/include/polarssl/sha1.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,6 +20,11 @@ * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * \warning SHA-1 is considered a weak message digest and its use constitutes + * a security risk. We recommend considering stronger message + * digests instead. + * */ #ifndef POLARSSL_SHA1_H #define POLARSSL_SHA1_H @@ -30,7 +35,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include @@ -51,6 +56,11 @@ extern "C" { /** * \brief SHA-1 context structure + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ typedef struct { @@ -67,6 +77,11 @@ sha1_context; * \brief Initialize SHA-1 context * * \param ctx SHA-1 context to be initialized + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void sha1_init( sha1_context *ctx ); @@ -74,6 +89,11 @@ void sha1_init( sha1_context *ctx ); * \brief Clear SHA-1 context * * \param ctx SHA-1 context to be cleared + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void sha1_free( sha1_context *ctx ); @@ -81,6 +101,11 @@ void sha1_free( sha1_context *ctx ); * \brief SHA-1 context setup * * \param ctx context to be initialized + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void sha1_starts( sha1_context *ctx ); @@ -90,6 +115,11 @@ void sha1_starts( sha1_context *ctx ); * \param ctx SHA-1 context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen ); @@ -98,6 +128,11 @@ void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen ); * * \param ctx SHA-1 context * \param output SHA-1 checksum result + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void sha1_finish( sha1_context *ctx, unsigned char output[20] ); @@ -122,6 +157,11 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-1 checksum result + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ); @@ -132,6 +172,11 @@ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ); * \param output SHA-1 checksum result * * \return 0 if successful, or POLARSSL_ERR_SHA1_FILE_IO_ERROR + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int sha1_file( const char *path, unsigned char output[20] ); @@ -141,6 +186,11 @@ int sha1_file( const char *path, unsigned char output[20] ); * \param ctx HMAC context to be initialized * \param key HMAC secret key * \param keylen length of the HMAC key + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen ); @@ -151,6 +201,11 @@ void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, * \param ctx HMAC context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen ); @@ -160,6 +215,11 @@ void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, * * \param ctx HMAC context * \param output SHA-1 HMAC checksum result + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ); @@ -167,6 +227,11 @@ void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ); * \brief SHA-1 HMAC context reset * * \param ctx HMAC context to be reset + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void sha1_hmac_reset( sha1_context *ctx ); @@ -178,6 +243,11 @@ void sha1_hmac_reset( sha1_context *ctx ); * \param input buffer holding the data * \param ilen length of the input data * \param output HMAC-SHA-1 result + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void sha1_hmac( const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, @@ -187,6 +257,11 @@ void sha1_hmac( const unsigned char *key, size_t keylen, * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int sha1_self_test( int verbose ); diff --git a/ext/polarssl-1.3/include/polarssl/sha256.h b/ext/polarssl-1.3/include/polarssl/sha256.h index 195996dbb8..f8917ff82f 100644 --- a/ext/polarssl-1.3/include/polarssl/sha256.h +++ b/ext/polarssl-1.3/include/polarssl/sha256.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,7 +30,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include diff --git a/ext/polarssl-1.3/include/polarssl/sha512.h b/ext/polarssl-1.3/include/polarssl/sha512.h index 6afb8367c9..15d266cd47 100644 --- a/ext/polarssl-1.3/include/polarssl/sha512.h +++ b/ext/polarssl-1.3/include/polarssl/sha512.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,14 +30,12 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if defined(_MSC_VER) || defined(__WATCOMC__) - #define UL64(x) x##ui64 typedef unsigned __int64 uint64_t; #else #include - #define UL64(x) x##ULL #endif #define POLARSSL_ERR_SHA512_FILE_IO_ERROR -0x007A /**< Read/write error in file. */ diff --git a/ext/polarssl-1.3/include/polarssl/ssl.h b/ext/polarssl-1.3/include/polarssl/ssl.h index 387f69cb61..fffc9a30db 100644 --- a/ext/polarssl-1.3/include/polarssl/ssl.h +++ b/ext/polarssl-1.3/include/polarssl/ssl.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -97,13 +97,10 @@ #define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED #endif -#if defined(_MSC_VER) && !defined(inline) -#define inline _inline -#else -#if defined(__ARMCC_VERSION) && !defined(inline) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline -#endif /* __ARMCC_VERSION */ -#endif /*_MSC_VER */ +#endif /* * SSL Error codes @@ -198,6 +195,8 @@ #endif /* POLARSSL_SSL_PROTO_TLS1_1 */ #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ +#define SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ + /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c * NONE must be zero so that memset()ing structure to zero works */ #define SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */ @@ -282,6 +281,14 @@ #define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ #endif +/* + * Minimum size of the Diffie-Hellman parameters to accept from a server. + * The default is 1024 bits (128 bytes) for compatibility reasons. + * From a purely security perspective, 2048 bits would be better. + */ +#if !defined(SSL_MIN_DHM_BYTES) +#define SSL_MIN_DHM_BYTES 128 /**< Min size of the Diffie-Hellman prime */ +#endif /* \} name SECTION: Module settings */ /* @@ -296,7 +303,7 @@ #define SSL_COMPRESSION_ADD 0 #endif -#if defined(POLARSSL_RC4_C) || defined(POLARSSL_CIPHER_MODE_CBC) +#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_MODE_CBC) /* Ciphersuites using HMAC */ #if defined(POLARSSL_SHA512_C) #define SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ @@ -532,6 +539,7 @@ typedef struct _ssl_session ssl_session; typedef struct _ssl_context ssl_context; typedef struct _ssl_transform ssl_transform; typedef struct _ssl_handshake_params ssl_handshake_params; +typedef struct _ssl_sig_hash_set_t ssl_sig_hash_set_t; #if defined(POLARSSL_SSL_SESSION_TICKETS) typedef struct _ssl_ticket_keys ssl_ticket_keys; #endif @@ -618,6 +626,24 @@ struct _ssl_transform #endif }; +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) +/* + * Abstraction for a grid of allowed signature-hash-algorithm pairs. + */ +struct _ssl_sig_hash_set_t +{ + /* At the moment, we only need to remember a single suitable + * hash algorithm per signature algorithm. As long as that's + * the case - and we don't need a general lookup function - + * we can implement the sig-hash-set as a map from signatures + * to hash algorithms. */ + md_type_t rsa; + md_type_t ecdsa; +}; +#endif /* POLARSSL_SSL_PROTO_TLS1_2) && + POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ + /* * This structure contains the parameters only needed during handshake. */ @@ -626,7 +652,10 @@ struct _ssl_handshake_params /* * Handshake specific crypto variables */ - int sig_alg; /*!< Hash algorithm for signature */ +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) + ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */ +#endif int cert_type; /*!< Requested cert type */ int verify_sig_alg; /*!< Signature algorithm for verify */ #if defined(POLARSSL_DHM_C) @@ -817,7 +846,9 @@ struct _ssl_context size_t in_hslen; /*!< current handshake message length */ int nb_zero; /*!< # of 0-length encrypted messages */ - int record_read; /*!< record is already present */ + + int keep_current_message; /*!< drop or reuse current message + on next call to record layer? */ /* * Record layer (outgoing data) @@ -1154,6 +1185,9 @@ int ssl_set_session( ssl_context *ssl, const ssl_session *session ); * order. First in the list has the highest preference. * (Overrides all version specific lists) * + * The ciphersuites array is not copied, and must remain + * valid for the lifetime of the ssl_context. + * * Note: The server uses its own preferences * over the preference of the client unless * POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined! @@ -1213,6 +1247,12 @@ void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain, int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert, pk_context *pk_key ); +#if ! defined(POLARSSL_DEPRECATED_REMOVED) +#if defined(POLARSSL_DEPRECATED_WARNING) +#define DEPRECATED __attribute__((deprecated)) +#else +#define DEPRECATED +#endif #if defined(POLARSSL_RSA_C) /** * \brief Set own certificate chain and private RSA key @@ -1221,8 +1261,7 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert, * up your certificate chain. The top certificate (self-signed) * can be omitted. * - * \warning This backwards-compatibility function is deprecated! - * Please use \c ssl_set_own_cert() instead. + * \deprecated Please use \c ssl_set_own_cert() instead. * * \param ssl SSL context * \param own_cert own public certificate chain @@ -1231,7 +1270,7 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert, * \return 0 on success, or a specific error code. */ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert, - rsa_context *rsa_key ); + rsa_context *rsa_key ) DEPRECATED; #endif /* POLARSSL_RSA_C */ /** @@ -1246,8 +1285,7 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert, * up your certificate chain. The top certificate (self-signed) * can be omitted. * - * \warning This backwards-compatibility function is deprecated! - * Please use \c pk_init_ctx_rsa_alt() + * \deprecated Please use \c pk_init_ctx_rsa_alt() * and \c ssl_set_own_cert() instead. * * \param ssl SSL context @@ -1263,7 +1301,9 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert, void *rsa_key, rsa_decrypt_func rsa_decrypt, rsa_sign_func rsa_sign, - rsa_key_len_func rsa_key_len ); + rsa_key_len_func rsa_key_len ) DEPRECATED; +#undef DEPRECATED +#endif /* POLARSSL_DEPRECATED_REMOVED */ #endif /* POLARSSL_X509_CRT_PARSE_C */ #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) @@ -1312,7 +1352,7 @@ void ssl_set_psk_cb( ssl_context *ssl, /** * \brief Set the Diffie-Hellman public P and G values, * read as hexadecimal strings (server-side only) - * (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG]) + * (Default: POLARSSL_DHM_RFC5114_MODP_2048_[PG]) * * \param ssl SSL context * \param dhm_P Diffie-Hellman-Merkle modulus @@ -1358,15 +1398,23 @@ void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curves ); #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) /** - * \brief Set hostname for ServerName TLS extension - * (client-side only) - * + * \brief Set or reset the hostname to check against the received + * server certificate. It sets the ServerName TLS extension, + * too, if that extension is enabled. (client-side only) * * \param ssl SSL context - * \param hostname the server hostname + * \param hostname the server hostname, may be NULL to clear hostname * - * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED - */ + * \note Maximum hostname length SSL_MAX_HOST_NAME_LEN. + * + * \return 0 if successful, POLARSSL_ERR_SSL_MALLOC_FAILED on + * allocation failure, POLARSSL_ERR_BAD_INPUT_DATA on + * too long input hostname. + * + * \note Hostname set to the one provided on success (cleared + * when NULL). On allocation failure hostname is cleared. + * On too long input failure, old hostname is unchanged. +*/ int ssl_set_hostname( ssl_context *ssl, const char *hostname ); /** @@ -1534,7 +1582,7 @@ void ssl_set_arc4_support( ssl_context *ssl, char arc4 ); * SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024, * SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096) * - * \return O if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA + * \return 0 if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA */ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code ); #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ @@ -1583,7 +1631,7 @@ void ssl_set_cbc_record_splitting( ssl_context *ssl, char split ); * \param use_tickets Enable or disable (SSL_SESSION_TICKETS_ENABLED or * SSL_SESSION_TICKETS_DISABLED) * - * \return O if successful, + * \return 0 if successful, * or a specific error code (server only). */ int ssl_set_session_tickets( ssl_context *ssl, int use_tickets ); @@ -1941,15 +1989,40 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex ); #if defined(POLARSSL_PK_C) unsigned char ssl_sig_from_pk( pk_context *pk ); +unsigned char ssl_sig_from_pk_alg( pk_type_t type ); pk_type_t ssl_pk_alg_from_sig( unsigned char sig ); #endif md_type_t ssl_md_alg_from_hash( unsigned char hash ); +unsigned char ssl_hash_from_md_alg( md_type_t md ); #if defined(POLARSSL_SSL_SET_CURVES) int ssl_curve_is_acceptable( const ssl_context *ssl, ecp_group_id grp_id ); #endif +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) + +/* Find an entry in a signature-hash set matching a given hash algorithm. */ +md_type_t ssl_sig_hash_set_find( ssl_sig_hash_set_t *set, + pk_type_t sig_alg ); +/* Add a signature-hash-pair to a signature-hash set */ +void ssl_sig_hash_set_add( ssl_sig_hash_set_t *set, + pk_type_t sig_alg, + md_type_t md_alg ); +/* Allow exactly one hash algorithm for each signature. */ +void ssl_sig_hash_set_const_hash( ssl_sig_hash_set_t *set, + md_type_t md_alg ); + +/* Setup an empty signature-hash set */ +static inline void ssl_sig_hash_set_init( ssl_sig_hash_set_t *set ) +{ + ssl_sig_hash_set_const_hash( set, POLARSSL_MD_NONE ); +} + +#endif /* POLARSSL_SSL_PROTO_TLS1_2) && + POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ + #if defined(POLARSSL_X509_CRT_PARSE_C) static inline pk_context *ssl_own_key( ssl_context *ssl ) { @@ -1963,6 +2036,12 @@ static inline x509_crt *ssl_own_cert( ssl_context *ssl ) : ssl->handshake->key_cert->cert ); } +/* + * Check if a hash proposed by the peer is in our list. + * Return 0 if we're willing to use it, -1 otherwise. + */ +int ssl_check_sig_hash( md_type_t md ); + /* * Check usage of a certificate wrt extensions: * keyUsage, extendedKeyUsage (later), and nSCertType (later). @@ -1974,16 +2053,17 @@ static inline x509_crt *ssl_own_cert( ssl_context *ssl ) */ int ssl_check_cert_usage( const x509_crt *cert, const ssl_ciphersuite_t *ciphersuite, - int cert_endpoint ); + int cert_endpoint, + int *flags ); #endif /* POLARSSL_X509_CRT_PARSE_C */ /* constant-time buffer comparison */ static inline int safer_memcmp( const void *a, const void *b, size_t n ) { size_t i; - const unsigned char *A = (const unsigned char *) a; - const unsigned char *B = (const unsigned char *) b; - unsigned char diff = 0; + volatile const unsigned char *A = (volatile const unsigned char *) a; + volatile const unsigned char *B = (volatile const unsigned char *) b; + volatile unsigned char diff = 0; for( i = 0; i < n; i++ ) diff |= A[i] ^ B[i]; diff --git a/ext/polarssl-1.3/include/polarssl/ssl_cache.h b/ext/polarssl-1.3/include/polarssl/ssl_cache.h index 3bdd94fb25..12d737b8cf 100644 --- a/ext/polarssl-1.3/include/polarssl/ssl_cache.h +++ b/ext/polarssl-1.3/include/polarssl/ssl_cache.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -122,7 +122,7 @@ void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout ); #endif /* POLARSSL_HAVE_TIME */ /** - * \brief Set the cache timeout + * \brief Set the maximum number of cache entries * (Default: SSL_CACHE_DEFAULT_MAX_ENTRIES (50)) * * \param cache SSL cache context diff --git a/ext/polarssl-1.3/include/polarssl/ssl_ciphersuites.h b/ext/polarssl-1.3/include/polarssl/ssl_ciphersuites.h index 2a1d2ac6fd..2666b3be04 100644 --- a/ext/polarssl-1.3/include/polarssl/ssl_ciphersuites.h +++ b/ext/polarssl-1.3/include/polarssl/ssl_ciphersuites.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -252,7 +252,6 @@ typedef enum { defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ - defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) #define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED @@ -291,6 +290,7 @@ const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id ); #if defined(POLARSSL_PK_C) pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info ); +pk_type_t ssl_get_ciphersuite_sig_alg( const ssl_ciphersuite_t *info ); #endif int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info ); diff --git a/ext/polarssl-1.3/include/polarssl/threading.h b/ext/polarssl-1.3/include/polarssl/threading.h index 4a8288e4f1..293da38c3a 100644 --- a/ext/polarssl-1.3/include/polarssl/threading.h +++ b/ext/polarssl-1.3/include/polarssl/threading.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/include/polarssl/timing.h b/ext/polarssl-1.3/include/polarssl/timing.h index a3eb510dcb..2dae5d9c9d 100644 --- a/ext/polarssl-1.3/include/polarssl/timing.h +++ b/ext/polarssl-1.3/include/polarssl/timing.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -65,6 +65,10 @@ unsigned long get_timer( struct hr_time *val, int reset ); * \brief Setup an alarm clock * * \param seconds delay before the "alarmed" flag is set + * + * \warning Only one alarm at a time is supported. In a threaded + * context, this means one for the whole process, not one per + * thread. */ void set_alarm( int seconds ); diff --git a/ext/polarssl-1.3/include/polarssl/version.h b/ext/polarssl-1.3/include/polarssl/version.h index ccfe74c9f1..0d1697accc 100644 --- a/ext/polarssl-1.3/include/polarssl/version.h +++ b/ext/polarssl-1.3/include/polarssl/version.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,16 +40,16 @@ */ #define POLARSSL_VERSION_MAJOR 1 #define POLARSSL_VERSION_MINOR 3 -#define POLARSSL_VERSION_PATCH 10 +#define POLARSSL_VERSION_PATCH 22 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define POLARSSL_VERSION_NUMBER 0x01030A00 -#define POLARSSL_VERSION_STRING "1.3.10" -#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.10" +#define POLARSSL_VERSION_NUMBER 0x01031600 +#define POLARSSL_VERSION_STRING "1.3.22" +#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.22" #if defined(POLARSSL_VERSION_C) diff --git a/ext/polarssl-1.3/include/polarssl/x509.h b/ext/polarssl-1.3/include/polarssl/x509.h index 6e5f21717c..5a49a5889b 100644 --- a/ext/polarssl-1.3/include/polarssl/x509.h +++ b/ext/polarssl-1.3/include/polarssl/x509.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -76,23 +76,30 @@ #define POLARSSL_ERR_X509_BAD_INPUT_DATA -0x2800 /**< Input invalid. */ #define POLARSSL_ERR_X509_MALLOC_FAILED -0x2880 /**< Allocation of memory failed. */ #define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */ +#define POLARSSL_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */ /* \} name */ /** * \name X509 Verify codes * \{ */ +/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */ #define BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ #define BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */ #define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */ #define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */ -#define BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed by the trusted CA. */ -#define BADCRL_EXPIRED 0x20 /**< CRL is expired. */ +#define BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */ +#define BADCRL_EXPIRED 0x20 /**< The CRL is expired. */ #define BADCERT_MISSING 0x40 /**< Certificate was missing. */ #define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */ #define BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */ #define BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */ #define BADCRL_FUTURE 0x0400 /**< The CRL is from the future */ +#define BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */ +#define BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */ +#define BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */ +#define BADCERT_BAD_KEY 0x10000 /**< Bad key (e.g. unsupported elliptic curve in use) */ + /* \} name */ /* \} addtogroup x509_module */ @@ -225,21 +232,30 @@ int x509_dn_gets( char *buf, size_t size, const x509_name *dn ); */ int x509_serial_gets( char *buf, size_t size, const x509_buf *serial ); +#if ! defined(POLARSSL_DEPRECATED_REMOVED) +#if defined(POLARSSL_DEPRECATED_WARNING) +#define DEPRECATED __attribute__((deprecated)) +#else +#define DEPRECATED +#endif /** * \brief Give an known OID, return its descriptive string. - * (Deprecated. Use oid_get_extended_key_usage() instead.) - * Warning: only works for extended_key_usage OIDs! + * + * \deprecated Use oid_get_extended_key_usage() instead. + * + * \warning Only works for extended_key_usage OIDs! * * \param oid buffer containing the oid * * \return Return a string if the OID is known, * or NULL otherwise. */ -const char *x509_oid_get_description( x509_buf *oid ); +const char *x509_oid_get_description( x509_buf *oid ) DEPRECATED; /** * \brief Give an OID, return a string version of its OID number. - * (Deprecated. Use oid_get_numeric_string() instead) + * + * \deprecated Use oid_get_numeric_string() instead. * * \param buf Buffer to write to * \param size Maximum size of buffer @@ -248,29 +264,31 @@ const char *x509_oid_get_description( x509_buf *oid ); * \return Length of the string written (excluding final NULL) or * POLARSSL_ERR_OID_BUF_TO_SMALL in case of error */ -int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid ); +int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid ) DEPRECATED; +#undef DEPRECATED +#endif /* POLARSSL_DEPRECATED_REMOVED */ /** * \brief Check a given x509_time against the system time and check * if it is not expired. * - * \param time x509_time to check + * \param tm x509_time to check * * \return 0 if the x509_time is still valid, * 1 otherwise. */ -int x509_time_expired( const x509_time *time ); +int x509_time_expired( const x509_time *tm ); /** * \brief Check a given x509_time against the system time and check * if it is not from the future. * - * \param time x509_time to check + * \param tm x509_time to check * * \return 0 if the x509_time is already valid, * 1 otherwise. */ -int x509_time_future( const x509_time *time ); +int x509_time_future( const x509_time *tm ); /** * \brief Checkup routine @@ -299,7 +317,7 @@ int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params, md_type_t *md_alg, pk_type_t *pk_alg, void **sig_opts ); int x509_get_time( unsigned char **p, const unsigned char *end, - x509_time *time ); + x509_time *t ); int x509_get_serial( unsigned char **p, const unsigned char *end, x509_buf *serial ); int x509_get_ext( unsigned char **p, const unsigned char *end, diff --git a/ext/polarssl-1.3/include/polarssl/x509_crl.h b/ext/polarssl-1.3/include/polarssl/x509_crl.h index fa5c84956a..6f4b65d56f 100644 --- a/ext/polarssl-1.3/include/polarssl/x509_crl.h +++ b/ext/polarssl-1.3/include/polarssl/x509_crl.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/include/polarssl/x509_crt.h b/ext/polarssl-1.3/include/polarssl/x509_crt.h index 4fad932bf5..cb43262621 100644 --- a/ext/polarssl-1.3/include/polarssl/x509_crt.h +++ b/ext/polarssl-1.3/include/polarssl/x509_crt.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,7 +31,6 @@ #endif #include "x509.h" - #include "x509_crl.h" /** @@ -203,6 +202,21 @@ int x509_crt_parse_path( x509_crt *chain, const char *path ); int x509_crt_info( char *buf, size_t size, const char *prefix, const x509_crt *crt ); +/** + * \brief Returns an informational string about the + * verification status of a certificate. + * + * \param buf Buffer to write to + * \param size Maximum size of buffer + * \param prefix A line prefix + * \param flags Verification flags created by x509_crt_verify() + * + * \return The amount of data written to the buffer, or -1 in + * case of an error. + */ +int x509_crt_verify_info( char *buf, size_t size, const char *prefix, + int flags ); + /** * \brief Verify the certificate signature * @@ -218,7 +232,16 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, * * All flags left after returning from the callback * are also returned to the application. The function should - * return 0 for anything but a fatal error. + * return 0 for anything (including invalid certificates) + * other than fatal error, as a non-zero return code + * immediately aborts the verification process. For fatal + * errors, a specific error code should be used (different + * from POLARSSL_ERR_X509_CERT_VERIFY_FAILED which should not + * be returned at this point), or POLARSSL_ERR_X509_FATAL_ERROR + * can be used if no better code is available. + * + * \note In case verification failed, the results can be displayed + * using \c x509_crt_verify_info() * * \param crt a certificate to be verified * \param trust_ca the trusted CA chain @@ -229,15 +252,13 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, * \param f_vrfy verification function * \param p_vrfy verification parameter * - * \return 0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED, - * in which case *flags will have one or more of - * the following values set: - * BADCERT_EXPIRED -- - * BADCERT_REVOKED -- - * BADCERT_CN_MISMATCH -- - * BADCERT_NOT_TRUSTED - * or another error in case of a fatal error encountered - * during the verification process. + * \return 0 (and flags set to 0) if the chain was verified and valid, + * POLARSSL_ERR_X509_CERT_VERIFY_FAILED if the chain was verified + * but found to be invalid, in which case *flags will have one + * or more BADCERT_XXX or POLARSSL_X509_BADCRL_XXX + * flags set, or another error (and flags set to -1) + * in case of a fatal error encountered during the + * verification process. */ int x509_crt_verify( x509_crt *crt, x509_crt *trust_ca, diff --git a/ext/polarssl-1.3/include/polarssl/x509_csr.h b/ext/polarssl-1.3/include/polarssl/x509_csr.h index ed6c6b5eef..34f527b8e4 100644 --- a/ext/polarssl-1.3/include/polarssl/x509_csr.h +++ b/ext/polarssl-1.3/include/polarssl/x509_csr.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/include/polarssl/xtea.h b/ext/polarssl-1.3/include/polarssl/xtea.h index 0c58ab5432..02cd8d6f0a 100644 --- a/ext/polarssl-1.3/include/polarssl/xtea.h +++ b/ext/polarssl-1.3/include/polarssl/xtea.h @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,7 +30,7 @@ #include POLARSSL_CONFIG_FILE #endif -#include +#include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include diff --git a/ext/polarssl-1.3/library/aes.c b/ext/polarssl-1.3/library/aes.c index c579d7800f..9d96064ffe 100644 --- a/ext/polarssl-1.3/library/aes.c +++ b/ext/polarssl-1.3/library/aes.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -34,6 +34,8 @@ #if defined(POLARSSL_AES_C) +#include + #include "polarssl/aes.h" #if defined(POLARSSL_PADLOCK_C) #include "polarssl/padlock.h" @@ -42,11 +44,14 @@ #include "polarssl/aesni.h" #endif +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ #if !defined(POLARSSL_AES_ALT) @@ -926,7 +931,6 @@ int aes_crypt_cfb128( aes_context *ctx, /* * AES-CFB8 buffer encryption/decryption */ -#include int aes_crypt_cfb8( aes_context *ctx, int mode, size_t length, @@ -996,9 +1000,6 @@ int aes_crypt_ctr( aes_context *ctx, #endif /* !POLARSSL_AES_ALT */ #if defined(POLARSSL_SELF_TEST) - -#include - /* * AES test vectors from: * diff --git a/ext/polarssl-1.3/library/aesni.c b/ext/polarssl-1.3/library/aesni.c index d4ec9ecb18..5315aba223 100644 --- a/ext/polarssl-1.3/library/aesni.c +++ b/ext/polarssl-1.3/library/aesni.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -34,7 +34,8 @@ #if defined(POLARSSL_AESNI_C) #include "polarssl/aesni.h" -#include + +#include #if defined(POLARSSL_HAVE_X86_64) diff --git a/ext/polarssl-1.3/library/arc4.c b/ext/polarssl-1.3/library/arc4.c index ef0e7f89a5..309d16a85d 100644 --- a/ext/polarssl-1.3/library/arc4.c +++ b/ext/polarssl-1.3/library/arc4.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,11 +35,16 @@ #include "polarssl/arc4.h" +#include + +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ #if !defined(POLARSSL_ARC4_ALT) @@ -126,10 +131,6 @@ int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input, #endif /* !POLARSSL_ARC4_ALT */ #if defined(POLARSSL_SELF_TEST) - -#include -#include - /* * ARC4 tests vectors as posted by Eric Rescorla in sep. 1994: * diff --git a/ext/polarssl-1.3/library/asn1parse.c b/ext/polarssl-1.3/library/asn1parse.c index 7e8fc32fa4..8c167df5fe 100644 --- a/ext/polarssl-1.3/library/asn1parse.c +++ b/ext/polarssl-1.3/library/asn1parse.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,6 +30,8 @@ #include "polarssl/asn1.h" +#include + #if defined(POLARSSL_BIGNUM_C) #include "polarssl/bignum.h" #endif @@ -37,13 +39,11 @@ #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_malloc malloc #define polarssl_free free #endif -#include -#include - /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -77,7 +77,7 @@ int asn1_get_len( unsigned char **p, if( ( end - *p ) < 3 ) return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); - *len = ( (*p)[1] << 8 ) | (*p)[2]; + *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2]; (*p) += 3; break; @@ -85,7 +85,8 @@ int asn1_get_len( unsigned char **p, if( ( end - *p ) < 4 ) return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); - *len = ( (*p)[1] << 16 ) | ( (*p)[2] << 8 ) | (*p)[3]; + *len = ( (size_t)(*p)[1] << 16 ) | + ( (size_t)(*p)[2] << 8 ) | (*p)[3]; (*p) += 4; break; @@ -93,8 +94,8 @@ int asn1_get_len( unsigned char **p, if( ( end - *p ) < 5 ) return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); - *len = ( (*p)[1] << 24 ) | ( (*p)[2] << 16 ) | ( (*p)[3] << 8 ) | - (*p)[4]; + *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) | + ( (size_t)(*p)[3] << 8 ) | (*p)[4]; (*p) += 5; break; @@ -153,7 +154,7 @@ int asn1_get_int( unsigned char **p, if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 ) return( ret ); - if( len > sizeof( int ) || ( **p & 0x80 ) != 0 ) + if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 ) return( POLARSSL_ERR_ASN1_INVALID_LENGTH ); *val = 0; @@ -269,8 +270,7 @@ int asn1_get_sequence_of( unsigned char **p, /* Allocate and assign next pointer */ if( *p < end ) { - cur->next = (asn1_sequence *) polarssl_malloc( - sizeof( asn1_sequence ) ); + cur->next = polarssl_malloc( sizeof( asn1_sequence ) ); if( cur->next == NULL ) return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); diff --git a/ext/polarssl-1.3/library/asn1write.c b/ext/polarssl-1.3/library/asn1write.c index 8d92888b88..bb60830e5f 100644 --- a/ext/polarssl-1.3/library/asn1write.c +++ b/ext/polarssl-1.3/library/asn1write.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,6 +30,8 @@ #include "polarssl/asn1write.h" +#include + #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else @@ -86,7 +88,7 @@ int asn1_write_raw_buffer( unsigned char **p, unsigned char *start, { size_t len = 0; - if( *p - start < (int) size ) + if( *p < start || (size_t)( *p - start ) < size ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); len = size; @@ -106,7 +108,7 @@ int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X ) // len = mpi_size( X ); - if( *p - start < (int) len ) + if( *p < start || (size_t)( *p - start ) < len ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); (*p) -= len; @@ -190,7 +192,7 @@ int asn1_write_bool( unsigned char **p, unsigned char *start, int boolean ) if( *p - start < 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = (boolean) ? 1 : 0; + *--(*p) = (boolean) ? 255 : 0; len++; ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); @@ -269,7 +271,7 @@ int asn1_write_bitstring( unsigned char **p, unsigned char *start, // Calculate byte length // - if( *p - start < (int) size + 1 ) + if( *p < start || (size_t)( *p - start ) < size + 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); len = size + 1; @@ -340,19 +342,18 @@ asn1_named_data *asn1_store_named_data( asn1_named_data **head, } else if( cur->val.len < val_len ) { - // Enlarge existing value buffer if needed - // - polarssl_free( cur->val.p ); - cur->val.p = NULL; + /* + * Enlarge existing value buffer if needed + * Preserve old data until the allocation succeeded, to leave list in + * a consistent state in case allocation fails. + */ + void *p = polarssl_malloc( val_len ); + if( p == NULL ) + return( NULL ); + polarssl_free( cur->val.p ); + cur->val.p = p; cur->val.len = val_len; - cur->val.p = polarssl_malloc( val_len ); - if( cur->val.p == NULL ) - { - polarssl_free( cur->oid.p ); - polarssl_free( cur ); - return( NULL ); - } } if( val != NULL ) diff --git a/ext/polarssl-1.3/library/base64.c b/ext/polarssl-1.3/library/base64.c index 21cd3a6ce3..ba6926083b 100644 --- a/ext/polarssl-1.3/library/base64.c +++ b/ext/polarssl-1.3/library/base64.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -37,11 +37,15 @@ typedef UINT32 uint32_t; #include #endif +#if defined(POLARSSL_SELF_TEST) +#include #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ static const unsigned char base64_enc_map[64] = { @@ -71,6 +75,8 @@ static const unsigned char base64_dec_map[128] = 49, 50, 51, 127, 127, 127, 127, 127 }; +#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ + /* * Encode a buffer into base64 format */ @@ -87,15 +93,16 @@ int base64_encode( unsigned char *dst, size_t *dlen, return( 0 ); } - n = ( slen << 3 ) / 6; + n = slen / 3 + ( slen % 3 != 0 ); - switch( ( slen << 3 ) - ( n * 6 ) ) + if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 ) { - case 2: n += 3; break; - case 4: n += 2; break; - default: break; + *dlen = BASE64_SIZE_T_MAX; + return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL ); } + n *= 4; + if( *dlen < n + 1 ) { *dlen = n + 1; @@ -186,9 +193,16 @@ int base64_decode( unsigned char *dst, size_t *dlen, } if( n == 0 ) + { + *dlen = 0; return( 0 ); + } - n = ( ( n * 6 ) + 7 ) >> 3; + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || *dlen < n ) @@ -221,9 +235,6 @@ int base64_decode( unsigned char *dst, size_t *dlen, #if defined(POLARSSL_SELF_TEST) -#include -#include - static const unsigned char base64_test_dec[64] = { 0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD, diff --git a/ext/polarssl-1.3/library/bignum.c b/ext/polarssl-1.3/library/bignum.c index 0eb95ee4eb..0a95607342 100644 --- a/ext/polarssl-1.3/library/bignum.c +++ b/ext/polarssl-1.3/library/bignum.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,12 +19,21 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ + /* - * This MPI implementation is based on: + * The following sources were referenced in the design of this Multi-precision + * Integer library: + * + * [1] Handbook of Applied Cryptography - 1997 + * Menezes, van Oorschot and Vanstone + * + * [2] Multi-Precision Math + * Tom St Denis + * https://github.com/libtom/libtommath/blob/develop/tommath.pdf + * + * [3] GNU Multi-Precision Arithmetic Library + * https://gmplib.org/manual/index.html * - * http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf - * http://www.stillhq.com/extracted/gnupg-api/mpi/ - * http://math.libtomcrypt.com/files/tommath.pdf */ #if !defined(POLARSSL_CONFIG_FILE) @@ -38,16 +47,18 @@ #include "polarssl/bignum.h" #include "polarssl/bn_mul.h" +#include + #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include +#include #define polarssl_printf printf #define polarssl_malloc malloc #define polarssl_free free #endif -#include - /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -57,11 +68,14 @@ static void polarssl_zeroize( void *v, size_t n ) { #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ +#define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ + /* * Convert between bits/chars and number of limbs + * Divide first in order to avoid potential overflows */ -#define BITS_TO_LIMBS(i) (((i) + biL - 1) / biL) -#define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL) +#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) +#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) /* * Initialize one MPI @@ -107,7 +121,7 @@ int mpi_grow( mpi *X, size_t nblimbs ) if( X->n < nblimbs ) { - if( ( p = (t_uint *) polarssl_malloc( nblimbs * ciL ) ) == NULL ) + if( ( p = polarssl_malloc( nblimbs * ciL ) ) == NULL ) return( POLARSSL_ERR_MPI_MALLOC_FAILED ); memset( p, 0, nblimbs * ciL ); @@ -147,7 +161,7 @@ int mpi_shrink( mpi *X, size_t nblimbs ) if( i < nblimbs ) i = nblimbs; - if( ( p = (t_uint *) polarssl_malloc( i * ciL ) ) == NULL ) + if( ( p = polarssl_malloc( i * ciL ) ) == NULL ) return( POLARSSL_ERR_MPI_MALLOC_FAILED ); memset( p, 0, i * ciL ); @@ -221,8 +235,8 @@ int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign ) int ret = 0; size_t i; - /* make sure assign is 0 or 1 */ - assign = ( assign != 0 ); + /* make sure assign is 0 or 1 in a time-constant manner */ + assign = (assign | (unsigned char)-assign) >> 7; MPI_CHK( mpi_grow( X, Y->n ) ); @@ -253,8 +267,8 @@ int mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char swap ) if( X == Y ) return( 0 ); - /* make sure swap is 0 or 1 */ - swap = ( swap != 0 ); + /* make sure swap is 0 or 1 in a time-constant manner */ + swap = (swap | (unsigned char)-swap) >> 7; MPI_CHK( mpi_grow( X, Y->n ) ); MPI_CHK( mpi_grow( Y, X->n ) ); @@ -347,6 +361,24 @@ size_t mpi_lsb( const mpi *X ) return( 0 ); } +/* + * Count leading zero bits in a given integer + */ +static size_t int_clz( const t_uint x ) +{ + size_t j; + t_uint mask = (t_uint) 1 << (biL - 1); + + for( j = 0; j < biL; j++ ) + { + if( x & mask ) break; + + mask >>= 1; + } + + return j; +} + /* * Return the number of most significant bits */ @@ -354,13 +386,14 @@ size_t mpi_msb( const mpi *X ) { size_t i, j; + if( X->n == 0 ) + return( 0 ); + for( i = X->n - 1; i > 0; i-- ) if( X->p[i] != 0 ) break; - for( j = biL; j > 0; j-- ) - if( ( ( X->p[i] >> ( j - 1 ) ) & 1 ) != 0 ) - break; + j = biL - int_clz( X->p[i] ); return( ( i * biL ) + j ); } @@ -409,6 +442,9 @@ int mpi_read_string( mpi *X, int radix, const char *s ) if( radix == 16 ) { + if( slen > MPI_SIZE_T_MAX >> 2 ) + return( POLARSSL_ERR_MPI_BAD_INPUT_DATA ); + n = BITS_TO_LIMBS( slen << 2 ); MPI_CHK( mpi_grow( X, n ) ); @@ -502,7 +538,12 @@ int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen ) n = mpi_msb( X ); if( radix >= 4 ) n >>= 1; if( radix >= 16 ) n >>= 1; - n += 3; + /* + * Round up the buffer length to an even value to ensure that there is + * enough room for hexadecimal values that can be represented in an odd + * number of digits. + */ + n += 3 + ( ( n + 1 ) & 1 ); if( *slen < n ) { @@ -579,11 +620,11 @@ int mpi_read_file( mpi *X, int radix, FILE *fin ) if( slen == sizeof( s ) - 2 ) return( POLARSSL_ERR_MPI_BUFFER_TOO_SMALL ); - if( s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; } - if( s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; } + if( slen > 0 && s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; } + if( slen > 0 && s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; } p = s + slen; - while( --p >= s ) + while( p-- > s ) if( mpi_get_digit( &d, radix, *p ) != 0 ) break; @@ -637,16 +678,20 @@ int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout ) int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen ) { int ret; - size_t i, j, n; + size_t i, j; + size_t const limbs = CHARS_TO_LIMBS( buflen ); - for( n = 0; n < buflen; n++ ) - if( buf[n] != 0 ) - break; + /* Ensure that target MPI has exactly the necessary number of limbs */ + if( X->n != limbs ) + { + mpi_free( X ); + mpi_init( X ); + MPI_CHK( mpi_grow( X, limbs ) ); + } - MPI_CHK( mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) ); MPI_CHK( mpi_lset( X, 0 ) ); - for( i = buflen, j = 0; i > n; i--, j++ ) + for( i = buflen, j = 0; i > 0; i--, j++ ) X->p[j / ciL] |= ((t_uint) buf[i - 1]) << ((j % ciL) << 3); cleanup: @@ -853,7 +898,7 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ) { int ret; size_t i, j; - t_uint *o, *p, c; + t_uint *o, *p, c, tmp; if( X == B ) { @@ -876,10 +921,14 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ) o = B->p; p = X->p; c = 0; + /* + * tmp is used because it might happen that p == o + */ for( i = 0; i < j; i++, o++, p++ ) { + tmp= *o; *p += c; c = ( *p < c ); - *p += *o; c += ( *p < *o ); + *p += tmp; c += ( *p < tmp ); } while( c != 0 ) @@ -894,7 +943,6 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ) } cleanup: - return( ret ); } @@ -1181,6 +1229,101 @@ int mpi_mul_int( mpi *X, const mpi *A, t_sint b ) return( mpi_mul_mpi( X, A, &_B ) ); } +/* + * Unsigned integer divide - double t_uint, dividend, u1/u0, and t_uint + * divisor, d + */ +static t_uint int_div_int( t_uint u1, t_uint u0, t_uint d, t_uint *r ) +{ +#if defined(POLARSSL_HAVE_UDBL) + t_udbl dividend, quotient; +#else + const t_uint radix = (t_uint) 1 << biH; + const t_uint uint_halfword_mask = ( (t_uint) 1 << biH ) - 1; + t_uint d0, d1, q0, q1, rAX, r0, quotient; + t_uint u0_msw, u0_lsw; + size_t s; +#endif + + /* + * Check for overflow + */ + if( 0 == d || u1 >= d ) + { + if ( r != NULL ) *r = ~0; + + return ( ~0 ); + } + +#if defined(POLARSSL_HAVE_UDBL) + dividend = (t_udbl) u1 << biL; + dividend |= (t_udbl) u0; + quotient = dividend / d; + if( quotient > ( (t_udbl) 1 << biL ) - 1 ) + quotient = ( (t_udbl) 1 << biL ) - 1; + + if( r != NULL ) + *r = (t_uint)( dividend - (quotient * d ) ); + + return (t_uint) quotient; +#else + + /* + * Algorithm D, Section 4.3.1 - The Art of Computer Programming + * Vol. 2 - Seminumerical Algorithms, Knuth + */ + + /* + * Normalize the divisor, d, and dividend, u0, u1 + */ + s = int_clz( d ); + d = d << s; + + u1 = u1 << s; + u1 |= ( u0 >> ( biL - s ) ) & ( -(t_sint)s >> ( biL - 1 ) ); + u0 = u0 << s; + + d1 = d >> biH; + d0 = d & uint_halfword_mask; + + u0_msw = u0 >> biH; + u0_lsw = u0 & uint_halfword_mask; + + /* + * Find the first quotient and remainder + */ + q1 = u1 / d1; + r0 = u1 - d1 * q1; + + while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) ) + { + q1 -= 1; + r0 += d1; + + if ( r0 >= radix ) break; + } + + rAX = ( u1 * radix ) + ( u0_msw - q1 * d ); + q0 = rAX / d1; + r0 = rAX - q0 * d1; + + while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) ) + { + q0 -= 1; + r0 += d1; + + if ( r0 >= radix ) break; + } + + if (r != NULL) + *r = ( rAX * radix + u0_lsw - q0 * d ) >> s; + + quotient = q1 * radix + q0; + + return quotient; +#endif +} + /* * Division by mpi: A = Q * B + R (HAC 14.20) */ @@ -1238,67 +1381,7 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ) Z.p[i - t - 1] = ~0; else { - /* - * The version of Clang shipped by Apple with Mavericks around - * 2014-03 can't handle 128-bit division properly. Disable - * 128-bits division for this version. Let's be optimistic and - * assume it'll be fixed in the next minor version (next - * patchlevel is probably a bit too optimistic). - */ -#if defined(POLARSSL_HAVE_UDBL) && \ - ! ( defined(__x86_64__) && defined(__APPLE__) && \ - defined(__clang_major__) && __clang_major__ == 5 && \ - defined(__clang_minor__) && __clang_minor__ == 0 ) - t_udbl r; - - r = (t_udbl) X.p[i] << biL; - r |= (t_udbl) X.p[i - 1]; - r /= Y.p[t]; - if( r > ( (t_udbl) 1 << biL ) - 1 ) - r = ( (t_udbl) 1 << biL ) - 1; - - Z.p[i - t - 1] = (t_uint) r; -#else - /* - * __udiv_qrnnd_c, from gmp/longlong.h - */ - t_uint q0, q1, r0, r1; - t_uint d0, d1, d, m; - - d = Y.p[t]; - d0 = ( d << biH ) >> biH; - d1 = ( d >> biH ); - - q1 = X.p[i] / d1; - r1 = X.p[i] - d1 * q1; - r1 <<= biH; - r1 |= ( X.p[i - 1] >> biH ); - - m = q1 * d0; - if( r1 < m ) - { - q1--, r1 += d; - while( r1 >= d && r1 < m ) - q1--, r1 += d; - } - r1 -= m; - - q0 = r1 / d1; - r0 = r1 - d1 * q0; - r0 <<= biH; - r0 |= ( X.p[i - 1] << biH ) >> biH; - - m = q0 * d0; - if( r0 < m ) - { - q0--, r0 += d; - while( r0 >= d && r0 < m ) - q0--, r0 += d; - } - r0 -= m; - - Z.p[i - t - 1] = ( q1 << biH ) | q0; -#endif /* POLARSSL_HAVE_UDBL && !64-bit Apple with Clang 5.0 */ + Z.p[i - t - 1] = int_div_int( X.p[i], X.p[i - 1], Y.p[t], NULL); } Z.p[i - t - 1]++; @@ -1709,7 +1792,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) */ mpi_montred( X, N, mm, &T ); - if( neg ) + if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 ) { X->s = -1; MPI_CHK( mpi_add_mpi( X, N, X ) ); @@ -1801,6 +1884,7 @@ int mpi_fill_random( mpi *X, size_t size, MPI_CHK( mpi_read_binary( X, buf, size ) ); cleanup: + polarssl_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -1812,7 +1896,7 @@ int mpi_inv_mod( mpi *X, const mpi *A, const mpi *N ) int ret; mpi G, TA, TU, U1, U2, TB, TV, V1, V2; - if( mpi_cmp_int( N, 0 ) <= 0 ) + if( mpi_cmp_int( N, 1 ) <= 0 ) return( POLARSSL_ERR_MPI_BAD_INPUT_DATA ); mpi_init( &TA ); mpi_init( &TU ); mpi_init( &U1 ); mpi_init( &U2 ); @@ -1966,8 +2050,8 @@ static int mpi_miller_rabin( const mpi *X, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; - size_t i, j, n, s; + int ret, count; + size_t i, j, k, n, s; mpi W, R, T, A, RR; mpi_init( &W ); mpi_init( &R ); mpi_init( &T ); mpi_init( &A ); @@ -1995,14 +2079,23 @@ static int mpi_miller_rabin( const mpi *X, /* * pick a random A, 1 < A < |X| - 1 */ - MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); - if( mpi_cmp_mpi( &A, &W ) >= 0 ) - { - j = mpi_msb( &A ) - mpi_msb( &W ); - MPI_CHK( mpi_shift_r( &A, j + 1 ) ); - } - A.p[0] |= 3; + count = 0; + do { + MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); + + j = mpi_msb( &A ); + k = mpi_msb( &W ); + if (j > k) { + MPI_CHK( mpi_shift_r( &A, j - k ) ); + } + + if (count++ > 30) { + return POLARSSL_ERR_MPI_NOT_ACCEPTABLE; + } + + } while ( (mpi_cmp_mpi( &A, &W ) >= 0) || + (mpi_cmp_int( &A, 1 ) <= 0) ); /* * A = A^R mod |X| @@ -2100,10 +2193,11 @@ int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, MPI_CHK( mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); k = mpi_msb( X ); - if( k < nbits ) MPI_CHK( mpi_shift_l( X, nbits - k ) ); - if( k > nbits ) MPI_CHK( mpi_shift_r( X, k - nbits ) ); + if( k > nbits ) MPI_CHK( mpi_shift_r( X, k - nbits + 1 ) ); - X->p[0] |= 3; + mpi_set_bit( X, nbits-1, 1 ); + + X->p[0] |= 1; if( dh_flag == 0 ) { @@ -2122,6 +2216,9 @@ int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). * Make sure it is satisfied, while keeping X = 3 mod 4 */ + + X->p[0] |= 2; + MPI_CHK( mpi_mod_int( &r, X, 3 ) ); if( r == 0 ) MPI_CHK( mpi_add_int( X, X, 8 ) ); diff --git a/ext/polarssl-1.3/library/blowfish.c b/ext/polarssl-1.3/library/blowfish.c index 4bbaaf2058..77191e7eaa 100644 --- a/ext/polarssl-1.3/library/blowfish.c +++ b/ext/polarssl-1.3/library/blowfish.c @@ -3,7 +3,7 @@ * * Copyright (C) 2012-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,6 +36,8 @@ #include "polarssl/blowfish.h" +#include + #if !defined(POLARSSL_BLOWFISH_ALT) /* Implementation that should never be optimized out by the compiler */ diff --git a/ext/polarssl-1.3/library/camellia.c b/ext/polarssl-1.3/library/camellia.c index 92f74faad5..d80f51f319 100644 --- a/ext/polarssl-1.3/library/camellia.c +++ b/ext/polarssl-1.3/library/camellia.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,11 +36,15 @@ #include "polarssl/camellia.h" +#if defined(POLARSSL_SELF_TEST) +#include #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ #if !defined(POLARSSL_CAMELLIA_ALT) @@ -452,7 +456,7 @@ int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, camellia_init( &cty ); /* Also checks keysize */ - if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) ) + if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) != 0 ) goto exit; ctx->nr = cty.nr; @@ -689,8 +693,6 @@ int camellia_crypt_ctr( camellia_context *ctx, #if defined(POLARSSL_SELF_TEST) -#include - /* * Camellia test vectors from: * diff --git a/ext/polarssl-1.3/library/ccm.c b/ext/polarssl-1.3/library/ccm.c index 8590c2970c..bc3700f092 100644 --- a/ext/polarssl-1.3/library/ccm.c +++ b/ext/polarssl-1.3/library/ccm.c @@ -3,7 +3,7 @@ * * Copyright (C) 2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -39,6 +39,17 @@ #include "polarssl/ccm.h" +#include + +#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C) +#if defined(POLARSSL_PLATFORM_C) +#include "polarssl/platform.h" +#else +#include +#define polarssl_printf printf +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */ + /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -67,6 +78,8 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher, if( cipher_info->block_size != 16 ) return( POLARSSL_ERR_CCM_BAD_INPUT ); + cipher_free( &ctx->cipher_ctx ); + if( ( ret = cipher_init_ctx( &ctx->cipher_ctx, cipher_info ) ) != 0 ) return( ret ); @@ -127,7 +140,7 @@ static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length, { int ret; unsigned char i; - unsigned char q = 16 - 1 - iv_len; + unsigned char q; size_t len_left, olen; unsigned char b[16]; unsigned char y[16]; @@ -150,6 +163,8 @@ static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length, if( add_len > 0xFF00 ) return( POLARSSL_ERR_CCM_BAD_INPUT ); + q = 16 - 1 - (unsigned char) iv_len; + /* * First block B_0: * 0 .. 0 flags @@ -241,7 +256,7 @@ static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length, while( len_left > 0 ) { - unsigned char use_len = len_left > 16 ? 16 : len_left; + size_t use_len = len_left > 16 ? 16 : len_left; if( mode == CCM_ENCRYPT ) { @@ -333,14 +348,6 @@ int ccm_auth_decrypt( ccm_context *ctx, size_t length, #if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C) - -#if defined(POLARSSL_PLATFORM_C) -#include "polarssl/platform.h" -#else -#include -#define polarssl_printf printf -#endif - /* * Examples 1 to 3 from SP800-38C Appendix C */ diff --git a/ext/polarssl-1.3/library/certs.c b/ext/polarssl-1.3/library/certs.c index 78eb43e728..95fc8cc77d 100644 --- a/ext/polarssl-1.3/library/certs.c +++ b/ext/polarssl-1.3/library/certs.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/library/cipher.c b/ext/polarssl-1.3/library/cipher.c index 2f886d987c..35c5184966 100644 --- a/ext/polarssl-1.3/library/cipher.c +++ b/ext/polarssl-1.3/library/cipher.c @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,6 +35,9 @@ #include "polarssl/cipher.h" #include "polarssl/cipher_wrap.h" +#include +#include + #if defined(POLARSSL_GCM_C) #include "polarssl/gcm.h" #endif @@ -43,8 +46,6 @@ #include "polarssl/ccm.h" #endif -#include - #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) #define POLARSSL_CIPHER_MODE_STREAM #endif @@ -164,13 +165,14 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info ) return( 0 ); } -/* Deprecated, redirects to cipher_free() */ +#if ! defined(POLARSSL_DEPRECATED_REMOVED) int cipher_free_ctx( cipher_context_t *ctx ) { cipher_free( ctx ); return( 0 ); } +#endif int cipher_setkey( cipher_context_t *ctx, const unsigned char *key, int key_length, const operation_t operation ) @@ -313,9 +315,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == POLARSSL_DECRYPT && - ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) || + ilen <= cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || ( ctx->operation == POLARSSL_ENCRYPT && - ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) ) + ilen < cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); @@ -498,14 +500,14 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len, if( NULL == input || NULL == data_len ) return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA ); - bad = 0xFF; + bad = 0x80; *data_len = 0; for( i = input_len; i > 0; i-- ) { prev_done = done; - done |= ( input[i-1] != 0 ); + done |= ( input[i - 1] != 0 ); *data_len |= ( i - 1 ) * ( done != prev_done ); - bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done ); + bad ^= input[i - 1] * ( done != prev_done ); } return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); diff --git a/ext/polarssl-1.3/library/cipher_wrap.c b/ext/polarssl-1.3/library/cipher_wrap.c index e289aa2e93..4c170bc377 100644 --- a/ext/polarssl-1.3/library/cipher_wrap.c +++ b/ext/polarssl-1.3/library/cipher_wrap.c @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -62,15 +62,18 @@ #include "polarssl/ccm.h" #endif +#if defined(POLARSSL_CIPHER_NULL_CIPHER) +#include +#endif + #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_malloc malloc #define polarssl_free free #endif -#include - #if defined(POLARSSL_GCM_C) /* shared by all GCM ciphers */ static void *gcm_ctx_alloc( void ) @@ -107,63 +110,34 @@ static int aes_crypt_ecb_wrap( void *ctx, operation_t operation, return aes_crypt_ecb( (aes_context *) ctx, operation, input, output ); } +#if defined(POLARSSL_CIPHER_MODE_CBC) static int aes_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { -#if defined(POLARSSL_CIPHER_MODE_CBC) return aes_crypt_cbc( (aes_context *) ctx, operation, length, iv, input, output ); -#else - ((void) ctx); - ((void) operation); - ((void) length); - ((void) iv); - ((void) input); - ((void) output); - - return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_CIPHER_MODE_CBC */ } +#endif /* POLARSSL_CIPHER_MODE_CBC */ +#if defined(POLARSSL_CIPHER_MODE_CFB) static int aes_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output ) { -#if defined(POLARSSL_CIPHER_MODE_CFB) return aes_crypt_cfb128( (aes_context *) ctx, operation, length, iv_off, iv, input, output ); -#else - ((void) ctx); - ((void) operation); - ((void) length); - ((void) iv_off); - ((void) iv); - ((void) input); - ((void) output); - - return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_CIPHER_MODE_CFB */ } +#endif /* POLARSSL_CIPHER_MODE_CFB */ +#if defined(POLARSSL_CIPHER_MODE_CTR) static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block, const unsigned char *input, unsigned char *output ) { -#if defined(POLARSSL_CIPHER_MODE_CTR) return aes_crypt_ctr( (aes_context *) ctx, length, nc_off, nonce_counter, stream_block, input, output ); -#else - ((void) ctx); - ((void) length); - ((void) nc_off); - ((void) nonce_counter); - ((void) stream_block); - ((void) input); - ((void) output); - - return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_CIPHER_MODE_CTR */ } +#endif /* POLARSSL_CIPHER_MODE_CTR */ static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length ) @@ -179,7 +153,7 @@ static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key, static void * aes_ctx_alloc( void ) { - aes_context *aes = (aes_context *) polarssl_malloc( sizeof( aes_context ) ); + aes_context *aes = polarssl_malloc( sizeof( aes_context ) ); if( aes == NULL ) return( NULL ); @@ -195,20 +169,28 @@ static void aes_ctx_free( void *ctx ) polarssl_free( ctx ); } -const cipher_base_t aes_info = { +static const cipher_base_t aes_info = { POLARSSL_CIPHER_ID_AES, aes_crypt_ecb_wrap, +#if defined(POLARSSL_CIPHER_MODE_CBC) aes_crypt_cbc_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) aes_crypt_cfb128_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) aes_crypt_ctr_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) NULL, +#endif aes_setkey_enc_wrap, aes_setkey_dec_wrap, aes_ctx_alloc, aes_ctx_free }; -const cipher_info_t aes_128_ecb_info = { +static const cipher_info_t aes_128_ecb_info = { POLARSSL_CIPHER_AES_128_ECB, POLARSSL_MODE_ECB, 128, @@ -219,7 +201,7 @@ const cipher_info_t aes_128_ecb_info = { &aes_info }; -const cipher_info_t aes_192_ecb_info = { +static const cipher_info_t aes_192_ecb_info = { POLARSSL_CIPHER_AES_192_ECB, POLARSSL_MODE_ECB, 192, @@ -230,7 +212,7 @@ const cipher_info_t aes_192_ecb_info = { &aes_info }; -const cipher_info_t aes_256_ecb_info = { +static const cipher_info_t aes_256_ecb_info = { POLARSSL_CIPHER_AES_256_ECB, POLARSSL_MODE_ECB, 256, @@ -242,7 +224,7 @@ const cipher_info_t aes_256_ecb_info = { }; #if defined(POLARSSL_CIPHER_MODE_CBC) -const cipher_info_t aes_128_cbc_info = { +static const cipher_info_t aes_128_cbc_info = { POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MODE_CBC, 128, @@ -253,7 +235,7 @@ const cipher_info_t aes_128_cbc_info = { &aes_info }; -const cipher_info_t aes_192_cbc_info = { +static const cipher_info_t aes_192_cbc_info = { POLARSSL_CIPHER_AES_192_CBC, POLARSSL_MODE_CBC, 192, @@ -264,7 +246,7 @@ const cipher_info_t aes_192_cbc_info = { &aes_info }; -const cipher_info_t aes_256_cbc_info = { +static const cipher_info_t aes_256_cbc_info = { POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MODE_CBC, 256, @@ -277,7 +259,7 @@ const cipher_info_t aes_256_cbc_info = { #endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_CIPHER_MODE_CFB) -const cipher_info_t aes_128_cfb128_info = { +static const cipher_info_t aes_128_cfb128_info = { POLARSSL_CIPHER_AES_128_CFB128, POLARSSL_MODE_CFB, 128, @@ -288,7 +270,7 @@ const cipher_info_t aes_128_cfb128_info = { &aes_info }; -const cipher_info_t aes_192_cfb128_info = { +static const cipher_info_t aes_192_cfb128_info = { POLARSSL_CIPHER_AES_192_CFB128, POLARSSL_MODE_CFB, 192, @@ -299,7 +281,7 @@ const cipher_info_t aes_192_cfb128_info = { &aes_info }; -const cipher_info_t aes_256_cfb128_info = { +static const cipher_info_t aes_256_cfb128_info = { POLARSSL_CIPHER_AES_256_CFB128, POLARSSL_MODE_CFB, 256, @@ -312,7 +294,7 @@ const cipher_info_t aes_256_cfb128_info = { #endif /* POLARSSL_CIPHER_MODE_CFB */ #if defined(POLARSSL_CIPHER_MODE_CTR) -const cipher_info_t aes_128_ctr_info = { +static const cipher_info_t aes_128_ctr_info = { POLARSSL_CIPHER_AES_128_CTR, POLARSSL_MODE_CTR, 128, @@ -323,7 +305,7 @@ const cipher_info_t aes_128_ctr_info = { &aes_info }; -const cipher_info_t aes_192_ctr_info = { +static const cipher_info_t aes_192_ctr_info = { POLARSSL_CIPHER_AES_192_CTR, POLARSSL_MODE_CTR, 192, @@ -334,7 +316,7 @@ const cipher_info_t aes_192_ctr_info = { &aes_info }; -const cipher_info_t aes_256_ctr_info = { +static const cipher_info_t aes_256_ctr_info = { POLARSSL_CIPHER_AES_256_CTR, POLARSSL_MODE_CTR, 256, @@ -354,20 +336,28 @@ static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key, key, key_length ); } -const cipher_base_t gcm_aes_info = { +static const cipher_base_t gcm_aes_info = { POLARSSL_CIPHER_ID_AES, NULL, +#if defined(POLARSSL_CIPHER_MODE_CBC) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) NULL, +#endif gcm_aes_setkey_wrap, gcm_aes_setkey_wrap, gcm_ctx_alloc, gcm_ctx_free, }; -const cipher_info_t aes_128_gcm_info = { +static const cipher_info_t aes_128_gcm_info = { POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MODE_GCM, 128, @@ -378,7 +368,7 @@ const cipher_info_t aes_128_gcm_info = { &gcm_aes_info }; -const cipher_info_t aes_192_gcm_info = { +static const cipher_info_t aes_192_gcm_info = { POLARSSL_CIPHER_AES_192_GCM, POLARSSL_MODE_GCM, 192, @@ -389,7 +379,7 @@ const cipher_info_t aes_192_gcm_info = { &gcm_aes_info }; -const cipher_info_t aes_256_gcm_info = { +static const cipher_info_t aes_256_gcm_info = { POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MODE_GCM, 256, @@ -409,20 +399,28 @@ static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key, key, key_length ); } -const cipher_base_t ccm_aes_info = { +static const cipher_base_t ccm_aes_info = { POLARSSL_CIPHER_ID_AES, NULL, +#if defined(POLARSSL_CIPHER_MODE_CBC) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) NULL, +#endif ccm_aes_setkey_wrap, ccm_aes_setkey_wrap, ccm_ctx_alloc, ccm_ctx_free, }; -const cipher_info_t aes_128_ccm_info = { +static const cipher_info_t aes_128_ccm_info = { POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MODE_CCM, 128, @@ -433,7 +431,7 @@ const cipher_info_t aes_128_ccm_info = { &ccm_aes_info }; -const cipher_info_t aes_192_ccm_info = { +static const cipher_info_t aes_192_ccm_info = { POLARSSL_CIPHER_AES_192_CCM, POLARSSL_MODE_CCM, 192, @@ -444,7 +442,7 @@ const cipher_info_t aes_192_ccm_info = { &ccm_aes_info }; -const cipher_info_t aes_256_ccm_info = { +static const cipher_info_t aes_256_ccm_info = { POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MODE_CCM, 256, @@ -467,64 +465,35 @@ static int camellia_crypt_ecb_wrap( void *ctx, operation_t operation, output ); } +#if defined(POLARSSL_CIPHER_MODE_CBC) static int camellia_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { -#if defined(POLARSSL_CIPHER_MODE_CBC) return camellia_crypt_cbc( (camellia_context *) ctx, operation, length, iv, input, output ); -#else - ((void) ctx); - ((void) operation); - ((void) length); - ((void) iv); - ((void) input); - ((void) output); - - return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_CIPHER_MODE_CBC */ } +#endif /* POLARSSL_CIPHER_MODE_CBC */ +#if defined(POLARSSL_CIPHER_MODE_CFB) static int camellia_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output ) { -#if defined(POLARSSL_CIPHER_MODE_CFB) return camellia_crypt_cfb128( (camellia_context *) ctx, operation, length, iv_off, iv, input, output ); -#else - ((void) ctx); - ((void) operation); - ((void) length); - ((void) iv_off); - ((void) iv); - ((void) input); - ((void) output); - - return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_CIPHER_MODE_CFB */ } +#endif /* POLARSSL_CIPHER_MODE_CFB */ +#if defined(POLARSSL_CIPHER_MODE_CTR) static int camellia_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block, const unsigned char *input, unsigned char *output ) { -#if defined(POLARSSL_CIPHER_MODE_CTR) return camellia_crypt_ctr( (camellia_context *) ctx, length, nc_off, nonce_counter, stream_block, input, output ); -#else - ((void) ctx); - ((void) length); - ((void) nc_off); - ((void) nonce_counter); - ((void) stream_block); - ((void) input); - ((void) output); - - return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_CIPHER_MODE_CTR */ } +#endif /* POLARSSL_CIPHER_MODE_CTR */ static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length ) @@ -541,7 +510,7 @@ static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key, static void * camellia_ctx_alloc( void ) { camellia_context *ctx; - ctx = (camellia_context *) polarssl_malloc( sizeof( camellia_context ) ); + ctx = polarssl_malloc( sizeof( camellia_context ) ); if( ctx == NULL ) return( NULL ); @@ -557,20 +526,28 @@ static void camellia_ctx_free( void *ctx ) polarssl_free( ctx ); } -const cipher_base_t camellia_info = { +static const cipher_base_t camellia_info = { POLARSSL_CIPHER_ID_CAMELLIA, camellia_crypt_ecb_wrap, +#if defined(POLARSSL_CIPHER_MODE_CBC) camellia_crypt_cbc_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) camellia_crypt_cfb128_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) camellia_crypt_ctr_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) NULL, +#endif camellia_setkey_enc_wrap, camellia_setkey_dec_wrap, camellia_ctx_alloc, camellia_ctx_free }; -const cipher_info_t camellia_128_ecb_info = { +static const cipher_info_t camellia_128_ecb_info = { POLARSSL_CIPHER_CAMELLIA_128_ECB, POLARSSL_MODE_ECB, 128, @@ -581,7 +558,7 @@ const cipher_info_t camellia_128_ecb_info = { &camellia_info }; -const cipher_info_t camellia_192_ecb_info = { +static const cipher_info_t camellia_192_ecb_info = { POLARSSL_CIPHER_CAMELLIA_192_ECB, POLARSSL_MODE_ECB, 192, @@ -592,7 +569,7 @@ const cipher_info_t camellia_192_ecb_info = { &camellia_info }; -const cipher_info_t camellia_256_ecb_info = { +static const cipher_info_t camellia_256_ecb_info = { POLARSSL_CIPHER_CAMELLIA_256_ECB, POLARSSL_MODE_ECB, 256, @@ -604,7 +581,7 @@ const cipher_info_t camellia_256_ecb_info = { }; #if defined(POLARSSL_CIPHER_MODE_CBC) -const cipher_info_t camellia_128_cbc_info = { +static const cipher_info_t camellia_128_cbc_info = { POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MODE_CBC, 128, @@ -615,7 +592,7 @@ const cipher_info_t camellia_128_cbc_info = { &camellia_info }; -const cipher_info_t camellia_192_cbc_info = { +static const cipher_info_t camellia_192_cbc_info = { POLARSSL_CIPHER_CAMELLIA_192_CBC, POLARSSL_MODE_CBC, 192, @@ -626,7 +603,7 @@ const cipher_info_t camellia_192_cbc_info = { &camellia_info }; -const cipher_info_t camellia_256_cbc_info = { +static const cipher_info_t camellia_256_cbc_info = { POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MODE_CBC, 256, @@ -639,7 +616,7 @@ const cipher_info_t camellia_256_cbc_info = { #endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_CIPHER_MODE_CFB) -const cipher_info_t camellia_128_cfb128_info = { +static const cipher_info_t camellia_128_cfb128_info = { POLARSSL_CIPHER_CAMELLIA_128_CFB128, POLARSSL_MODE_CFB, 128, @@ -650,7 +627,7 @@ const cipher_info_t camellia_128_cfb128_info = { &camellia_info }; -const cipher_info_t camellia_192_cfb128_info = { +static const cipher_info_t camellia_192_cfb128_info = { POLARSSL_CIPHER_CAMELLIA_192_CFB128, POLARSSL_MODE_CFB, 192, @@ -661,7 +638,7 @@ const cipher_info_t camellia_192_cfb128_info = { &camellia_info }; -const cipher_info_t camellia_256_cfb128_info = { +static const cipher_info_t camellia_256_cfb128_info = { POLARSSL_CIPHER_CAMELLIA_256_CFB128, POLARSSL_MODE_CFB, 256, @@ -674,7 +651,7 @@ const cipher_info_t camellia_256_cfb128_info = { #endif /* POLARSSL_CIPHER_MODE_CFB */ #if defined(POLARSSL_CIPHER_MODE_CTR) -const cipher_info_t camellia_128_ctr_info = { +static const cipher_info_t camellia_128_ctr_info = { POLARSSL_CIPHER_CAMELLIA_128_CTR, POLARSSL_MODE_CTR, 128, @@ -685,7 +662,7 @@ const cipher_info_t camellia_128_ctr_info = { &camellia_info }; -const cipher_info_t camellia_192_ctr_info = { +static const cipher_info_t camellia_192_ctr_info = { POLARSSL_CIPHER_CAMELLIA_192_CTR, POLARSSL_MODE_CTR, 192, @@ -696,7 +673,7 @@ const cipher_info_t camellia_192_ctr_info = { &camellia_info }; -const cipher_info_t camellia_256_ctr_info = { +static const cipher_info_t camellia_256_ctr_info = { POLARSSL_CIPHER_CAMELLIA_256_CTR, POLARSSL_MODE_CTR, 256, @@ -716,20 +693,28 @@ static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key, key, key_length ); } -const cipher_base_t gcm_camellia_info = { +static const cipher_base_t gcm_camellia_info = { POLARSSL_CIPHER_ID_CAMELLIA, NULL, +#if defined(POLARSSL_CIPHER_MODE_CBC) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) NULL, +#endif gcm_camellia_setkey_wrap, gcm_camellia_setkey_wrap, gcm_ctx_alloc, gcm_ctx_free, }; -const cipher_info_t camellia_128_gcm_info = { +static const cipher_info_t camellia_128_gcm_info = { POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MODE_GCM, 128, @@ -740,7 +725,7 @@ const cipher_info_t camellia_128_gcm_info = { &gcm_camellia_info }; -const cipher_info_t camellia_192_gcm_info = { +static const cipher_info_t camellia_192_gcm_info = { POLARSSL_CIPHER_CAMELLIA_192_GCM, POLARSSL_MODE_GCM, 192, @@ -751,7 +736,7 @@ const cipher_info_t camellia_192_gcm_info = { &gcm_camellia_info }; -const cipher_info_t camellia_256_gcm_info = { +static const cipher_info_t camellia_256_gcm_info = { POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MODE_GCM, 256, @@ -771,20 +756,28 @@ static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key, key, key_length ); } -const cipher_base_t ccm_camellia_info = { +static const cipher_base_t ccm_camellia_info = { POLARSSL_CIPHER_ID_CAMELLIA, NULL, +#if defined(POLARSSL_CIPHER_MODE_CBC) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) NULL, +#endif ccm_camellia_setkey_wrap, ccm_camellia_setkey_wrap, ccm_ctx_alloc, ccm_ctx_free, }; -const cipher_info_t camellia_128_ccm_info = { +static const cipher_info_t camellia_128_ccm_info = { POLARSSL_CIPHER_CAMELLIA_128_CCM, POLARSSL_MODE_CCM, 128, @@ -795,7 +788,7 @@ const cipher_info_t camellia_128_ccm_info = { &ccm_camellia_info }; -const cipher_info_t camellia_192_ccm_info = { +static const cipher_info_t camellia_192_ccm_info = { POLARSSL_CIPHER_CAMELLIA_192_CCM, POLARSSL_MODE_CCM, 192, @@ -806,7 +799,7 @@ const cipher_info_t camellia_192_ccm_info = { &ccm_camellia_info }; -const cipher_info_t camellia_256_ccm_info = { +static const cipher_info_t camellia_256_ccm_info = { POLARSSL_CIPHER_CAMELLIA_256_CCM, POLARSSL_MODE_CCM, 256, @@ -836,41 +829,23 @@ static int des3_crypt_ecb_wrap( void *ctx, operation_t operation, return des3_crypt_ecb( (des3_context *) ctx, input, output ); } +#if defined(POLARSSL_CIPHER_MODE_CBC) static int des_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { -#if defined(POLARSSL_CIPHER_MODE_CBC) return des_crypt_cbc( (des_context *) ctx, operation, length, iv, input, output ); -#else - ((void) ctx); - ((void) operation); - ((void) length); - ((void) iv); - ((void) input); - ((void) output); - - return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_CIPHER_MODE_CBC */ } +#endif /* POLARSSL_CIPHER_MODE_CBC */ +#if defined(POLARSSL_CIPHER_MODE_CBC) static int des3_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { -#if defined(POLARSSL_CIPHER_MODE_CBC) return des3_crypt_cbc( (des3_context *) ctx, operation, length, iv, input, output ); -#else - ((void) ctx); - ((void) operation); - ((void) length); - ((void) iv); - ((void) input); - ((void) output); - - return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_CIPHER_MODE_CBC */ } +#endif /* POLARSSL_CIPHER_MODE_CBC */ static int des_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length ) @@ -922,7 +897,7 @@ static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key, static void * des_ctx_alloc( void ) { - des_context *des = (des_context *) polarssl_malloc( sizeof( des_context ) ); + des_context *des = polarssl_malloc( sizeof( des_context ) ); if( des == NULL ) return( NULL ); @@ -941,7 +916,7 @@ static void des_ctx_free( void *ctx ) static void * des3_ctx_alloc( void ) { des3_context *des3; - des3 = (des3_context *) polarssl_malloc( sizeof( des3_context ) ); + des3 = polarssl_malloc( sizeof( des3_context ) ); if( des3 == NULL ) return( NULL ); @@ -957,20 +932,28 @@ static void des3_ctx_free( void *ctx ) polarssl_free( ctx ); } -const cipher_base_t des_info = { +static const cipher_base_t des_info = { POLARSSL_CIPHER_ID_DES, des_crypt_ecb_wrap, +#if defined(POLARSSL_CIPHER_MODE_CBC) des_crypt_cbc_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) NULL, +#endif des_setkey_enc_wrap, des_setkey_dec_wrap, des_ctx_alloc, des_ctx_free }; -const cipher_info_t des_ecb_info = { +static const cipher_info_t des_ecb_info = { POLARSSL_CIPHER_DES_ECB, POLARSSL_MODE_ECB, POLARSSL_KEY_LENGTH_DES, @@ -982,7 +965,7 @@ const cipher_info_t des_ecb_info = { }; #if defined(POLARSSL_CIPHER_MODE_CBC) -const cipher_info_t des_cbc_info = { +static const cipher_info_t des_cbc_info = { POLARSSL_CIPHER_DES_CBC, POLARSSL_MODE_CBC, POLARSSL_KEY_LENGTH_DES, @@ -994,20 +977,28 @@ const cipher_info_t des_cbc_info = { }; #endif /* POLARSSL_CIPHER_MODE_CBC */ -const cipher_base_t des_ede_info = { +static const cipher_base_t des_ede_info = { POLARSSL_CIPHER_ID_DES, des3_crypt_ecb_wrap, +#if defined(POLARSSL_CIPHER_MODE_CBC) des3_crypt_cbc_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) NULL, +#endif des3_set2key_enc_wrap, des3_set2key_dec_wrap, des3_ctx_alloc, des3_ctx_free }; -const cipher_info_t des_ede_ecb_info = { +static const cipher_info_t des_ede_ecb_info = { POLARSSL_CIPHER_DES_EDE_ECB, POLARSSL_MODE_ECB, POLARSSL_KEY_LENGTH_DES_EDE, @@ -1019,7 +1010,7 @@ const cipher_info_t des_ede_ecb_info = { }; #if defined(POLARSSL_CIPHER_MODE_CBC) -const cipher_info_t des_ede_cbc_info = { +static const cipher_info_t des_ede_cbc_info = { POLARSSL_CIPHER_DES_EDE_CBC, POLARSSL_MODE_CBC, POLARSSL_KEY_LENGTH_DES_EDE, @@ -1031,20 +1022,28 @@ const cipher_info_t des_ede_cbc_info = { }; #endif /* POLARSSL_CIPHER_MODE_CBC */ -const cipher_base_t des_ede3_info = { +static const cipher_base_t des_ede3_info = { POLARSSL_CIPHER_ID_DES, des3_crypt_ecb_wrap, +#if defined(POLARSSL_CIPHER_MODE_CBC) des3_crypt_cbc_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) NULL, +#endif des3_set3key_enc_wrap, des3_set3key_dec_wrap, des3_ctx_alloc, des3_ctx_free }; -const cipher_info_t des_ede3_ecb_info = { +static const cipher_info_t des_ede3_ecb_info = { POLARSSL_CIPHER_DES_EDE3_ECB, POLARSSL_MODE_ECB, POLARSSL_KEY_LENGTH_DES_EDE3, @@ -1055,7 +1054,7 @@ const cipher_info_t des_ede3_ecb_info = { &des_ede3_info }; #if defined(POLARSSL_CIPHER_MODE_CBC) -const cipher_info_t des_ede3_cbc_info = { +static const cipher_info_t des_ede3_cbc_info = { POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MODE_CBC, POLARSSL_KEY_LENGTH_DES_EDE3, @@ -1077,64 +1076,35 @@ static int blowfish_crypt_ecb_wrap( void *ctx, operation_t operation, output ); } +#if defined(POLARSSL_CIPHER_MODE_CBC) static int blowfish_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { -#if defined(POLARSSL_CIPHER_MODE_CBC) return blowfish_crypt_cbc( (blowfish_context *) ctx, operation, length, iv, input, output ); -#else - ((void) ctx); - ((void) operation); - ((void) length); - ((void) iv); - ((void) input); - ((void) output); - - return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_CIPHER_MODE_CBC */ } +#endif /* POLARSSL_CIPHER_MODE_CBC */ +#if defined(POLARSSL_CIPHER_MODE_CFB) static int blowfish_crypt_cfb64_wrap( void *ctx, operation_t operation, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output ) { -#if defined(POLARSSL_CIPHER_MODE_CFB) return blowfish_crypt_cfb64( (blowfish_context *) ctx, operation, length, iv_off, iv, input, output ); -#else - ((void) ctx); - ((void) operation); - ((void) length); - ((void) iv_off); - ((void) iv); - ((void) input); - ((void) output); - - return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_CIPHER_MODE_CFB */ } +#endif /* POLARSSL_CIPHER_MODE_CFB */ +#if defined(POLARSSL_CIPHER_MODE_CTR) static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block, const unsigned char *input, unsigned char *output ) { -#if defined(POLARSSL_CIPHER_MODE_CTR) return blowfish_crypt_ctr( (blowfish_context *) ctx, length, nc_off, nonce_counter, stream_block, input, output ); -#else - ((void) ctx); - ((void) length); - ((void) nc_off); - ((void) nonce_counter); - ((void) stream_block); - ((void) input); - ((void) output); - - return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_CIPHER_MODE_CTR */ } +#endif /* POLARSSL_CIPHER_MODE_CTR */ static int blowfish_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length ) @@ -1145,7 +1115,7 @@ static int blowfish_setkey_wrap( void *ctx, const unsigned char *key, static void * blowfish_ctx_alloc( void ) { blowfish_context *ctx; - ctx = (blowfish_context *) polarssl_malloc( sizeof( blowfish_context ) ); + ctx = polarssl_malloc( sizeof( blowfish_context ) ); if( ctx == NULL ) return( NULL ); @@ -1161,20 +1131,28 @@ static void blowfish_ctx_free( void *ctx ) polarssl_free( ctx ); } -const cipher_base_t blowfish_info = { +static const cipher_base_t blowfish_info = { POLARSSL_CIPHER_ID_BLOWFISH, blowfish_crypt_ecb_wrap, +#if defined(POLARSSL_CIPHER_MODE_CBC) blowfish_crypt_cbc_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) blowfish_crypt_cfb64_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) blowfish_crypt_ctr_wrap, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) NULL, +#endif blowfish_setkey_wrap, blowfish_setkey_wrap, blowfish_ctx_alloc, blowfish_ctx_free }; -const cipher_info_t blowfish_ecb_info = { +static const cipher_info_t blowfish_ecb_info = { POLARSSL_CIPHER_BLOWFISH_ECB, POLARSSL_MODE_ECB, 128, @@ -1186,7 +1164,7 @@ const cipher_info_t blowfish_ecb_info = { }; #if defined(POLARSSL_CIPHER_MODE_CBC) -const cipher_info_t blowfish_cbc_info = { +static const cipher_info_t blowfish_cbc_info = { POLARSSL_CIPHER_BLOWFISH_CBC, POLARSSL_MODE_CBC, 128, @@ -1199,7 +1177,7 @@ const cipher_info_t blowfish_cbc_info = { #endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_CIPHER_MODE_CFB) -const cipher_info_t blowfish_cfb64_info = { +static const cipher_info_t blowfish_cfb64_info = { POLARSSL_CIPHER_BLOWFISH_CFB64, POLARSSL_MODE_CFB, 128, @@ -1212,7 +1190,7 @@ const cipher_info_t blowfish_cfb64_info = { #endif /* POLARSSL_CIPHER_MODE_CFB */ #if defined(POLARSSL_CIPHER_MODE_CTR) -const cipher_info_t blowfish_ctr_info = { +static const cipher_info_t blowfish_ctr_info = { POLARSSL_CIPHER_BLOWFISH_CTR, POLARSSL_MODE_CTR, 128, @@ -1247,7 +1225,7 @@ static int arc4_setkey_wrap( void *ctx, const unsigned char *key, static void * arc4_ctx_alloc( void ) { arc4_context *ctx; - ctx = (arc4_context *) polarssl_malloc( sizeof( arc4_context ) ); + ctx = polarssl_malloc( sizeof( arc4_context ) ); if( ctx == NULL ) return( NULL ); @@ -1263,20 +1241,28 @@ static void arc4_ctx_free( void *ctx ) polarssl_free( ctx ); } -const cipher_base_t arc4_base_info = { +static const cipher_base_t arc4_base_info = { POLARSSL_CIPHER_ID_ARC4, NULL, +#if defined(POLARSSL_CIPHER_MODE_CBC) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) arc4_crypt_stream_wrap, +#endif arc4_setkey_wrap, arc4_setkey_wrap, arc4_ctx_alloc, arc4_ctx_free }; -const cipher_info_t arc4_128_info = { +static const cipher_info_t arc4_128_info = { POLARSSL_CIPHER_ARC4_128, POLARSSL_MODE_STREAM, 128, @@ -1318,20 +1304,28 @@ static void null_ctx_free( void *ctx ) ((void) ctx); } -const cipher_base_t null_base_info = { +static const cipher_base_t null_base_info = { POLARSSL_CIPHER_ID_NULL, NULL, +#if defined(POLARSSL_CIPHER_MODE_CBC) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CFB) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) NULL, +#endif +#if defined(POLARSSL_CIPHER_MODE_STREAM) null_crypt_stream, +#endif null_setkey, null_setkey, null_ctx_alloc, null_ctx_free }; -const cipher_info_t null_cipher_info = { +static const cipher_info_t null_cipher_info = { POLARSSL_CIPHER_NULL, POLARSSL_MODE_STREAM, 0, @@ -1439,7 +1433,7 @@ const cipher_definition_t cipher_definitions[] = { POLARSSL_CIPHER_NULL, &null_cipher_info }, #endif /* POLARSSL_CIPHER_NULL_CIPHER */ - { 0, NULL } + { POLARSSL_CIPHER_NONE, NULL } }; #define NUM_CIPHERS sizeof cipher_definitions / sizeof cipher_definitions[0] diff --git a/ext/polarssl-1.3/library/ctr_drbg.c b/ext/polarssl-1.3/library/ctr_drbg.c index 5e6384809c..f66064ff4f 100644 --- a/ext/polarssl-1.3/library/ctr_drbg.c +++ b/ext/polarssl-1.3/library/ctr_drbg.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,15 +35,20 @@ #include "polarssl/ctr_drbg.h" +#include + #if defined(POLARSSL_FS_IO) #include #endif +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { @@ -272,7 +277,8 @@ int ctr_drbg_reseed( ctr_drbg_context *ctx, unsigned char seed[CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > CTR_DRBG_MAX_SEED_INPUT || + len > CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT ); @@ -396,20 +402,20 @@ int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path ) goto exit; if( fwrite( buf, 1, CTR_DRBG_MAX_INPUT, f ) != CTR_DRBG_MAX_INPUT ) - { ret = POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR; - goto exit; - } - - ret = 0; + else + ret = 0; exit: + polarssl_zeroize( buf, sizeof( buf ) ); + fclose( f ); return( ret ); } int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path ) { + int ret = 0; FILE *f; size_t n; unsigned char buf[ CTR_DRBG_MAX_INPUT ]; @@ -428,14 +434,16 @@ int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path ) } if( fread( buf, 1, n, f ) != n ) - { - fclose( f ); - return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR ); - } + ret = POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR; + else + ctr_drbg_update( ctx, buf, n ); fclose( f ); - ctr_drbg_update( ctx, buf, n ); + polarssl_zeroize( buf, sizeof( buf ) ); + + if( ret != 0 ) + return( ret ); return( ctr_drbg_write_seed_file( ctx, path ) ); } @@ -443,9 +451,7 @@ int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path ) #if defined(POLARSSL_SELF_TEST) -#include - -static unsigned char entropy_source_pr[96] = +static const unsigned char entropy_source_pr[96] = { 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16, 0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02, 0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b, @@ -459,7 +465,7 @@ static unsigned char entropy_source_pr[96] = 0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56, 0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 }; -static unsigned char entropy_source_nopr[64] = +static const unsigned char entropy_source_nopr[64] = { 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14, 0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe, 0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d, @@ -518,7 +524,7 @@ int ctr_drbg_self_test( int verbose ) test_offset = 0; CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, - entropy_source_pr, nonce_pers_pr, 16, 32 ) ); + (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) ); ctr_drbg_set_prediction_resistance( &ctx, CTR_DRBG_PR_ON ); CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) ); CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) ); @@ -535,7 +541,7 @@ int ctr_drbg_self_test( int verbose ) test_offset = 0; CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, - entropy_source_nopr, nonce_pers_nopr, 16, 32 ) ); + (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) ); CHK( ctr_drbg_random( &ctx, buf, 16 ) ); CHK( ctr_drbg_reseed( &ctx, NULL, 0 ) ); CHK( ctr_drbg_random( &ctx, buf, 16 ) ); diff --git a/ext/polarssl-1.3/library/debug.c b/ext/polarssl-1.3/library/debug.c index 24c5e7040d..9adcf07bef 100644 --- a/ext/polarssl-1.3/library/debug.c +++ b/ext/polarssl-1.3/library/debug.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,8 +31,8 @@ #include "polarssl/debug.h" #include -#include #include +#include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #if !defined snprintf @@ -44,6 +44,16 @@ #endif #endif /* _MSC_VER */ +#if defined(POLARSSL_PLATFORM_C) +#include "polarssl/platform.h" +#else +#define polarssl_snprintf snprintf +#define polarssl_malloc malloc +#define polarssl_free free +#endif + +#define DEBUG_BUF_SIZE 512 + static int debug_log_mode = POLARSSL_DEBUG_DFL_MODE; static int debug_threshold = 0; @@ -60,17 +70,34 @@ void debug_set_threshold( int threshold ) char *debug_fmt( const char *format, ... ) { va_list argp; - static char str[512]; - int maxlen = sizeof( str ) - 1; +#if defined(POLARSSL_THREADING_C) + char *str = polarssl_malloc( DEBUG_BUF_SIZE ); + + if( str == NULL ) + return( NULL ); +#else + static char str[DEBUG_BUF_SIZE]; +#endif va_start( argp, format ); - vsnprintf( str, maxlen, format, argp ); + vsnprintf( str, DEBUG_BUF_SIZE - 1, format, argp ); va_end( argp ); - str[maxlen] = '\0'; + str[DEBUG_BUF_SIZE - 1] = '\0'; return( str ); } +void debug_print_msg_free( const ssl_context *ssl, int level, + const char *file, int line, char *text ) +{ + if( text != NULL ) + debug_print_msg( ssl, level, file, line, text ); + +#if defined(POLARSSL_THREADING_C) + polarssl_free( text ); +#endif +} + void debug_print_msg( const ssl_context *ssl, int level, const char *file, int line, const char *text ) { @@ -86,7 +113,7 @@ void debug_print_msg( const ssl_context *ssl, int level, return; } - snprintf( str, maxlen, "%s(%04d): %s\n", file, line, text ); + polarssl_snprintf( str, maxlen, "%s(%04d): %s\n", file, line, text ); str[maxlen] = '\0'; ssl->f_dbg( ssl->p_dbg, level, str ); } @@ -103,9 +130,9 @@ void debug_print_ret( const ssl_context *ssl, int level, return; if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL ) - idx = snprintf( str, maxlen, "%s(%04d): ", file, line ); + idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line ); - snprintf( str + idx, maxlen - idx, "%s() returned %d (-0x%04x)\n", + polarssl_snprintf( str + idx, maxlen - idx, "%s() returned %d (-0x%04x)\n", text, ret, -ret ); str[maxlen] = '\0'; @@ -124,9 +151,9 @@ void debug_print_buf( const ssl_context *ssl, int level, return; if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL ) - idx = snprintf( str, maxlen, "%s(%04d): ", file, line ); + idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line ); - snprintf( str + idx, maxlen - idx, "dumping '%s' (%u bytes)\n", + polarssl_snprintf( str + idx, maxlen - idx, "dumping '%s' (%u bytes)\n", text, (unsigned int) len ); str[maxlen] = '\0'; @@ -143,7 +170,7 @@ void debug_print_buf( const ssl_context *ssl, int level, { if( i > 0 ) { - snprintf( str + idx, maxlen - idx, " %s\n", txt ); + polarssl_snprintf( str + idx, maxlen - idx, " %s\n", txt ); ssl->f_dbg( ssl->p_dbg, level, str ); idx = 0; @@ -151,14 +178,14 @@ void debug_print_buf( const ssl_context *ssl, int level, } if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL ) - idx = snprintf( str, maxlen, "%s(%04d): ", file, line ); + idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line ); - idx += snprintf( str + idx, maxlen - idx, "%04x: ", + idx += polarssl_snprintf( str + idx, maxlen - idx, "%04x: ", (unsigned int) i ); } - idx += snprintf( str + idx, maxlen - idx, " %02x", + idx += polarssl_snprintf( str + idx, maxlen - idx, " %02x", (unsigned int) buf[i] ); txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ; } @@ -166,9 +193,9 @@ void debug_print_buf( const ssl_context *ssl, int level, if( len > 0 ) { for( /* i = i */; i % 16 != 0; i++ ) - idx += snprintf( str + idx, maxlen - idx, " " ); + idx += polarssl_snprintf( str + idx, maxlen - idx, " " ); - snprintf( str + idx, maxlen - idx, " %s\n", txt ); + polarssl_snprintf( str + idx, maxlen - idx, " %s\n", txt ); ssl->f_dbg( ssl->p_dbg, level, str ); } } @@ -184,11 +211,11 @@ void debug_print_ecp( const ssl_context *ssl, int level, if( ssl->f_dbg == NULL || level > debug_threshold ) return; - snprintf( str, maxlen, "%s(X)", text ); + polarssl_snprintf( str, maxlen, "%s(X)", text ); str[maxlen] = '\0'; debug_print_mpi( ssl, level, file, line, str, &X->X ); - snprintf( str, maxlen, "%s(Y)", text ); + polarssl_snprintf( str, maxlen, "%s(Y)", text ); str[maxlen] = '\0'; debug_print_mpi( ssl, level, file, line, str, &X->Y ); } @@ -215,9 +242,9 @@ void debug_print_mpi( const ssl_context *ssl, int level, break; if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL ) - idx = snprintf( str, maxlen, "%s(%04d): ", file, line ); + idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line ); - snprintf( str + idx, maxlen - idx, "value of '%s' (%d bits) is:\n", + polarssl_snprintf( str + idx, maxlen - idx, "value of '%s' (%d bits) is:\n", text, (int) ( ( n * ( sizeof(t_uint) << 3 ) ) + j + 1 ) ); str[maxlen] = '\0'; @@ -240,16 +267,16 @@ void debug_print_mpi( const ssl_context *ssl, int level, { if( j > 0 ) { - snprintf( str + idx, maxlen - idx, "\n" ); + polarssl_snprintf( str + idx, maxlen - idx, "\n" ); ssl->f_dbg( ssl->p_dbg, level, str ); idx = 0; } if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL ) - idx = snprintf( str, maxlen, "%s(%04d): ", file, line ); + idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line ); } - idx += snprintf( str + idx, maxlen - idx, " %02x", (unsigned int) + idx += polarssl_snprintf( str + idx, maxlen - idx, " %02x", (unsigned int) ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF ); j++; @@ -261,13 +288,13 @@ void debug_print_mpi( const ssl_context *ssl, int level, { if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL ) { - idx = snprintf( str, maxlen, "%s(%04d): ", file, line ); + idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line ); } - idx += snprintf( str + idx, maxlen - idx, " 00" ); + idx += polarssl_snprintf( str + idx, maxlen - idx, " 00" ); } - snprintf( str + idx, maxlen - idx, "\n" ); + polarssl_snprintf( str + idx, maxlen - idx, "\n" ); ssl->f_dbg( ssl->p_dbg, level, str ); } #endif /* POLARSSL_BIGNUM_C */ @@ -294,7 +321,7 @@ static void debug_print_pk( const ssl_context *ssl, int level, if( items[i].type == POLARSSL_PK_DEBUG_NONE ) return; - snprintf( name, sizeof( name ), "%s%s", text, items[i].name ); + polarssl_snprintf( name, sizeof( name ), "%s%s", text, items[i].name ); name[sizeof( name ) - 1] = '\0'; if( items[i].type == POLARSSL_PK_DEBUG_MPI ) @@ -321,7 +348,7 @@ void debug_print_crt( const ssl_context *ssl, int level, if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL ) { - snprintf( prefix, maxlen, "%s(%04d): ", file, line ); + polarssl_snprintf( prefix, maxlen, "%s(%04d): ", file, line ); prefix[maxlen] = '\0'; } else @@ -335,9 +362,9 @@ void debug_print_crt( const ssl_context *ssl, int level, x509_crt_info( buf, sizeof( buf ) - 1, prefix, crt ); if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL ) - idx = snprintf( str, maxlen, "%s(%04d): ", file, line ); + idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line ); - snprintf( str + idx, maxlen - idx, "%s #%d:\n%s", + polarssl_snprintf( str + idx, maxlen - idx, "%s #%d:\n%s", text, ++i, buf ); str[maxlen] = '\0'; diff --git a/ext/polarssl-1.3/library/des.c b/ext/polarssl-1.3/library/des.c index 6e08cf2c1d..080e11392e 100644 --- a/ext/polarssl-1.3/library/des.c +++ b/ext/polarssl-1.3/library/des.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,11 +36,16 @@ #include "polarssl/des.h" +#include + +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ #if !defined(POLARSSL_DES_ALT) @@ -802,9 +807,6 @@ int des3_crypt_cbc( des3_context *ctx, #endif /* !POLARSSL_DES_ALT */ #if defined(POLARSSL_SELF_TEST) - -#include - /* * DES and 3DES test vectors from: * diff --git a/ext/polarssl-1.3/library/dhm.c b/ext/polarssl-1.3/library/dhm.c index fb7826aaf3..85f362a807 100644 --- a/ext/polarssl-1.3/library/dhm.c +++ b/ext/polarssl-1.3/library/dhm.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,6 +35,8 @@ #include "polarssl/dhm.h" +#include + #if defined(POLARSSL_PEM_PARSE_C) #include "polarssl/pem.h" #endif @@ -47,6 +49,7 @@ #include "polarssl/platform.h" #else #include +#include #define polarssl_printf printf #define polarssl_malloc malloc #define polarssl_free free @@ -88,6 +91,9 @@ static int dhm_read_bignum( mpi *X, * * Parameter should be: 2 <= public_param <= P - 2 * + * This means that we need to return an error if + * public_param < 2 or public_param > P-2 + * * For more information on the attack, see: * http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643 @@ -95,17 +101,17 @@ static int dhm_read_bignum( mpi *X, static int dhm_check_range( const mpi *param, const mpi *P ) { mpi L, U; - int ret = POLARSSL_ERR_DHM_BAD_INPUT_DATA; + int ret = 0; mpi_init( &L ); mpi_init( &U ); MPI_CHK( mpi_lset( &L, 2 ) ); MPI_CHK( mpi_sub_int( &U, P, 2 ) ); - if( mpi_cmp_mpi( param, &L ) >= 0 && - mpi_cmp_mpi( param, &U ) <= 0 ) + if( mpi_cmp_mpi( param, &L ) < 0 || + mpi_cmp_mpi( param, &U ) > 0 ) { - ret = 0; + ret = POLARSSL_ERR_DHM_BAD_INPUT_DATA; } cleanup: @@ -160,7 +166,7 @@ int dhm_make_params( dhm_context *ctx, int x_size, */ do { - mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MPI_CHK( mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MPI_CHK( mpi_shift_r( &ctx->X, 1 ) ); @@ -246,7 +252,7 @@ int dhm_make_public( dhm_context *ctx, int x_size, */ do { - mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MPI_CHK( mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MPI_CHK( mpi_shift_r( &ctx->X, 1 ) ); @@ -319,7 +325,7 @@ static int dhm_update_blinding( dhm_context *ctx, count = 0; do { - mpi_fill_random( &ctx->Vi, mpi_size( &ctx->P ), f_rng, p_rng ); + MPI_CHK( mpi_fill_random( &ctx->Vi, mpi_size( &ctx->P ), f_rng, p_rng ) ); while( mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 ) MPI_CHK( mpi_shift_r( &ctx->Vi, 1 ) ); @@ -441,8 +447,9 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, /* * DHParams ::= SEQUENCE { - * prime INTEGER, -- P - * generator INTEGER, -- g + * prime INTEGER, -- P + * generator INTEGER, -- g + * privateValueLength INTEGER OPTIONAL * } */ if( ( ret = asn1_get_tag( &p, end, &len, @@ -463,9 +470,23 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, if( p != end ) { - ret = POLARSSL_ERR_DHM_INVALID_FORMAT + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH; - goto exit; + /* this might be the optional privateValueLength; If so, we + can cleanly discard it; */ + mpi rec; + mpi_init( &rec ); + ret = asn1_get_mpi( &p, end, &rec ); + mpi_free( &rec ); + if ( ret != 0 ) + { + ret = POLARSSL_ERR_DHM_INVALID_FORMAT + ret; + goto exit; + } + if ( p != end ) + { + ret = POLARSSL_ERR_DHM_INVALID_FORMAT + + POLARSSL_ERR_ASN1_LENGTH_MISMATCH; + goto exit; + } } ret = 0; @@ -505,7 +526,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n ) *n = (size_t) size; if( *n + 1 == 0 || - ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL ) + ( *buf = polarssl_malloc( *n + 1 ) ) == NULL ) { fclose( f ); return( POLARSSL_ERR_DHM_MALLOC_FAILED ); @@ -514,7 +535,10 @@ static int load_file( const char *path, unsigned char **buf, size_t *n ) if( fread( *buf, 1, *n, f ) != *n ) { fclose( f ); + + polarssl_zeroize( *buf, *n + 1 ); polarssl_free( *buf ); + return( POLARSSL_ERR_DHM_FILE_IO_ERROR ); } diff --git a/ext/polarssl-1.3/library/ecdh.c b/ext/polarssl-1.3/library/ecdh.c index 21823c6517..82fff276a2 100644 --- a/ext/polarssl-1.3/library/ecdh.c +++ b/ext/polarssl-1.3/library/ecdh.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -37,6 +37,8 @@ #include "polarssl/ecdh.h" +#include + /* * Generate public key: simple wrapper around ecp_gen_keypair */ diff --git a/ext/polarssl-1.3/library/ecdsa.c b/ext/polarssl-1.3/library/ecdsa.c index 5b62939b09..e95b80245e 100644 --- a/ext/polarssl-1.3/library/ecdsa.c +++ b/ext/polarssl-1.3/library/ecdsa.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -37,6 +37,8 @@ #include "polarssl/ecdsa.h" #include "polarssl/asn1write.h" +#include + #if defined(POLARSSL_ECDSA_DETERMINISTIC) #include "polarssl/hmac_drbg.h" #endif @@ -57,7 +59,7 @@ static const md_info_t *md_info_by_size( size_t min_size ) for( md_alg = md_list(); *md_alg != 0; md_alg++ ) { - if( ( md_cur = md_info_from_type( *md_alg ) ) == NULL || + if( ( md_cur = md_info_from_type( (md_type_t) *md_alg ) ) == NULL || (size_t) md_cur->size < min_size || ( md_picked != NULL && md_cur->size > md_picked->size ) ) continue; @@ -108,6 +110,10 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s, if( grp->N.p == NULL ) return( POLARSSL_ERR_ECP_BAD_INPUT_DATA ); + /* Make sure d is in range 1..n-1 */ + if( mpi_cmp_int( d, 1 ) < 0 || mpi_cmp_mpi( d, &grp->N ) >= 0 ) + return( POLARSSL_ERR_ECP_INVALID_KEY ); + ecp_point_init( &R ); mpi_init( &k ); mpi_init( &e ); mpi_init( &t ); diff --git a/ext/polarssl-1.3/library/ecp.c b/ext/polarssl-1.3/library/ecp.c index aca3a2d2ca..f39e7ebe8c 100644 --- a/ext/polarssl-1.3/library/ecp.c +++ b/ext/polarssl-1.3/library/ecp.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -51,28 +51,27 @@ #include "polarssl/ecp.h" +#include + #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include +#include #define polarssl_printf printf #define polarssl_malloc malloc #define polarssl_free free #endif -#include - #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \ !defined(EFI32) #define strcasecmp _stricmp #endif -#if defined(_MSC_VER) && !defined(inline) -#define inline _inline -#else -#if defined(__ARMCC_VERSION) && !defined(inline) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline -#endif /* __ARMCC_VERSION */ -#endif /*_MSC_VER */ +#endif /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { @@ -812,7 +811,7 @@ static int ecp_normalize_jac_many( const ecp_group *grp, if( t_len < 2 ) return( ecp_normalize_jac( grp, *T ) ); - if( ( c = (mpi *) polarssl_malloc( t_len * sizeof( mpi ) ) ) == NULL ) + if( ( c = polarssl_malloc( t_len * sizeof( mpi ) ) ) == NULL ) return( POLARSSL_ERR_ECP_MALLOC_FAILED ); mpi_init( &u ); mpi_init( &Zi ); mpi_init( &ZZi ); @@ -909,70 +908,86 @@ static int ecp_safe_invert_jac( const ecp_group *grp, /* * Point doubling R = 2 P, Jacobian coordinates * - * http://www.hyperelliptic.org/EFD/g1p/auto-code/shortw/jacobian/doubling/dbl-2007-bl.op3 - * with heavy variable renaming, some reordering and one minor modification - * (a = 2 * b, c = d - 2a replaced with c = d, c = c - b, c = c - b) - * in order to use a lot less intermediate variables (6 vs 25). + * Based on http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#doubling-dbl-1998-cmo-2 . + * + * We follow the variable naming fairly closely. The formula variations that trade a MUL for a SQR + * (plus a few ADDs) aren't useful as our bignum implementation doesn't distinguish squaring. + * + * Standard optimizations are applied when curve parameter A is one of { 0, -3 }. * - * Cost: 1D := 2M + 8S + * Cost: 1D := 3M + 4S (A == 0) + * 4M + 4S (A == -3) + * 3M + 6S + 1a otherwise */ static int ecp_double_jac( const ecp_group *grp, ecp_point *R, const ecp_point *P ) { int ret; - mpi T1, T2, T3, X3, Y3, Z3; + mpi M, S, T, U; #if defined(POLARSSL_SELF_TEST) dbl_count++; #endif - mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 ); - mpi_init( &X3 ); mpi_init( &Y3 ); mpi_init( &Z3 ); - - MPI_CHK( mpi_mul_mpi( &T3, &P->X, &P->X ) ); MOD_MUL( T3 ); - MPI_CHK( mpi_mul_mpi( &T2, &P->Y, &P->Y ) ); MOD_MUL( T2 ); - MPI_CHK( mpi_mul_mpi( &Y3, &T2, &T2 ) ); MOD_MUL( Y3 ); - MPI_CHK( mpi_add_mpi( &X3, &P->X, &T2 ) ); MOD_ADD( X3 ); - MPI_CHK( mpi_mul_mpi( &X3, &X3, &X3 ) ); MOD_MUL( X3 ); - MPI_CHK( mpi_sub_mpi( &X3, &X3, &Y3 ) ); MOD_SUB( X3 ); - MPI_CHK( mpi_sub_mpi( &X3, &X3, &T3 ) ); MOD_SUB( X3 ); - MPI_CHK( mpi_mul_int( &T1, &X3, 2 ) ); MOD_ADD( T1 ); - MPI_CHK( mpi_mul_mpi( &Z3, &P->Z, &P->Z ) ); MOD_MUL( Z3 ); - MPI_CHK( mpi_mul_mpi( &X3, &Z3, &Z3 ) ); MOD_MUL( X3 ); - MPI_CHK( mpi_mul_int( &T3, &T3, 3 ) ); MOD_ADD( T3 ); + mpi_init( &M ); mpi_init( &S ); mpi_init( &T ); mpi_init( &U ); /* Special case for A = -3 */ if( grp->A.p == NULL ) { - MPI_CHK( mpi_mul_int( &X3, &X3, 3 ) ); - X3.s = -1; /* mpi_mul_int doesn't handle negative numbers */ - MOD_SUB( X3 ); + /* M = 3(X + Z^2)(X - Z^2) */ + MPI_CHK( mpi_mul_mpi( &S, &P->Z, &P->Z ) ); MOD_MUL( S ); + MPI_CHK( mpi_add_mpi( &T, &P->X, &S ) ); MOD_ADD( T ); + MPI_CHK( mpi_sub_mpi( &U, &P->X, &S ) ); MOD_SUB( U ); + MPI_CHK( mpi_mul_mpi( &S, &T, &U ) ); MOD_MUL( S ); + MPI_CHK( mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); } else { - MPI_CHK( mpi_mul_mpi( &X3, &X3, &grp->A ) ); MOD_MUL( X3 ); + /* M = 3.X^2 */ + MPI_CHK( mpi_mul_mpi( &S, &P->X, &P->X ) ); MOD_MUL( S ); + MPI_CHK( mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); + + /* Optimize away for "koblitz" curves with A = 0 */ + if( mpi_cmp_int( &grp->A, 0 ) != 0 ) + { + /* M += A.Z^4 */ + MPI_CHK( mpi_mul_mpi( &S, &P->Z, &P->Z ) ); MOD_MUL( S ); + MPI_CHK( mpi_mul_mpi( &T, &S, &S ) ); MOD_MUL( T ); + MPI_CHK( mpi_mul_mpi( &S, &T, &grp->A ) ); MOD_MUL( S ); + MPI_CHK( mpi_add_mpi( &M, &M, &S ) ); MOD_ADD( M ); + } } - MPI_CHK( mpi_add_mpi( &T3, &T3, &X3 ) ); MOD_ADD( T3 ); - MPI_CHK( mpi_mul_mpi( &X3, &T3, &T3 ) ); MOD_MUL( X3 ); - MPI_CHK( mpi_sub_mpi( &X3, &X3, &T1 ) ); MOD_SUB( X3 ); - MPI_CHK( mpi_sub_mpi( &X3, &X3, &T1 ) ); MOD_SUB( X3 ); - MPI_CHK( mpi_sub_mpi( &T1, &T1, &X3 ) ); MOD_SUB( T1 ); - MPI_CHK( mpi_mul_mpi( &T1, &T3, &T1 ) ); MOD_MUL( T1 ); - MPI_CHK( mpi_mul_int( &T3, &Y3, 8 ) ); MOD_ADD( T3 ); - MPI_CHK( mpi_sub_mpi( &Y3, &T1, &T3 ) ); MOD_SUB( Y3 ); - MPI_CHK( mpi_add_mpi( &T1, &P->Y, &P->Z ) ); MOD_ADD( T1 ); - MPI_CHK( mpi_mul_mpi( &T1, &T1, &T1 ) ); MOD_MUL( T1 ); - MPI_CHK( mpi_sub_mpi( &T1, &T1, &T2 ) ); MOD_SUB( T1 ); - MPI_CHK( mpi_sub_mpi( &Z3, &T1, &Z3 ) ); MOD_SUB( Z3 ); - - MPI_CHK( mpi_copy( &R->X, &X3 ) ); - MPI_CHK( mpi_copy( &R->Y, &Y3 ) ); - MPI_CHK( mpi_copy( &R->Z, &Z3 ) ); + /* S = 4.X.Y^2 */ + MPI_CHK( mpi_mul_mpi( &T, &P->Y, &P->Y ) ); MOD_MUL( T ); + MPI_CHK( mpi_shift_l( &T, 1 ) ); MOD_ADD( T ); + MPI_CHK( mpi_mul_mpi( &S, &P->X, &T ) ); MOD_MUL( S ); + MPI_CHK( mpi_shift_l( &S, 1 ) ); MOD_ADD( S ); + + /* U = 8.Y^4 */ + MPI_CHK( mpi_mul_mpi( &U, &T, &T ) ); MOD_MUL( U ); + MPI_CHK( mpi_shift_l( &U, 1 ) ); MOD_ADD( U ); + + /* T = M^2 - 2.S */ + MPI_CHK( mpi_mul_mpi( &T, &M, &M ) ); MOD_MUL( T ); + MPI_CHK( mpi_sub_mpi( &T, &T, &S ) ); MOD_SUB( T ); + MPI_CHK( mpi_sub_mpi( &T, &T, &S ) ); MOD_SUB( T ); + + /* S = M(S - T) - U */ + MPI_CHK( mpi_sub_mpi( &S, &S, &T ) ); MOD_SUB( S ); + MPI_CHK( mpi_mul_mpi( &S, &S, &M ) ); MOD_MUL( S ); + MPI_CHK( mpi_sub_mpi( &S, &S, &U ) ); MOD_SUB( S ); + + /* U = 2.Y.Z */ + MPI_CHK( mpi_mul_mpi( &U, &P->Y, &P->Z ) ); MOD_MUL( U ); + MPI_CHK( mpi_shift_l( &U, 1 ) ); MOD_ADD( U ); + + MPI_CHK( mpi_copy( &R->X, &T ) ); + MPI_CHK( mpi_copy( &R->Y, &S ) ); + MPI_CHK( mpi_copy( &R->Z, &U ) ); cleanup: - mpi_free( &T1 ); mpi_free( &T2 ); mpi_free( &T3 ); - mpi_free( &X3 ); mpi_free( &Y3 ); mpi_free( &Z3 ); + mpi_free( &M ); mpi_free( &S ); mpi_free( &T ); mpi_free( &U ); return( ret ); } @@ -1136,7 +1151,7 @@ static int ecp_randomize_jac( const ecp_group *grp, ecp_point *pt, /* Generate l such that 1 < l < p */ do { - mpi_fill_random( &l, p_size, f_rng, p_rng ); + MPI_CHK( mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MPI_CHK( mpi_shift_r( &l, 1 ) ); @@ -1415,7 +1430,7 @@ static int ecp_mul_comb( ecp_group *grp, ecp_point *R, if( T == NULL ) { - T = (ecp_point *) polarssl_malloc( pre_len * sizeof( ecp_point ) ); + T = polarssl_malloc( pre_len * sizeof( ecp_point ) ); if( T == NULL ) { ret = POLARSSL_ERR_ECP_MALLOC_FAILED; @@ -1521,7 +1536,7 @@ static int ecp_randomize_mxz( const ecp_group *grp, ecp_point *P, /* Generate l such that 1 < l < p */ do { - mpi_fill_random( &l, p_size, f_rng, p_rng ); + MPI_CHK( mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MPI_CHK( mpi_shift_r( &l, 1 ) ); @@ -1839,7 +1854,6 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q, { /* SEC1 3.2.1: Generate d such that 1 <= n < N */ int count = 0; - unsigned char rnd[POLARSSL_ECP_MAX_BYTES]; /* * Match the procedure given in RFC 6979 (deterministic ECDSA): @@ -1850,8 +1864,7 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q, */ do { - MPI_CHK( f_rng( p_rng, rnd, n_size ) ); - MPI_CHK( mpi_read_binary( d, rnd, n_size ) ); + MPI_CHK( mpi_fill_random( d, n_size, f_rng, p_rng ) ); MPI_CHK( mpi_shift_r( d, 8 * n_size - grp->nbits ) ); /* diff --git a/ext/polarssl-1.3/library/ecp_curves.c b/ext/polarssl-1.3/library/ecp_curves.c index 0464e7d721..db6ad3ced8 100644 --- a/ext/polarssl-1.3/library/ecp_curves.c +++ b/ext/polarssl-1.3/library/ecp_curves.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,13 +30,12 @@ #include "polarssl/ecp.h" -#if defined(_MSC_VER) && !defined(inline) -#define inline _inline -#else -#if defined(__ARMCC_VERSION) && !defined(inline) +#include + +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline -#endif /* __ARMCC_VERSION */ -#endif /*_MSC_VER */ +#endif /* * Conversion macros for embedded constants: @@ -1265,7 +1264,7 @@ static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs, int ret; size_t i; mpi M, R; - t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R]; + t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; if( N->n < p_limbs ) return( 0 ); @@ -1287,7 +1286,7 @@ static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs, memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) ); if( shift != 0 ) MPI_CHK( mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) @@ -1309,7 +1308,7 @@ static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs, memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) ); if( shift != 0 ) MPI_CHK( mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) diff --git a/ext/polarssl-1.3/library/entropy.c b/ext/polarssl-1.3/library/entropy.c index 7604e0f270..e5e4b46749 100644 --- a/ext/polarssl-1.3/library/entropy.c +++ b/ext/polarssl-1.3/library/entropy.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,10 +31,21 @@ #include "polarssl/entropy.h" #include "polarssl/entropy_poll.h" +#include + #if defined(POLARSSL_FS_IO) #include #endif +#if defined(POLARSSL_SELF_TEST) +#if defined(POLARSSL_PLATFORM_C) +#include "polarssl/platform.h" +#else +#include +#define polarssl_printf printf +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ + #if defined(POLARSSL_HAVEGE_C) #include "polarssl/havege.h" #endif @@ -50,6 +61,9 @@ void entropy_init( entropy_context *ctx ) { memset( ctx, 0, sizeof(entropy_context) ); + /* Reminder: Update ENTROPY_HAVE_DEFAULT in the test files + * when adding more strong entropy sources here. */ + #if defined(POLARSSL_THREADING_C) polarssl_mutex_init( &ctx->mutex ); #endif @@ -83,33 +97,33 @@ void entropy_free( entropy_context *ctx ) #if defined(POLARSSL_HAVEGE_C) havege_free( &ctx->havege_data ); #endif - polarssl_zeroize( ctx, sizeof( entropy_context ) ); #if defined(POLARSSL_THREADING_C) polarssl_mutex_free( &ctx->mutex ); #endif + polarssl_zeroize( ctx, sizeof( entropy_context ) ); } int entropy_add_source( entropy_context *ctx, f_source_ptr f_source, void *p_source, size_t threshold ) { - int index, ret = 0; + int idx, ret = 0; #if defined(POLARSSL_THREADING_C) if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 ) return( ret ); #endif - index = ctx->source_count; - if( index >= ENTROPY_MAX_SOURCES ) + idx = ctx->source_count; + if( idx >= ENTROPY_MAX_SOURCES ) { ret = POLARSSL_ERR_ENTROPY_MAX_SOURCES; goto exit; } - ctx->source[index].f_source = f_source; - ctx->source[index].p_source = p_source; - ctx->source[index].threshold = threshold; + ctx->source[idx].f_source = f_source; + ctx->source[idx].p_source = p_source; + ctx->source[idx].threshold = threshold; ctx->source_count++; @@ -155,6 +169,8 @@ static int entropy_update( entropy_context *ctx, unsigned char source_id, sha256_update( &ctx->accumulator, p, use_len ); #endif + polarssl_zeroize( tmp, sizeof( tmp ) ); + return( 0 ); } @@ -183,13 +199,11 @@ int entropy_update_manual( entropy_context *ctx, */ static int entropy_gather_internal( entropy_context *ctx ) { - int ret, i; + int ret = POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED; + int i; unsigned char buf[ENTROPY_MAX_GATHER]; size_t olen; - if( ctx->source_count == 0 ) - return( POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED ); - /* * Run through our entropy sources */ @@ -199,7 +213,7 @@ static int entropy_gather_internal( entropy_context *ctx ) if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source, buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 ) { - return( ret ); + goto cleanup; } /* @@ -212,7 +226,10 @@ static int entropy_gather_internal( entropy_context *ctx ) } } - return( 0 ); +cleanup: + polarssl_zeroize( buf, sizeof( buf ) ); + + return( ret ); } /* @@ -313,6 +330,8 @@ int entropy_func( void *data, unsigned char *output, size_t len ) ret = 0; exit: + polarssl_zeroize( buf, sizeof( buf ) ); + #if defined(POLARSSL_THREADING_C) if( polarssl_mutex_unlock( &ctx->mutex ) != 0 ) return( POLARSSL_ERR_THREADING_MUTEX_ERROR ); @@ -343,12 +362,15 @@ int entropy_write_seed_file( entropy_context *ctx, const char *path ) ret = 0; exit: + polarssl_zeroize( buf, sizeof( buf ) ); + fclose( f ); return( ret ); } int entropy_update_seed_file( entropy_context *ctx, const char *path ) { + int ret = 0; FILE *f; size_t n; unsigned char buf[ ENTROPY_MAX_SEED_SIZE ]; @@ -364,28 +386,22 @@ int entropy_update_seed_file( entropy_context *ctx, const char *path ) n = ENTROPY_MAX_SEED_SIZE; if( fread( buf, 1, n, f ) != n ) - { - fclose( f ); - return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR ); - } + ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR; + else + ret = entropy_update_manual( ctx, buf, n ); fclose( f ); - entropy_update_manual( ctx, buf, n ); + polarssl_zeroize( buf, sizeof( buf ) ); + + if( ret != 0 ) + return( ret ); return( entropy_write_seed_file( ctx, path ) ); } #endif /* POLARSSL_FS_IO */ #if defined(POLARSSL_SELF_TEST) - -#if defined(POLARSSL_PLATFORM_C) -#include "polarssl/platform.h" -#else -#include -#define polarssl_printf printf -#endif - /* * Dummy source function */ diff --git a/ext/polarssl-1.3/library/entropy_poll.c b/ext/polarssl-1.3/library/entropy_poll.c index a0cce32553..8db7668349 100644 --- a/ext/polarssl-1.3/library/entropy_poll.c +++ b/ext/polarssl-1.3/library/entropy_poll.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,6 +32,7 @@ #include "polarssl/entropy_poll.h" #if defined(POLARSSL_TIMING_C) +#include #include "polarssl/timing.h" #endif #if defined(POLARSSL_HAVEGE_C) @@ -85,49 +86,79 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) { return( syscall( SYS_getrandom, buf, buflen, flags ) ); } + +#include +/* Check if version is at least 3.17.0 */ +static int check_version_3_17_plus( void ) +{ + int minor; + struct utsname un; + const char *ver; + + /* Get version information */ + uname(&un); + ver = un.release; + + /* Check major version; assume a single digit */ + if( ver[0] < '3' || ver[0] > '9' || ver [1] != '.' ) + return( -1 ); + + if( ver[0] - '0' > 3 ) + return( 0 ); + + /* Ok, so now we know major == 3, check minor. + * Assume 1 or 2 digits. */ + if( ver[2] < '0' || ver[2] > '9' ) + return( -1 ); + + minor = ver[2] - '0'; + + if( ver[3] >= '0' && ver[3] <= '9' ) + minor = 10 * minor + ver[3] - '0'; + else if( ver [3] != '.' ) + return( -1 ); + + if( minor < 17 ) + return( -1 ); + + return( 0 ); +} +static int has_getrandom = -1; #endif /* SYS_getrandom */ #endif /* __linux__ */ -#if defined(HAVE_GETRANDOM) - -#include +#include int platform_entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen ) { - int ret; + FILE *file; + size_t read_len; ((void) data); - if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 ) - return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED ); +#if defined(HAVE_GETRANDOM) + if( has_getrandom == -1 ) + has_getrandom = ( check_version_3_17_plus() == 0 ); - *olen = ret; - return( 0 ); -} + if( has_getrandom ) + { + int ret; -#elif 1 + if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 ) + return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED ); + *olen = ret; + return( 0 ); + } +#elif 1 -int platform_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ extern void arch_get_random_bytes(void *ptr, size_t size); arch_get_random_bytes(output, len); *olen = len; return 0; -} -#else /* HAVE_GETRANDOM */ - -#include - -int platform_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ - FILE *file; - size_t ret; - ((void) data); +#endif /* HAVE_GETRANDOM */ *olen = 0; @@ -135,8 +166,8 @@ int platform_entropy_poll( void *data, if( file == NULL ) return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED ); - ret = fread( output, 1, len, file ); - if( ret != len ) + read_len = fread( output, 1, len, file ); + if( read_len != len ) { fclose( file ); return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED ); @@ -147,7 +178,6 @@ int platform_entropy_poll( void *data, return( 0 ); } -#endif /* HAVE_GETRANDOM */ #endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* !POLARSSL_NO_PLATFORM_ENTROPY */ diff --git a/ext/polarssl-1.3/library/error.c b/ext/polarssl-1.3/library/error.c index a4e6fc31c8..be642cadaf 100644 --- a/ext/polarssl-1.3/library/error.c +++ b/ext/polarssl-1.3/library/error.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,10 +28,19 @@ #if defined(POLARSSL_ERROR_C) || defined(POLARSSL_ERROR_STRERROR_DUMMY) #include "polarssl/error.h" +#include +#endif + +#if defined(POLARSSL_PLATFORM_C) +#include "polarssl/platform.h" +#else +#define polarssl_snprintf snprintf #endif #if defined(POLARSSL_ERROR_C) +#include + #if defined(POLARSSL_AES_C) #include "polarssl/aes.h" #endif @@ -172,9 +181,6 @@ #include "polarssl/xtea.h" #endif -#include -#include - #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \ !defined(EFI32) #define snprintf _snprintf @@ -204,297 +210,299 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) // BEGIN generated code #if defined(POLARSSL_CIPHER_C) if( use_ret == -(POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE) ) - snprintf( buf, buflen, "CIPHER - The selected feature is not available" ); + polarssl_snprintf( buf, buflen, "CIPHER - The selected feature is not available" ); if( use_ret == -(POLARSSL_ERR_CIPHER_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "CIPHER - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "CIPHER - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_CIPHER_ALLOC_FAILED) ) - snprintf( buf, buflen, "CIPHER - Failed to allocate memory" ); + polarssl_snprintf( buf, buflen, "CIPHER - Failed to allocate memory" ); if( use_ret == -(POLARSSL_ERR_CIPHER_INVALID_PADDING) ) - snprintf( buf, buflen, "CIPHER - Input data contains invalid padding and is rejected" ); + polarssl_snprintf( buf, buflen, "CIPHER - Input data contains invalid padding and is rejected" ); if( use_ret == -(POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED) ) - snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" ); + polarssl_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" ); if( use_ret == -(POLARSSL_ERR_CIPHER_AUTH_FAILED) ) - snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" ); + polarssl_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" ); #endif /* POLARSSL_CIPHER_C */ #if defined(POLARSSL_DHM_C) if( use_ret == -(POLARSSL_ERR_DHM_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "DHM - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "DHM - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_DHM_READ_PARAMS_FAILED) ) - snprintf( buf, buflen, "DHM - Reading of the DHM parameters failed" ); + polarssl_snprintf( buf, buflen, "DHM - Reading of the DHM parameters failed" ); if( use_ret == -(POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED) ) - snprintf( buf, buflen, "DHM - Making of the DHM parameters failed" ); + polarssl_snprintf( buf, buflen, "DHM - Making of the DHM parameters failed" ); if( use_ret == -(POLARSSL_ERR_DHM_READ_PUBLIC_FAILED) ) - snprintf( buf, buflen, "DHM - Reading of the public values failed" ); + polarssl_snprintf( buf, buflen, "DHM - Reading of the public values failed" ); if( use_ret == -(POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED) ) - snprintf( buf, buflen, "DHM - Making of the public value failed" ); + polarssl_snprintf( buf, buflen, "DHM - Making of the public value failed" ); if( use_ret == -(POLARSSL_ERR_DHM_CALC_SECRET_FAILED) ) - snprintf( buf, buflen, "DHM - Calculation of the DHM secret failed" ); + polarssl_snprintf( buf, buflen, "DHM - Calculation of the DHM secret failed" ); if( use_ret == -(POLARSSL_ERR_DHM_INVALID_FORMAT) ) - snprintf( buf, buflen, "DHM - The ASN.1 data is not formatted correctly" ); + polarssl_snprintf( buf, buflen, "DHM - The ASN.1 data is not formatted correctly" ); if( use_ret == -(POLARSSL_ERR_DHM_MALLOC_FAILED) ) - snprintf( buf, buflen, "DHM - Allocation of memory failed" ); + polarssl_snprintf( buf, buflen, "DHM - Allocation of memory failed" ); if( use_ret == -(POLARSSL_ERR_DHM_FILE_IO_ERROR) ) - snprintf( buf, buflen, "DHM - Read/write of file failed" ); + polarssl_snprintf( buf, buflen, "DHM - Read/write of file failed" ); #endif /* POLARSSL_DHM_C */ #if defined(POLARSSL_ECP_C) if( use_ret == -(POLARSSL_ERR_ECP_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "ECP - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "ECP - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_ECP_BUFFER_TOO_SMALL) ) - snprintf( buf, buflen, "ECP - The buffer is too small to write to" ); + polarssl_snprintf( buf, buflen, "ECP - The buffer is too small to write to" ); if( use_ret == -(POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE) ) - snprintf( buf, buflen, "ECP - Requested curve not available" ); + polarssl_snprintf( buf, buflen, "ECP - Requested curve not available" ); if( use_ret == -(POLARSSL_ERR_ECP_VERIFY_FAILED) ) - snprintf( buf, buflen, "ECP - The signature is not valid" ); + polarssl_snprintf( buf, buflen, "ECP - The signature is not valid" ); if( use_ret == -(POLARSSL_ERR_ECP_MALLOC_FAILED) ) - snprintf( buf, buflen, "ECP - Memory allocation failed" ); + polarssl_snprintf( buf, buflen, "ECP - Memory allocation failed" ); if( use_ret == -(POLARSSL_ERR_ECP_RANDOM_FAILED) ) - snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" ); + polarssl_snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" ); if( use_ret == -(POLARSSL_ERR_ECP_INVALID_KEY) ) - snprintf( buf, buflen, "ECP - Invalid private or public key" ); + polarssl_snprintf( buf, buflen, "ECP - Invalid private or public key" ); if( use_ret == -(POLARSSL_ERR_ECP_SIG_LEN_MISMATCH) ) - snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" ); + polarssl_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" ); #endif /* POLARSSL_ECP_C */ #if defined(POLARSSL_MD_C) if( use_ret == -(POLARSSL_ERR_MD_FEATURE_UNAVAILABLE) ) - snprintf( buf, buflen, "MD - The selected feature is not available" ); + polarssl_snprintf( buf, buflen, "MD - The selected feature is not available" ); if( use_ret == -(POLARSSL_ERR_MD_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "MD - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "MD - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_MD_ALLOC_FAILED) ) - snprintf( buf, buflen, "MD - Failed to allocate memory" ); + polarssl_snprintf( buf, buflen, "MD - Failed to allocate memory" ); if( use_ret == -(POLARSSL_ERR_MD_FILE_IO_ERROR) ) - snprintf( buf, buflen, "MD - Opening or reading of file failed" ); + polarssl_snprintf( buf, buflen, "MD - Opening or reading of file failed" ); #endif /* POLARSSL_MD_C */ #if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C) if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT) ) - snprintf( buf, buflen, "PEM - No PEM header or footer found" ); + polarssl_snprintf( buf, buflen, "PEM - No PEM header or footer found" ); if( use_ret == -(POLARSSL_ERR_PEM_INVALID_DATA) ) - snprintf( buf, buflen, "PEM - PEM string is not as expected" ); + polarssl_snprintf( buf, buflen, "PEM - PEM string is not as expected" ); if( use_ret == -(POLARSSL_ERR_PEM_MALLOC_FAILED) ) - snprintf( buf, buflen, "PEM - Failed to allocate memory" ); + polarssl_snprintf( buf, buflen, "PEM - Failed to allocate memory" ); if( use_ret == -(POLARSSL_ERR_PEM_INVALID_ENC_IV) ) - snprintf( buf, buflen, "PEM - RSA IV is not in hex-format" ); + polarssl_snprintf( buf, buflen, "PEM - RSA IV is not in hex-format" ); if( use_ret == -(POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG) ) - snprintf( buf, buflen, "PEM - Unsupported key encryption algorithm" ); + polarssl_snprintf( buf, buflen, "PEM - Unsupported key encryption algorithm" ); if( use_ret == -(POLARSSL_ERR_PEM_PASSWORD_REQUIRED) ) - snprintf( buf, buflen, "PEM - Private key password can't be empty" ); + polarssl_snprintf( buf, buflen, "PEM - Private key password can't be empty" ); if( use_ret == -(POLARSSL_ERR_PEM_PASSWORD_MISMATCH) ) - snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" ); + polarssl_snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" ); if( use_ret == -(POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE) ) - snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" ); + polarssl_snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" ); if( use_ret == -(POLARSSL_ERR_PEM_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "PEM - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "PEM - Bad input parameters to function" ); #endif /* POLARSSL_PEM_PARSE_C || POLARSSL_PEM_WRITE_C */ #if defined(POLARSSL_PK_C) if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) ) - snprintf( buf, buflen, "PK - Memory alloation failed" ); + polarssl_snprintf( buf, buflen, "PK - Memory alloation failed" ); if( use_ret == -(POLARSSL_ERR_PK_TYPE_MISMATCH) ) - snprintf( buf, buflen, "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" ); + polarssl_snprintf( buf, buflen, "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" ); if( use_ret == -(POLARSSL_ERR_PK_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "PK - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "PK - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_PK_FILE_IO_ERROR) ) - snprintf( buf, buflen, "PK - Read/write of file failed" ); + polarssl_snprintf( buf, buflen, "PK - Read/write of file failed" ); if( use_ret == -(POLARSSL_ERR_PK_KEY_INVALID_VERSION) ) - snprintf( buf, buflen, "PK - Unsupported key version" ); + polarssl_snprintf( buf, buflen, "PK - Unsupported key version" ); if( use_ret == -(POLARSSL_ERR_PK_KEY_INVALID_FORMAT) ) - snprintf( buf, buflen, "PK - Invalid key tag or value" ); + polarssl_snprintf( buf, buflen, "PK - Invalid key tag or value" ); if( use_ret == -(POLARSSL_ERR_PK_UNKNOWN_PK_ALG) ) - snprintf( buf, buflen, "PK - Key algorithm is unsupported (only RSA and EC are supported)" ); + polarssl_snprintf( buf, buflen, "PK - Key algorithm is unsupported (only RSA and EC are supported)" ); if( use_ret == -(POLARSSL_ERR_PK_PASSWORD_REQUIRED) ) - snprintf( buf, buflen, "PK - Private key password can't be empty" ); + polarssl_snprintf( buf, buflen, "PK - Private key password can't be empty" ); if( use_ret == -(POLARSSL_ERR_PK_PASSWORD_MISMATCH) ) - snprintf( buf, buflen, "PK - Given private key password does not allow for correct decryption" ); + polarssl_snprintf( buf, buflen, "PK - Given private key password does not allow for correct decryption" ); if( use_ret == -(POLARSSL_ERR_PK_INVALID_PUBKEY) ) - snprintf( buf, buflen, "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" ); + polarssl_snprintf( buf, buflen, "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" ); if( use_ret == -(POLARSSL_ERR_PK_INVALID_ALG) ) - snprintf( buf, buflen, "PK - The algorithm tag or value is invalid" ); + polarssl_snprintf( buf, buflen, "PK - The algorithm tag or value is invalid" ); if( use_ret == -(POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE) ) - snprintf( buf, buflen, "PK - Elliptic curve is unsupported (only NIST curves are supported)" ); + polarssl_snprintf( buf, buflen, "PK - Elliptic curve is unsupported (only NIST curves are supported)" ); if( use_ret == -(POLARSSL_ERR_PK_FEATURE_UNAVAILABLE) ) - snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); + polarssl_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); if( use_ret == -(POLARSSL_ERR_PK_SIG_LEN_MISMATCH) ) - snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" ); + polarssl_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" ); #endif /* POLARSSL_PK_C */ #if defined(POLARSSL_PKCS12_C) if( use_ret == -(POLARSSL_ERR_PKCS12_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "PKCS12 - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "PKCS12 - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE) ) - snprintf( buf, buflen, "PKCS12 - Feature not available, e.g. unsupported encryption scheme" ); + polarssl_snprintf( buf, buflen, "PKCS12 - Feature not available, e.g. unsupported encryption scheme" ); if( use_ret == -(POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT) ) - snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" ); + polarssl_snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" ); if( use_ret == -(POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH) ) - snprintf( buf, buflen, "PKCS12 - Given private key password does not allow for correct decryption" ); + polarssl_snprintf( buf, buflen, "PKCS12 - Given private key password does not allow for correct decryption" ); #endif /* POLARSSL_PKCS12_C */ #if defined(POLARSSL_PKCS5_C) if( use_ret == -(POLARSSL_ERR_PKCS5_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_PKCS5_INVALID_FORMAT) ) - snprintf( buf, buflen, "PKCS5 - Unexpected ASN.1 data" ); + polarssl_snprintf( buf, buflen, "PKCS5 - Unexpected ASN.1 data" ); if( use_ret == -(POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE) ) - snprintf( buf, buflen, "PKCS5 - Requested encryption or digest alg not available" ); + polarssl_snprintf( buf, buflen, "PKCS5 - Requested encryption or digest alg not available" ); if( use_ret == -(POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH) ) - snprintf( buf, buflen, "PKCS5 - Given private key password does not allow for correct decryption" ); + polarssl_snprintf( buf, buflen, "PKCS5 - Given private key password does not allow for correct decryption" ); #endif /* POLARSSL_PKCS5_C */ #if defined(POLARSSL_RSA_C) if( use_ret == -(POLARSSL_ERR_RSA_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "RSA - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "RSA - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_RSA_INVALID_PADDING) ) - snprintf( buf, buflen, "RSA - Input data contains invalid padding and is rejected" ); + polarssl_snprintf( buf, buflen, "RSA - Input data contains invalid padding and is rejected" ); if( use_ret == -(POLARSSL_ERR_RSA_KEY_GEN_FAILED) ) - snprintf( buf, buflen, "RSA - Something failed during generation of a key" ); + polarssl_snprintf( buf, buflen, "RSA - Something failed during generation of a key" ); if( use_ret == -(POLARSSL_ERR_RSA_KEY_CHECK_FAILED) ) - snprintf( buf, buflen, "RSA - Key failed to pass the libraries validity check" ); + polarssl_snprintf( buf, buflen, "RSA - Key failed to pass the library's validity check" ); if( use_ret == -(POLARSSL_ERR_RSA_PUBLIC_FAILED) ) - snprintf( buf, buflen, "RSA - The public key operation failed" ); + polarssl_snprintf( buf, buflen, "RSA - The public key operation failed" ); if( use_ret == -(POLARSSL_ERR_RSA_PRIVATE_FAILED) ) - snprintf( buf, buflen, "RSA - The private key operation failed" ); + polarssl_snprintf( buf, buflen, "RSA - The private key operation failed" ); if( use_ret == -(POLARSSL_ERR_RSA_VERIFY_FAILED) ) - snprintf( buf, buflen, "RSA - The PKCS#1 verification failed" ); + polarssl_snprintf( buf, buflen, "RSA - The PKCS#1 verification failed" ); if( use_ret == -(POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE) ) - snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" ); + polarssl_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" ); if( use_ret == -(POLARSSL_ERR_RSA_RNG_FAILED) ) - snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); + polarssl_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); #endif /* POLARSSL_RSA_C */ #if defined(POLARSSL_SSL_TLS_C) if( use_ret == -(POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE) ) - snprintf( buf, buflen, "SSL - The requested feature is not available" ); + polarssl_snprintf( buf, buflen, "SSL - The requested feature is not available" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "SSL - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "SSL - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_SSL_INVALID_MAC) ) - snprintf( buf, buflen, "SSL - Verification of the message MAC failed" ); + polarssl_snprintf( buf, buflen, "SSL - Verification of the message MAC failed" ); if( use_ret == -(POLARSSL_ERR_SSL_INVALID_RECORD) ) - snprintf( buf, buflen, "SSL - An invalid SSL record was received" ); + polarssl_snprintf( buf, buflen, "SSL - An invalid SSL record was received" ); if( use_ret == -(POLARSSL_ERR_SSL_CONN_EOF) ) - snprintf( buf, buflen, "SSL - The connection indicated an EOF" ); + polarssl_snprintf( buf, buflen, "SSL - The connection indicated an EOF" ); if( use_ret == -(POLARSSL_ERR_SSL_UNKNOWN_CIPHER) ) - snprintf( buf, buflen, "SSL - An unknown cipher was received" ); + polarssl_snprintf( buf, buflen, "SSL - An unknown cipher was received" ); if( use_ret == -(POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN) ) - snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" ); + polarssl_snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" ); if( use_ret == -(POLARSSL_ERR_SSL_NO_RNG) ) - snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" ); + polarssl_snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" ); if( use_ret == -(POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE) ) - snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" ); + polarssl_snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" ); if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE) ) - snprintf( buf, buflen, "SSL - Our own certificate(s) is/are too large to send in an SSL message" ); + polarssl_snprintf( buf, buflen, "SSL - Our own certificate(s) is/are too large to send in an SSL message" ); if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED) ) - snprintf( buf, buflen, "SSL - The own certificate is not set, but needed by the server" ); + polarssl_snprintf( buf, buflen, "SSL - The own certificate is not set, but needed by the server" ); if( use_ret == -(POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED) ) - snprintf( buf, buflen, "SSL - The own private key or pre-shared key is not set, but needed" ); + polarssl_snprintf( buf, buflen, "SSL - The own private key or pre-shared key is not set, but needed" ); if( use_ret == -(POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED) ) - snprintf( buf, buflen, "SSL - No CA Chain is set, but required to operate" ); + polarssl_snprintf( buf, buflen, "SSL - No CA Chain is set, but required to operate" ); if( use_ret == -(POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE) ) - snprintf( buf, buflen, "SSL - An unexpected message was received from our peer" ); + polarssl_snprintf( buf, buflen, "SSL - An unexpected message was received from our peer" ); if( use_ret == -(POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE) ) { - snprintf( buf, buflen, "SSL - A fatal alert message was received from our peer" ); + polarssl_snprintf( buf, buflen, "SSL - A fatal alert message was received from our peer" ); return; } if( use_ret == -(POLARSSL_ERR_SSL_PEER_VERIFY_FAILED) ) - snprintf( buf, buflen, "SSL - Verification of our peer failed" ); + polarssl_snprintf( buf, buflen, "SSL - Verification of our peer failed" ); if( use_ret == -(POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) ) - snprintf( buf, buflen, "SSL - The peer notified us that the connection is going to be closed" ); + polarssl_snprintf( buf, buflen, "SSL - The peer notified us that the connection is going to be closed" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO) ) - snprintf( buf, buflen, "SSL - Processing of the ClientHello handshake message failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the ClientHello handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO) ) - snprintf( buf, buflen, "SSL - Processing of the ServerHello handshake message failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the ServerHello handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE) ) - snprintf( buf, buflen, "SSL - Processing of the Certificate handshake message failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the Certificate handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST) ) - snprintf( buf, buflen, "SSL - Processing of the CertificateRequest handshake message failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the CertificateRequest handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE) ) - snprintf( buf, buflen, "SSL - Processing of the ServerKeyExchange handshake message failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the ServerKeyExchange handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE) ) - snprintf( buf, buflen, "SSL - Processing of the ServerHelloDone handshake message failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the ServerHelloDone handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE) ) - snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP) ) - snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS) ) - snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY) ) - snprintf( buf, buflen, "SSL - Processing of the CertificateVerify handshake message failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the CertificateVerify handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC) ) - snprintf( buf, buflen, "SSL - Processing of the ChangeCipherSpec handshake message failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the ChangeCipherSpec handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_FINISHED) ) - snprintf( buf, buflen, "SSL - Processing of the Finished handshake message failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the Finished handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_MALLOC_FAILED) ) - snprintf( buf, buflen, "SSL - Memory allocation failed" ); + polarssl_snprintf( buf, buflen, "SSL - Memory allocation failed" ); if( use_ret == -(POLARSSL_ERR_SSL_HW_ACCEL_FAILED) ) - snprintf( buf, buflen, "SSL - Hardware acceleration function returned with error" ); + polarssl_snprintf( buf, buflen, "SSL - Hardware acceleration function returned with error" ); if( use_ret == -(POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH) ) - snprintf( buf, buflen, "SSL - Hardware acceleration function skipped / left alone data" ); + polarssl_snprintf( buf, buflen, "SSL - Hardware acceleration function skipped / left alone data" ); if( use_ret == -(POLARSSL_ERR_SSL_COMPRESSION_FAILED) ) - snprintf( buf, buflen, "SSL - Processing of the compression / decompression failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the compression / decompression failed" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION) ) - snprintf( buf, buflen, "SSL - Handshake protocol not within min/max boundaries" ); + polarssl_snprintf( buf, buflen, "SSL - Handshake protocol not within min/max boundaries" ); if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET) ) - snprintf( buf, buflen, "SSL - Processing of the NewSessionTicket handshake message failed" ); + polarssl_snprintf( buf, buflen, "SSL - Processing of the NewSessionTicket handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED) ) - snprintf( buf, buflen, "SSL - Session ticket has expired" ); + polarssl_snprintf( buf, buflen, "SSL - Session ticket has expired" ); if( use_ret == -(POLARSSL_ERR_SSL_PK_TYPE_MISMATCH) ) - snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" ); + polarssl_snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" ); if( use_ret == -(POLARSSL_ERR_SSL_UNKNOWN_IDENTITY) ) - snprintf( buf, buflen, "SSL - Unknown identity received (eg, PSK identity)" ); + polarssl_snprintf( buf, buflen, "SSL - Unknown identity received (eg, PSK identity)" ); if( use_ret == -(POLARSSL_ERR_SSL_INTERNAL_ERROR) ) - snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" ); + polarssl_snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" ); if( use_ret == -(POLARSSL_ERR_SSL_COUNTER_WRAPPING) ) - snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" ); + polarssl_snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" ); if( use_ret == -(POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO) ) - snprintf( buf, buflen, "SSL - Unexpected message at ServerHello in renegotiation" ); + polarssl_snprintf( buf, buflen, "SSL - Unexpected message at ServerHello in renegotiation" ); if( use_ret == -(POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE) ) - snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" ); + polarssl_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" ); #endif /* POLARSSL_SSL_TLS_C */ #if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C) if( use_ret == -(POLARSSL_ERR_X509_FEATURE_UNAVAILABLE) ) - snprintf( buf, buflen, "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" ); + polarssl_snprintf( buf, buflen, "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" ); if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_OID) ) - snprintf( buf, buflen, "X509 - Requested OID is unknown" ); + polarssl_snprintf( buf, buflen, "X509 - Requested OID is unknown" ); if( use_ret == -(POLARSSL_ERR_X509_INVALID_FORMAT) ) - snprintf( buf, buflen, "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" ); + polarssl_snprintf( buf, buflen, "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" ); if( use_ret == -(POLARSSL_ERR_X509_INVALID_VERSION) ) - snprintf( buf, buflen, "X509 - The CRT/CRL/CSR version element is invalid" ); + polarssl_snprintf( buf, buflen, "X509 - The CRT/CRL/CSR version element is invalid" ); if( use_ret == -(POLARSSL_ERR_X509_INVALID_SERIAL) ) - snprintf( buf, buflen, "X509 - The serial tag or value is invalid" ); + polarssl_snprintf( buf, buflen, "X509 - The serial tag or value is invalid" ); if( use_ret == -(POLARSSL_ERR_X509_INVALID_ALG) ) - snprintf( buf, buflen, "X509 - The algorithm tag or value is invalid" ); + polarssl_snprintf( buf, buflen, "X509 - The algorithm tag or value is invalid" ); if( use_ret == -(POLARSSL_ERR_X509_INVALID_NAME) ) - snprintf( buf, buflen, "X509 - The name tag or value is invalid" ); + polarssl_snprintf( buf, buflen, "X509 - The name tag or value is invalid" ); if( use_ret == -(POLARSSL_ERR_X509_INVALID_DATE) ) - snprintf( buf, buflen, "X509 - The date tag or value is invalid" ); + polarssl_snprintf( buf, buflen, "X509 - The date tag or value is invalid" ); if( use_ret == -(POLARSSL_ERR_X509_INVALID_SIGNATURE) ) - snprintf( buf, buflen, "X509 - The signature tag or value invalid" ); + polarssl_snprintf( buf, buflen, "X509 - The signature tag or value invalid" ); if( use_ret == -(POLARSSL_ERR_X509_INVALID_EXTENSIONS) ) - snprintf( buf, buflen, "X509 - The extension tag or value is invalid" ); + polarssl_snprintf( buf, buflen, "X509 - The extension tag or value is invalid" ); if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_VERSION) ) - snprintf( buf, buflen, "X509 - CRT/CRL/CSR has an unsupported version number" ); + polarssl_snprintf( buf, buflen, "X509 - CRT/CRL/CSR has an unsupported version number" ); if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_SIG_ALG) ) - snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" ); + polarssl_snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" ); if( use_ret == -(POLARSSL_ERR_X509_SIG_MISMATCH) ) - snprintf( buf, buflen, "X509 - Signature algorithms do not match. (see \\c ::x509_crt sig_oid)" ); + polarssl_snprintf( buf, buflen, "X509 - Signature algorithms do not match. (see \\c ::x509_crt sig_oid)" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_VERIFY_FAILED) ) - snprintf( buf, buflen, "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" ); + polarssl_snprintf( buf, buflen, "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT) ) - snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" ); + polarssl_snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" ); if( use_ret == -(POLARSSL_ERR_X509_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "X509 - Input invalid" ); + polarssl_snprintf( buf, buflen, "X509 - Input invalid" ); if( use_ret == -(POLARSSL_ERR_X509_MALLOC_FAILED) ) - snprintf( buf, buflen, "X509 - Allocation of memory failed" ); + polarssl_snprintf( buf, buflen, "X509 - Allocation of memory failed" ); if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) ) - snprintf( buf, buflen, "X509 - Read/write of file failed" ); + polarssl_snprintf( buf, buflen, "X509 - Read/write of file failed" ); + if( use_ret == -(POLARSSL_ERR_X509_FATAL_ERROR) ) + polarssl_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" ); #endif /* POLARSSL_X509_USE,X509_CREATE_C */ // END generated code if( strlen( buf ) == 0 ) - snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + polarssl_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); } use_ret = ret & ~0xFF80; @@ -512,7 +520,7 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) if( buflen - len < 5 ) return; - snprintf( buf + len, buflen - len, " : " ); + polarssl_snprintf( buf + len, buflen - len, " : " ); buf += len + 3; buflen -= len + 3; @@ -523,216 +531,216 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) // BEGIN generated code #if defined(POLARSSL_AES_C) if( use_ret == -(POLARSSL_ERR_AES_INVALID_KEY_LENGTH) ) - snprintf( buf, buflen, "AES - Invalid key length" ); + polarssl_snprintf( buf, buflen, "AES - Invalid key length" ); if( use_ret == -(POLARSSL_ERR_AES_INVALID_INPUT_LENGTH) ) - snprintf( buf, buflen, "AES - Invalid data input length" ); + polarssl_snprintf( buf, buflen, "AES - Invalid data input length" ); #endif /* POLARSSL_AES_C */ #if defined(POLARSSL_ASN1_PARSE_C) if( use_ret == -(POLARSSL_ERR_ASN1_OUT_OF_DATA) ) - snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" ); + polarssl_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" ); if( use_ret == -(POLARSSL_ERR_ASN1_UNEXPECTED_TAG) ) - snprintf( buf, buflen, "ASN1 - ASN1 tag was of an unexpected value" ); + polarssl_snprintf( buf, buflen, "ASN1 - ASN1 tag was of an unexpected value" ); if( use_ret == -(POLARSSL_ERR_ASN1_INVALID_LENGTH) ) - snprintf( buf, buflen, "ASN1 - Error when trying to determine the length or invalid length" ); + polarssl_snprintf( buf, buflen, "ASN1 - Error when trying to determine the length or invalid length" ); if( use_ret == -(POLARSSL_ERR_ASN1_LENGTH_MISMATCH) ) - snprintf( buf, buflen, "ASN1 - Actual length differs from expected length" ); + polarssl_snprintf( buf, buflen, "ASN1 - Actual length differs from expected length" ); if( use_ret == -(POLARSSL_ERR_ASN1_INVALID_DATA) ) - snprintf( buf, buflen, "ASN1 - Data is invalid. (not used)" ); + polarssl_snprintf( buf, buflen, "ASN1 - Data is invalid. (not used)" ); if( use_ret == -(POLARSSL_ERR_ASN1_MALLOC_FAILED) ) - snprintf( buf, buflen, "ASN1 - Memory allocation failed" ); + polarssl_snprintf( buf, buflen, "ASN1 - Memory allocation failed" ); if( use_ret == -(POLARSSL_ERR_ASN1_BUF_TOO_SMALL) ) - snprintf( buf, buflen, "ASN1 - Buffer too small when writing ASN.1 data structure" ); + polarssl_snprintf( buf, buflen, "ASN1 - Buffer too small when writing ASN.1 data structure" ); #endif /* POLARSSL_ASN1_PARSE_C */ #if defined(POLARSSL_BASE64_C) if( use_ret == -(POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL) ) - snprintf( buf, buflen, "BASE64 - Output buffer too small" ); + polarssl_snprintf( buf, buflen, "BASE64 - Output buffer too small" ); if( use_ret == -(POLARSSL_ERR_BASE64_INVALID_CHARACTER) ) - snprintf( buf, buflen, "BASE64 - Invalid character in input" ); + polarssl_snprintf( buf, buflen, "BASE64 - Invalid character in input" ); #endif /* POLARSSL_BASE64_C */ #if defined(POLARSSL_BIGNUM_C) if( use_ret == -(POLARSSL_ERR_MPI_FILE_IO_ERROR) ) - snprintf( buf, buflen, "BIGNUM - An error occurred while reading from or writing to a file" ); + polarssl_snprintf( buf, buflen, "BIGNUM - An error occurred while reading from or writing to a file" ); if( use_ret == -(POLARSSL_ERR_MPI_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "BIGNUM - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "BIGNUM - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_MPI_INVALID_CHARACTER) ) - snprintf( buf, buflen, "BIGNUM - There is an invalid character in the digit string" ); + polarssl_snprintf( buf, buflen, "BIGNUM - There is an invalid character in the digit string" ); if( use_ret == -(POLARSSL_ERR_MPI_BUFFER_TOO_SMALL) ) - snprintf( buf, buflen, "BIGNUM - The buffer is too small to write to" ); + polarssl_snprintf( buf, buflen, "BIGNUM - The buffer is too small to write to" ); if( use_ret == -(POLARSSL_ERR_MPI_NEGATIVE_VALUE) ) - snprintf( buf, buflen, "BIGNUM - The input arguments are negative or result in illegal output" ); + polarssl_snprintf( buf, buflen, "BIGNUM - The input arguments are negative or result in illegal output" ); if( use_ret == -(POLARSSL_ERR_MPI_DIVISION_BY_ZERO) ) - snprintf( buf, buflen, "BIGNUM - The input argument for division is zero, which is not allowed" ); + polarssl_snprintf( buf, buflen, "BIGNUM - The input argument for division is zero, which is not allowed" ); if( use_ret == -(POLARSSL_ERR_MPI_NOT_ACCEPTABLE) ) - snprintf( buf, buflen, "BIGNUM - The input arguments are not acceptable" ); + polarssl_snprintf( buf, buflen, "BIGNUM - The input arguments are not acceptable" ); if( use_ret == -(POLARSSL_ERR_MPI_MALLOC_FAILED) ) - snprintf( buf, buflen, "BIGNUM - Memory allocation failed" ); + polarssl_snprintf( buf, buflen, "BIGNUM - Memory allocation failed" ); #endif /* POLARSSL_BIGNUM_C */ #if defined(POLARSSL_BLOWFISH_C) if( use_ret == -(POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH) ) - snprintf( buf, buflen, "BLOWFISH - Invalid key length" ); + polarssl_snprintf( buf, buflen, "BLOWFISH - Invalid key length" ); if( use_ret == -(POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH) ) - snprintf( buf, buflen, "BLOWFISH - Invalid data input length" ); + polarssl_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" ); #endif /* POLARSSL_BLOWFISH_C */ #if defined(POLARSSL_CAMELLIA_C) if( use_ret == -(POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH) ) - snprintf( buf, buflen, "CAMELLIA - Invalid key length" ); + polarssl_snprintf( buf, buflen, "CAMELLIA - Invalid key length" ); if( use_ret == -(POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH) ) - snprintf( buf, buflen, "CAMELLIA - Invalid data input length" ); + polarssl_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" ); #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_CCM_C) if( use_ret == -(POLARSSL_ERR_CCM_BAD_INPUT) ) - snprintf( buf, buflen, "CCM - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "CCM - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_CCM_AUTH_FAILED) ) - snprintf( buf, buflen, "CCM - Authenticated decryption failed" ); + polarssl_snprintf( buf, buflen, "CCM - Authenticated decryption failed" ); #endif /* POLARSSL_CCM_C */ #if defined(POLARSSL_CTR_DRBG_C) if( use_ret == -(POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) ) - snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); + polarssl_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); if( use_ret == -(POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG) ) - snprintf( buf, buflen, "CTR_DRBG - Too many random requested in single call" ); + polarssl_snprintf( buf, buflen, "CTR_DRBG - Too many random requested in single call" ); if( use_ret == -(POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG) ) - snprintf( buf, buflen, "CTR_DRBG - Input too large (Entropy + additional)" ); + polarssl_snprintf( buf, buflen, "CTR_DRBG - Input too large (Entropy + additional)" ); if( use_ret == -(POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR) ) - snprintf( buf, buflen, "CTR_DRBG - Read/write error in file" ); + polarssl_snprintf( buf, buflen, "CTR_DRBG - Read/write error in file" ); #endif /* POLARSSL_CTR_DRBG_C */ #if defined(POLARSSL_DES_C) if( use_ret == -(POLARSSL_ERR_DES_INVALID_INPUT_LENGTH) ) - snprintf( buf, buflen, "DES - The data input has an invalid length" ); + polarssl_snprintf( buf, buflen, "DES - The data input has an invalid length" ); #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_ENTROPY_C) if( use_ret == -(POLARSSL_ERR_ENTROPY_SOURCE_FAILED) ) - snprintf( buf, buflen, "ENTROPY - Critical entropy source failure" ); + polarssl_snprintf( buf, buflen, "ENTROPY - Critical entropy source failure" ); if( use_ret == -(POLARSSL_ERR_ENTROPY_MAX_SOURCES) ) - snprintf( buf, buflen, "ENTROPY - No more sources can be added" ); + polarssl_snprintf( buf, buflen, "ENTROPY - No more sources can be added" ); if( use_ret == -(POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED) ) - snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" ); + polarssl_snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" ); if( use_ret == -(POLARSSL_ERR_ENTROPY_FILE_IO_ERROR) ) - snprintf( buf, buflen, "ENTROPY - Read/write error in file" ); + polarssl_snprintf( buf, buflen, "ENTROPY - Read/write error in file" ); #endif /* POLARSSL_ENTROPY_C */ #if defined(POLARSSL_GCM_C) if( use_ret == -(POLARSSL_ERR_GCM_AUTH_FAILED) ) - snprintf( buf, buflen, "GCM - Authenticated decryption failed" ); + polarssl_snprintf( buf, buflen, "GCM - Authenticated decryption failed" ); if( use_ret == -(POLARSSL_ERR_GCM_BAD_INPUT) ) - snprintf( buf, buflen, "GCM - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "GCM - Bad input parameters to function" ); #endif /* POLARSSL_GCM_C */ #if defined(POLARSSL_HMAC_DRBG_C) if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG) ) - snprintf( buf, buflen, "HMAC_DRBG - Too many random requested in single call" ); + polarssl_snprintf( buf, buflen, "HMAC_DRBG - Too many random requested in single call" ); if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG) ) - snprintf( buf, buflen, "HMAC_DRBG - Input too large (Entropy + additional)" ); + polarssl_snprintf( buf, buflen, "HMAC_DRBG - Input too large (Entropy + additional)" ); if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR) ) - snprintf( buf, buflen, "HMAC_DRBG - Read/write error in file" ); + polarssl_snprintf( buf, buflen, "HMAC_DRBG - Read/write error in file" ); if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED) ) - snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" ); + polarssl_snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" ); #endif /* POLARSSL_HMAC_DRBG_C */ #if defined(POLARSSL_MD2_C) if( use_ret == -(POLARSSL_ERR_MD2_FILE_IO_ERROR) ) - snprintf( buf, buflen, "MD2 - Read/write error in file" ); + polarssl_snprintf( buf, buflen, "MD2 - Read/write error in file" ); #endif /* POLARSSL_MD2_C */ #if defined(POLARSSL_MD4_C) if( use_ret == -(POLARSSL_ERR_MD4_FILE_IO_ERROR) ) - snprintf( buf, buflen, "MD4 - Read/write error in file" ); + polarssl_snprintf( buf, buflen, "MD4 - Read/write error in file" ); #endif /* POLARSSL_MD4_C */ #if defined(POLARSSL_MD5_C) if( use_ret == -(POLARSSL_ERR_MD5_FILE_IO_ERROR) ) - snprintf( buf, buflen, "MD5 - Read/write error in file" ); + polarssl_snprintf( buf, buflen, "MD5 - Read/write error in file" ); #endif /* POLARSSL_MD5_C */ #if defined(POLARSSL_NET_C) if( use_ret == -(POLARSSL_ERR_NET_UNKNOWN_HOST) ) - snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" ); + polarssl_snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" ); if( use_ret == -(POLARSSL_ERR_NET_SOCKET_FAILED) ) - snprintf( buf, buflen, "NET - Failed to open a socket" ); + polarssl_snprintf( buf, buflen, "NET - Failed to open a socket" ); if( use_ret == -(POLARSSL_ERR_NET_CONNECT_FAILED) ) - snprintf( buf, buflen, "NET - The connection to the given server / port failed" ); + polarssl_snprintf( buf, buflen, "NET - The connection to the given server / port failed" ); if( use_ret == -(POLARSSL_ERR_NET_BIND_FAILED) ) - snprintf( buf, buflen, "NET - Binding of the socket failed" ); + polarssl_snprintf( buf, buflen, "NET - Binding of the socket failed" ); if( use_ret == -(POLARSSL_ERR_NET_LISTEN_FAILED) ) - snprintf( buf, buflen, "NET - Could not listen on the socket" ); + polarssl_snprintf( buf, buflen, "NET - Could not listen on the socket" ); if( use_ret == -(POLARSSL_ERR_NET_ACCEPT_FAILED) ) - snprintf( buf, buflen, "NET - Could not accept the incoming connection" ); + polarssl_snprintf( buf, buflen, "NET - Could not accept the incoming connection" ); if( use_ret == -(POLARSSL_ERR_NET_RECV_FAILED) ) - snprintf( buf, buflen, "NET - Reading information from the socket failed" ); + polarssl_snprintf( buf, buflen, "NET - Reading information from the socket failed" ); if( use_ret == -(POLARSSL_ERR_NET_SEND_FAILED) ) - snprintf( buf, buflen, "NET - Sending information through the socket failed" ); + polarssl_snprintf( buf, buflen, "NET - Sending information through the socket failed" ); if( use_ret == -(POLARSSL_ERR_NET_CONN_RESET) ) - snprintf( buf, buflen, "NET - Connection was reset by peer" ); + polarssl_snprintf( buf, buflen, "NET - Connection was reset by peer" ); if( use_ret == -(POLARSSL_ERR_NET_WANT_READ) ) - snprintf( buf, buflen, "NET - Connection requires a read call" ); + polarssl_snprintf( buf, buflen, "NET - Connection requires a read call" ); if( use_ret == -(POLARSSL_ERR_NET_WANT_WRITE) ) - snprintf( buf, buflen, "NET - Connection requires a write call" ); + polarssl_snprintf( buf, buflen, "NET - Connection requires a write call" ); #endif /* POLARSSL_NET_C */ #if defined(POLARSSL_OID_C) if( use_ret == -(POLARSSL_ERR_OID_NOT_FOUND) ) - snprintf( buf, buflen, "OID - OID is not found" ); + polarssl_snprintf( buf, buflen, "OID - OID is not found" ); if( use_ret == -(POLARSSL_ERR_OID_BUF_TOO_SMALL) ) - snprintf( buf, buflen, "OID - output buffer is too small" ); + polarssl_snprintf( buf, buflen, "OID - output buffer is too small" ); #endif /* POLARSSL_OID_C */ #if defined(POLARSSL_PADLOCK_C) if( use_ret == -(POLARSSL_ERR_PADLOCK_DATA_MISALIGNED) ) - snprintf( buf, buflen, "PADLOCK - Input data should be aligned" ); + polarssl_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" ); #endif /* POLARSSL_PADLOCK_C */ #if defined(POLARSSL_PBKDF2_C) if( use_ret == -(POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" ); #endif /* POLARSSL_PBKDF2_C */ #if defined(POLARSSL_RIPEMD160_C) if( use_ret == -(POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR) ) - snprintf( buf, buflen, "RIPEMD160 - Read/write error in file" ); + polarssl_snprintf( buf, buflen, "RIPEMD160 - Read/write error in file" ); #endif /* POLARSSL_RIPEMD160_C */ #if defined(POLARSSL_SHA1_C) if( use_ret == -(POLARSSL_ERR_SHA1_FILE_IO_ERROR) ) - snprintf( buf, buflen, "SHA1 - Read/write error in file" ); + polarssl_snprintf( buf, buflen, "SHA1 - Read/write error in file" ); #endif /* POLARSSL_SHA1_C */ #if defined(POLARSSL_SHA256_C) if( use_ret == -(POLARSSL_ERR_SHA256_FILE_IO_ERROR) ) - snprintf( buf, buflen, "SHA256 - Read/write error in file" ); + polarssl_snprintf( buf, buflen, "SHA256 - Read/write error in file" ); #endif /* POLARSSL_SHA256_C */ #if defined(POLARSSL_SHA512_C) if( use_ret == -(POLARSSL_ERR_SHA512_FILE_IO_ERROR) ) - snprintf( buf, buflen, "SHA512 - Read/write error in file" ); + polarssl_snprintf( buf, buflen, "SHA512 - Read/write error in file" ); #endif /* POLARSSL_SHA512_C */ #if defined(POLARSSL_THREADING_C) if( use_ret == -(POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE) ) - snprintf( buf, buflen, "THREADING - The selected feature is not available" ); + polarssl_snprintf( buf, buflen, "THREADING - The selected feature is not available" ); if( use_ret == -(POLARSSL_ERR_THREADING_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "THREADING - Bad input parameters to function" ); + polarssl_snprintf( buf, buflen, "THREADING - Bad input parameters to function" ); if( use_ret == -(POLARSSL_ERR_THREADING_MUTEX_ERROR) ) - snprintf( buf, buflen, "THREADING - Locking / unlocking / free failed with error code" ); + polarssl_snprintf( buf, buflen, "THREADING - Locking / unlocking / free failed with error code" ); #endif /* POLARSSL_THREADING_C */ #if defined(POLARSSL_XTEA_C) if( use_ret == -(POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH) ) - snprintf( buf, buflen, "XTEA - The data input has an invalid length" ); + polarssl_snprintf( buf, buflen, "XTEA - The data input has an invalid length" ); #endif /* POLARSSL_XTEA_C */ // END generated code if( strlen( buf ) != 0 ) return; - snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + polarssl_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); } #if defined(POLARSSL_ERROR_STRERROR_BC) @@ -746,8 +754,6 @@ void error_strerror( int ret, char *buf, size_t buflen ) #if defined(POLARSSL_ERROR_STRERROR_DUMMY) -#include - /* * Provide an non-function in case POLARSSL_ERROR_C is not defined */ diff --git a/ext/polarssl-1.3/library/gcm.c b/ext/polarssl-1.3/library/gcm.c index 415e53af97..57ecc06324 100644 --- a/ext/polarssl-1.3/library/gcm.c +++ b/ext/polarssl-1.3/library/gcm.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,15 +40,20 @@ #include "polarssl/gcm.h" +#include + #if defined(POLARSSL_AESNI_C) #include "polarssl/aesni.h" #endif +#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */ /* * 32-bit integer manipulation macros (big endian) @@ -131,7 +136,7 @@ static int gcm_gen_table( gcm_context *ctx ) ctx->HH[i] = vh; } - for( i = 2; i < 16; i <<= 1 ) + for( i = 2; i <= 8; i *= 2 ) { uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i; vh = *HiH; @@ -163,6 +168,8 @@ int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key, if( cipher_info->block_size != 16 ) return( POLARSSL_ERR_GCM_BAD_INPUT ); + cipher_free( &ctx->cipher_ctx ); + if( ( ret = cipher_init_ctx( &ctx->cipher_ctx, cipher_info ) ) != 0 ) return( ret ); @@ -265,8 +272,10 @@ int gcm_starts( gcm_context *ctx, size_t use_len, olen = 0; /* IV and AD are limited to 2^64 bits, so 2^61 bytes */ - if( ( (uint64_t) iv_len ) >> 61 != 0 || - ( (uint64_t) add_len ) >> 61 != 0 ) + /* IV is not allowed to be zero length */ + if( iv_len == 0 || + ( (uint64_t) iv_len ) >> 61 != 0 || + ( (uint64_t) add_len ) >> 61 != 0 ) { return( POLARSSL_ERR_GCM_BAD_INPUT ); } @@ -350,7 +359,7 @@ int gcm_update( gcm_context *ctx, /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes * Also check for possible overflow */ if( ctx->len + length < ctx->len || - (uint64_t) ctx->len + length > 0x03FFFFE0ull ) + (uint64_t) ctx->len + length > 0xFFFFFFFE0ull ) { return( POLARSSL_ERR_GCM_BAD_INPUT ); } @@ -403,8 +412,7 @@ int gcm_finish( gcm_context *ctx, if( tag_len > 16 || tag_len < 4 ) return( POLARSSL_ERR_GCM_BAD_INPUT ); - if( tag_len != 0 ) - memcpy( tag, ctx->base_ectr, tag_len ); + memcpy( tag, ctx->base_ectr, tag_len ); if( orig_len || orig_add_len ) { @@ -496,9 +504,6 @@ void gcm_free( gcm_context *ctx ) } #if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C) - -#include - /* * AES-GCM test vectors from: * @@ -506,10 +511,10 @@ void gcm_free( gcm_context *ctx ) */ #define MAX_TESTS 6 -int key_index[MAX_TESTS] = +static const int key_index[MAX_TESTS] = { 0, 0, 1, 1, 1, 1 }; -unsigned char key[MAX_TESTS][32] = +static const unsigned char key[MAX_TESTS][32] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -521,13 +526,13 @@ unsigned char key[MAX_TESTS][32] = 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 }, }; -size_t iv_len[MAX_TESTS] = +static const size_t iv_len[MAX_TESTS] = { 12, 12, 12, 12, 8, 60 }; -int iv_index[MAX_TESTS] = +static const int iv_index[MAX_TESTS] = { 0, 0, 1, 1, 1, 2 }; -unsigned char iv[MAX_TESTS][64] = +static const unsigned char iv[MAX_TESTS][64] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, @@ -543,13 +548,13 @@ unsigned char iv[MAX_TESTS][64] = 0xa6, 0x37, 0xb3, 0x9b }, }; -size_t add_len[MAX_TESTS] = +static const size_t add_len[MAX_TESTS] = { 0, 0, 0, 20, 20, 20 }; -int add_index[MAX_TESTS] = +static const int add_index[MAX_TESTS] = { 0, 0, 0, 1, 1, 1 }; -unsigned char additional[MAX_TESTS][64] = +static const unsigned char additional[MAX_TESTS][64] = { { 0x00 }, { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, @@ -557,13 +562,13 @@ unsigned char additional[MAX_TESTS][64] = 0xab, 0xad, 0xda, 0xd2 }, }; -size_t pt_len[MAX_TESTS] = +static const size_t pt_len[MAX_TESTS] = { 0, 16, 64, 60, 60, 60 }; -int pt_index[MAX_TESTS] = +static const int pt_index[MAX_TESTS] = { 0, 0, 1, 1, 1, 1 }; -unsigned char pt[MAX_TESTS][64] = +static const unsigned char pt[MAX_TESTS][64] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, @@ -577,7 +582,7 @@ unsigned char pt[MAX_TESTS][64] = 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 }, }; -unsigned char ct[MAX_TESTS * 3][64] = +static const unsigned char ct[MAX_TESTS * 3][64] = { { 0x00 }, { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, @@ -686,7 +691,7 @@ unsigned char ct[MAX_TESTS * 3][64] = 0x44, 0xae, 0x7e, 0x3f }, }; -unsigned char tag[MAX_TESTS * 3][16] = +static const unsigned char tag[MAX_TESTS * 3][16] = { { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a }, @@ -937,8 +942,6 @@ int gcm_self_test( int verbose ) return( 0 ); } - - #endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */ #endif /* POLARSSL_GCM_C */ diff --git a/ext/polarssl-1.3/library/havege.c b/ext/polarssl-1.3/library/havege.c index e496c4ecf0..fe656991c2 100644 --- a/ext/polarssl-1.3/library/havege.c +++ b/ext/polarssl-1.3/library/havege.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/library/hmac_drbg.c b/ext/polarssl-1.3/library/hmac_drbg.c index ed06cce833..eece38997c 100644 --- a/ext/polarssl-1.3/library/hmac_drbg.c +++ b/ext/polarssl-1.3/library/hmac_drbg.c @@ -3,7 +3,7 @@ * * Copyright (C) 2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,15 +36,20 @@ #include "polarssl/hmac_drbg.h" +#include + #if defined(POLARSSL_FS_IO) #include #endif +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_SELF_TEST */ +#endif /* POLARSSL_PLATFORM_C */ /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { @@ -309,7 +314,7 @@ void hmac_drbg_free( hmac_drbg_context *ctx ) if( ctx == NULL ) return; - md_free_ctx( &ctx->md_ctx ); + md_free( &ctx->md_ctx ); polarssl_zeroize( ctx, sizeof( hmac_drbg_context ) ); } @@ -337,11 +342,14 @@ int hmac_drbg_write_seed_file( hmac_drbg_context *ctx, const char *path ) exit: fclose( f ); + polarssl_zeroize( buf, sizeof( buf ) ); + return( ret ); } int hmac_drbg_update_seed_file( hmac_drbg_context *ctx, const char *path ) { + int ret = 0; FILE *f; size_t n; unsigned char buf[ POLARSSL_HMAC_DRBG_MAX_INPUT ]; @@ -360,14 +368,16 @@ int hmac_drbg_update_seed_file( hmac_drbg_context *ctx, const char *path ) } if( fread( buf, 1, n, f ) != n ) - { - fclose( f ); - return( POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR ); - } + ret = POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR; + else + hmac_drbg_update( ctx, buf, n ); fclose( f ); - hmac_drbg_update( ctx, buf, n ); + polarssl_zeroize( buf, sizeof( buf ) ); + + if( ret != 0 ) + return( ret ); return( hmac_drbg_write_seed_file( ctx, path ) ); } @@ -376,8 +386,6 @@ int hmac_drbg_update_seed_file( hmac_drbg_context *ctx, const char *path ) #if defined(POLARSSL_SELF_TEST) -#include - #if !defined(POLARSSL_SHA1_C) /* Dummy checkup routine */ int hmac_drbg_self_test( int verbose ) @@ -393,7 +401,7 @@ int hmac_drbg_self_test( int verbose ) #define OUTPUT_LEN 80 /* From a NIST PR=true test vector */ -static unsigned char entropy_pr[] = { +static const unsigned char entropy_pr[] = { 0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f, 0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11, 0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42, @@ -409,7 +417,7 @@ static const unsigned char result_pr[OUTPUT_LEN] = { 0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 }; /* From a NIST PR=false test vector */ -static unsigned char entropy_nopr[] = { +static const unsigned char entropy_nopr[] = { 0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66, 0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8, 0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3, @@ -458,7 +466,7 @@ int hmac_drbg_self_test( int verbose ) test_offset = 0; CHK( hmac_drbg_init( &ctx, md_info, - hmac_drbg_self_test_entropy, entropy_pr, + hmac_drbg_self_test_entropy, (void *) entropy_pr, NULL, 0 ) ); hmac_drbg_set_prediction_resistance( &ctx, POLARSSL_HMAC_DRBG_PR_ON ); CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); @@ -477,7 +485,7 @@ int hmac_drbg_self_test( int verbose ) test_offset = 0; CHK( hmac_drbg_init( &ctx, md_info, - hmac_drbg_self_test_entropy, entropy_nopr, + hmac_drbg_self_test_entropy, (void *) entropy_nopr, NULL, 0 ) ); CHK( hmac_drbg_reseed( &ctx, NULL, 0 ) ); CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); diff --git a/ext/polarssl-1.3/library/md.c b/ext/polarssl-1.3/library/md.c index b83e6ecd22..cf4d7e3349 100644 --- a/ext/polarssl-1.3/library/md.c +++ b/ext/polarssl-1.3/library/md.c @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,6 +36,7 @@ #include "polarssl/md_wrap.h" #include +#include #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \ !defined(EFI32) @@ -202,12 +203,14 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ) return( 0 ); } +#if ! defined(POLARSSL_DEPRECATED_REMOVED) int md_free_ctx( md_context_t *ctx ) { md_free( ctx ); return( 0 ); } +#endif int md_starts( md_context_t *ctx ) { diff --git a/ext/polarssl-1.3/library/md2.c b/ext/polarssl-1.3/library/md2.c index 9e9a3a2106..2d6123f129 100644 --- a/ext/polarssl-1.3/library/md2.c +++ b/ext/polarssl-1.3/library/md2.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,23 +36,28 @@ #include "polarssl/md2.h" -#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST) +#include + +#if defined(POLARSSL_FS_IO) #include #endif +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ + +#if !defined(POLARSSL_MD2_ALT) /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if !defined(POLARSSL_MD2_ALT) - static const unsigned char PI_SUBST[256] = { 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, @@ -150,7 +155,7 @@ void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen ) while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; @@ -212,6 +217,7 @@ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] ) */ int md2_file( const char *path, unsigned char output[16] ) { + int ret = 0; FILE *f; size_t n; md2_context ctx; @@ -226,17 +232,16 @@ int md2_file( const char *path, unsigned char output[16] ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) md2_update( &ctx, buf, n ); - md2_finish( &ctx, output ); - md2_free( &ctx ); - if( ferror( f ) != 0 ) - { - fclose( f ); - return( POLARSSL_ERR_MD2_FILE_IO_ERROR ); - } + ret = POLARSSL_ERR_MD2_FILE_IO_ERROR; + else + md2_finish( &ctx, output ); + md2_free( &ctx ); + polarssl_zeroize( buf, sizeof( buf ) ); fclose( f ); - return( 0 ); + + return( ret ); } #endif /* POLARSSL_FS_IO */ diff --git a/ext/polarssl-1.3/library/md4.c b/ext/polarssl-1.3/library/md4.c index 47f5c9c9ef..9c4a9b80a6 100644 --- a/ext/polarssl-1.3/library/md4.c +++ b/ext/polarssl-1.3/library/md4.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,23 +36,28 @@ #include "polarssl/md4.h" -#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST) +#include + +#if defined(POLARSSL_FS_IO) #include #endif +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ + +#if !defined(POLARSSL_MD4_ALT) /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if !defined(POLARSSL_MD4_ALT) - /* * 32-bit integer manipulation macros (little endian) */ @@ -308,6 +313,7 @@ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] ) */ int md4_file( const char *path, unsigned char output[16] ) { + int ret = 0; FILE *f; size_t n; md4_context ctx; @@ -322,17 +328,16 @@ int md4_file( const char *path, unsigned char output[16] ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) md4_update( &ctx, buf, n ); - md4_finish( &ctx, output ); - md4_free( &ctx ); - if( ferror( f ) != 0 ) - { - fclose( f ); - return( POLARSSL_ERR_MD4_FILE_IO_ERROR ); - } + ret = POLARSSL_ERR_MD4_FILE_IO_ERROR; + else + md4_finish( &ctx, output ); + md4_free( &ctx ); + polarssl_zeroize( buf, sizeof( buf ) ); fclose( f ); - return( 0 ); + + return( ret ); } #endif /* POLARSSL_FS_IO */ diff --git a/ext/polarssl-1.3/library/md5.c b/ext/polarssl-1.3/library/md5.c index 50f4ee3aa3..4a0f251919 100644 --- a/ext/polarssl-1.3/library/md5.c +++ b/ext/polarssl-1.3/library/md5.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,23 +35,28 @@ #include "polarssl/md5.h" -#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST) +#include + +#if defined(POLARSSL_FS_IO) #include #endif +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ + +#if !defined(POLARSSL_MD5_ALT) /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if !defined(POLARSSL_MD5_ALT) - /* * 32-bit integer manipulation macros (little endian) */ @@ -325,6 +330,7 @@ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] ) */ int md5_file( const char *path, unsigned char output[16] ) { + int ret = 0; FILE *f; size_t n; md5_context ctx; @@ -339,17 +345,16 @@ int md5_file( const char *path, unsigned char output[16] ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) md5_update( &ctx, buf, n ); - md5_finish( &ctx, output ); - md5_free( &ctx ); - if( ferror( f ) != 0 ) - { - fclose( f ); - return( POLARSSL_ERR_MD5_FILE_IO_ERROR ); - } + ret = POLARSSL_ERR_MD5_FILE_IO_ERROR; + else + md5_finish( &ctx, output ); + md5_free( &ctx ); + polarssl_zeroize( buf, sizeof( buf ) ); fclose( f ); - return( 0 ); + + return( ret ); } #endif /* POLARSSL_FS_IO */ @@ -438,7 +443,7 @@ void md5_hmac( const unsigned char *key, size_t keylen, /* * RFC 1321 test vectors */ -static unsigned char md5_test_buf[7][81] = +static const unsigned char md5_test_buf[7][81] = { { "" }, { "a" }, @@ -476,7 +481,7 @@ static const unsigned char md5_test_sum[7][16] = /* * RFC 2202 test vectors */ -static unsigned char md5_hmac_test_key[7][26] = +static const unsigned char md5_hmac_test_key[7][26] = { { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" }, { "Jefe" }, @@ -493,7 +498,7 @@ static const int md5_hmac_test_keylen[7] = 16, 4, 16, 25, 16, 80, 80 }; -static unsigned char md5_hmac_test_buf[7][74] = +static const unsigned char md5_hmac_test_buf[7][74] = { { "Hi There" }, { "what do ya want for nothing?" }, @@ -575,7 +580,7 @@ int md5_self_test( int verbose ) if( i == 5 || i == 6 ) { - memset( buf, '\xAA', buflen = 80 ); + memset( buf, 0xAA, buflen = 80 ); md5_hmac_starts( &ctx, buf, buflen ); } else diff --git a/ext/polarssl-1.3/library/md_wrap.c b/ext/polarssl-1.3/library/md_wrap.c index 62110ce765..f554333e78 100644 --- a/ext/polarssl-1.3/library/md_wrap.c +++ b/ext/polarssl-1.3/library/md_wrap.c @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -65,12 +65,11 @@ #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_malloc malloc #define polarssl_free free #endif -#include - /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -396,7 +395,7 @@ static void ripemd160_hmac_reset_wrap( void *ctx ) static void * ripemd160_ctx_alloc( void ) { ripemd160_context *ctx; - ctx = (ripemd160_context *) polarssl_malloc( sizeof( ripemd160_context ) ); + ctx = polarssl_malloc( sizeof( ripemd160_context ) ); if( ctx == NULL ) return( NULL ); @@ -492,7 +491,7 @@ static void sha1_hmac_reset_wrap( void *ctx ) static void * sha1_ctx_alloc( void ) { sha1_context *ctx; - ctx = (sha1_context *) polarssl_malloc( sizeof( sha1_context ) ); + ctx = polarssl_malloc( sizeof( sha1_context ) ); if( ctx == NULL ) return( NULL ); @@ -701,7 +700,7 @@ static void sha256_hmac_wrap( const unsigned char *key, size_t keylen, static void * sha256_ctx_alloc( void ) { sha256_context *ctx; - ctx = (sha256_context *) polarssl_malloc( sizeof( sha256_context ) ); + ctx = polarssl_malloc( sizeof( sha256_context ) ); if( ctx == NULL ) return( NULL ); @@ -907,7 +906,7 @@ static void sha512_hmac_wrap( const unsigned char *key, size_t keylen, static void * sha512_ctx_alloc( void ) { sha512_context *ctx; - ctx = (sha512_context *) polarssl_malloc( sizeof( sha512_context ) ); + ctx = polarssl_malloc( sizeof( sha512_context ) ); if( ctx == NULL ) return( NULL ); diff --git a/ext/polarssl-1.3/library/memory_buffer_alloc.c b/ext/polarssl-1.3/library/memory_buffer_alloc.c index 6cde16a9f3..5eb8ab138c 100644 --- a/ext/polarssl-1.3/library/memory_buffer_alloc.c +++ b/ext/polarssl-1.3/library/memory_buffer_alloc.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,14 +27,14 @@ #endif #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) - #include "polarssl/memory_buffer_alloc.h" +/* No need for the header guard as POLARSSL_MEMORY_BUFFER_ALLOC_C + is dependent upon POLARSSL_PLATFORM_C */ +#include "polarssl/platform.h" + #include -#if defined(POLARSSL_MEMORY_DEBUG) -#include -#endif #if defined(POLARSSL_MEMORY_BACKTRACE) #include #endif @@ -43,12 +43,6 @@ #include "polarssl/threading.h" #endif -#if defined(POLARSSL_PLATFORM_C) -#include "polarssl/platform.h" -#else -#define polarssl_fprintf fprintf -#endif - /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -81,7 +75,6 @@ typedef struct size_t len; memory_header *first; memory_header *first_free; - size_t current_alloc_size; int verify; #if defined(POLARSSL_MEMORY_DEBUG) size_t malloc_count; @@ -274,7 +267,7 @@ static void *buffer_alloc_malloc( size_t len ) polarssl_fprintf( stderr, "FATAL: block in free_list but allocated " "data\n" ); #endif - exit( 1 ); + polarssl_exit( 1 ); } #if defined(POLARSSL_MEMORY_DEBUG) @@ -313,7 +306,7 @@ static void *buffer_alloc_malloc( size_t len ) #endif if( ( heap.verify & MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 ) - exit( 1 ); + polarssl_exit( 1 ); return( ( (unsigned char *) cur ) + sizeof(memory_header) ); } @@ -368,7 +361,7 @@ static void *buffer_alloc_malloc( size_t len ) #endif if( ( heap.verify & MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 ) - exit( 1 ); + polarssl_exit( 1 ); return( ( (unsigned char *) cur ) + sizeof(memory_header) ); } @@ -387,14 +380,14 @@ static void buffer_alloc_free( void *ptr ) polarssl_fprintf( stderr, "FATAL: polarssl_free() outside of managed " "space\n" ); #endif - exit( 1 ); + polarssl_exit( 1 ); } p -= sizeof(memory_header); hdr = (memory_header *) p; if( verify_header( hdr ) != 0 ) - exit( 1 ); + polarssl_exit( 1 ); if( hdr->alloc != 1 ) { @@ -402,7 +395,7 @@ static void buffer_alloc_free( void *ptr ) polarssl_fprintf( stderr, "FATAL: polarssl_free() on unallocated " "data\n" ); #endif - exit( 1 ); + polarssl_exit( 1 ); } hdr->alloc = 0; @@ -492,7 +485,7 @@ static void buffer_alloc_free( void *ptr ) #endif if( ( heap.verify & MEMORY_VERIFY_FREE ) && verify_chain() != 0 ) - exit( 1 ); + polarssl_exit( 1 ); } void memory_buffer_set_verify( int verify ) @@ -525,6 +518,24 @@ void memory_buffer_alloc_status() debug_chain(); } } + +void memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ) +{ + *max_used = heap.maximum_used; + *max_blocks = heap.maximum_header_count; +} + +void memory_buffer_alloc_max_reset( void ) +{ + heap.maximum_used = 0; + heap.maximum_header_count = 0; +} + +void memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ) +{ + *cur_used = heap.total_used; + *cur_blocks = heap.header_count; +} #endif /* POLARSSL_MEMORY_DEBUG */ #if defined(POLARSSL_THREADING_C) @@ -600,7 +611,10 @@ static int check_pointer( void *p ) static int check_all_free( ) { - if( heap.current_alloc_size != 0 || + if( +#if defined(POLARSSL_MEMORY_DEBUG) + heap.total_used != 0 || +#endif heap.first != heap.first_free || (void *) heap.first != (void *) heap.buf ) { diff --git a/ext/polarssl-1.3/library/net.c b/ext/polarssl-1.3/library/net.c index a4bb7b963a..865f5d7fe9 100644 --- a/ext/polarssl-1.3/library/net.c +++ b/ext/polarssl-1.3/library/net.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,6 +30,8 @@ #include "polarssl/net.h" +#include + #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) @@ -53,8 +55,8 @@ #endif #endif /* _MSC_VER */ -#define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0) -#define write(fd,buf,len) send(fd,(char*)buf,(int) len,0) +#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 ) +#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 ) #define close(fd) closesocket(fd) static int wsa_init_done = 0; @@ -93,6 +95,14 @@ static int wsa_init_done = 0; #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ +/* Some MS functions want int and MSVC warns if we pass size_t, + * but the standard functions use socklen_t, so cast only for MSVC */ +#if defined(_MSC_VER) +#define MSVC_INT_CAST (int) +#else +#define MSVC_INT_CAST +#endif + #include #include @@ -130,6 +140,12 @@ typedef UINT32 uint32_t; (((unsigned long )(n) & 0xFF000000) >> 24)) #endif +#if defined(POLARSSL_PLATFORM_C) +#include "polarssl/platform.h" +#else +#define polarssl_snprintf snprintf +#endif + unsigned short net_htons( unsigned short n ); unsigned long net_htonl( unsigned long n ); #define net_htons(n) POLARSSL_HTONS(n) @@ -174,7 +190,7 @@ int net_connect( int *fd, const char *host, int port ) /* getaddrinfo expects port as a string */ memset( port_str, 0, sizeof( port_str ) ); - snprintf( port_str, sizeof( port_str ), "%d", port ); + polarssl_snprintf( port_str, sizeof( port_str ), "%d", port ); /* Do name resolution with both IPv6 and IPv4, but only TCP */ memset( &hints, 0, sizeof( hints ) ); @@ -197,7 +213,7 @@ int net_connect( int *fd, const char *host, int port ) continue; } - if( connect( *fd, cur->ai_addr, cur->ai_addrlen ) == 0 ) + if( connect( *fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) == 0 ) { ret = 0; break; @@ -260,7 +276,7 @@ int net_bind( int *fd, const char *bind_ip, int port ) /* getaddrinfo expects port as a string */ memset( port_str, 0, sizeof( port_str ) ); - snprintf( port_str, sizeof( port_str ), "%d", port ); + polarssl_snprintf( port_str, sizeof( port_str ), "%d", port ); /* Bind to IPv6 and/or IPv4, but only in TCP */ memset( &hints, 0, sizeof( hints ) ); @@ -294,7 +310,7 @@ int net_bind( int *fd, const char *bind_ip, int port ) continue; } - if( bind( *fd, cur->ai_addr, cur->ai_addrlen ) != 0 ) + if( bind( *fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) != 0 ) { close( *fd ); ret = POLARSSL_ERR_NET_BIND_FAILED; @@ -391,13 +407,18 @@ static int net_would_block( int fd ) */ static int net_would_block( int fd ) { + int err = errno; + /* * Never return 'WOULD BLOCK' on a non-blocking socket */ if( ( fcntl( fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK ) + { + errno = err; return( 0 ); + } - switch( errno ) + switch( errno = err ) { #if defined EAGAIN case EAGAIN: @@ -423,7 +444,7 @@ int net_accept( int bind_fd, int *client_fd, void *client_ip ) #endif #if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ - defined(_SOCKLEN_T_DECLARED) + defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) socklen_t n = (socklen_t) sizeof( client_addr ); #else int n = (int) sizeof( client_addr ); @@ -495,15 +516,19 @@ int net_set_nonblock( int fd ) */ void net_usleep( unsigned long usec ) { +#if defined(_WIN32) + Sleep( ( usec + 999 ) / 1000 ); +#else struct timeval tv; tv.tv_sec = usec / 1000000; -#if !defined(_WIN32) && ( defined(__unix__) || defined(__unix) || \ - ( defined(__APPLE__) && defined(__MACH__) ) ) +#if defined(__unix__) || defined(__unix) || \ + ( defined(__APPLE__) && defined(__MACH__) ) tv.tv_usec = (suseconds_t) usec % 1000000; #else tv.tv_usec = usec % 1000000; #endif select( 0, NULL, NULL, NULL, &tv ); +#endif } #endif /* POLARSSL_HAVE_TIME */ diff --git a/ext/polarssl-1.3/library/oid.c b/ext/polarssl-1.3/library/oid.c index e42f20d936..682b845418 100644 --- a/ext/polarssl-1.3/library/oid.c +++ b/ext/polarssl-1.3/library/oid.c @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,12 +33,19 @@ #include "polarssl/oid.h" #include "polarssl/rsa.h" +#include +#include + +#if defined(POLARSSL_PLATFORM_C) +#include "polarssl/platform.h" +#else +#define polarssl_snprintf snprintf +#endif + #if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C) #include "polarssl/x509.h" #endif -#include - /* * Macro to automatically add the size of #define'd OIDs */ @@ -228,6 +235,10 @@ static const oid_x520_attr_t oid_x520_attr_type[] = { ADD_LEN( OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" }, "DC", }, + { + { ADD_LEN( OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier", "Unique Identifier" }, + "uniqueIdentifier", + }, { { NULL, 0, NULL, NULL }, NULL, @@ -257,7 +268,7 @@ static const oid_x509_ext_t oid_x509_ext[] = EXT_KEY_USAGE, }, { - { ADD_LEN( OID_EXTENDED_KEY_USAGE ), "id-ce-keyUsage", "Extended Key Usage" }, + { ADD_LEN( OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" }, EXT_EXTENDED_KEY_USAGE, }, { @@ -366,7 +377,7 @@ static const oid_sig_alg_t oid_sig_alg[] = }, { { NULL, 0, NULL, NULL }, - 0, 0, + POLARSSL_MD_NONE, POLARSSL_PK_NONE, }, }; @@ -400,7 +411,7 @@ static const oid_pk_alg_t oid_pk_alg[] = }, { { NULL, 0, NULL, NULL }, - 0, + POLARSSL_PK_NONE, }, }; @@ -465,7 +476,7 @@ static const oid_ecp_grp_t oid_ecp_grp[] = }, { { NULL, 0, NULL, NULL }, - 0, + POLARSSL_ECP_DP_NONE, }, }; @@ -495,7 +506,7 @@ static const oid_cipher_alg_t oid_cipher_alg[] = }, { { NULL, 0, NULL, NULL }, - 0, + POLARSSL_CIPHER_NONE, }, }; @@ -548,7 +559,7 @@ static const oid_md_alg_t oid_md_alg[] = }, { { NULL, 0, NULL, NULL }, - 0, + POLARSSL_MD_NONE, }, }; @@ -579,7 +590,7 @@ static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = }, { { NULL, 0, NULL, NULL }, - 0, 0, + POLARSSL_MD_NONE, POLARSSL_CIPHER_NONE, }, }; @@ -652,7 +663,7 @@ int oid_get_numeric_string( char *buf, size_t size, /* First byte contains first two dots */ if( oid->len > 0 ) { - ret = snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 ); + ret = polarssl_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 ); SAFE_SNPRINTF(); } @@ -669,7 +680,7 @@ int oid_get_numeric_string( char *buf, size_t size, if( !( oid->p[i] & 0x80 ) ) { /* Last byte */ - ret = snprintf( p, n, ".%d", value ); + ret = polarssl_snprintf( p, n, ".%d", value ); SAFE_SNPRINTF(); value = 0; } diff --git a/ext/polarssl-1.3/library/padlock.c b/ext/polarssl-1.3/library/padlock.c index 3a59a22de5..d83f76c4ec 100644 --- a/ext/polarssl-1.3/library/padlock.c +++ b/ext/polarssl-1.3/library/padlock.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,6 +36,8 @@ #include "polarssl/padlock.h" +#include + #if defined(POLARSSL_HAVE_X86) /* @@ -102,7 +104,7 @@ int padlock_xcryptecb( aes_context *ctx, "movl %1, %%ebx \n\t" : "=m" (ebx) : "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk) - : "ecx", "edx", "esi", "edi" ); + : "memory", "ecx", "edx", "esi", "edi" ); memcpy( output, blk, 16 ); @@ -153,7 +155,7 @@ int padlock_xcryptcbc( aes_context *ctx, : "=m" (ebx) : "m" (ebx), "m" (count), "m" (ctrl), "m" (rk), "m" (input), "m" (output), "m" (iw) - : "eax", "ecx", "edx", "esi", "edi" ); + : "memory", "eax", "ecx", "edx", "esi", "edi" ); memcpy( iv, iw, 16 ); diff --git a/ext/polarssl-1.3/library/pbkdf2.c b/ext/polarssl-1.3/library/pbkdf2.c index a07c70cc26..783e4a8bec 100644 --- a/ext/polarssl-1.3/library/pbkdf2.c +++ b/ext/polarssl-1.3/library/pbkdf2.c @@ -1,14 +1,13 @@ /** * \file pbkdf2.c * - * \brief Password-Based Key Derivation Function 2 (from PKCS#5) - * DEPRECATED: Use pkcs5.c instead + * \brief Compatibility wrappers for pkcs5.c * * \author Mathias Olsson * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -42,6 +41,7 @@ #include "polarssl/pbkdf2.h" #include "polarssl/pkcs5.h" +#if ! defined(POLARSSL_DEPRECATED_REMOVED) int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, size_t plen, const unsigned char *salt, size_t slen, unsigned int iteration_count, @@ -50,12 +50,15 @@ int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, size_t plen, return pkcs5_pbkdf2_hmac( ctx, password, plen, salt, slen, iteration_count, key_length, output ); } +#endif #if defined(POLARSSL_SELF_TEST) +#if ! defined(POLARSSL_DEPRECATED_REMOVED) int pbkdf2_self_test( int verbose ) { return pkcs5_self_test( verbose ); } +#endif #endif /* POLARSSL_SELF_TEST */ #endif /* POLARSSL_PBKDF2_C */ diff --git a/ext/polarssl-1.3/library/pem.c b/ext/polarssl-1.3/library/pem.c index aeaa4b68e9..1305bb40e0 100644 --- a/ext/polarssl-1.3/library/pem.c +++ b/ext/polarssl-1.3/library/pem.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,6 +27,7 @@ #endif #if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C) + #include "polarssl/pem.h" #include "polarssl/base64.h" #include "polarssl/des.h" @@ -34,21 +35,22 @@ #include "polarssl/md5.h" #include "polarssl/cipher.h" +#include + #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_malloc malloc #define polarssl_free free #endif -#include - +#if defined(POLARSSL_PEM_PARSE_C) /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if defined(POLARSSL_PEM_PARSE_C) void pem_init( pem_context *ctx ) { memset( ctx, 0, sizeof( pem_context ) ); @@ -133,45 +135,53 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen, /* * Decrypt with DES-CBC, using PBKDF1 for key derivation */ -static void pem_des_decrypt( unsigned char des_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des_decrypt( unsigned char des_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { des_context des_ctx; unsigned char des_key[8]; + int ret; des_init( &des_ctx ); pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ); - des_setkey_dec( &des_ctx, des_key ); - des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen, - des_iv, buf, buf ); + if( ( ret = des_setkey_dec( &des_ctx, des_key ) ) != 0 ) + goto exit; + ret = des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen, des_iv, buf, buf ); +exit: des_free( &des_ctx ); polarssl_zeroize( des_key, 8 ); + + return( ret ); } /* * Decrypt with 3DES-CBC, using PBKDF1 for key derivation */ -static void pem_des3_decrypt( unsigned char des3_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des3_decrypt( unsigned char des3_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { des3_context des3_ctx; unsigned char des3_key[24]; + int ret; des3_init( &des3_ctx ); pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ); - des3_set3key_dec( &des3_ctx, des3_key ); - des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen, - des3_iv, buf, buf ); + if( ( ret = des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 ) + goto exit; + ret = des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen, des3_iv, buf, buf ); +exit: des3_free( &des3_ctx ); polarssl_zeroize( des3_key, 24 ); + + return( ret ); } #endif /* POLARSSL_DES_C */ @@ -179,23 +189,27 @@ static void pem_des3_decrypt( unsigned char des3_iv[8], /* * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation */ -static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { aes_context aes_ctx; unsigned char aes_key[32]; + int ret; aes_init( &aes_ctx ); pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ); - aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ); - aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen, - aes_iv, buf, buf ); + if( ( ret = aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 ) + goto exit; + ret = aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen, aes_iv, buf, buf ); +exit: aes_free( &aes_ctx ); polarssl_zeroize( aes_key, keylen ); + + return( ret ); } #endif /* POLARSSL_AES_C */ @@ -234,19 +248,21 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ); s1 += strlen( header ); + if( *s1 == ' ' ) s1++; if( *s1 == '\r' ) s1++; if( *s1 == '\n' ) s1++; else return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ); end = s2; end += strlen( footer ); + if( *end == ' ' ) end++; if( *end == '\r' ) end++; if( *end == '\n' ) end++; *use_len = end - data; enc = 0; - if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) @@ -259,22 +275,22 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, #if defined(POLARSSL_DES_C) - if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) + if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) { enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC; s1 += 23; - if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 16; } - else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) + else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) { enc_alg = POLARSSL_CIPHER_DES_CBC; s1 += 18; - if( pem_get_iv( s1, pem_iv, 8) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 16; @@ -282,9 +298,11 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_AES_C) - if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) + if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) { - if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if( s2 - s1 < 22 ) + return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); + else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) enc_alg = POLARSSL_CIPHER_AES_128_CBC; else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) enc_alg = POLARSSL_CIPHER_AES_192_CBC; @@ -294,7 +312,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); s1 += 22; - if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) + if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 32; @@ -313,17 +331,21 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, ( POLARSSL_AES_C || POLARSSL_DES_C ) */ } + if( s1 >= s2 ) + return( POLARSSL_ERR_PEM_INVALID_DATA ); + len = 0; ret = base64_decode( NULL, &len, s1, s2 - s1 ); if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER ) return( POLARSSL_ERR_PEM_INVALID_DATA + ret ); - if( ( buf = (unsigned char *) polarssl_malloc( len ) ) == NULL ) + if( ( buf = polarssl_malloc( len ) ) == NULL ) return( POLARSSL_ERR_PEM_MALLOC_FAILED ); if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 ) { + polarssl_zeroize( buf, len ); polarssl_free( buf ); return( POLARSSL_ERR_PEM_INVALID_DATA + ret ); } @@ -334,26 +356,35 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) if( pwd == NULL ) { + polarssl_zeroize( buf, len ); polarssl_free( buf ); return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED ); } + ret = 0; + #if defined(POLARSSL_DES_C) if( enc_alg == POLARSSL_CIPHER_DES_EDE3_CBC ) - pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); + ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); else if( enc_alg == POLARSSL_CIPHER_DES_CBC ) - pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); + ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_AES_C) if( enc_alg == POLARSSL_CIPHER_AES_128_CBC ) - pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); else if( enc_alg == POLARSSL_CIPHER_AES_192_CBC ) - pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); else if( enc_alg == POLARSSL_CIPHER_AES_256_CBC ) - pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); #endif /* POLARSSL_AES_C */ + if( ret != 0 ) + { + polarssl_free( buf ); + return( ret ); + } + /* * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 * length bytes (allow 4 to be sure) in all known use cases. @@ -362,10 +393,12 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, */ if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) { + polarssl_zeroize( buf, len ); polarssl_free( buf ); return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH ); } #else + polarssl_zeroize( buf, len ); polarssl_free( buf ); return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE ); #endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC && @@ -380,6 +413,8 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, void pem_free( pem_context *ctx ) { + if ( ctx->buf != NULL ) + polarssl_zeroize( ctx->buf, ctx->buflen ); polarssl_free( ctx->buf ); polarssl_free( ctx->info ); diff --git a/ext/polarssl-1.3/library/pk.c b/ext/polarssl-1.3/library/pk.c index 572e6c8a20..8bcba58744 100644 --- a/ext/polarssl-1.3/library/pk.c +++ b/ext/polarssl-1.3/library/pk.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,7 +27,6 @@ #endif #if defined(POLARSSL_PK_C) - #include "polarssl/pk.h" #include "polarssl/pk_wrap.h" @@ -41,6 +40,9 @@ #include "polarssl/ecdsa.h" #endif +#include +#include + /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -209,6 +211,11 @@ int pk_verify_ext( pk_type_t type, const void *options, int ret; const pk_rsassa_pss_options *pss_opts; +#if SIZE_MAX > UINT_MAX + if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* SIZE_MAX > UINT_MAX */ + if( options == NULL ) return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); @@ -232,7 +239,7 @@ int pk_verify_ext( pk_type_t type, const void *options, return( 0 ); #else return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE ); -#endif +#endif /* POLARSSL_RSA_C && POLARSSL_PKCS1_V21 */ } /* General case: no options */ diff --git a/ext/polarssl-1.3/library/pk_wrap.c b/ext/polarssl-1.3/library/pk_wrap.c index b6b8218a04..9da59ec15d 100644 --- a/ext/polarssl-1.3/library/pk_wrap.c +++ b/ext/polarssl-1.3/library/pk_wrap.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,12 +27,13 @@ #endif #if defined(POLARSSL_PK_C) - #include "polarssl/pk_wrap.h" /* Even if RSA not activated, for the sake of RSA-alt */ #include "polarssl/rsa.h" +#include + #if defined(POLARSSL_ECP_C) #include "polarssl/ecp.h" #endif @@ -49,6 +50,9 @@ #define polarssl_free free #endif +#include +#include + /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -72,6 +76,11 @@ static int rsa_verify_wrap( void *ctx, md_type_t md_alg, { int ret; +#if SIZE_MAX > UINT_MAX + if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* SIZE_MAX > UINT_MAX */ + if( sig_len < ((rsa_context *) ctx)->len ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); @@ -91,6 +100,11 @@ static int rsa_sign_wrap( void *ctx, md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { +#if SIZE_MAX > UINT_MAX + if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* SIZE_MAX > UINT_MAX */ + *sig_len = ((rsa_context *) ctx)->len; return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, RSA_PRIVATE, @@ -410,6 +424,11 @@ static int rsa_alt_sign_wrap( void *ctx, md_type_t md_alg, { rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx; +#if SIZE_MAX > UINT_MAX + if( UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* SIZE_MAX > UINT_MAX */ + *sig_len = rsa_alt->key_len_func( rsa_alt->key ); return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, RSA_PRIVATE, diff --git a/ext/polarssl-1.3/library/pkcs11.c b/ext/polarssl-1.3/library/pkcs11.c index a5ad23c7ed..14cde315bb 100644 --- a/ext/polarssl-1.3/library/pkcs11.c +++ b/ext/polarssl-1.3/library/pkcs11.c @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,6 +27,7 @@ #include "polarssl/pkcs11.h" #if defined(POLARSSL_PKCS11_C) + #include "polarssl/md.h" #include "polarssl/oid.h" #include "polarssl/x509_crt.h" diff --git a/ext/polarssl-1.3/library/pkcs12.c b/ext/polarssl-1.3/library/pkcs12.c index b992dba22f..dff01a7780 100644 --- a/ext/polarssl-1.3/library/pkcs12.c +++ b/ext/polarssl-1.3/library/pkcs12.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -38,6 +38,8 @@ #include "polarssl/asn1.h" #include "polarssl/cipher.h" +#include + #if defined(POLARSSL_ARC4_C) #include "polarssl/arc4.h" #endif @@ -85,6 +87,8 @@ static int pkcs12_parse_pbe_params( asn1_buf *params, return( 0 ); } +#define PKCS12_MAX_PWDLEN 128 + static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, md_type_t md_type, const unsigned char *pwd, size_t pwdlen, unsigned char *key, size_t keylen, @@ -93,7 +97,10 @@ static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, md_type_t md_type, int ret, iterations; asn1_buf salt; size_t i; - unsigned char unipwd[258]; + unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2]; + + if( pwdlen > PKCS12_MAX_PWDLEN ) + return( POLARSSL_ERR_PKCS12_BAD_INPUT_DATA ); memset( &salt, 0, sizeof(asn1_buf) ); memset( &unipwd, 0, sizeof(unipwd) ); @@ -124,6 +131,8 @@ static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, md_type_t md_type, return( 0 ); } +#undef PKCS12_MAX_PWDLEN + int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t len, @@ -196,7 +205,7 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode, if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 ) goto exit; - if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, mode ) ) != 0 ) + if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, (operation_t) mode ) ) != 0 ) goto exit; if( ( ret = cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 ) diff --git a/ext/polarssl-1.3/library/pkcs5.c b/ext/polarssl-1.3/library/pkcs5.c index ca740460b6..c1bab70a38 100644 --- a/ext/polarssl-1.3/library/pkcs5.c +++ b/ext/polarssl-1.3/library/pkcs5.c @@ -7,7 +7,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -43,9 +43,12 @@ #include "polarssl/cipher.h" #include "polarssl/oid.h" +#include + #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf #endif @@ -198,7 +201,7 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode, if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 ) goto exit; - if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, mode ) ) != 0 ) + if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, (operation_t) mode ) ) != 0 ) goto exit; if( ( ret = cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len, @@ -295,44 +298,39 @@ int pkcs5_self_test( int verbose ) } #else -#include - #define MAX_TESTS 6 -size_t plen[MAX_TESTS] = - { 8, 8, 8, 8, 24, 9 }; +static const size_t plen[MAX_TESTS] = + { 8, 8, 8, 24, 9 }; -unsigned char password[MAX_TESTS][32] = +static const unsigned char password[MAX_TESTS][32] = { "password", "password", "password", - "password", "passwordPASSWORDpassword", "pass\0word", }; -size_t slen[MAX_TESTS] = - { 4, 4, 4, 4, 36, 5 }; +static const size_t slen[MAX_TESTS] = + { 4, 4, 4, 36, 5 }; -unsigned char salt[MAX_TESTS][40] = +static const unsigned char salt[MAX_TESTS][40] = { "salt", "salt", "salt", - "salt", "saltSALTsaltSALTsaltSALTsaltSALTsalt", "sa\0lt", }; -uint32_t it_cnt[MAX_TESTS] = - { 1, 2, 4096, 16777216, 4096, 4096 }; - -uint32_t key_len[MAX_TESTS] = - { 20, 20, 20, 20, 25, 16 }; +static const uint32_t it_cnt[MAX_TESTS] = + { 1, 2, 4096, 4096, 4096 }; +static const uint32_t key_len[MAX_TESTS] = + { 20, 20, 20, 25, 16 }; -unsigned char result_key[MAX_TESTS][32] = +static const unsigned char result_key[MAX_TESTS][32] = { { 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, @@ -343,9 +341,6 @@ unsigned char result_key[MAX_TESTS][32] = { 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 0x65, 0xa4, 0x29, 0xc1 }, - { 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, - 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, - 0x26, 0x34, 0xe9, 0x84 }, { 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, @@ -376,9 +371,6 @@ int pkcs5_self_test( int verbose ) goto exit; } - if( verbose != 0 ) - polarssl_printf( " PBKDF2 note: test #3 may be slow!\n" ); - for( i = 0; i < MAX_TESTS; i++ ) { if( verbose != 0 ) diff --git a/ext/polarssl-1.3/library/pkparse.c b/ext/polarssl-1.3/library/pkparse.c index bc4fc6e27d..8c184d1d7b 100644 --- a/ext/polarssl-1.3/library/pkparse.c +++ b/ext/polarssl-1.3/library/pkparse.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,6 +32,8 @@ #include "polarssl/asn1.h" #include "polarssl/oid.h" +#include + #if defined(POLARSSL_RSA_C) #include "polarssl/rsa.h" #endif @@ -59,12 +61,15 @@ #define polarssl_free free #endif -#if defined(POLARSSL_FS_IO) +#if defined(POLARSSL_FS_IO) || \ + defined(POLARSSL_PKCS12_C) || defined(POLARSSL_PKCS5_C) /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } +#endif +#if defined(POLARSSL_FS_IO) /* * Load all data from a file into a given buffer. */ @@ -87,7 +92,7 @@ int pk_load_file( const char *path, unsigned char **buf, size_t *n ) *n = (size_t) size; if( *n + 1 == 0 || - ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL ) + ( *buf = polarssl_malloc( *n + 1 ) ) == NULL ) { fclose( f ); return( POLARSSL_ERR_PK_MALLOC_FAILED ); @@ -96,7 +101,10 @@ int pk_load_file( const char *path, unsigned char **buf, size_t *n ) if( fread( *buf, 1, *n, f ) != *n ) { fclose( f ); + + polarssl_zeroize( *buf, *n ); polarssl_free( *buf ); + return( POLARSSL_ERR_PK_FILE_IO_ERROR ); } @@ -343,7 +351,7 @@ static int pk_group_from_specified( const asn1_buf *params, ecp_group *grp ) /* * order INTEGER */ - if( ( ret = asn1_get_mpi( &p, end, &grp->N ) ) ) + if( ( ret = asn1_get_mpi( &p, end, &grp->N ) ) != 0 ) return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); grp->nbits = mpi_msb( &grp->N ); @@ -759,58 +767,61 @@ static int pk_parse_key_sec1_der( ecp_keypair *eck, p += len; - /* - * Is 'parameters' present? - */ - if( ( ret = asn1_get_tag( &p, end, &len, - ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 ) + pubkey_done = 0; + if( p != end ) { - if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 || - ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 ) + /* + * Is 'parameters' present? + */ + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 ) { - ecp_keypair_free( eck ); - return( ret ); + if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 || + ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 ) + { + ecp_keypair_free( eck ); + return( ret ); + } } - } - else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) - { - ecp_keypair_free( eck ); - return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); - } - - /* - * Is 'publickey' present? If not, or if we can't read it (eg because it - * is compressed), create it from the private key. - */ - pubkey_done = 0; - if( ( ret = asn1_get_tag( &p, end, &len, - ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 ) - { - end2 = p + len; - - if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) + else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) + { + ecp_keypair_free( eck ); return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + } - if( p + len != end2 ) - return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); - - if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 ) - pubkey_done = 1; - else + /* + * Is 'publickey' present? If not, or if we can't read it (eg because it + * is compressed), create it from the private key. + */ + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 ) { - /* - * The only acceptable failure mode of pk_get_ecpubkey() above - * is if the point format is not recognized. - */ - if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE ) - return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT ); + end2 = p + len; + + if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + + if( p + len != end2 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); + + if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 ) + pubkey_done = 1; + else + { + /* + * The only acceptable failure mode of pk_get_ecpubkey() above + * is if the point format is not recognized. + */ + if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT ); + } + } + else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) + { + ecp_keypair_free( eck ); + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); } - } - else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) - { - ecp_keypair_free( eck ); - return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); } if( ! pubkey_done && @@ -922,14 +933,15 @@ static int pk_parse_key_pkcs8_unencrypted_der( /* * Parse an encrypted PKCS#8 encoded private key */ +#if defined(POLARSSL_PKCS12_C) || defined(POLARSSL_PKCS5_C) static int pk_parse_key_pkcs8_encrypted_der( pk_context *pk, - const unsigned char *key, size_t keylen, + unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen ) { int ret, decrypted = 0; size_t len; - unsigned char buf[2048]; + unsigned char *buf; unsigned char *p, *end; asn1_buf pbe_alg_oid, pbe_params; #if defined(POLARSSL_PKCS12_C) @@ -937,9 +949,7 @@ static int pk_parse_key_pkcs8_encrypted_der( md_type_t md_alg; #endif - memset( buf, 0, sizeof( buf ) ); - - p = (unsigned char *) key; + p = key; end = p + keylen; if( pwdlen == 0 ) @@ -973,8 +983,7 @@ static int pk_parse_key_pkcs8_encrypted_der( if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ) return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); - if( len > sizeof( buf ) ) - return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); + buf = p; /* * Decrypt EncryptedData with appropriate PDE @@ -1039,6 +1048,7 @@ static int pk_parse_key_pkcs8_encrypted_der( return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); } +#endif /* POLARSSL_PKCS12_C || POLARSSL_PKCS5_C */ /* * Parse a private key @@ -1063,10 +1073,8 @@ int pk_parse_key( pk_context *pk, key, pwd, pwdlen, &len ); if( ret == 0 ) { - if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL ) - return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); - - if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || + pk_info = pk_info_from_type( POLARSSL_PK_RSA ); + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), pem.buf, pem.buflen ) ) != 0 ) { @@ -1091,10 +1099,8 @@ int pk_parse_key( pk_context *pk, key, pwd, pwdlen, &len ); if( ret == 0 ) { - if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL ) - return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); - - if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || + pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ); + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), pem.buf, pem.buflen ) ) != 0 ) { @@ -1130,6 +1136,7 @@ int pk_parse_key( pk_context *pk, else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) return( ret ); +#if defined(POLARSSL_PKCS12_C) || defined(POLARSSL_PKCS5_C) ret = pem_read_buffer( &pem, "-----BEGIN ENCRYPTED PRIVATE KEY-----", "-----END ENCRYPTED PRIVATE KEY-----", @@ -1148,6 +1155,7 @@ int pk_parse_key( pk_context *pk, } else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) return( ret ); +#endif /* POLARSSL_PKCS12_C || POLARSSL_PKCS5_C */ #else ((void) pwd); ((void) pwdlen); @@ -1160,18 +1168,32 @@ int pk_parse_key( pk_context *pk, * We try the different DER format parsers to see if one passes without * error */ - if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, - pwd, pwdlen ) ) == 0 ) +#if defined(POLARSSL_PKCS12_C) || defined(POLARSSL_PKCS5_C) { - return( 0 ); + unsigned char *key_copy; + + if( ( key_copy = polarssl_malloc( keylen ) ) == NULL ) + return( POLARSSL_ERR_PK_MALLOC_FAILED ); + + memcpy( key_copy, key, keylen ); + + ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, + pwd, pwdlen ); + + polarssl_zeroize( key_copy, keylen ); + polarssl_free( key_copy ); } + if( ret == 0 ) + return( 0 ); + pk_free( pk ); if( ret == POLARSSL_ERR_PK_PASSWORD_MISMATCH ) { return( ret ); } +#endif /* POLARSSL_PKCS12_C || POLARSSL_PKCS5_C */ if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) return( 0 ); @@ -1179,29 +1201,29 @@ int pk_parse_key( pk_context *pk, pk_free( pk ); #if defined(POLARSSL_RSA_C) - if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL ) - return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); - - if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) == 0 ) + pk_info = pk_info_from_type( POLARSSL_PK_RSA ); + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || + ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) != 0 ) + { + pk_free( pk ); + } + else { return( 0 ); } - - pk_free( pk ); #endif /* POLARSSL_RSA_C */ #if defined(POLARSSL_ECP_C) - if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL ) - return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); - - if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) == 0 ) + pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ); + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || + ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) != 0 ) + { + pk_free( pk ); + } + else { return( 0 ); } - - pk_free( pk ); #endif /* POLARSSL_ECP_C */ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT ); diff --git a/ext/polarssl-1.3/library/pkwrite.c b/ext/polarssl-1.3/library/pkwrite.c index f761ea04cc..bb9514ec72 100644 --- a/ext/polarssl-1.3/library/pkwrite.c +++ b/ext/polarssl-1.3/library/pkwrite.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,6 +32,8 @@ #include "polarssl/asn1write.h" #include "polarssl/oid.h" +#include + #if defined(POLARSSL_RSA_C) #include "polarssl/rsa.h" #endif @@ -95,7 +97,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, return( ret ); } - if( *p - start < (int) len ) + if( *p < start || (size_t)( *p - start ) < len ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); *p -= len; diff --git a/ext/polarssl-1.3/library/platform.c b/ext/polarssl-1.3/library/platform.c index 3eb4b1a8ed..a36dc62ab9 100644 --- a/ext/polarssl-1.3/library/platform.c +++ b/ext/polarssl-1.3/library/platform.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -62,6 +62,36 @@ int platform_set_malloc_free( void * (*malloc_func)( size_t ), } #endif /* POLARSSL_PLATFORM_MEMORY */ +#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT) +#if !defined(POLARSSL_PLATFORM_STD_SNPRINTF) +/* + * Make dummy function to prevent NULL pointer dereferences + */ +static int platform_snprintf_uninit( char * s, size_t n, + const char * format, ... ) +{ + ((void) s); + ((void) n); + ((void) format); + return( 0 ); +} + +#define POLARSSL_PLATFORM_STD_SNPRINTF platform_snprintf_uninit +#endif /* !POLARSSL_PLATFORM_STD_SNPRINTF */ + +int (*polarssl_snprintf)( char * s, size_t n, + const char * format, + ... ) = POLARSSL_PLATFORM_STD_SNPRINTF; + +int platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, + const char * format, + ... ) ) +{ + polarssl_snprintf = snprintf_func; + return( 0 ); +} +#endif /* POLARSSL_PLATFORM_SNPRINTF_ALT */ + #if defined(POLARSSL_PLATFORM_PRINTF_ALT) #if !defined(POLARSSL_PLATFORM_STD_PRINTF) /* @@ -110,4 +140,26 @@ int platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... ) ) } #endif /* POLARSSL_PLATFORM_FPRINTF_ALT */ +#if defined(POLARSSL_PLATFORM_EXIT_ALT) +#if !defined(POLARSSL_PLATFORM_STD_EXIT) +/* + * Make dummy function to prevent NULL pointer dereferences + */ +static void platform_exit_uninit( int status ) +{ + ((void) status); +} + +#define POLARSSL_PLATFORM_STD_EXIT platform_exit_uninit +#endif /* !POLARSSL_PLATFORM_STD_EXIT */ + +void (*polarssl_exit)( int status ) = POLARSSL_PLATFORM_STD_EXIT; + +int platform_set_exit( void (*exit_func)( int status ) ) +{ + polarssl_exit = exit_func; + return( 0 ); +} +#endif /* POLARSSL_PLATFORM_EXIT_ALT */ + #endif /* POLARSSL_PLATFORM_C */ diff --git a/ext/polarssl-1.3/library/ripemd160.c b/ext/polarssl-1.3/library/ripemd160.c index 768e2659ed..7b5d02e2e5 100644 --- a/ext/polarssl-1.3/library/ripemd160.c +++ b/ext/polarssl-1.3/library/ripemd160.c @@ -3,7 +3,7 @@ * * Copyright (C) 2014-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,19 +36,20 @@ #include "polarssl/ripemd160.h" -#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST) +#include + +#if defined(POLARSSL_FS_IO) #include #endif #if defined(POLARSSL_SELF_TEST) -#include -#endif - #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ /* * 32-bit integer manipulation macros (little endian) @@ -387,6 +388,7 @@ void ripemd160( const unsigned char *input, size_t ilen, */ int ripemd160_file( const char *path, unsigned char output[20] ) { + int ret = 0; FILE *f; size_t n; ripemd160_context ctx; @@ -401,17 +403,16 @@ int ripemd160_file( const char *path, unsigned char output[20] ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) ripemd160_update( &ctx, buf, n ); - ripemd160_finish( &ctx, output ); - ripemd160_free( &ctx ); - if( ferror( f ) != 0 ) - { - fclose( f ); - return( POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR ); - } + ret = POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR; + else + ripemd160_finish( &ctx, output ); + ripemd160_free( &ctx ); + polarssl_zeroize( buf, sizeof( buf ) ); fclose( f ); - return( 0 ); + + return( ret ); } #endif /* POLARSSL_FS_IO */ diff --git a/ext/polarssl-1.3/library/rsa.c b/ext/polarssl-1.3/library/rsa.c index f09231e280..bbb028675c 100644 --- a/ext/polarssl-1.3/library/rsa.c +++ b/ext/polarssl-1.3/library/rsa.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,6 +24,11 @@ * * http://theory.lcs.mit.edu/~rivest/rsapaper.pdf * http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf + * [3] Malware Guard Extension: Using SGX to Conceal Cache Attacks + * Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice and + * Stefan Mangard + * https://arxiv.org/abs/1702.08719v2 + * */ #if !defined(POLARSSL_CONFIG_FILE) @@ -37,19 +42,30 @@ #include "polarssl/rsa.h" #include "polarssl/oid.h" +#include + #if defined(POLARSSL_PKCS1_V21) #include "polarssl/md.h" #endif +#if defined(POLARSSL_PKCS1_V15) && !defined(__OpenBSD__) #include -#include +#endif #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf +#define polarssl_malloc malloc +#define polarssl_free free #endif +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; +} + /* * Initialize an RSA context */ @@ -91,7 +107,11 @@ int rsa_gen_key( rsa_context *ctx, if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); - mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G ); + if( nbits % 2 ) + return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + + mpi_init( &P1 ); mpi_init( &Q1 ); + mpi_init( &H ); mpi_init( &G ); /* * find primes P and Q with Q < P so that: @@ -101,15 +121,12 @@ int rsa_gen_key( rsa_context *ctx, do { - MPI_CHK( mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0, + MPI_CHK( mpi_gen_prime( &ctx->P, nbits >> 1, 0, f_rng, p_rng ) ); - MPI_CHK( mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0, + MPI_CHK( mpi_gen_prime( &ctx->Q, nbits >> 1, 0, f_rng, p_rng ) ); - if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) - mpi_swap( &ctx->P, &ctx->Q ); - if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; @@ -117,6 +134,9 @@ int rsa_gen_key( rsa_context *ctx, if( mpi_msb( &ctx->N ) != nbits ) continue; + if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) + mpi_swap( &ctx->P, &ctx->Q ); + MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) ); MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) ); MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) ); @@ -270,12 +290,17 @@ int rsa_public( rsa_context *ctx, mpi_init( &T ); +#if defined(POLARSSL_THREADING_C) + if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 ) + return( ret ); +#endif + MPI_CHK( mpi_read_binary( &T, input, ctx->len ) ); if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) { - mpi_free( &T ); - return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + ret = POLARSSL_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; } olen = ctx->len; @@ -283,6 +308,10 @@ int rsa_public( rsa_context *ctx, MPI_CHK( mpi_write_binary( &T, output, olen ) ); cleanup: +#if defined(POLARSSL_THREADING_C) + if( polarssl_mutex_unlock( &ctx->mutex ) != 0 ) + return( POLARSSL_ERR_THREADING_MUTEX_ERROR ); +#endif mpi_free( &T ); @@ -298,15 +327,11 @@ int rsa_public( rsa_context *ctx, * DSS, and other systems. In : Advances in Cryptology—CRYPTO’96. Springer * Berlin Heidelberg, 1996. p. 104-113. */ -static int rsa_prepare_blinding( rsa_context *ctx, mpi *Vi, mpi *Vf, +static int rsa_prepare_blinding( rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret, count = 0; -#if defined(POLARSSL_THREADING_C) - polarssl_mutex_lock( &ctx->mutex ); -#endif - if( ctx->Vf.p != NULL ) { /* We already have blinding values, just update them by squaring */ @@ -315,7 +340,7 @@ static int rsa_prepare_blinding( rsa_context *ctx, mpi *Vi, mpi *Vf, MPI_CHK( mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) ); MPI_CHK( mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) ); - goto done; + goto cleanup; } /* Unblinding value: Vf = random number, invertible mod N */ @@ -331,21 +356,31 @@ static int rsa_prepare_blinding( rsa_context *ctx, mpi *Vi, mpi *Vf, MPI_CHK( mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) ); MPI_CHK( mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) ); -done: - if( Vi != &ctx->Vi ) - { - MPI_CHK( mpi_copy( Vi, &ctx->Vi ) ); - MPI_CHK( mpi_copy( Vf, &ctx->Vf ) ); - } - cleanup: -#if defined(POLARSSL_THREADING_C) - polarssl_mutex_unlock( &ctx->mutex ); -#endif - return( ret ); } +/* + * Exponent blinding supposed to prevent side-channel attacks using multiple + * traces of measurements to recover the RSA key. The more collisions are there, + * the more bits of the key can be recovered. See [3]. + * + * Collecting n collisions with m bit long blinding value requires 2^(m-m/n) + * observations on avarage. + * + * For example with 28 byte blinding to achieve 2 collisions the adversary has + * to make 2^112 observations on avarage. + * + * (With the currently (as of 2017 April) known best algorithms breaking 2048 + * bit RSA requires approximately as much time as trying out 2^112 random keys. + * Thus in this sense with 28 byte blinding the security is not reduced by + * side-channel attacks like the one in [3]) + * + * This countermeasure does not help if the key recovery is possible with a + * single trace. + */ +#define RSA_EXPONENT_BLINDING 28 + /* * Do an RSA private key operation */ @@ -358,31 +393,39 @@ int rsa_private( rsa_context *ctx, int ret; size_t olen; mpi T, T1, T2; - mpi *Vi, *Vf; + mpi P1, Q1, R; +#if defined(POLARSSL_RSA_NO_CRT) + mpi D_blind; + mpi *D = &ctx->D; +#else + mpi DP_blind, DQ_blind; + mpi *DP = &ctx->DP; + mpi *DQ = &ctx->DQ; +#endif - /* - * When using the Chinese Remainder Theorem, we use blinding values. - * Without threading, we just read them directly from the context, - * otherwise we make a local copy in order to reduce locking contention. - */ -#if defined(POLARSSL_THREADING_C) - mpi Vi_copy, Vf_copy; + mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 ); + mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &R ); - mpi_init( &Vi_copy ); mpi_init( &Vf_copy ); - Vi = &Vi_copy; - Vf = &Vf_copy; + if( f_rng != NULL ) + { +#if defined(POLARSSL_RSA_NO_CRT) + mpi_init( &D_blind ); #else - Vi = &ctx->Vi; - Vf = &ctx->Vf; + mpi_init( &DP_blind ); + mpi_init( &DQ_blind ); #endif + } - mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 ); +#if defined(POLARSSL_THREADING_C) + if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 ) + return( ret ); +#endif MPI_CHK( mpi_read_binary( &T, input, ctx->len ) ); if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) { - mpi_free( &T ); - return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + ret = POLARSSL_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; } if( f_rng != NULL ) @@ -391,22 +434,63 @@ int rsa_private( rsa_context *ctx, * Blinding * T = T * Vi mod N */ - MPI_CHK( rsa_prepare_blinding( ctx, Vi, Vf, f_rng, p_rng ) ); - MPI_CHK( mpi_mul_mpi( &T, &T, Vi ) ); + MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) ); + MPI_CHK( mpi_mul_mpi( &T, &T, &ctx->Vi ) ); MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) ); + + /* + * Exponent blinding + */ + MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) ); + MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) ); + +#if defined(POLARSSL_RSA_NO_CRT) + /* + * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D + */ + MPI_CHK( mpi_fill_random( &R, RSA_EXPONENT_BLINDING, + f_rng, p_rng ) ); + MPI_CHK( mpi_mul_mpi( &D_blind, &P1, &Q1 ) ); + MPI_CHK( mpi_mul_mpi( &D_blind, &D_blind, &R ) ); + MPI_CHK( mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) ); + + D = &D_blind; +#else + /* + * DP_blind = ( P - 1 ) * R + DP + */ + MPI_CHK( mpi_fill_random( &R, RSA_EXPONENT_BLINDING, + f_rng, p_rng ) ); + MPI_CHK( mpi_mul_mpi( &DP_blind, &P1, &R ) ); + MPI_CHK( mpi_add_mpi( &DP_blind, &DP_blind, + &ctx->DP ) ); + + DP = &DP_blind; + + /* + * DQ_blind = ( Q - 1 ) * R + DQ + */ + MPI_CHK( mpi_fill_random( &R, RSA_EXPONENT_BLINDING, + f_rng, p_rng ) ); + MPI_CHK( mpi_mul_mpi( &DQ_blind, &Q1, &R ) ); + MPI_CHK( mpi_add_mpi( &DQ_blind, &DQ_blind, + &ctx->DQ ) ); + + DQ = &DQ_blind; +#endif /* POLARSSL_RSA_NO_CRT */ } #if defined(POLARSSL_RSA_NO_CRT) - MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) ); + MPI_CHK( mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) ); #else /* - * faster decryption using the CRT + * Faster decryption using the CRT * * T1 = input ^ dP mod P * T2 = input ^ dQ mod Q */ - MPI_CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) ); - MPI_CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) ); + MPI_CHK( mpi_exp_mod( &T1, &T, DP, &ctx->P, &ctx->RP ) ); + MPI_CHK( mpi_exp_mod( &T2, &T, DQ, &ctx->Q, &ctx->RQ ) ); /* * T = (T1 - T2) * (Q^-1 mod P) mod P @@ -428,7 +512,7 @@ int rsa_private( rsa_context *ctx, * Unblind * T = T * Vf mod N */ - MPI_CHK( mpi_mul_mpi( &T, &T, Vf ) ); + MPI_CHK( mpi_mul_mpi( &T, &T, &ctx->Vf ) ); MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) ); } @@ -436,10 +520,23 @@ int rsa_private( rsa_context *ctx, MPI_CHK( mpi_write_binary( &T, output, olen ) ); cleanup: - mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 ); #if defined(POLARSSL_THREADING_C) - mpi_free( &Vi_copy ); mpi_free( &Vf_copy ); + if( polarssl_mutex_unlock( &ctx->mutex ) != 0 ) + return( POLARSSL_ERR_THREADING_MUTEX_ERROR ); +#endif + + mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 ); + mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &R ); + + if( f_rng != NULL ) + { +#if defined(POLARSSL_RSA_NO_CRT) + mpi_free( &D_blind ); +#else + mpi_free( &DP_blind ); + mpi_free( &DQ_blind ); #endif + } if( ret != 0 ) return( POLARSSL_ERR_RSA_PRIVATE_FAILED + ret ); @@ -493,6 +590,8 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, dlen -= use_len; } + + polarssl_zeroize( mask, sizeof( mask ) ); } #endif /* POLARSSL_PKCS1_V21 */ @@ -522,14 +621,15 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx, if( f_rng == NULL ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); - md_info = md_info_from_type( ctx->hash_id ); + md_info = md_info_from_type( (md_type_t) ctx->hash_id ); if( md_info == NULL ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; hlen = md_get_size( md_info ); - if( olen < ilen + 2 * hlen + 2 ) + // first comparison checks for overflow + if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); memset( output, 0, olen ); @@ -552,7 +652,11 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx, memcpy( p, input, ilen ); md_init( &md_ctx ); - md_init_ctx( &md_ctx, md_info ); + if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) + { + md_free( &md_ctx ); + return( ret ); + } // maskedDB: Apply dbMask to DB // @@ -590,12 +694,14 @@ int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx, if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V15 ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); - if( f_rng == NULL ) + // We don't check p_rng because it won't be dereferenced here + if( f_rng == NULL || input == NULL || output == NULL ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - if( olen < ilen + 11 ) + // first comparison checks for overflow + if( ilen + 11 < ilen || olen < ilen + 11 ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); nb_pad = olen - 3 - ilen; @@ -701,10 +807,16 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx, if( ilen < 16 || ilen > sizeof( buf ) ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); - md_info = md_info_from_type( ctx->hash_id ); + md_info = md_info_from_type( (md_type_t) ctx->hash_id ); if( md_info == NULL ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + hlen = md_get_size( md_info ); + + // checking for integer underflow + if( 2 * hlen + 2 > ilen ) + return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + /* * RSA operation */ @@ -713,15 +825,23 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx, : rsa_private( ctx, f_rng, p_rng, input, buf ); if( ret != 0 ) - return( ret ); + goto cleanup; /* * Unmask data and generate lHash */ hlen = md_get_size( md_info ); + // checking for integer underflow + if( 2 * hlen + 2 > ilen ) + return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + md_init( &md_ctx ); - md_init_ctx( &md_ctx, md_info ); + if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) + { + md_free( &md_ctx ); + return( ret ); + } /* Generate lHash */ md( md_info, label, label_len, lhash ); @@ -757,7 +877,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx, for( i = 0; i < ilen - 2 * hlen - 2; i++ ) { pad_done |= p[i]; - pad_len += ( pad_done == 0 ); + pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; } p += pad_len; @@ -770,15 +890,26 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx, * the different error conditions. */ if( bad != 0 ) - return( POLARSSL_ERR_RSA_INVALID_PADDING ); + { + ret = POLARSSL_ERR_RSA_INVALID_PADDING; + goto cleanup; + } if( ilen - ( p - buf ) > output_max_len ) - return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE ); + { + ret = POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE; + goto cleanup; + } *olen = ilen - (p - buf); memcpy( output, p, *olen ); + ret = 0; - return( 0 ); +cleanup: + polarssl_zeroize( buf, sizeof( buf ) ); + polarssl_zeroize( lhash, sizeof( lhash ) ); + + return( ret ); } #endif /* POLARSSL_PKCS1_V21 */ @@ -812,7 +943,7 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx, : rsa_private( ctx, f_rng, p_rng, input, buf ); if( ret != 0 ) - return( ret ); + goto cleanup; p = buf; bad = 0; @@ -831,8 +962,8 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx, * (minus one, for the 00 byte) */ for( i = 0; i < ilen - 3; i++ ) { - pad_done |= ( p[i] == 0 ); - pad_count += ( pad_done == 0 ); + pad_done |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1; + pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; } p += pad_count; @@ -854,16 +985,28 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx, bad |= *p++; /* Must be zero */ } + bad |= ( pad_count < 8 ); + if( bad ) - return( POLARSSL_ERR_RSA_INVALID_PADDING ); + { + ret = POLARSSL_ERR_RSA_INVALID_PADDING; + goto cleanup; + } if( ilen - ( p - buf ) > output_max_len ) - return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE ); + { + ret = POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE; + goto cleanup; + } *olen = ilen - (p - buf); memcpy( output, p, *olen ); + ret = 0; - return( 0 ); +cleanup: + polarssl_zeroize( buf, sizeof( buf ) ); + + return( ret ); } #endif /* POLARSSL_PKCS1_V15 */ @@ -939,7 +1082,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx, hashlen = md_get_size( md_info ); } - md_info = md_info_from_type( ctx->hash_id ); + md_info = md_info_from_type( (md_type_t) ctx->hash_id ); if( md_info == NULL ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); @@ -965,7 +1108,12 @@ int rsa_rsassa_pss_sign( rsa_context *ctx, p += slen; md_init( &md_ctx ); - md_init_ctx( &md_ctx, md_info ); + if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) + { + md_free( &md_ctx ); + /* No need to zeroize salt: we didn't use it. */ + return( ret ); + } // Generate H = Hash( M' ) // @@ -974,6 +1122,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx, md_update( &md_ctx, hash, hashlen ); md_update( &md_ctx, salt, slen ); md_finish( &md_ctx, p ); + polarssl_zeroize( salt, sizeof( salt ) ); // Compensate for boundary condition when applying mask // @@ -1017,6 +1166,11 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx, size_t nb_pad, olen, oid_size = 0; unsigned char *p = sig; const char *oid = NULL; + unsigned char *sig_try = NULL, *verif = NULL; + size_t i; + unsigned char diff; + volatile unsigned char diff_no_optimize; + int ret; if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V15 ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); @@ -1079,9 +1233,45 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx, memcpy( p, hash, hashlen ); } - return( ( mode == RSA_PUBLIC ) - ? rsa_public( ctx, sig, sig ) - : rsa_private( ctx, f_rng, p_rng, sig, sig ) ); + if( mode == RSA_PUBLIC ) + return( rsa_public( ctx, sig, sig ) ); + + /* + * In order to prevent Lenstra's attack, make the signature in a + * temporary buffer and check it before returning it. + */ + sig_try = polarssl_malloc( ctx->len ); + if( sig_try == NULL ) + return( POLARSSL_ERR_MPI_MALLOC_FAILED ); + + verif = polarssl_malloc( ctx->len ); + if( verif == NULL ) + { + polarssl_free( sig_try ); + return( POLARSSL_ERR_MPI_MALLOC_FAILED ); + } + + MPI_CHK( rsa_private( ctx, f_rng, p_rng, sig, sig_try ) ); + MPI_CHK( rsa_public( ctx, sig_try, verif ) ); + + /* Compare in constant time just in case */ + for( diff = 0, i = 0; i < ctx->len; i++ ) + diff |= verif[i] ^ sig[i]; + diff_no_optimize = diff; + + if( diff_no_optimize != 0 ) + { + ret = POLARSSL_ERR_RSA_PRIVATE_FAILED; + goto cleanup; + } + + memcpy( sig, sig_try, ctx->len ); + +cleanup: + polarssl_free( sig_try ); + polarssl_free( verif ); + + return( ret ); } #endif /* POLARSSL_PKCS1_V15 */ @@ -1135,10 +1325,11 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, size_t siglen; unsigned char *p; unsigned char buf[POLARSSL_MPI_MAX_SIZE]; + unsigned char *hash_start; unsigned char result[POLARSSL_MD_MAX_SIZE]; unsigned char zeros[8]; unsigned int hlen; - size_t slen, msb; + size_t observed_salt_len, msb; const md_info_t *md_info; md_context_t md_ctx; @@ -1178,7 +1369,6 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); hlen = md_get_size( md_info ); - slen = siglen - hlen - 1; /* Currently length of salt + padding */ memset( zeros, 0, 8 ); @@ -1186,6 +1376,9 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, // msb = mpi_msb( &ctx->N ) - 1; + if( buf[0] >> ( 8 - siglen * 8 + msb ) ) + return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + // Compensate for boundary condition when applying mask // if( msb % 8 == 0 ) @@ -1193,31 +1386,35 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, p++; siglen -= 1; } - if( buf[0] >> ( 8 - siglen * 8 + msb ) ) + + if( siglen < hlen + 2 ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + hash_start = p + siglen - hlen - 1; md_init( &md_ctx ); - md_init_ctx( &md_ctx, md_info ); + if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) + { + md_free( &md_ctx ); + return( ret ); + } - mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx ); + mgf_mask( p, siglen - hlen - 1, hash_start, hlen, &md_ctx ); buf[0] &= 0xFF >> ( siglen * 8 - msb ); - while( p < buf + siglen && *p == 0 ) + while( p < hash_start - 1 && *p == 0 ) p++; - if( p == buf + siglen || - *p++ != 0x01 ) + if( *p++ != 0x01 ) { md_free( &md_ctx ); return( POLARSSL_ERR_RSA_INVALID_PADDING ); } - /* Actual salt len */ - slen -= p - buf; + observed_salt_len = hash_start - p; if( expected_salt_len != RSA_SALT_LEN_ANY && - slen != (size_t) expected_salt_len ) + observed_salt_len != (size_t) expected_salt_len ) { md_free( &md_ctx ); return( POLARSSL_ERR_RSA_INVALID_PADDING ); @@ -1228,12 +1425,12 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, md_starts( &md_ctx ); md_update( &md_ctx, zeros, 8 ); md_update( &md_ctx, hash, hashlen ); - md_update( &md_ctx, p, slen ); + md_update( &md_ctx, p, observed_salt_len ); md_finish( &md_ctx, result ); md_free( &md_ctx ); - if( memcmp( p + slen, result, hlen ) == 0 ) + if( memcmp( hash_start, result, hlen ) == 0 ) return( 0 ); else return( POLARSSL_ERR_RSA_VERIFY_FAILED ); @@ -1278,7 +1475,7 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx, { int ret; size_t len, siglen, asn1_len; - unsigned char *p, *end; + unsigned char *p, *p0, *end; unsigned char buf[POLARSSL_MPI_MAX_SIZE]; md_type_t msg_md_alg; const md_info_t *md_info; @@ -1310,7 +1507,11 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx, return( POLARSSL_ERR_RSA_INVALID_PADDING ); p++; } - p++; + p++; /* skip 00 byte */ + + /* We've read: 00 01 PS 00 where PS must be at least 8 bytes */ + if( p - buf < 11 ) + return( POLARSSL_ERR_RSA_INVALID_PADDING ); len = siglen - ( p - buf ); @@ -1329,24 +1530,30 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx, end = p + len; - // Parse the ASN.1 structure inside the PKCS#1 v1.5 structure - // + /* + * Parse the ASN.1 structure inside the PKCS#1 v1.5 structure. + * Insist on 2-byte length tags, to protect against variants of + * Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification. + */ + p0 = p; if( ( ret = asn1_get_tag( &p, end, &asn1_len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); - - if( asn1_len + 2 != len ) + if( p != p0 + 2 || asn1_len + 2 != len ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); + p0 = p; if( ( ret = asn1_get_tag( &p, end, &asn1_len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); - - if( asn1_len + 6 + hashlen != len ) + if( p != p0 + 2 || asn1_len + 6 + hashlen != len ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); + p0 = p; if( ( ret = asn1_get_tag( &p, end, &oid.len, ASN1_OID ) ) != 0 ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); + if( p != p0 + 2 ) + return( POLARSSL_ERR_RSA_VERIFY_FAILED ); oid.p = p; p += oid.len; @@ -1360,13 +1567,16 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx, /* * assume the algorithm parameters must be NULL */ + p0 = p; if( ( ret = asn1_get_tag( &p, end, &asn1_len, ASN1_NULL ) ) != 0 ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); + if( p != p0 + 2 ) + return( POLARSSL_ERR_RSA_VERIFY_FAILED ); + p0 = p; if( ( ret = asn1_get_tag( &p, end, &asn1_len, ASN1_OCTET_STRING ) ) != 0 ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); - - if( asn1_len != hashlen ) + if( p != p0 + 2 || asn1_len != hashlen ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); if( memcmp( p, hash, hashlen ) != 0 ) diff --git a/ext/polarssl-1.3/library/sha1.c b/ext/polarssl-1.3/library/sha1.c index 455c7808a6..a5a235b644 100644 --- a/ext/polarssl-1.3/library/sha1.c +++ b/ext/polarssl-1.3/library/sha1.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,23 +35,28 @@ #include "polarssl/sha1.h" -#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST) +#include + +#if defined(POLARSSL_FS_IO) #include #endif +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ + +#if !defined(POLARSSL_SHA1_ALT) /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if !defined(POLARSSL_SHA1_ALT) - /* * 32-bit integer manipulation macros (big endian) */ @@ -358,6 +363,7 @@ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) */ int sha1_file( const char *path, unsigned char output[20] ) { + int ret = 0; FILE *f; size_t n; sha1_context ctx; @@ -372,17 +378,16 @@ int sha1_file( const char *path, unsigned char output[20] ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) sha1_update( &ctx, buf, n ); - sha1_finish( &ctx, output ); - sha1_free( &ctx ); - if( ferror( f ) != 0 ) - { - fclose( f ); - return( POLARSSL_ERR_SHA1_FILE_IO_ERROR ); - } + ret = POLARSSL_ERR_SHA1_FILE_IO_ERROR; + else + sha1_finish( &ctx, output ); + sha1_free( &ctx ); + polarssl_zeroize( buf, sizeof( buf ) ); fclose( f ); - return( 0 ); + + return( ret ); } #endif /* POLARSSL_FS_IO */ @@ -471,7 +476,7 @@ void sha1_hmac( const unsigned char *key, size_t keylen, /* * FIPS-180-1 test vectors */ -static unsigned char sha1_test_buf[3][57] = +static const unsigned char sha1_test_buf[3][57] = { { "abc" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, @@ -496,7 +501,7 @@ static const unsigned char sha1_test_sum[3][20] = /* * RFC 2202 test vectors */ -static unsigned char sha1_hmac_test_key[7][26] = +static const unsigned char sha1_hmac_test_key[7][26] = { { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" "\x0B\x0B\x0B\x0B" }, @@ -516,7 +521,7 @@ static const int sha1_hmac_test_keylen[7] = 20, 4, 20, 25, 20, 80, 80 }; -static unsigned char sha1_hmac_test_buf[7][74] = +static const unsigned char sha1_hmac_test_buf[7][74] = { { "Hi There" }, { "what do ya want for nothing?" }, @@ -617,7 +622,7 @@ int sha1_self_test( int verbose ) if( i == 5 || i == 6 ) { - memset( buf, '\xAA', buflen = 80 ); + memset( buf, 0xAA, buflen = 80 ); sha1_hmac_starts( &ctx, buf, buflen ); } else diff --git a/ext/polarssl-1.3/library/sha256.c b/ext/polarssl-1.3/library/sha256.c index 102402e18f..caae79f9bd 100644 --- a/ext/polarssl-1.3/library/sha256.c +++ b/ext/polarssl-1.3/library/sha256.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,23 +35,28 @@ #include "polarssl/sha256.h" -#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST) +#include + +#if defined(POLARSSL_FS_IO) #include #endif +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ + +#if !defined(POLARSSL_SHA256_ALT) /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if !defined(POLARSSL_SHA256_ALT) - /* * 32-bit integer manipulation macros (big endian) */ @@ -361,6 +366,7 @@ void sha256( const unsigned char *input, size_t ilen, */ int sha256_file( const char *path, unsigned char output[32], int is224 ) { + int ret = 0; FILE *f; size_t n; sha256_context ctx; @@ -375,17 +381,16 @@ int sha256_file( const char *path, unsigned char output[32], int is224 ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) sha256_update( &ctx, buf, n ); - sha256_finish( &ctx, output ); - sha256_free( &ctx ); - if( ferror( f ) != 0 ) - { - fclose( f ); - return( POLARSSL_ERR_SHA256_FILE_IO_ERROR ); - } + ret = POLARSSL_ERR_SHA256_FILE_IO_ERROR; + else + sha256_finish( &ctx, output ); + sha256_free( &ctx ); + polarssl_zeroize( buf, sizeof( buf ) ); fclose( f ); - return( 0 ); + + return( ret ); } #endif /* POLARSSL_FS_IO */ @@ -478,7 +483,7 @@ void sha256_hmac( const unsigned char *key, size_t keylen, /* * FIPS-180-2 test vectors */ -static unsigned char sha256_test_buf[3][57] = +static const unsigned char sha256_test_buf[3][57] = { { "abc" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, @@ -528,7 +533,7 @@ static const unsigned char sha256_test_sum[6][32] = /* * RFC 4231 test vectors */ -static unsigned char sha256_hmac_test_key[7][26] = +static const unsigned char sha256_hmac_test_key[7][26] = { { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" "\x0B\x0B\x0B\x0B" }, @@ -548,7 +553,7 @@ static const int sha256_hmac_test_keylen[7] = 20, 4, 20, 25, 20, 131, 131 }; -static unsigned char sha256_hmac_test_buf[7][153] = +static const unsigned char sha256_hmac_test_buf[7][153] = { { "Hi There" }, { "what do ya want for nothing?" }, @@ -698,7 +703,7 @@ int sha256_self_test( int verbose ) if( j == 5 || j == 6 ) { - memset( buf, '\xAA', buflen = 131 ); + memset( buf, 0xAA, buflen = 131 ); sha256_hmac_starts( &ctx, buf, buflen, k ); } else diff --git a/ext/polarssl-1.3/library/sha512.c b/ext/polarssl-1.3/library/sha512.c index b9dac62dbf..5e51f7f0bf 100644 --- a/ext/polarssl-1.3/library/sha512.c +++ b/ext/polarssl-1.3/library/sha512.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,23 +35,34 @@ #include "polarssl/sha512.h" -#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST) +#if defined(_MSC_VER) || defined(__WATCOMC__) + #define UL64(x) x##ui64 +#else + #define UL64(x) x##ULL +#endif + +#include + +#if defined(POLARSSL_FS_IO) #include #endif +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ + +#if !defined(POLARSSL_SHA512_ALT) /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if !defined(POLARSSL_SHA512_ALT) - /* * 64-bit integer manipulation macros (big endian) */ @@ -359,6 +370,7 @@ void sha512( const unsigned char *input, size_t ilen, */ int sha512_file( const char *path, unsigned char output[64], int is384 ) { + int ret = 0; FILE *f; size_t n; sha512_context ctx; @@ -373,17 +385,16 @@ int sha512_file( const char *path, unsigned char output[64], int is384 ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) sha512_update( &ctx, buf, n ); - sha512_finish( &ctx, output ); - sha512_free( &ctx ); - if( ferror( f ) != 0 ) - { - fclose( f ); - return( POLARSSL_ERR_SHA512_FILE_IO_ERROR ); - } + ret = POLARSSL_ERR_SHA512_FILE_IO_ERROR; + else + sha512_finish( &ctx, output ); + sha512_free( &ctx ); + polarssl_zeroize( buf, sizeof( buf ) ); fclose( f ); - return( 0 ); + + return( ret ); } #endif /* POLARSSL_FS_IO */ @@ -477,7 +488,7 @@ void sha512_hmac( const unsigned char *key, size_t keylen, /* * FIPS-180-2 test vectors */ -static unsigned char sha512_test_buf[3][113] = +static const unsigned char sha512_test_buf[3][113] = { { "abc" }, { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" @@ -546,7 +557,7 @@ static const unsigned char sha512_test_sum[6][64] = /* * RFC 4231 test vectors */ -static unsigned char sha512_hmac_test_key[7][26] = +static const unsigned char sha512_hmac_test_key[7][26] = { { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" "\x0B\x0B\x0B\x0B" }, @@ -566,7 +577,7 @@ static const int sha512_hmac_test_keylen[7] = 20, 4, 20, 25, 20, 131, 131 }; -static unsigned char sha512_hmac_test_buf[7][153] = +static const unsigned char sha512_hmac_test_buf[7][153] = { { "Hi There" }, { "what do ya want for nothing?" }, @@ -752,7 +763,7 @@ int sha512_self_test( int verbose ) if( j == 5 || j == 6 ) { - memset( buf, '\xAA', buflen = 131 ); + memset( buf, 0xAA, buflen = 131 ); sha512_hmac_starts( &ctx, buf, buflen, k ); } else diff --git a/ext/polarssl-1.3/library/ssl_cache.c b/ext/polarssl-1.3/library/ssl_cache.c index c649129b8b..0cad1480e5 100644 --- a/ext/polarssl-1.3/library/ssl_cache.c +++ b/ext/polarssl-1.3/library/ssl_cache.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -34,15 +34,16 @@ #include "polarssl/ssl_cache.h" +#include + #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_malloc malloc #define polarssl_free free #endif -#include - void ssl_cache_init( ssl_cache_context *cache ) { memset( cache, 0, sizeof( ssl_cache_context ) ); @@ -102,7 +103,7 @@ int ssl_cache_get( void *data, ssl_session *session ) */ if( entry->peer_cert.p != NULL ) { - if( ( session->peer_cert = (x509_crt *) polarssl_malloc( + if( ( session->peer_cert = polarssl_malloc( sizeof(x509_crt) ) ) == NULL ) { ret = 1; @@ -221,7 +222,7 @@ int ssl_cache_set( void *data, const ssl_session *session ) /* * max_entries not reached, create new entry */ - cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) ); + cur = polarssl_malloc( sizeof(ssl_cache_entry) ); if( cur == NULL ) { ret = 1; @@ -258,8 +259,7 @@ int ssl_cache_set( void *data, const ssl_session *session ) */ if( session->peer_cert != NULL ) { - cur->peer_cert.p = (unsigned char *) polarssl_malloc( - session->peer_cert->raw.len ); + cur->peer_cert.p = polarssl_malloc( session->peer_cert->raw.len ); if( cur->peer_cert.p == NULL ) { ret = 1; @@ -324,6 +324,8 @@ void ssl_cache_free( ssl_cache_context *cache ) #if defined(POLARSSL_THREADING_C) polarssl_mutex_free( &cache->mutex ); #endif + + cache->chain = NULL; } #endif /* POLARSSL_SSL_CACHE_C */ diff --git a/ext/polarssl-1.3/library/ssl_ciphersuites.c b/ext/polarssl-1.3/library/ssl_ciphersuites.c index 014cfc90b5..8204731471 100644 --- a/ext/polarssl-1.3/library/ssl_ciphersuites.c +++ b/ext/polarssl-1.3/library/ssl_ciphersuites.c @@ -5,7 +5,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,7 +33,8 @@ #include "polarssl/ssl_ciphersuites.h" #include "polarssl/ssl.h" -#include +// #include +#include #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \ !defined(EFI32) @@ -1673,7 +1674,9 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* POLARSSL_DES_C */ #endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */ - { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 } + { 0, "", + POLARSSL_CIPHER_NONE, POLARSSL_MD_NONE, POLARSSL_KEY_EXCHANGE_NONE, + 0, 0, 0, 0, 0 } }; #if defined(SSL_CIPHERSUITES) @@ -1800,6 +1803,24 @@ pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info ) return( POLARSSL_PK_NONE ); } } + +pk_type_t ssl_get_ciphersuite_sig_alg( const ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case POLARSSL_KEY_EXCHANGE_RSA: + case POLARSSL_KEY_EXCHANGE_DHE_RSA: + case POLARSSL_KEY_EXCHANGE_ECDHE_RSA: + return( POLARSSL_PK_RSA ); + + case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA: + return( POLARSSL_PK_ECDSA ); + + default: + return( POLARSSL_PK_NONE ); + } +} + #endif /* POLARSSL_PK_C */ #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) diff --git a/ext/polarssl-1.3/library/ssl_cli.c b/ext/polarssl-1.3/library/ssl_cli.c index 62ff3cfc55..5f5beecb58 100644 --- a/ext/polarssl-1.3/library/ssl_cli.c +++ b/ext/polarssl-1.3/library/ssl_cli.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,16 +31,16 @@ #include "polarssl/debug.h" #include "polarssl/ssl.h" +#include + #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_malloc malloc #define polarssl_free free #endif -#include -#include - #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) #include typedef UINT32 uint32_t; @@ -65,6 +65,7 @@ static void ssl_write_hostname_ext( ssl_context *ssl, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; *olen = 0; @@ -74,6 +75,12 @@ static void ssl_write_hostname_ext( ssl_context *ssl, SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s", ssl->hostname ) ); + if( end < p || (size_t)( end - p ) < ssl->hostname_len + 9 ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + /* * struct { * NameType name_type; @@ -117,6 +124,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; *olen = 0; @@ -125,6 +133,12 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl, SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) ); + if( end < p || (size_t)(end - p) < 5 + ssl->verify_data_len ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + /* * Secure renegotiation */ @@ -151,6 +165,7 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; size_t sig_alg_len = 0; #if defined(POLARSSL_RSA_C) || defined(POLARSSL_ECDSA_C) unsigned char *sig_alg_list = buf + 6; @@ -163,9 +178,54 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl, SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); +#if defined(POLARSSL_RSA_C) +#if defined(POLARSSL_SHA512_C) + /* SHA512 + RSA signature, SHA384 + RSA signature */ + sig_alg_len += 4; +#endif +#if defined(POLARSSL_SHA256_C) + /* SHA256 + RSA signature, SHA224 + RSA signature */ + sig_alg_len += 4; +#endif +#if defined(POLARSSL_SHA1_C) + /* SHA1 + RSA signature */ + sig_alg_len += 2; +#endif +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) + /* MD5 + RSA signature */ + sig_alg_len += 2; +#endif +#endif /* POLARSSL_RSA_C */ +#if defined(POLARSSL_ECDSA_C) +#if defined(POLARSSL_SHA512_C) + /* SHA512 + ECDSA signature, SHA384 + ECDSA signature */ + sig_alg_len += 4; +#endif +#if defined(POLARSSL_SHA256_C) + /* SHA256 + ECDSA signature, SHA224 + ECDSA signature */ + sig_alg_len += 4; +#endif +#if defined(POLARSSL_SHA1_C) + /* SHA1 + ECDSA signature */ + sig_alg_len += 2; +#endif +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) + /* MD5 + ECDSA signature */ + sig_alg_len += 2; +#endif +#endif /* POLARSSL_ECDSA_C */ + + if( end < p || (size_t)( end - p ) < sig_alg_len + 6 ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + /* * Prepare signature_algorithms extension (TLS 1.2) */ + sig_alg_len = 0; + #if defined(POLARSSL_RSA_C) #if defined(POLARSSL_SHA512_C) sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512; @@ -183,7 +243,7 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl, sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1; sig_alg_list[sig_alg_len++] = SSL_SIG_RSA; #endif -#if defined(POLARSSL_MD5_C) +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) sig_alg_list[sig_alg_len++] = SSL_HASH_MD5; sig_alg_list[sig_alg_len++] = SSL_SIG_RSA; #endif @@ -205,7 +265,7 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl, sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1; sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA; #endif -#if defined(POLARSSL_MD5_C) +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) sig_alg_list[sig_alg_len++] = SSL_HASH_MD5; sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA; #endif @@ -248,6 +308,7 @@ static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; const ecp_curve_info *info; @@ -269,7 +330,31 @@ static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl, for( info = ecp_curve_list(); info->grp_id != POLARSSL_ECP_DP_NONE; info++ ) { #endif + if( info == NULL ) + { + SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); + return; + } + elliptic_curve_len += 2; + } + + if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + + elliptic_curve_len = 0; + +#if defined(POLARSSL_SSL_SET_CURVES) + for( grp_id = ssl->curve_list; *grp_id != POLARSSL_ECP_DP_NONE; grp_id++ ) + { + info = ecp_curve_info_from_grp_id( *grp_id ); +#else + for( info = ecp_curve_list(); info->grp_id != POLARSSL_ECP_DP_NONE; info++ ) + { +#endif elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; } @@ -294,12 +379,18 @@ static void ssl_write_supported_point_formats_ext( ssl_context *ssl, size_t *olen ) { unsigned char *p = buf; - ((void) ssl); + const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; *olen = 0; SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) ); + if( end < p || (size_t)( end - p ) < 6 ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); @@ -319,14 +410,21 @@ static void ssl_write_max_fragment_length_ext( ssl_context *ssl, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; - if( ssl->mfl_code == SSL_MAX_FRAG_LEN_NONE ) { - *olen = 0; + *olen = 0; + + if( ssl->mfl_code == SSL_MAX_FRAG_LEN_NONE ) return; - } SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) ); + if( end < p || (size_t)( end - p ) < 5 ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); @@ -344,15 +442,21 @@ static void ssl_write_truncated_hmac_ext( ssl_context *ssl, unsigned char *buf, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; + + *olen = 0; if( ssl->trunc_hmac == SSL_TRUNC_HMAC_DISABLED ) - { - *olen = 0; return; - } SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) ); + if( end < p || (size_t)( end - p ) < 4 ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); @@ -368,17 +472,25 @@ static void ssl_write_encrypt_then_mac_ext( ssl_context *ssl, unsigned char *buf, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; + + *olen = 0; if( ssl->encrypt_then_mac == SSL_ETM_DISABLED || ssl->max_minor_ver == SSL_MINOR_VERSION_0 ) { - *olen = 0; return; } SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac " "extension" ) ); + if( end < p || (size_t)( end - p ) < 4 ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); @@ -394,17 +506,25 @@ static void ssl_write_extended_ms_ext( ssl_context *ssl, unsigned char *buf, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; + + *olen = 0; if( ssl->extended_ms == SSL_EXTENDED_MS_DISABLED || ssl->max_minor_ver == SSL_MINOR_VERSION_0 ) { - *olen = 0; return; } SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret " "extension" ) ); + if( end < p || (size_t)( end - p ) < 4 ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); @@ -420,16 +540,22 @@ static void ssl_write_session_ticket_ext( ssl_context *ssl, unsigned char *buf, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; size_t tlen = ssl->session_negotiate->ticket_len; + *olen = 0; + if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED ) - { - *olen = 0; return; - } SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) ); + if( end < p || (size_t)( end - p ) < 4 + tlen ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( TLS_EXT_SESSION_TICKET ) & 0xFF ); @@ -457,16 +583,26 @@ static void ssl_write_alpn_ext( ssl_context *ssl, unsigned char *buf, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; + size_t alpnlen = 0; const char **cur; + *olen = 0; + if( ssl->alpn_list == NULL ) - { - *olen = 0; return; - } SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); + for( cur = ssl->alpn_list; *cur != NULL; cur++ ) + alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1; + + if( end < p || (size_t)( end - p ) < 6 + alpnlen ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( TLS_EXT_ALPN >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( TLS_EXT_ALPN ) & 0xFF ); @@ -602,8 +738,8 @@ static int ssl_write_client_hello( ssl_context *ssl ) */ #if defined(POLARSSL_SSL_RENEGOTIATION) if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE ) - { #endif + { if( ssl->session_negotiate->ticket != NULL && ssl->session_negotiate->ticket_len != 0 ) { @@ -746,13 +882,13 @@ static int ssl_write_client_hello( ssl_context *ssl ) ext_len += olen; #endif -#if defined(POLARSSL_SSL_SESSION_TICKETS) - ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); +#if defined(POLARSSL_SSL_ALPN) + ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; #endif -#if defined(POLARSSL_SSL_ALPN) - ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); +#if defined(POLARSSL_SSL_SESSION_TICKETS) + ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; #endif @@ -1059,6 +1195,8 @@ static int ssl_parse_server_hello( ssl_context *ssl ) } SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) ); + + ssl->keep_current_message = 1; return( POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ); } #endif /* POLARSSL_SSL_RENEGOTIATION */ @@ -1445,7 +1583,7 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p, return( ret ); } - if( ssl->handshake->dhm_ctx.len < 64 || + if( ssl->handshake->dhm_ctx.len < SSL_MIN_DHM_BYTES || ssl->handshake->dhm_ctx.len > 512 ) { SSL_DEBUG_MSG( 1, ( "bad server key exchange message (DHM length)" ) ); @@ -1479,7 +1617,7 @@ static int ssl_check_server_ecdh_params( const ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); -#if defined(POLARSSL_SSL_ECP_SET_CURVES) +#if defined(POLARSSL_SSL_SET_CURVES) if( ! ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) ) #else if( ssl->handshake->ecdh_ctx.grp.nbits < 163 || @@ -1578,6 +1716,12 @@ static int ssl_write_encrypted_pms( ssl_context *ssl, size_t len_bytes = ssl->minor_ver == SSL_MINOR_VERSION_0 ? 0 : 2; unsigned char *p = ssl->handshake->premaster + pms_offset; + if( offset + len_bytes > SSL_MAX_CONTENT_LEN ) + { + SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) ); + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } + /* * Generate (part of) the pre-master as * struct { @@ -1596,6 +1740,12 @@ static int ssl_write_encrypted_pms( ssl_context *ssl, ssl->handshake->pmslen = 48; + if( ssl->session_negotiate->peer_cert == NULL ) + { + SSL_DEBUG_MSG( 2, ( "certificate required" ) ); + return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); + } + /* * Now write it out, encrypted */ @@ -1693,6 +1843,12 @@ static int ssl_get_ecdh_params_from_cert( ssl_context *ssl ) int ret; const ecp_keypair *peer_key; + if( ssl->session_negotiate->peer_cert == NULL ) + { + SSL_DEBUG_MSG( 2, ( "certificate required" ) ); + return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); + } + if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, POLARSSL_PK_ECKEY ) ) { @@ -1789,7 +1945,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ) { - ssl->record_read = 1; + /* Current message is probably either + * CertificateRequest or ServerHelloDone */ + ssl->keep_current_message = 1; goto exit; } @@ -1886,6 +2044,14 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } + +#if !defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) + if( md_alg == POLARSSL_MD_MD5 ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } +#endif } else #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ @@ -2006,6 +2172,12 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen : (unsigned int) ( md_info_from_type( md_alg ) )->size ); + if( ssl->session_negotiate->peer_cert == NULL ) + { + SSL_DEBUG_MSG( 2, ( "certificate required" ) ); + return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); + } + /* * Verify signature */ @@ -2036,7 +2208,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_parse_certificate_request( ssl_context *ssl ) { @@ -2090,36 +2264,31 @@ static int ssl_parse_certificate_request( ssl_context *ssl ) * n+4 .. ... Distinguished Name #1 * ... .. ... length of DN 2, etc. */ - if( ssl->record_read == 0 ) - { - if( ( ret = ssl_read_record( ssl ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "ssl_read_record", ret ); - return( ret ); - } - if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) - { - SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); - } + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } - ssl->record_read = 1; + if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) + { + SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); + return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); } - ssl->client_auth = 0; ssl->state++; - - if( ssl->in_msg[0] == SSL_HS_CERTIFICATE_REQUEST ) - ssl->client_auth++; + ssl->client_auth = ( ssl->in_msg[0] == SSL_HS_CERTIFICATE_REQUEST ); SSL_DEBUG_MSG( 3, ( "got %s certificate request", ssl->client_auth ? "a" : "no" ) ); if( ssl->client_auth == 0 ) + { + /* Current message is probably the ServerHelloDone */ + ssl->keep_current_message = 1; goto exit; - - ssl->record_read = 0; + } // TODO: handshake_failure alert for an anonymous server to request // client authentication @@ -2205,7 +2374,9 @@ static int ssl_parse_certificate_request( ssl_context *ssl ) } #endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLE && !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && !POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ static int ssl_parse_server_hello_done( ssl_context *ssl ) @@ -2214,21 +2385,17 @@ static int ssl_parse_server_hello_done( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) ); - if( ssl->record_read == 0 ) + if( ( ret = ssl_read_record( ssl ) ) != 0 ) { - if( ( ret = ssl_read_record( ssl ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "ssl_read_record", ret ); - return( ret ); - } + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } - if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) - { - SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) ); - return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); - } + if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) + { + SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) ); + return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); } - ssl->record_read = 0; if( ssl->in_hslen != 4 || ssl->in_msg[0] != SSL_HS_SERVER_HELLO_DONE ) @@ -2349,6 +2516,14 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) i = 4; n = ssl->psk_identity_len; + + if( i + 2 + n > SSL_MAX_CONTENT_LEN ) + { + SSL_DEBUG_MSG( 1, ( "psk identity too long or " + "SSL buffer too short" ) ); + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } + ssl->out_msg[i++] = (unsigned char)( n >> 8 ); ssl->out_msg[i++] = (unsigned char)( n ); @@ -2377,6 +2552,14 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) * ClientDiffieHellmanPublic public (DHM send G^X mod P) */ n = ssl->handshake->dhm_ctx.len; + + if( i + 2 + n > SSL_MAX_CONTENT_LEN ) + { + SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long" + " or SSL buffer too short" ) ); + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } + ssl->out_msg[i++] = (unsigned char)( n >> 8 ); ssl->out_msg[i++] = (unsigned char)( n ); @@ -2459,7 +2642,9 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_write_certificate_verify( ssl_context *ssl ) { @@ -2637,7 +2822,10 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) } #endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED && - !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + !POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_SSL_SESSION_TICKETS) static int ssl_parse_new_session_ticket( ssl_context *ssl ) diff --git a/ext/polarssl-1.3/library/ssl_srv.c b/ext/polarssl-1.3/library/ssl_srv.c index 8cb140e637..2200041472 100644 --- a/ext/polarssl-1.3/library/ssl_srv.c +++ b/ext/polarssl-1.3/library/ssl_srv.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,6 +30,9 @@ #include "polarssl/debug.h" #include "polarssl/ssl.h" + +#include + #if defined(POLARSSL_ECP_C) #include "polarssl/ecp.h" #endif @@ -37,13 +40,11 @@ #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_malloc malloc #define polarssl_free free #endif -#include -#include - #if defined(POLARSSL_HAVE_TIME) #include #endif @@ -466,6 +467,18 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl, #if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) +/* + * Status of the implementation of signature-algorithms extension: + * + * Currently, we are only considering the signature-algorithm extension + * to pick a ciphersuite which allows us to send the ServerKeyExchange + * message with a signature-hash combination that the user allows. + * + * We do *not* check whether all certificates in our certificate + * chain are signed with an allowed signature-hash pair. + * This needs to be done at a later stage. + * + */ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -473,8 +486,9 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl, size_t sig_alg_list_size; const unsigned char *p; const unsigned char *end = buf + len; - const int *md_cur; + md_type_t md_cur; + pk_type_t sig_cur; sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); if( sig_alg_list_size + 2 != len || @@ -484,28 +498,47 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl, return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - /* - * For now, ignore the SignatureAlgorithm part and rely on offered - * ciphersuites only for that part. To be fixed later. + /* Currently we only guarantee signing the ServerKeyExchange message according + * to the constraints specified in this extension (see above), so it suffices + * to remember only one suitable hash for each possible signature algorithm. * - * So, just look at the HashAlgorithm part. + * This will change when we also consider certificate signatures, + * in which case we will need to remember the whole signature-hash + * pair list from the extension. */ - for( md_cur = md_list(); *md_cur != POLARSSL_MD_NONE; md_cur++ ) { - for( p = buf + 2; p < end; p += 2 ) { - if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) { - ssl->handshake->sig_alg = p[0]; - goto have_sig_alg; - } + + for( p = buf + 2; p < end; p += 2 ) { + + /* Silently ignore unknown signature or hash algorithms. */ + + if( (sig_cur = ssl_pk_alg_from_sig( p[1] ) ) == POLARSSL_PK_NONE ) + { + SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: unknown sig alg encoding %d", + p[1] ) ); + continue; } - } - /* Some key echanges do not need signatures at all */ - SSL_DEBUG_MSG( 3, ( "no signature_algorithm in common" ) ); - return( 0 ); + /* Check if we support the hash the user proposes */ + md_cur = ssl_md_alg_from_hash( p[0] ); + if( md_cur == POLARSSL_MD_NONE ) + { + SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: " + "unknown hash alg encoding %d", p[0] ) ); + continue; + } -have_sig_alg: - SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d", - ssl->handshake->sig_alg ) ); + if( ssl_check_sig_hash( md_cur ) == 0 ) + { + ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur ); + SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: match sig %d and hash %d", + sig_cur, md_cur ) ); + } + else + { + SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: hash alg %d not supported", + md_cur ) ); + } + } return( 0 ); } @@ -581,7 +614,7 @@ static int ssl_parse_supported_point_formats( ssl_context *ssl, return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - p = buf + 2; + p = buf + 1; while( list_size > 0 ) { if( p[0] == POLARSSL_ECP_PF_UNCOMPRESSED || @@ -758,25 +791,33 @@ static int ssl_parse_alpn_ext( ssl_context *ssl, return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); /* - * Use our order of preference + * Validate peer's list (lengths) */ start = buf + 2; end = buf + len; + for( theirs = start; theirs != end; theirs += cur_len ) + { + cur_len = *theirs++; + + /* Current identifier must fit in list */ + if( cur_len > (size_t)( end - theirs ) ) + return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + + /* Empty strings MUST NOT be included */ + if( cur_len == 0 ) + return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + /* + * Use our order of preference + */ for( ours = ssl->alpn_list; *ours != NULL; ours++ ) { ours_len = strlen( *ours ); for( theirs = start; theirs != end; theirs += cur_len ) { - /* If the list is well formed, we should get equality first */ - if( theirs > end ) - return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); - cur_len = *theirs++; - /* Empty strings MUST NOT be included */ - if( cur_len == 0 ) - return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); - if( cur_len == ours_len && memcmp( theirs, *ours, cur_len ) == 0 ) { @@ -828,6 +869,7 @@ static int ssl_pick_cert( ssl_context *ssl, { ssl_key_cert *cur, *list, *fallback = NULL; pk_type_t pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); + int flags; #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) if( ssl->handshake->sni_key_cert != NULL ) @@ -861,7 +903,7 @@ static int ssl_pick_cert( ssl_context *ssl, * and decrypting with the same RSA key. */ if( ssl_check_cert_usage( cur->cert, ciphersuite_info, - SSL_IS_SERVER ) != 0 ) + SSL_IS_SERVER, &flags ) != 0 ) { SSL_DEBUG_MSG( 3, ( "certificate mismatch: " "(extended) key usage extension" ) ); @@ -924,6 +966,11 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id, { const ssl_ciphersuite_t *suite_info; +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) + pk_type_t sig_type; +#endif + suite_info = ssl_ciphersuite_from_id( suite_id ); if( suite_info == NULL ) { @@ -971,6 +1018,26 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id, } #endif +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) + /* If the ciphersuite requires signing, check whether + * a suitable hash algorithm is present. */ + if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) + { + sig_type = ssl_get_ciphersuite_sig_alg( suite_info ); + if( sig_type != POLARSSL_PK_NONE && + ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == POLARSSL_MD_NONE ) + { + SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm " + "for signature algorithm %d", sig_type ) ); + return( 0 ); + } + } + +#endif /* POLARSSL_SSL_PROTO_TLS1_2 && + POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ + + #if defined(POLARSSL_X509_CRT_PARSE_C) /* * Final check: if ciphersuite requires us to have a @@ -1279,6 +1346,15 @@ static int ssl_parse_client_hello( ssl_context *ssl ) const int *ciphersuites; const ssl_ciphersuite_t *ciphersuite_info; + /* If there is no signature-algorithm extension present, + * we need to fall back to the default values for allowed + * signature-hash pairs. */ +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) + int sig_hash_alg_ext_present = 0; +#endif /* POLARSSL_SSL_PROTO_TLS1_2 && + POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ + SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) ); #if defined(POLARSSL_SSL_RENEGOTIATION) @@ -1556,154 +1632,164 @@ static int ssl_parse_client_hello( ssl_context *ssl ) } #endif /* POLARSSL_SSL_FALLBACK_SCSV */ - ext = buf + 44 + sess_len + ciph_len + comp_len; - - while( ext_len ) + /* Do not parse the extensions if the protocol is SSLv3 */ +#if defined(POLARSSL_SSL_PROTO_SSL3) + if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) { - unsigned int ext_id = ( ( ext[0] << 8 ) - | ( ext[1] ) ); - unsigned int ext_size = ( ( ext[2] << 8 ) - | ( ext[3] ) ); +#endif - if( ext_size + 4 > ext_len ) - { - SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - switch( ext_id ) + ext = buf + 44 + sess_len + ciph_len + comp_len; + + SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len ); + + while( ext_len ) { -#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) - case TLS_EXT_SERVERNAME: - SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) ); - if( ssl->f_sni == NULL ) + unsigned int ext_id = ( ( ext[0] << 8 ) + | ( ext[1] ) ); + unsigned int ext_size = ( ( ext[2] << 8 ) + | ( ext[3] ) ); + + if( ext_size + 4 > ext_len ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + switch( ext_id ) + { + #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) + case TLS_EXT_SERVERNAME: + SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) ); + if( ssl->f_sni == NULL ) + break; + + ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); break; + #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */ - ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */ + case TLS_EXT_RENEGOTIATION_INFO: + SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) ); + #if defined(POLARSSL_SSL_RENEGOTIATION) + renegotiation_info_seen = 1; + #endif - case TLS_EXT_RENEGOTIATION_INFO: - SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) ); -#if defined(POLARSSL_SSL_RENEGOTIATION) - renegotiation_info_seen = 1; -#endif + ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; - ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + #if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) + case TLS_EXT_SIG_ALG: + SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); -#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ - defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) - case TLS_EXT_SIG_ALG: - SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); -#if defined(POLARSSL_SSL_RENEGOTIATION) - if( ssl->renegotiation == SSL_RENEGOTIATION ) - break; -#endif + ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); - ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_PROTO_TLS1_2 && - POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ + sig_hash_alg_ext_present = 1; + break; + #endif /* POLARSSL_SSL_PROTO_TLS1_2 && + POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ -#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) - case TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: - SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) ); + #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) + case TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: + SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) ); - ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; - case TLS_EXT_SUPPORTED_POINT_FORMATS: - SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) ); - ssl->handshake->cli_exts |= TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; + case TLS_EXT_SUPPORTED_POINT_FORMATS: + SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) ); + ssl->handshake->cli_exts |= TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; - ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */ + ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */ -#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) - case TLS_EXT_MAX_FRAGMENT_LENGTH: - SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) ); + #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) + case TLS_EXT_MAX_FRAGMENT_LENGTH: + SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) ); - ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ + ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(POLARSSL_SSL_TRUNCATED_HMAC) - case TLS_EXT_TRUNCATED_HMAC: - SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) ); + #if defined(POLARSSL_SSL_TRUNCATED_HMAC) + case TLS_EXT_TRUNCATED_HMAC: + SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) ); - ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_TRUNCATED_HMAC */ + ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_TRUNCATED_HMAC */ -#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC) - case TLS_EXT_ENCRYPT_THEN_MAC: - SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) ); + #if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC) + case TLS_EXT_ENCRYPT_THEN_MAC: + SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) ); - ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */ + ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */ -#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET) - case TLS_EXT_EXTENDED_MASTER_SECRET: - SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) ); + #if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET) + case TLS_EXT_EXTENDED_MASTER_SECRET: + SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) ); - ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */ + ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */ -#if defined(POLARSSL_SSL_SESSION_TICKETS) - case TLS_EXT_SESSION_TICKET: - SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) ); + #if defined(POLARSSL_SSL_SESSION_TICKETS) + case TLS_EXT_SESSION_TICKET: + SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) ); - ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_SESSION_TICKETS */ + ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_SESSION_TICKETS */ -#if defined(POLARSSL_SSL_ALPN) - case TLS_EXT_ALPN: - SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); + #if defined(POLARSSL_SSL_ALPN) + case TLS_EXT_ALPN: + SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); - ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_SESSION_TICKETS */ + ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_SESSION_TICKETS */ - default: - SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", - ext_id ) ); - } + default: + SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", + ext_id ) ); + } - ext_len -= 4 + ext_size; - ext += 4 + ext_size; + ext_len -= 4 + ext_size; + ext += 4 + ext_size; - if( ext_len > 0 && ext_len < 4 ) - { - SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if( ext_len > 0 && ext_len < 4 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } } + +#if defined(POLARSSL_SSL_PROTO_SSL3) } +#endif /* * Renegotiation security checks @@ -1746,6 +1832,27 @@ static int ssl_parse_client_hello( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); } + +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) + + /* + * Try to fall back to default hash SHA1 if the client + * hasn't provided any preferred signature-hash combinations. + */ + if( sig_hash_alg_ext_present == 0 ) + { + md_type_t md_default = POLARSSL_MD_SHA1; + + if( ssl_check_sig_hash( md_default ) != 0 ) + md_default = POLARSSL_MD_NONE; + + ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default ); + } + +#endif /* POLARSSL_SSL_PROTO_TLS1_2 && + POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ + /* * Search for a matching ciphersuite * (At the end because we need information from the EC-based extensions @@ -1803,6 +1910,28 @@ static int ssl_parse_client_hello( ssl_context *ssl ) ssl->in_left = 0; ssl->state++; + /* Debugging-only output for testsuite */ +#if defined(POLARSSL_DEBUG_C) && \ + defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) + if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) + { + pk_type_t sig_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); + if( sig_alg != POLARSSL_PK_NONE ) + { + md_type_t md_alg = ssl_sig_hash_set_find( &ssl->handshake->hash_algs, + sig_alg ); + SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d", + ssl_hash_from_md_alg( md_alg ) ) ); + } + else + { + SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm %d - should not happen", + sig_alg ) ); + } + } +#endif + SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) ); return( 0 ); @@ -1842,7 +1971,7 @@ static void ssl_write_encrypt_then_mac_ext( ssl_context *ssl, const ssl_ciphersuite_t *suite = NULL; const cipher_info_t *cipher = NULL; - if( ssl->session_negotiate->encrypt_then_mac == SSL_EXTENDED_MS_DISABLED || + if( ssl->session_negotiate->encrypt_then_mac == SSL_ETM_DISABLED || ssl->minor_ver == SSL_MINOR_VERSION_0 ) { *olen = 0; @@ -2205,6 +2334,12 @@ static int ssl_write_server_hello( ssl_context *ssl ) SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X", ssl->session_negotiate->compression ) ); + /* Do not write the extensions if the protocol is SSLv3 */ +#if defined(POLARSSL_SSL_PROTO_SSL3) + if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) + { +#endif + /* * First write extensions, then the total length */ @@ -2255,6 +2390,10 @@ static int ssl_write_server_hello( ssl_context *ssl ) p += ext_len; } +#if defined(POLARSSL_SSL_PROTO_SSL3) + } +#endif + ssl->out_msglen = p - buf; ssl->out_msgtype = SSL_MSG_HANDSHAKE; ssl->out_msg[0] = SSL_HS_SERVER_HELLO; @@ -2268,7 +2407,9 @@ static int ssl_write_server_hello( ssl_context *ssl ) #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_write_certificate_request( ssl_context *ssl ) { @@ -2298,6 +2439,7 @@ static int ssl_write_certificate_request( ssl_context *ssl ) size_t ct_len, sa_len; /* including length bytes */ unsigned char *buf, *p; const x509_crt *crt; + const unsigned char * const end = ssl->out_msg + SSL_MAX_CONTENT_LEN; SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) ); @@ -2404,10 +2546,16 @@ static int ssl_write_certificate_request( ssl_context *ssl ) total_dn_size = 0; while( crt != NULL && crt->version != 0 ) { - if( p - buf > 4096 ) + dn_size = crt->subject_raw.len; + + if( end < p || + (size_t)( end - p ) < dn_size || + (size_t)( end - p ) < 2 + dn_size ) + { + SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) ); break; + } - dn_size = crt->subject_raw.len; *p++ = (unsigned char)( dn_size >> 8 ); *p++ = (unsigned char)( dn_size ); memcpy( p, crt->subject_raw.p, dn_size ); @@ -2433,7 +2581,9 @@ static int ssl_write_certificate_request( ssl_context *ssl ) } #endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && !POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ @@ -2593,7 +2743,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) curve = ssl->handshake->curves; #endif - if( *curve == NULL ) + if( curve == NULL || *curve == NULL ) { SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) ); return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN ); @@ -2636,17 +2786,25 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) size_t signature_len = 0; unsigned int hashlen = 0; unsigned char hash[64]; - md_type_t md_alg = POLARSSL_MD_NONE; /* - * Choose hash algorithm. NONE means MD5 + SHA1 here. + * Choose hash algorithm: + * - For TLS 1.2, obey signature-hash-algorithm extension to choose appropriate hash. + * - For SSL3, TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1 (RFC 4492, Sec. 5.4) + * - Otherwise, use MD5 + SHA1 (RFC 4346, Sec. 7.4.3) */ + + md_type_t md_alg; + #if defined(POLARSSL_SSL_PROTO_TLS1_2) + pk_type_t sig_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) { - md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg ); + /* For TLS 1.2, obey signature-hash-algorithm extension + * (RFC 5246, Sec. 7.4.1.4.1). */ - if( md_alg == POLARSSL_MD_NONE ) + if( sig_alg == POLARSSL_PK_NONE || + ( md_alg = ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_alg ) ) == POLARSSL_MD_NONE ) { SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); @@ -2667,6 +2825,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) md_alg = POLARSSL_MD_NONE; } + SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) ); + /* * Compute the hash to be signed */ @@ -2765,8 +2925,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) #if defined(POLARSSL_SSL_PROTO_TLS1_2) if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) { - *(p++) = ssl->handshake->sig_alg; - *(p++) = ssl_sig_from_pk( ssl_own_key( ssl ) ); + *(p++) = ssl_hash_from_md_alg( md_alg ); + *(p++) = ssl_sig_from_pk_alg( sig_alg ); n += 2; } @@ -2886,8 +3046,8 @@ static int ssl_parse_encrypted_pms( ssl_context *ssl, unsigned char *pms = ssl->handshake->premaster + pms_offset; unsigned char fake_pms[48], peer_pms[48]; unsigned char mask; - unsigned int uret; - size_t i; + size_t i, peer_pmslen; + unsigned int diff; if( ! pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_RSA ) ) { @@ -2929,16 +3089,17 @@ static int ssl_parse_encrypted_pms( ssl_context *ssl, return( ret ); ret = pk_decrypt( ssl_own_key( ssl ), p, len, - peer_pms, &ssl->handshake->pmslen, + peer_pms, &peer_pmslen, sizeof( peer_pms ), ssl->f_rng, ssl->p_rng ); - ret |= ssl->handshake->pmslen - 48; - ret |= peer_pms[0] - ssl->handshake->max_major_ver; - ret |= peer_pms[1] - ssl->handshake->max_minor_ver; + diff = (unsigned int) ret; + diff |= peer_pmslen ^ 48; + diff |= peer_pms[0] ^ ssl->handshake->max_major_ver; + diff |= peer_pms[1] ^ ssl->handshake->max_minor_ver; #if defined(POLARSSL_SSL_DEBUG_ALL) - if( ret != 0 ) + if( diff != 0 ) SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); #endif @@ -2950,10 +3111,18 @@ static int ssl_parse_encrypted_pms( ssl_context *ssl, } ssl->handshake->pmslen = 48; - uret = (unsigned) ret; - uret |= -uret; /* msb = ( ret != 0 ) */ - uret >>= 8 * sizeof( uret ) - 1; /* uret = ( ret != 0 ) */ - mask = (unsigned char)( -uret ) ; /* ret ? 0xff : 0x00 */ + /* mask = diff ? 0xff : 0x00 */ + /* MSVC has a warning about unary minus on unsigned, but this is + * well-defined and precisely what we want to do here */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + mask = - ( diff | - diff ) >> ( sizeof( unsigned int ) * 8 - 1 ); +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + for( i = 0; i < ssl->handshake->pmslen; i++ ) pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] ); @@ -2980,7 +3149,7 @@ static int ssl_parse_client_psk_identity( ssl_context *ssl, unsigned char **p, /* * Receive client pre-shared key identity name */ - if( *p + 2 > end ) + if( end - *p < 2 ) { SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); @@ -2989,7 +3158,7 @@ static int ssl_parse_client_psk_identity( ssl_context *ssl, unsigned char **p, n = ( (*p)[0] << 8 ) | (*p)[1]; *p += 2; - if( n < 1 || n > 65535 || *p + n > end ) + if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) ) { SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); @@ -3275,7 +3444,9 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl ) #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_parse_certificate_verify( ssl_context *ssl ) { @@ -3449,7 +3620,10 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) } #endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED && - !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + !POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_SSL_SESSION_TICKETS) static int ssl_write_new_session_ticket( ssl_context *ssl ) diff --git a/ext/polarssl-1.3/library/ssl_tls.c b/ext/polarssl-1.3/library/ssl_tls.c index 4b54187060..82f11a7535 100644 --- a/ext/polarssl-1.3/library/ssl_tls.c +++ b/ext/polarssl-1.3/library/ssl_tls.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -39,6 +39,8 @@ #include "polarssl/debug.h" #include "polarssl/ssl.h" +#include + #if defined(POLARSSL_X509_CRT_PARSE_C) && \ defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE) #include "polarssl/oid.h" @@ -47,12 +49,11 @@ #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_malloc malloc #define polarssl_free free #endif -#include - #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \ !defined(EFI32) #define strcasecmp _stricmp @@ -82,6 +83,7 @@ static unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] = }; #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ +#if defined(POLARSSL_SSL_CLI_C) static int ssl_session_copy( ssl_session *dst, const ssl_session *src ) { ssl_session_free( dst ); @@ -92,7 +94,7 @@ static int ssl_session_copy( ssl_session *dst, const ssl_session *src ) { int ret; - dst->peer_cert = (x509_crt *) polarssl_malloc( sizeof(x509_crt) ); + dst->peer_cert = polarssl_malloc( sizeof(x509_crt) ); if( dst->peer_cert == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); @@ -111,7 +113,7 @@ static int ssl_session_copy( ssl_session *dst, const ssl_session *src ) #if defined(POLARSSL_SSL_SESSION_TICKETS) if( src->ticket != NULL ) { - dst->ticket = (unsigned char *) polarssl_malloc( src->ticket_len ); + dst->ticket = polarssl_malloc( src->ticket_len ); if( dst->ticket == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); @@ -121,6 +123,7 @@ static int ssl_session_copy( ssl_session *dst, const ssl_session *src ) return( 0 ); } +#endif /* POLARSSL_SSL_CLI_C */ #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) int (*ssl_hw_record_init)( ssl_context *ssl, @@ -565,8 +568,6 @@ int ssl_derive_keys( ssl_context *ssl ) } else { - int ret; - /* Initialize HMAC contexts */ if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 || ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 ) @@ -950,11 +951,16 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex ) #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) if( key_ex == POLARSSL_KEY_EXCHANGE_PSK ) { - if( end - p < 2 + (int) ssl->psk_len ) + if( end - p < 2 ) return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); *(p++) = (unsigned char)( ssl->psk_len >> 8 ); *(p++) = (unsigned char)( ssl->psk_len ); + + if( end < p || (size_t)( end - p ) < ssl->psk_len ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + + memset( p, 0, ssl->psk_len ); p += ssl->psk_len; } else @@ -1022,11 +1028,15 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex ) } /* opaque psk<0..2^16-1>; */ - if( end - p < 2 + (int) ssl->psk_len ) - return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + if( end - p < 2 ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); *(p++) = (unsigned char)( ssl->psk_len >> 8 ); *(p++) = (unsigned char)( ssl->psk_len ); + + if( end < p || (size_t)( end - p ) < ssl->psk_len ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + memcpy( p, ssl->psk, ssl->psk_len ); p += ssl->psk_len; @@ -1040,9 +1050,12 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex ) /* * SSLv3.0 MAC functions */ -static void ssl_mac( md_context_t *md_ctx, unsigned char *secret, - unsigned char *buf, size_t len, - unsigned char *ctr, int type ) +#define SSL_MAC_MAX_BYTES 20 /* MD-5 or SHA-1 */ +static void ssl_mac( md_context_t *md_ctx, + const unsigned char *secret, + const unsigned char *buf, size_t len, + const unsigned char *ctr, int type, + unsigned char out[SSL_MAC_MAX_BYTES] ) { unsigned char header[11]; unsigned char padding[48]; @@ -1067,14 +1080,14 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret, md_update( md_ctx, padding, padlen ); md_update( md_ctx, header, 11 ); md_update( md_ctx, buf, len ); - md_finish( md_ctx, buf + len ); + md_finish( md_ctx, out ); memset( padding, 0x5C, padlen ); md_starts( md_ctx ); md_update( md_ctx, secret, md_size ); md_update( md_ctx, padding, padlen ); - md_update( md_ctx, buf + len, md_size ); - md_finish( md_ctx, buf + len ); + md_update( md_ctx, out, md_size ); + md_finish( md_ctx, out ); } #endif /* POLARSSL_SSL_PROTO_SSL3 */ @@ -1120,10 +1133,15 @@ static int ssl_encrypt_buf( ssl_context *ssl ) #if defined(POLARSSL_SSL_PROTO_SSL3) if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) { + unsigned char mac[SSL_MAC_MAX_BYTES]; + ssl_mac( &ssl->transform_out->md_ctx_enc, ssl->transform_out->mac_enc, ssl->out_msg, ssl->out_msglen, - ssl->out_ctr, ssl->out_msgtype ); + ssl->out_ctr, ssl->out_msgtype, + mac ); + + memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen ); } else #endif @@ -1131,12 +1149,16 @@ static int ssl_encrypt_buf( ssl_context *ssl ) defined(POLARSSL_SSL_PROTO_TLS1_2) if( ssl->minor_ver >= SSL_MINOR_VERSION_1 ) { + unsigned char mac[SSL_MAC_ADD]; + md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 13 ); md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_msg, ssl->out_msglen ); - md_hmac_finish( &ssl->transform_out->md_ctx_enc, - ssl->out_msg + ssl->out_msglen ); + md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac ); md_hmac_reset( &ssl->transform_out->md_ctx_enc ); + + memcpy( ssl->out_msg + ssl->out_msglen, mac, + ssl->transform_out->maclen ); } else #endif @@ -1145,7 +1167,7 @@ static int ssl_encrypt_buf( ssl_context *ssl ) return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); } - SSL_DEBUG_BUF( 4, "computed mac", + SSL_DEBUG_BUF( 4, "expected mac", ssl->out_msg + ssl->out_msglen, ssl->transform_out->maclen ); @@ -1209,17 +1231,6 @@ static int ssl_encrypt_buf( ssl_context *ssl ) /* * Generate IV */ -#if defined(POLARSSL_SSL_AEAD_RANDOM_IV) - ret = ssl->f_rng( ssl->p_rng, - ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, - ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); - if( ret != 0 ) - return( ret ); - - memcpy( ssl->out_iv, - ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, - ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); -#else if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 ) { /* Reminder if we ever add an AEAD mode with a different size */ @@ -1230,7 +1241,6 @@ static int ssl_encrypt_buf( ssl_context *ssl ) memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, ssl->out_ctr, 8 ); memcpy( ssl->out_iv, ssl->out_ctr, 8 ); -#endif SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv, ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); @@ -1306,7 +1316,7 @@ static int ssl_encrypt_buf( ssl_context *ssl ) /* * Generate IV */ - int ret = ssl->f_rng( ssl->p_rng, ssl->transform_out->iv_enc, + ret = ssl->f_rng( ssl->p_rng, ssl->transform_out->iv_enc, ssl->transform_out->ivlen ); if( ret != 0 ) return( ret ); @@ -1421,8 +1431,6 @@ static int ssl_encrypt_buf( ssl_context *ssl ) return( 0 ); } -#define POLARSSL_SSL_MAX_MAC_SIZE 48 - static int ssl_decrypt_buf( ssl_context *ssl ) { size_t i; @@ -1486,10 +1494,10 @@ static int ssl_decrypt_buf( ssl_context *ssl ) unsigned char add_data[13]; unsigned char taglen = ssl->transform_in->ciphersuite_info->flags & POLARSSL_CIPHERSUITE_SHORT_TAG ? 8 : 16; - unsigned char explicit_iv_len = ssl->transform_in->ivlen - + size_t explicit_iv_len = ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen; - if( ssl->in_msglen < explicit_iv_len + taglen ) + if( ssl->in_msglen < (size_t) explicit_iv_len + taglen ) { SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) " "+ taglen (%d)", ssl->in_msglen, @@ -1590,7 +1598,7 @@ static int ssl_decrypt_buf( ssl_context *ssl ) #if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC) if( ssl->session_in->encrypt_then_mac == SSL_ETM_ENABLED ) { - unsigned char computed_mac[POLARSSL_SSL_MAX_MAC_SIZE]; + unsigned char mac_expect[SSL_MAC_ADD]; unsigned char pseudo_hdr[13]; SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); @@ -1608,15 +1616,15 @@ static int ssl_decrypt_buf( ssl_context *ssl ) md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 ); md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_iv, ssl->in_msglen ); - md_hmac_finish( &ssl->transform_in->md_ctx_dec, computed_mac ); + md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect ); md_hmac_reset( &ssl->transform_in->md_ctx_dec ); SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen, ssl->transform_in->maclen ); - SSL_DEBUG_BUF( 4, "computed mac", computed_mac, + SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen ); - if( safer_memcmp( ssl->in_iv + ssl->in_msglen, computed_mac, + if( safer_memcmp( ssl->in_iv + ssl->in_msglen, mac_expect, ssl->transform_in->maclen ) != 0 ) { SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); @@ -1777,22 +1785,21 @@ static int ssl_decrypt_buf( ssl_context *ssl ) #if defined(POLARSSL_SOME_MODES_USE_MAC) if( auth_done == 0 ) { - unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE]; + unsigned char mac_expect[SSL_MAC_ADD]; ssl->in_msglen -= ssl->transform_in->maclen; ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 ); ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen ); - memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen ); - #if defined(POLARSSL_SSL_PROTO_SSL3) if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) { ssl_mac( &ssl->transform_in->md_ctx_dec, ssl->transform_in->mac_dec, ssl->in_msg, ssl->in_msglen, - ssl->in_ctr, ssl->in_msgtype ); + ssl->in_ctr, ssl->in_msgtype, + mac_expect ); } else #endif /* POLARSSL_SSL_PROTO_SSL3 */ @@ -1822,9 +1829,10 @@ static int ssl_decrypt_buf( ssl_context *ssl ) md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 13 ); md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, ssl->in_msglen ); - md_hmac_finish( &ssl->transform_in->md_ctx_dec, - ssl->in_msg + ssl->in_msglen ); - for( j = 0; j < extra_run; j++ ) + md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect ); + + /* Call md_process at least once due to cache attacks */ + for( j = 0; j < extra_run + 1; j++ ) md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); md_hmac_reset( &ssl->transform_in->md_ctx_dec ); @@ -1837,11 +1845,11 @@ static int ssl_decrypt_buf( ssl_context *ssl ) return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); } - SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen ); - SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen, + SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen ); + SSL_DEBUG_BUF( 4, "message mac", ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen ); - if( safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen, + if( safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect, ssl->transform_in->maclen ) != 0 ) { #if defined(POLARSSL_SSL_DEBUG_ALL) @@ -2170,47 +2178,83 @@ int ssl_read_record( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> read record" ) ); - if( ssl->in_hslen != 0 && - ssl->in_hslen < ssl->in_msglen ) + if( ssl->keep_current_message == 1 ) { + SSL_DEBUG_MSG( 2, ( "reuse previously read message" ) ); + SSL_DEBUG_MSG( 2, ( "<= read record" ) ); + ssl->keep_current_message = 0; + + return( 0 ); + } + + if( ssl->in_hslen != 0 ) + { + if( ssl->in_offt != NULL ) + { + SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); + } + /* * Get next Handshake message in the current record */ - ssl->in_msglen -= ssl->in_hslen; - memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen, - ssl->in_msglen ); + if( ssl->in_hslen < ssl->in_msglen ) + { + ssl->in_msglen -= ssl->in_hslen; + memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen, + ssl->in_msglen ); - ssl->in_hslen = 4; - ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3]; + ssl->in_hslen = 4; + ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3]; - SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" - " %d, type = %d, hslen = %d", - ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); + SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" + " %d, type = %d, hslen = %d", + ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); - if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 ) - { - SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); - return( POLARSSL_ERR_SSL_INVALID_RECORD ); - } + if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 ) + { + SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); + return( POLARSSL_ERR_SSL_INVALID_RECORD ); + } - if( ssl->in_msglen < ssl->in_hslen ) - { - SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); - return( POLARSSL_ERR_SSL_INVALID_RECORD ); - } + if( ssl->in_msglen < ssl->in_hslen ) + { + SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); + return( POLARSSL_ERR_SSL_INVALID_RECORD ); + } - if( ssl->state != SSL_HANDSHAKE_OVER ) - ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); + if( ssl->state != SSL_HANDSHAKE_OVER ) + ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); + return( 0 ); + } + + ssl->in_msglen = 0; + ssl->in_hslen = 0; + } + else if( ssl->in_offt != NULL ) + { return( 0 ); } - - ssl->in_hslen = 0; + else + { + ssl->in_msglen = 0; + } /* - * Read the record header and validate it + * Fetch and decode new record if current one is fully consumed. */ + + if( ssl->in_msglen > 0 ) + { + /* There's something left to be processed in the current record. */ + return( 0 ); + } + + /* Need to fetch a new record */ + +read_record_header: if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 ) { SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); @@ -2402,13 +2446,15 @@ int ssl_read_record( ssl_context *ssl ) ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); } + ssl->in_left = 0; + if( ssl->in_msgtype == SSL_MSG_ALERT ) { SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", ssl->in_msg[0], ssl->in_msg[1] ) ); /* - * Ignore non-fatal alerts, except close_notify + * Ignore non-fatal alerts, except close_notify and no_renego */ if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL ) { @@ -2423,9 +2469,30 @@ int ssl_read_record( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ); } - } - ssl->in_left = 0; + if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == SSL_ALERT_MSG_NO_RENEGOTIATION ) + { + SSL_DEBUG_MSG( 2, ( "is a no_renegotiation" ) ); + /* Will be handled when trying to parse ServerHello */ + ssl->in_left = 0; + return( 0 ); + } + + if( ssl->minor_ver == SSL_MINOR_VERSION_0 && + ssl->endpoint == SSL_IS_SERVER && + ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT ) + { + SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); + /* Will be handled in ssl_parse_certificate() */ + ssl->in_left = 0; + return( 0 ); + } + + /* Silently discard: fetch new message */ + goto read_record_header; + } SSL_DEBUG_MSG( 2, ( "<= read record" ) ); @@ -2616,7 +2683,7 @@ int ssl_write_certificate( ssl_context *ssl ) ssl->out_msgtype = SSL_MSG_HANDSHAKE; ssl->out_msg[0] = SSL_HS_CERTIFICATE; -#if defined(POLARSSL_SSL_PROTO_SSL3) +#if defined(POLARSSL_SSL_PROTO_SSL3) && defined(POLARSSL_SSL_CLI_C) write_msg: #endif @@ -2747,7 +2814,7 @@ int ssl_parse_certificate( ssl_context *ssl ) polarssl_free( ssl->session_negotiate->peer_cert ); } - if( ( ssl->session_negotiate->peer_cert = (x509_crt *) polarssl_malloc( + if( ( ssl->session_negotiate->peer_cert = polarssl_malloc( sizeof( x509_crt ) ) ) == NULL ) { SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", @@ -2818,12 +2885,6 @@ int ssl_parse_certificate( ssl_context *ssl ) if( ssl->authmode != SSL_VERIFY_NONE ) { - if( ssl->ca_chain == NULL ) - { - SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); - return( POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED ); - } - /* * Main check: verify certificate */ @@ -2849,6 +2910,8 @@ int ssl_parse_certificate( ssl_context *ssl ) if( pk_can_do( pk, POLARSSL_PK_ECKEY ) && ! ssl_curve_is_acceptable( ssl, pk_ec( *pk )->grp.id ) ) { + ssl->session_negotiate->verify_result |= BADCERT_BAD_KEY; + SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) ); if( ret == 0 ) ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE; @@ -2858,15 +2921,44 @@ int ssl_parse_certificate( ssl_context *ssl ) if( ssl_check_cert_usage( ssl->session_negotiate->peer_cert, ciphersuite_info, - ! ssl->endpoint ) != 0 ) + ! ssl->endpoint, + &ssl->session_negotiate->verify_result ) != 0 ) { SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); if( ret == 0 ) ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE; } - if( ssl->authmode != SSL_VERIFY_REQUIRED ) + /* x509_crt_verify_with_profile is supposed to report a + * verification failure through POLARSSL_ERR_X509_CERT_VERIFY_FAILED, + * with details encoded in the verification flags. All other kinds + * of error codes, including those from the user provided f_vrfy + * functions, are treated as fatal and lead to a failure of + * ssl_parse_certificate even if verification was optional. */ + if( ssl->authmode == SSL_VERIFY_OPTIONAL && + ( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED || + ret == POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ) ) + { ret = 0; + } + + if( ssl->ca_chain == NULL && ssl->authmode == SSL_VERIFY_REQUIRED ) + { + SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); + ret = POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED; + } + +#if defined(POLARSSL_DEBUG_C) + if( ssl->session_negotiate->verify_result != 0 ) + { + SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x", + ssl->session_negotiate->verify_result ) ); + } + else + { + SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) ); + } +#endif /* POLARSSL_DEBUG_C */ } SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); @@ -3502,7 +3594,11 @@ static void ssl_handshake_params_init( ssl_handshake_params *handshake ) #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ handshake->update_checksum = ssl_update_checksum_start; - handshake->sig_alg = SSL_HASH_SHA1; + +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) + ssl_sig_hash_set_init( &handshake->hash_algs ); +#endif #if defined(POLARSSL_DHM_C) dhm_init( &handshake->dhm_ctx ); @@ -3544,20 +3640,17 @@ static int ssl_handshake_init( ssl_context *ssl ) */ if( ssl->transform_negotiate == NULL ) { - ssl->transform_negotiate = (ssl_transform *) polarssl_malloc( - sizeof(ssl_transform) ); + ssl->transform_negotiate = polarssl_malloc( sizeof(ssl_transform) ); } if( ssl->session_negotiate == NULL ) { - ssl->session_negotiate = (ssl_session *) polarssl_malloc( - sizeof(ssl_session) ); + ssl->session_negotiate = polarssl_malloc( sizeof(ssl_session) ); } if( ssl->handshake == NULL ) { - ssl->handshake = (ssl_handshake_params *) - polarssl_malloc( sizeof(ssl_handshake_params) ); + ssl->handshake = polarssl_malloc( sizeof(ssl_handshake_params) ); } /* All pointers should exist and can be directly freed without issue */ @@ -3618,9 +3711,9 @@ int ssl_init( ssl_context *ssl ) #if defined(POLARSSL_DHM_C) if( ( ret = mpi_read_string( &ssl->dhm_P, 16, - POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 || + POLARSSL_DHM_RFC3526_MODP_2048_P) ) != 0 || ( ret = mpi_read_string( &ssl->dhm_G, 16, - POLARSSL_DHM_RFC5114_MODP_1024_G) ) != 0 ) + POLARSSL_DHM_RFC3526_MODP_2048_G) ) != 0 ) { SSL_DEBUG_RET( 1, "mpi_read_string", ret ); return( ret ); @@ -3630,23 +3723,8 @@ int ssl_init( ssl_context *ssl ) /* * Prepare base structures */ - ssl->in_ctr = (unsigned char *) polarssl_malloc( len ); - ssl->in_hdr = ssl->in_ctr + 8; - ssl->in_iv = ssl->in_ctr + 13; - ssl->in_msg = ssl->in_ctr + 13; - - if( ssl->in_ctr == NULL ) - { - SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) ); - return( POLARSSL_ERR_SSL_MALLOC_FAILED ); - } - - ssl->out_ctr = (unsigned char *) polarssl_malloc( len ); - ssl->out_hdr = ssl->out_ctr + 8; - ssl->out_iv = ssl->out_ctr + 13; - ssl->out_msg = ssl->out_ctr + 13; - - if( ssl->out_ctr == NULL ) + if( ( ssl->in_ctr = polarssl_malloc( len ) ) == NULL || + ( ssl->out_ctr = polarssl_malloc( len ) ) == NULL ) { SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) ); polarssl_free( ssl->in_ctr ); @@ -3657,6 +3735,14 @@ int ssl_init( ssl_context *ssl ) memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN ); memset( ssl->out_ctr, 0, SSL_BUFFER_LEN ); + ssl->in_hdr = ssl->in_ctr + 8; + ssl->in_iv = ssl->in_ctr + 13; + ssl->in_msg = ssl->in_ctr + 13; + + ssl->out_hdr = ssl->out_ctr + 8; + ssl->out_iv = ssl->out_ctr + 13; + ssl->out_msg = ssl->out_ctr + 13; + #if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC) ssl->encrypt_then_mac = SSL_ETM_ENABLED; #endif @@ -3708,7 +3794,7 @@ int ssl_session_reset( ssl_context *ssl ) ssl->in_hslen = 0; ssl->nb_zero = 0; - ssl->record_read = 0; + ssl->keep_current_message = 0; ssl->out_msg = ssl->out_ctr + 13; ssl->out_msgtype = 0; @@ -3782,7 +3868,7 @@ static int ssl_ticket_keys_init( ssl_context *ssl ) if( ssl->ticket_keys != NULL ) return( 0 ); - tkeys = (ssl_ticket_keys *) polarssl_malloc( sizeof(ssl_ticket_keys) ); + tkeys = polarssl_malloc( sizeof(ssl_ticket_keys) ); if( tkeys == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); @@ -3939,7 +4025,7 @@ static ssl_key_cert *ssl_add_key_cert( ssl_context *ssl ) { ssl_key_cert *key_cert, *last; - key_cert = (ssl_key_cert *) polarssl_malloc( sizeof(ssl_key_cert) ); + key_cert = polarssl_malloc( sizeof(ssl_key_cert) ); if( key_cert == NULL ) return( NULL ); @@ -3982,9 +4068,10 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert, key_cert->cert = own_cert; key_cert->key = pk_key; - return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) ); + return( 0 ); } +#if ! defined(POLARSSL_DEPRECATED_REMOVED) #if defined(POLARSSL_RSA_C) int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert, rsa_context *rsa_key ) @@ -3995,7 +4082,7 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert, if( key_cert == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); - key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) ); + key_cert->key = polarssl_malloc( sizeof(pk_context) ); if( key_cert->key == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); @@ -4011,7 +4098,7 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert, key_cert->cert = own_cert; key_cert->key_own_alloc = 1; - return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) ); + return( 0 ); } #endif /* POLARSSL_RSA_C */ @@ -4027,7 +4114,7 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert, if( key_cert == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); - key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) ); + key_cert->key = polarssl_malloc( sizeof(pk_context) ); if( key_cert->key == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); @@ -4040,8 +4127,9 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert, key_cert->cert = own_cert; key_cert->key_own_alloc = 1; - return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) ); + return( 0 ); } +#endif /* POLARSSL_DEPRECATED_REMOVED */ #endif /* POLARSSL_X509_CRT_PARSE_C */ #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) @@ -4054,22 +4142,41 @@ int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len, if( psk_len > POLARSSL_PSK_MAX_LEN ) return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + /* Identity len will be encoded on two bytes */ + if( ( psk_identity_len >> 16 ) != 0 || + psk_identity_len > SSL_MAX_CONTENT_LEN ) + { + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } + if( ssl->psk != NULL ) { + polarssl_zeroize( ssl->psk, ssl->psk_len ); + polarssl_free( ssl->psk ); + ssl->psk = NULL; + ssl->psk_len = 0; + } + if( ssl->psk_identity != NULL ) + { polarssl_free( ssl->psk_identity ); + ssl->psk_identity = NULL; + ssl->psk_identity_len = 0; + } + + if( ( ssl->psk = polarssl_malloc( psk_len ) ) == NULL || + ( ssl->psk_identity = polarssl_malloc( psk_identity_len ) ) == NULL ) + { + polarssl_free( ssl->psk ); + polarssl_free( ssl->psk_identity ); + ssl->psk = NULL; + ssl->psk_identity = NULL; + return( POLARSSL_ERR_SSL_MALLOC_FAILED ); } ssl->psk_len = psk_len; ssl->psk_identity_len = psk_identity_len; - ssl->psk = (unsigned char *) polarssl_malloc( ssl->psk_len ); - ssl->psk_identity = (unsigned char *) - polarssl_malloc( ssl->psk_identity_len ); - - if( ssl->psk == NULL || ssl->psk_identity == NULL ) - return( POLARSSL_ERR_SSL_MALLOC_FAILED ); - memcpy( ssl->psk, psk, ssl->psk_len ); memcpy( ssl->psk_identity, psk_identity, ssl->psk_identity_len ); @@ -4139,23 +4246,51 @@ void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curve_list ) #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) int ssl_set_hostname( ssl_context *ssl, const char *hostname ) { - if( hostname == NULL ) - return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + size_t hostname_len = 0; - ssl->hostname_len = strlen( hostname ); + /* Check if new hostname is valid before + * making any change to current one */ - if( ssl->hostname_len + 1 == 0 ) - return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + if( hostname != NULL ) + { + hostname_len = strlen( hostname ); - ssl->hostname = (unsigned char *) polarssl_malloc( ssl->hostname_len + 1 ); + if( hostname_len > SSL_MAX_HOST_NAME_LEN ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } - if( ssl->hostname == NULL ) - return( POLARSSL_ERR_SSL_MALLOC_FAILED ); + /* Now it's clear that we will overwrite the old hostname, + * so we can free it safely */ + + if( ssl->hostname != NULL ) + { + polarssl_zeroize( ssl->hostname, ssl->hostname_len ); + polarssl_free( ssl->hostname ); + } + + /* Passing NULL as hostname shall clear the old one */ + + if( hostname == NULL ) + { + ssl->hostname = NULL; + ssl->hostname_len = 0; + } + else + { + ssl->hostname = polarssl_malloc( hostname_len + 1 ); - memcpy( ssl->hostname, (const unsigned char *) hostname, - ssl->hostname_len ); + if( ssl->hostname == NULL ) + { + ssl->hostname_len = 0; + return( POLARSSL_ERR_SSL_MALLOC_FAILED ); + } - ssl->hostname[ssl->hostname_len] = '\0'; + memcpy( ssl->hostname, (const unsigned char*) hostname, + hostname_len ); + + ssl->hostname[hostname_len] = '\0'; + ssl->hostname_len = hostname_len; + } return( 0 ); } @@ -4583,13 +4718,15 @@ static int ssl_check_ctr_renegotiate( ssl_context *ssl ) */ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) { - int ret, record_read = 0; + int ret; size_t n; SSL_DEBUG_MSG( 2, ( "=> read" ) ); #if defined(POLARSSL_SSL_RENEGOTIATION) - if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) + ret = ssl_check_ctr_renegotiate( ssl ); + if( ret != POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && + ret != 0 ) { SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); return( ret ); @@ -4599,11 +4736,8 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) if( ssl->state != SSL_HANDSHAKE_OVER ) { ret = ssl_handshake( ssl ); - if( ret == POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ) - { - record_read = 1; - } - else if( ret != 0 ) + if( ret != POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && + ret != 0 ) { SSL_DEBUG_RET( 1, "ssl_handshake", ret ); return( ret ); @@ -4612,16 +4746,13 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) if( ssl->in_offt == NULL ) { - if( ! record_read ) + if( ( ret = ssl_read_record( ssl ) ) != 0 ) { - if( ( ret = ssl_read_record( ssl ) ) != 0 ) - { - if( ret == POLARSSL_ERR_SSL_CONN_EOF ) - return( 0 ); + if( ret == POLARSSL_ERR_SSL_CONN_EOF ) + return( 0 ); - SSL_DEBUG_RET( 1, "ssl_read_record", ret ); - return( ret ); - } + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); } if( ssl->in_msglen == 0 && @@ -4640,7 +4771,6 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) } } -#if defined(POLARSSL_SSL_RENEGOTIATION) if( ssl->in_msgtype == SSL_MSG_HANDSHAKE ) { SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); @@ -4655,10 +4785,22 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) } #endif - if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED || - ( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION && - ssl->allow_legacy_renegotiation == - SSL_LEGACY_NO_RENEGOTIATION ) ) +#if defined(POLARSSL_SSL_RENEGOTIATION) + if( ! ( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED || + ( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION && + ssl->allow_legacy_renegotiation == + SSL_LEGACY_NO_RENEGOTIATION ) ) ) + { + ret = ssl_start_renegotiation( ssl ); + if( ret != POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && + ret != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); + return( ret ); + } + } + else +#endif /* POLARSSL_SSL_RENEGOTIATION */ { SSL_DEBUG_MSG( 3, ( "ignoring renegotiation, sending alert" ) ); @@ -4692,25 +4834,10 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); } } - else - { - ret = ssl_start_renegotiation( ssl ); - if( ret == POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ) - { - record_read = 1; - } - else if( ret != 0 ) - { - SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); - return( ret ); - } - } - /* If a non-handshake record was read during renego, fallthrough, - * else tell the user they should call ssl_read() again */ - if( ! record_read ) - return( POLARSSL_ERR_NET_WANT_READ ); + return( POLARSSL_ERR_NET_WANT_READ ); } +#if defined(POLARSSL_SSL_RENEGOTIATION) else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING ) { ssl->renego_records_seen++; @@ -4748,8 +4875,11 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) ssl->in_msglen -= n; if( ssl->in_msglen == 0 ) + { /* all bytes consumed */ ssl->in_offt = NULL; + ssl->keep_current_message = 0; + } else /* more data available */ ssl->in_offt += n; @@ -4760,37 +4890,16 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) } /* - * Send application data to be encrypted by the SSL layer + * Send application data to be encrypted by the SSL layer, + * taking care of max fragment length and buffer size */ -#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING) -static int ssl_write_real( ssl_context *ssl, const unsigned char *buf, size_t len ) -#else -int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ) -#endif +static int ssl_write_real( ssl_context *ssl, + const unsigned char *buf, size_t len ) { int ret; size_t n; unsigned int max_len = SSL_MAX_CONTENT_LEN; - SSL_DEBUG_MSG( 2, ( "=> write" ) ); - -#if defined(POLARSSL_SSL_RENEGOTIATION) - if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); - return( ret ); - } -#endif - - if( ssl->state != SSL_HANDSHAKE_OVER ) - { - if( ( ret = ssl_handshake( ssl ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "ssl_handshake", ret ); - return( ret ); - } - } - #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) /* * Assume mfl_code is correct since it was checked when set @@ -4830,8 +4939,6 @@ int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ) } } - SSL_DEBUG_MSG( 2, ( "<= write" ) ); - return( (int) n ); } @@ -4843,7 +4950,8 @@ int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ) * remember wether we already did the split or not. */ #if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING) -int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ) +static int ssl_write_split( ssl_context *ssl, + const unsigned char *buf, size_t len ) { int ret; @@ -4871,6 +4979,43 @@ int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ) } #endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */ +/* + * Write application data (public-facing wrapper) + */ +int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ) +{ + int ret; + + SSL_DEBUG_MSG( 2, ( "=> write" ) ); + +#if defined(POLARSSL_SSL_RENEGOTIATION) + if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); + return( ret ); + } +#endif + + if( ssl->state != SSL_HANDSHAKE_OVER ) + { + if( ( ret = ssl_handshake( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_handshake", ret ); + return( ret ); + } + } + +#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING) + ret = ssl_write_split( ssl, buf, len ); +#else + ret = ssl_write_real( ssl, buf, len ); +#endif + + SSL_DEBUG_MSG( 2, ( "<= write" ) ); + + return( ret ); +} + /* * Notify the peer that the connection is being closed */ @@ -5120,6 +5265,19 @@ unsigned char ssl_sig_from_pk( pk_context *pk ) return( SSL_SIG_ANON ); } +unsigned char ssl_sig_from_pk_alg( pk_type_t type ) +{ + switch( type ) { + case POLARSSL_PK_RSA: + return( SSL_SIG_RSA ); + case POLARSSL_PK_ECDSA: + case POLARSSL_PK_ECKEY: + return( SSL_SIG_ECDSA ); + default: + return( SSL_SIG_ANON ); + } +} + pk_type_t ssl_pk_alg_from_sig( unsigned char sig ) { switch( sig ) @@ -5138,6 +5296,57 @@ pk_type_t ssl_pk_alg_from_sig( unsigned char sig ) } #endif /* POLARSSL_PK_C */ +#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) + +/* Find an entry in a signature-hash set matching a given hash algorithm. */ +md_type_t ssl_sig_hash_set_find( ssl_sig_hash_set_t *set, + pk_type_t sig_alg ) +{ + switch( sig_alg ) + { + case POLARSSL_PK_RSA: + return( set->rsa ); + case POLARSSL_PK_ECDSA: + return( set->ecdsa ); + default: + return( POLARSSL_MD_NONE ); + } +} + +/* Add a signature-hash-pair to a signature-hash set */ +void ssl_sig_hash_set_add( ssl_sig_hash_set_t *set, + pk_type_t sig_alg, + md_type_t md_alg ) +{ + switch( sig_alg ) + { + case POLARSSL_PK_RSA: + if( set->rsa == POLARSSL_MD_NONE ) + set->rsa = md_alg; + break; + + case POLARSSL_PK_ECDSA: + if( set->ecdsa == POLARSSL_MD_NONE ) + set->ecdsa = md_alg; + break; + + default: + break; + } +} + +/* Allow exactly one hash algorithm for each signature. */ +void ssl_sig_hash_set_const_hash( ssl_sig_hash_set_t *set, + md_type_t md_alg ) +{ + set->rsa = md_alg; + set->ecdsa = md_alg; +} + +#endif /* POLARSSL_SSL_PROTO_TLS1_2) && + POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ + /* * Convert between SSL_HASH_XXX and POLARSSL_MD_XXX */ @@ -5170,6 +5379,38 @@ md_type_t ssl_md_alg_from_hash( unsigned char hash ) } } +/* + * Convert from POLARSSL_MD_XXX to SSL_HASH_XXX + */ +unsigned char ssl_hash_from_md_alg( md_type_t md ) +{ + switch( md ) + { +#if defined(POLARSSL_MD5_C) + case POLARSSL_MD_MD5: + return( SSL_HASH_MD5 ); +#endif +#if defined(POLARSSL_SHA1_C) + case POLARSSL_MD_SHA1: + return( SSL_HASH_SHA1 ); +#endif +#if defined(POLARSSL_SHA256_C) + case POLARSSL_MD_SHA224: + return( SSL_HASH_SHA224 ); + case POLARSSL_MD_SHA256: + return( SSL_HASH_SHA256 ); +#endif +#if defined(POLARSSL_SHA512_C) + case POLARSSL_MD_SHA384: + return( SSL_HASH_SHA384 ); + case POLARSSL_MD_SHA512: + return( SSL_HASH_SHA512 ); +#endif + default: + return( SSL_HASH_NONE ); + } +} + #if defined(POLARSSL_SSL_SET_CURVES) /* * Check is a curve proposed by the peer is in our list. @@ -5187,11 +5428,37 @@ int ssl_curve_is_acceptable( const ssl_context *ssl, ecp_group_id grp_id ) } #endif /* POLARSSL_SSL_SET_CURVES */ +#if defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) +/* + * Check if a hash proposed by the peer is in our list. + * Return 0 if we're willing to use it, -1 otherwise. + */ +int ssl_check_sig_hash( md_type_t md ) +{ + const int *cur; + + for( cur = md_list(); *cur != POLARSSL_MD_NONE; cur++ ) + { +#if !defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) + /* Skip MD5 */ + if( *cur == POLARSSL_MD_MD5 ) + continue; +#endif + if( *cur == (int) md ) + return( 0 ); + } + + return( -1 ); +} +#endif /* POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ + #if defined(POLARSSL_X509_CRT_PARSE_C) int ssl_check_cert_usage( const x509_crt *cert, const ssl_ciphersuite_t *ciphersuite, - int cert_endpoint ) + int cert_endpoint, + int *flags ) { + int ret = 0; #if defined(POLARSSL_X509_CHECK_KEY_USAGE) int usage = 0; #endif @@ -5204,6 +5471,7 @@ int ssl_check_cert_usage( const x509_crt *cert, !defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE) ((void) cert); ((void) cert_endpoint); + ((void) flags); #endif #if defined(POLARSSL_X509_CHECK_KEY_USAGE) @@ -5243,7 +5511,10 @@ int ssl_check_cert_usage( const x509_crt *cert, } if( x509_crt_check_key_usage( cert, usage ) != 0 ) - return( -1 ); + { + *flags |= BADCERT_KEY_USAGE; + ret = -1; + } #else ((void) ciphersuite); #endif /* POLARSSL_X509_CHECK_KEY_USAGE */ @@ -5261,10 +5532,13 @@ int ssl_check_cert_usage( const x509_crt *cert, } if( x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 ) - return( -1 ); + { + *flags |= BADCERT_EXT_KEY_USAGE; + ret = -1; + } #endif /* POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE */ - return( 0 ); + return( ret ); } #endif /* POLARSSL_X509_CRT_PARSE_C */ diff --git a/ext/polarssl-1.3/library/threading.c b/ext/polarssl-1.3/library/threading.c index e89aa95105..fa745afdb3 100644 --- a/ext/polarssl-1.3/library/threading.c +++ b/ext/polarssl-1.3/library/threading.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ext/polarssl-1.3/library/timing.c b/ext/polarssl-1.3/library/timing.c index 356bfe82b3..0574a2f582 100644 --- a/ext/polarssl-1.3/library/timing.c +++ b/ext/polarssl-1.3/library/timing.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -77,8 +77,10 @@ unsigned long hardclock( void ) #endif /* !POLARSSL_HAVE_HARDCLOCK && POLARSSL_HAVE_ASM && ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */ +/* some versions of mingw-64 have 32-bit longs even on x84_64 */ #if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \ - defined(__GNUC__) && defined(__i386__) + defined(__GNUC__) && ( defined(__i386__) || ( \ + ( defined(__amd64__) || defined( __x86_64__) ) && __SIZEOF_LONG__ == 4 ) ) #define POLARSSL_HAVE_HARDCLOCK @@ -232,26 +234,32 @@ volatile int alarmed = 0; unsigned long get_timer( struct hr_time *val, int reset ) { - unsigned long delta; - LARGE_INTEGER offset, hfreq; struct _hr_time *t = (struct _hr_time *) val; - QueryPerformanceCounter( &offset ); - QueryPerformanceFrequency( &hfreq ); - - delta = (unsigned long)( ( 1000 * - ( offset.QuadPart - t->start.QuadPart ) ) / - hfreq.QuadPart ); - if( reset ) + { QueryPerformanceCounter( &t->start ); - - return( delta ); + return( 0 ); + } + else + { + unsigned long delta; + LARGE_INTEGER now, hfreq; + QueryPerformanceCounter( &now ); + QueryPerformanceFrequency( &hfreq ); + delta = (unsigned long)( ( now.QuadPart - t->start.QuadPart ) * 1000ul + / hfreq.QuadPart ); + return( delta ); + } } -DWORD WINAPI TimerProc( LPVOID uElapse ) +/* It's OK to use a global because alarm() is supposed to be global anyway */ +static DWORD alarmMs; + +static DWORD WINAPI TimerProc( LPVOID TimerContext ) { - Sleep( (DWORD) uElapse ); + ((void) TimerContext); + Sleep( alarmMs ); alarmed = 1; return( TRUE ); } @@ -260,9 +268,17 @@ void set_alarm( int seconds ) { DWORD ThreadId; + if( seconds == 0 ) + { + /* No need to create a thread for this simple case. + * Also, this shorcut is more reliable at least on MinGW32 */ + alarmed = 1; + return; + } + alarmed = 0; - CloseHandle( CreateThread( NULL, 0, TimerProc, - (LPVOID) ( seconds * 1000 ), 0, &ThreadId ) ); + alarmMs = seconds * 1000; + CloseHandle( CreateThread( NULL, 0, TimerProc, NULL, 0, &ThreadId ) ); } void m_sleep( int milliseconds ) @@ -274,23 +290,22 @@ void m_sleep( int milliseconds ) unsigned long get_timer( struct hr_time *val, int reset ) { - unsigned long delta; - struct timeval offset; struct _hr_time *t = (struct _hr_time *) val; - gettimeofday( &offset, NULL ); - if( reset ) { - t->start.tv_sec = offset.tv_sec; - t->start.tv_usec = offset.tv_usec; + gettimeofday( &t->start, NULL ); return( 0 ); } - - delta = ( offset.tv_sec - t->start.tv_sec ) * 1000 - + ( offset.tv_usec - t->start.tv_usec ) / 1000; - - return( delta ); + else + { + unsigned long delta; + struct timeval now; + gettimeofday( &now, NULL ); + delta = ( now.tv_sec - t->start.tv_sec ) * 1000ul + + ( now.tv_usec - t->start.tv_usec ) / 1000; + return( delta ); + } } #if defined(INTEGRITY) || defined(__PPU__) || defined(__native_client__) @@ -312,6 +327,12 @@ void set_alarm( int seconds ) alarmed = 0; signal( SIGALRM, sighandler ); alarm( seconds ); + if( seconds == 0 ) + { + /* alarm(0) cancelled any previous pending alarm, but the + handler won't fire, so raise the flag straight away. */ + alarmed = 1; + } } void m_sleep( int milliseconds ) @@ -353,6 +374,19 @@ static void busy_msleep( unsigned long msec ) (void) j; } +#define FAIL do \ + { \ + if( verbose != 0 ) \ + { \ + polarssl_printf( "failed at line %d\n", __LINE__ ); \ + polarssl_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d\n", \ + cycles, ratio, millisecs, secs, hardfail ); \ + polarssl_printf( " elapsed(hires)=%lu\n", \ + get_timer( &hires, 0 ) ); \ + } \ + return( 1 ); \ + } while( 0 ) + /* * Checkup routine * @@ -361,9 +395,9 @@ static void busy_msleep( unsigned long msec ) */ int timing_self_test( int verbose ) { - unsigned long cycles, ratio; - unsigned long millisecs, secs; - int hardfail; + unsigned long cycles = 0, ratio = 0; + unsigned long millisecs = 0, secs = 0; + int hardfail = 0; struct hr_time hires; if( verbose != 0 ) @@ -372,21 +406,16 @@ int timing_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( " TIMING test #1 (m_sleep / get_timer): " ); - for( secs = 1; secs <= 3; secs++ ) { + secs = 1; (void) get_timer( &hires, 1 ); m_sleep( (int)( 500 * secs ) ); millisecs = get_timer( &hires, 0 ); - if( millisecs < 450 * secs || millisecs > 550 * secs ) - { - if( verbose != 0 ) - polarssl_printf( "failed\n" ); - - return( 1 ); - } + if( millisecs < 400 * secs || millisecs > 600 * secs ) + FAIL; } if( verbose != 0 ) @@ -395,8 +424,8 @@ int timing_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( " TIMING test #2 (set_alarm / get_timer): " ); - for( secs = 1; secs <= 3; secs++ ) { + secs = 1; (void) get_timer( &hires, 1 ); set_alarm( (int) secs ); @@ -405,13 +434,10 @@ int timing_self_test( int verbose ) millisecs = get_timer( &hires, 0 ); - if( millisecs < 900 * secs || millisecs > 1100 * secs ) - { - if( verbose != 0 ) - polarssl_printf( "failed\n" ); - - return( 1 ); - } + /* For some reason on Windows it looks like alarm has an extra delay + * (maybe related to creating a new thread). Allow some room here. */ + if( millisecs < 800 * secs || millisecs > 1200 * secs + 300 ) + FAIL; } if( verbose != 0 ) @@ -425,15 +451,14 @@ int timing_self_test( int verbose ) * On a 4Ghz 32-bit machine the cycle counter wraps about once per second; * since the whole test is about 10ms, it shouldn't happen twice in a row. */ - hardfail = 0; hard_test: if( hardfail > 1 ) { if( verbose != 0 ) - polarssl_printf( "failed\n" ); + polarssl_printf( "failed (ignored)\n" ); - return( 1 ); + goto hard_test_done; } /* Get a reference ratio cycles/ms */ @@ -462,6 +487,8 @@ int timing_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "passed\n" ); +hard_test_done: + #if defined(POLARSSL_NET_C) && defined(POLARSSL_HAVE_TIME) if( verbose != 0 ) polarssl_printf( " TIMING test #4 (net_usleep/ get_timer): " ); @@ -474,13 +501,8 @@ int timing_self_test( int verbose ) millisecs = get_timer( &hires, 0 ); - if( millisecs < 450 * secs || millisecs > 550 * secs ) - { - if( verbose != 0 ) - polarssl_printf( "failed\n" ); - - return( 1 ); - } + if( millisecs < 400 * secs || millisecs > 600 * secs ) + FAIL; } if( verbose != 0 ) diff --git a/ext/polarssl-1.3/library/version.c b/ext/polarssl-1.3/library/version.c index c10acac64f..2856d6ccd4 100644 --- a/ext/polarssl-1.3/library/version.c +++ b/ext/polarssl-1.3/library/version.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,8 +31,6 @@ #include "polarssl/version.h" #include -const char version[] = POLARSSL_VERSION_STRING; - unsigned int version_get_number() { return( POLARSSL_VERSION_NUMBER ); diff --git a/ext/polarssl-1.3/library/version_features.c b/ext/polarssl-1.3/library/version_features.c index 658b7cdaa5..08bdfe2b4b 100644 --- a/ext/polarssl-1.3/library/version_features.c +++ b/ext/polarssl-1.3/library/version_features.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -37,7 +37,7 @@ #define strcasecmp _stricmp #endif -const char *features[] = { +static const char *features[] = { #if defined(POLARSSL_VERSION_FEATURES) #if defined(POLARSSL_HAVE_INT8) "POLARSSL_HAVE_INT8", @@ -66,12 +66,24 @@ const char *features[] = { #if defined(POLARSSL_PLATFORM_NO_STD_FUNCTIONS) "POLARSSL_PLATFORM_NO_STD_FUNCTIONS", #endif /* POLARSSL_PLATFORM_NO_STD_FUNCTIONS */ -#if defined(POLARSSL_PLATFORM_PRINTF_ALT) - "POLARSSL_PLATFORM_PRINTF_ALT", -#endif /* POLARSSL_PLATFORM_PRINTF_ALT */ +#if defined(POLARSSL_PLATFORM_EXIT_ALT) + "POLARSSL_PLATFORM_EXIT_ALT", +#endif /* POLARSSL_PLATFORM_EXIT_ALT */ #if defined(POLARSSL_PLATFORM_FPRINTF_ALT) "POLARSSL_PLATFORM_FPRINTF_ALT", #endif /* POLARSSL_PLATFORM_FPRINTF_ALT */ +#if defined(POLARSSL_PLATFORM_PRINTF_ALT) + "POLARSSL_PLATFORM_PRINTF_ALT", +#endif /* POLARSSL_PLATFORM_PRINTF_ALT */ +#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT) + "POLARSSL_PLATFORM_SNPRINTF_ALT", +#endif /* POLARSSL_PLATFORM_SNPRINTF_ALT */ +#if defined(POLARSSL_DEPRECATED_WARNING) + "POLARSSL_DEPRECATED_WARNING", +#endif /* POLARSSL_DEPRECATED_WARNING */ +#if defined(POLARSSL_DEPRECATED_REMOVED) + "POLARSSL_DEPRECATED_REMOVED", +#endif /* POLARSSL_DEPRECATED_REMOVED */ #if defined(POLARSSL_TIMING_ALT) "POLARSSL_TIMING_ALT", #endif /* POLARSSL_TIMING_ALT */ @@ -117,6 +129,9 @@ const char *features[] = { #if defined(POLARSSL_AES_ROM_TABLES) "POLARSSL_AES_ROM_TABLES", #endif /* POLARSSL_AES_ROM_TABLES */ +#if defined(POLARSSL_CAMELLIA_SMALL_MEMORY) + "POLARSSL_CAMELLIA_SMALL_MEMORY", +#endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */ #if defined(POLARSSL_CIPHER_MODE_CBC) "POLARSSL_CIPHER_MODE_CBC", #endif /* POLARSSL_CIPHER_MODE_CBC */ @@ -270,9 +285,6 @@ const char *features[] = { #if defined(POLARSSL_SELF_TEST) "POLARSSL_SELF_TEST", #endif /* POLARSSL_SELF_TEST */ -#if defined(POLARSSL_SSL_AEAD_RANDOM_IV) - "POLARSSL_SSL_AEAD_RANDOM_IV", -#endif /* POLARSSL_SSL_AEAD_RANDOM_IV */ #if defined(POLARSSL_SSL_ALERT_MESSAGES) "POLARSSL_SSL_ALERT_MESSAGES", #endif /* POLARSSL_SSL_ALERT_MESSAGES */ @@ -330,6 +342,9 @@ const char *features[] = { #if defined(POLARSSL_SSL_TRUNCATED_HMAC) "POLARSSL_SSL_TRUNCATED_HMAC", #endif /* POLARSSL_SSL_TRUNCATED_HMAC */ +#if defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) + "POLARSSL_SSL_ENABLE_MD5_SIGNATURES", +#endif /* POLARSSL_SSL_ENABLE_MD5_SIGNATURES */ #if defined(POLARSSL_SSL_SET_CURVES) "POLARSSL_SSL_SET_CURVES", #endif /* POLARSSL_SSL_SET_CURVES */ @@ -348,6 +363,9 @@ const char *features[] = { #if defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) "POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION", #endif /* POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */ +#if defined(POLARSSL_X509_ALLOW_RELAXED_DATE) + "POLARSSL_X509_ALLOW_RELAXED_DATE", +#endif /* POLARSSL_X509_ALLOW_RELAXED_DATE */ #if defined(POLARSSL_X509_CHECK_KEY_USAGE) "POLARSSL_X509_CHECK_KEY_USAGE", #endif /* POLARSSL_X509_CHECK_KEY_USAGE */ diff --git a/ext/polarssl-1.3/library/x509.c b/ext/polarssl-1.3/library/x509.c index a3cb669432..cb6fc6ca2f 100644 --- a/ext/polarssl-1.3/library/x509.c +++ b/ext/polarssl-1.3/library/x509.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,6 +41,10 @@ #include "polarssl/x509.h" #include "polarssl/asn1.h" #include "polarssl/oid.h" + +#include +#include + #if defined(POLARSSL_PEM_PARSE_C) #include "polarssl/pem.h" #endif @@ -48,22 +52,22 @@ #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else -#define polarssl_printf printf -#define polarssl_malloc malloc +#include +#include #define polarssl_free free +#define polarssl_malloc malloc +#define polarssl_printf printf +#define polarssl_snprintf snprintf #endif -#include -#include #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include #else #include #endif -#include - #if defined(POLARSSL_FS_IO) +#include #if !defined(_WIN32) #include #include @@ -71,6 +75,9 @@ #endif #endif +#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); } +#define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); } + /* * CertificateSerialNumber ::= INTEGER */ @@ -374,7 +381,8 @@ static int x509_get_attr_type_value( unsigned char **p, if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING && **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING && - **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING ) + **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING && + **p != ASN1_BIT_STRING ) return( POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ); @@ -442,10 +450,10 @@ int x509_get_name( unsigned char **p, const unsigned char *end, if( *p == end_set ) break; - /* Mark this item as being only one in a set */ + /* Mark this item as being not the only one in a set */ cur->next_merged = 1; - cur->next = (x509_name *) polarssl_malloc( sizeof( x509_name ) ); + cur->next = polarssl_malloc( sizeof( x509_name ) ); if( cur->next == NULL ) return( POLARSSL_ERR_X509_MALLOC_FAILED ); @@ -461,7 +469,7 @@ int x509_get_name( unsigned char **p, const unsigned char *end, if( *p == end ) return( 0 ); - cur->next = (x509_name *) polarssl_malloc( sizeof( x509_name ) ); + cur->next = polarssl_malloc( sizeof( x509_name ) ); if( cur->next == NULL ) return( POLARSSL_ERR_X509_MALLOC_FAILED ); @@ -472,17 +480,148 @@ int x509_get_name( unsigned char **p, const unsigned char *end, } } +static int x509_parse_int( unsigned char **p, size_t n, int *res ) +{ + *res = 0; + + for( ; n > 0; --n ) + { + if( ( **p < '0') || ( **p > '9' ) ) + return( POLARSSL_ERR_X509_INVALID_DATE ); + + *res *= 10; + *res += ( *(*p)++ - '0' ); + } + + return( 0 ); +} + +static int x509_date_is_valid(const x509_time *t) +{ + int ret = POLARSSL_ERR_X509_INVALID_DATE; + int month_len; + + CHECK_RANGE( 0, 9999, t->year ); + CHECK_RANGE( 0, 23, t->hour ); + CHECK_RANGE( 0, 59, t->min ); + CHECK_RANGE( 0, 59, t->sec ); + + switch( t->mon ) + { + case 1: case 3: case 5: case 7: case 8: case 10: case 12: + month_len = 31; + break; + case 4: case 6: case 9: case 11: + month_len = 30; + break; + case 2: + if( ( !( t->year % 4 ) && t->year % 100 ) || + !( t->year % 400 ) ) + month_len = 29; + else + month_len = 28; + break; + default: + return( ret ); + } + CHECK_RANGE( 1, month_len, t->day ); + + return( 0 ); +} + +/* + * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) field. + */ +static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, + x509_time *tm ) +{ + int ret; + + /* + * minimum length is 10 or 12 depending on yearlen + */ + if ( len < yearlen + 8 ) + return POLARSSL_ERR_X509_INVALID_DATE; + len -= yearlen + 8; + + /* + * parse year, month, day, hour, minute + */ + CHECK( x509_parse_int( p, yearlen, &tm->year ) ); + if ( 2 == yearlen ) + { + if ( tm->year < 50 ) + tm->year += 100; + + tm->year += 1900; + } + + CHECK( x509_parse_int( p, 2, &tm->mon ) ); + CHECK( x509_parse_int( p, 2, &tm->day ) ); + CHECK( x509_parse_int( p, 2, &tm->hour ) ); + CHECK( x509_parse_int( p, 2, &tm->min ) ); + + /* + * parse seconds if present + */ + if ( len >= 2 && **p >= '0' && **p <= '9' ) + { + CHECK( x509_parse_int( p, 2, &tm->sec ) ); + len -= 2; + } + else + { +#if defined(POLARSSL_X509_ALLOW_RELAXED_DATE) + /* + * if relaxed mode, allow seconds to be absent + */ + tm->sec = 0; +#else + return POLARSSL_ERR_X509_INVALID_DATE; +#endif + } + + /* + * parse trailing 'Z' if present + */ + if ( 1 == len && 'Z' == **p ) + { + (*p)++; + return 0; + } +#if defined(POLARSSL_X509_ALLOW_RELAXED_DATE) + /* + * if relaxed mode, allow timezone to be present + */ + else if ( 5 == len && ( '+' == **p || '-' == **p ) ) + { + int tz; /* throwaway timezone */ + + (*p)++; + CHECK( x509_parse_int( p, 4, &tz ) ); + + return 0; + } +#endif + /* + * okay if no trailing 'Z' or timezone specified + */ + else if ( 0 == len ) + return 0; + else + return POLARSSL_ERR_X509_INVALID_DATE; +} + /* * Time ::= CHOICE { * utcTime UTCTime, * generalTime GeneralizedTime } */ int x509_get_time( unsigned char **p, const unsigned char *end, - x509_time *time ) + x509_time *tm ) { int ret; size_t len; - char date[64]; unsigned char tag; if( ( end - *p ) < 1 ) @@ -495,23 +634,12 @@ int x509_get_time( unsigned char **p, const unsigned char *end, { (*p)++; ret = asn1_get_len( p, end, &len ); - if( ret != 0 ) return( POLARSSL_ERR_X509_INVALID_DATE + ret ); - memset( date, 0, sizeof( date ) ); - memcpy( date, *p, ( len < sizeof( date ) - 1 ) ? - len : sizeof( date ) - 1 ); - - if( sscanf( date, "%2d%2d%2d%2d%2d%2dZ", - &time->year, &time->mon, &time->day, - &time->hour, &time->min, &time->sec ) < 5 ) - return( POLARSSL_ERR_X509_INVALID_DATE ); - - time->year += 100 * ( time->year < 50 ); - time->year += 1900; + CHECK( x509_parse_time( p, len, 2, tm ) ); - *p += len; + CHECK( x509_date_is_valid( tm ) ); return( 0 ); } @@ -519,20 +647,12 @@ int x509_get_time( unsigned char **p, const unsigned char *end, { (*p)++; ret = asn1_get_len( p, end, &len ); - if( ret != 0 ) return( POLARSSL_ERR_X509_INVALID_DATE + ret ); - memset( date, 0, sizeof( date ) ); - memcpy( date, *p, ( len < sizeof( date ) - 1 ) ? - len : sizeof( date ) - 1 ); - - if( sscanf( date, "%4d%2d%2d%2d%2d%2dZ", - &time->year, &time->mon, &time->day, - &time->hour, &time->min, &time->sec ) < 5 ) - return( POLARSSL_ERR_X509_INVALID_DATE ); + CHECK( x509_parse_time( p, len, 4, tm ) ); - *p += len; + CHECK( x509_date_is_valid( tm ) ); return( 0 ); } @@ -545,16 +665,18 @@ int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig ) { int ret; size_t len; + int tag_type; if( ( end - *p ) < 1 ) return( POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA ); - sig->tag = **p; + tag_type = **p; if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 ) return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret ); + sig->tag = tag_type; sig->len = len; sig->p = *p; @@ -733,16 +855,16 @@ int x509_dn_gets( char *buf, size_t size, const x509_name *dn ) if( name != dn ) { - ret = snprintf( p, n, merge ? " + " : ", " ); + ret = polarssl_snprintf( p, n, merge ? " + " : ", " ); SAFE_SNPRINTF(); } ret = oid_get_attr_short_name( &name->oid, &short_name ); if( ret == 0 ) - ret = snprintf( p, n, "%s=", short_name ); + ret = polarssl_snprintf( p, n, "%s=", short_name ); else - ret = snprintf( p, n, "\?\?=" ); + ret = polarssl_snprintf( p, n, "\?\?=" ); SAFE_SNPRINTF(); for( i = 0; i < name->val.len; i++ ) @@ -756,7 +878,7 @@ int x509_dn_gets( char *buf, size_t size, const x509_name *dn ) else s[i] = c; } s[i] = '\0'; - ret = snprintf( p, n, "%s", s ); + ret = polarssl_snprintf( p, n, "%s", s ); SAFE_SNPRINTF(); merge = name->next_merged; @@ -787,14 +909,14 @@ int x509_serial_gets( char *buf, size_t size, const x509_buf *serial ) if( i == 0 && nr > 1 && serial->p[i] == 0x0 ) continue; - ret = snprintf( p, n, "%02X%s", + ret = polarssl_snprintf( p, n, "%02X%s", serial->p[i], ( i < nr - 1 ) ? ":" : "" ); SAFE_SNPRINTF(); } if( nr != serial->len ) { - ret = snprintf( p, n, "...." ); + ret = polarssl_snprintf( p, n, "...." ); SAFE_SNPRINTF(); } @@ -815,9 +937,9 @@ int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid, ret = oid_get_sig_alg_desc( sig_oid, &desc ); if( ret != 0 ) - ret = snprintf( p, n, "???" ); + ret = polarssl_snprintf( p, n, "???" ); else - ret = snprintf( p, n, "%s", desc ); + ret = polarssl_snprintf( p, n, "%s", desc ); SAFE_SNPRINTF(); #if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) @@ -831,7 +953,7 @@ int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid, md_info = md_info_from_type( md_alg ); mgf_md_info = md_info_from_type( pss_opts->mgf1_hash_id ); - ret = snprintf( p, n, " (%s, MGF1-%s, 0x%02X)", + ret = polarssl_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)", md_info ? md_info->name : "???", mgf_md_info ? mgf_md_info->name : "???", pss_opts->expected_salt_len ); @@ -858,7 +980,7 @@ int x509_key_size_helper( char *buf, size_t size, const char *name ) if( strlen( name ) + sizeof( " key size" ) > size ) return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); - ret = snprintf( p, n, "%s key size", name ); + ret = polarssl_snprintf( p, n, "%s key size", name ); SAFE_SNPRINTF(); return( 0 ); @@ -867,6 +989,7 @@ int x509_key_size_helper( char *buf, size_t size, const char *name ) /* * Return an informational string describing the given OID */ +#if ! defined(POLARSSL_DEPRECATED_REMOVED) const char *x509_oid_get_description( x509_buf *oid ) { const char *desc = NULL; @@ -879,12 +1002,15 @@ const char *x509_oid_get_description( x509_buf *oid ) return( desc ); } +#endif /* Return the x.y.z.... style numeric string for the given OID */ +#if ! defined(POLARSSL_DEPRECATED_REMOVED) int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid ) { return oid_get_numeric_string( buf, size, oid ); } +#endif /* * Return 0 if the x509_time is still valid, or 1 otherwise. diff --git a/ext/polarssl-1.3/library/x509_create.c b/ext/polarssl-1.3/library/x509_create.c index ab87ac71fa..b2cbdd4943 100644 --- a/ext/polarssl-1.3/library/x509_create.c +++ b/ext/polarssl-1.3/library/x509_create.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,6 +32,8 @@ #include "polarssl/asn1write.h" #include "polarssl/oid.h" +#include + #if defined(_MSC_VER) && !defined strncasecmp && !defined(EFIX64) && \ !defined(EFI32) #define strncasecmp _strnicmp @@ -263,13 +265,16 @@ int x509_write_sig( unsigned char **p, unsigned char *start, int ret; size_t len = 0; - if( *p - start < (int) size + 1 ) + if( *p < start || (size_t)( *p - start ) < size ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); len = size; (*p) -= len; memcpy( *p, sig, len ); + if( *p - start < 1 ) + return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); + *--(*p) = 0; len += 1; diff --git a/ext/polarssl-1.3/library/x509_crl.c b/ext/polarssl-1.3/library/x509_crl.c index 2c90582a1b..96120a97d2 100644 --- a/ext/polarssl-1.3/library/x509_crl.c +++ b/ext/polarssl-1.3/library/x509_crl.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,6 +40,9 @@ #include "polarssl/x509_crl.h" #include "polarssl/oid.h" + +#include + #if defined(POLARSSL_PEM_PARSE_C) #include "polarssl/pem.h" #endif @@ -47,14 +50,14 @@ #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else -#define polarssl_malloc malloc +#include +#include #define polarssl_free free +#define polarssl_malloc malloc +#define polarssl_snprintf snprintf #endif -#include -#include #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - #include #else #include @@ -277,7 +280,7 @@ int x509_crl_parse_der( x509_crl *chain, if( crl->version != 0 && crl->next == NULL ) { - crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) ); + crl->next = polarssl_malloc( sizeof( x509_crl ) ); if( crl->next == NULL ) { @@ -350,14 +353,14 @@ int x509_crl_parse_der( x509_crl *chain, return( ret ); } - crl->version++; - - if( crl->version > 2 ) + if( crl->version < 0 || crl->version > 1 ) { x509_crl_free( crl ); return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); } + crl->version++; + if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params1, &crl->sig_md, &crl->sig_pk, &crl->sig_opts ) ) != 0 ) @@ -459,7 +462,8 @@ int x509_crl_parse_der( x509_crl *chain, if( crl->sig_oid1.len != crl->sig_oid2.len || memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 || sig_params1.len != sig_params2.len || - memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) + ( sig_params1.len != 0 && + memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) { x509_crl_free( crl ); return( POLARSSL_ERR_X509_SIG_MISMATCH ); @@ -516,16 +520,17 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) if( ( ret = x509_crl_parse_der( chain, pem.buf, pem.buflen ) ) != 0 ) { + pem_free( &pem ); return( ret ); } - - pem_free( &pem ); } - else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + else if( is_pem ) { pem_free( &pem ); return( ret ); } + + pem_free( &pem ); } while( is_pem && buflen > 0 ); @@ -629,23 +634,23 @@ int x509_crl_info( char *buf, size_t size, const char *prefix, p = buf; n = size; - ret = snprintf( p, n, "%sCRL version : %d", + ret = polarssl_snprintf( p, n, "%sCRL version : %d", prefix, crl->version ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%sissuer name : ", prefix ); + ret = polarssl_snprintf( p, n, "\n%sissuer name : ", prefix ); SAFE_SNPRINTF(); ret = x509_dn_gets( p, n, &crl->issuer ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%sthis update : " \ + ret = polarssl_snprintf( p, n, "\n%sthis update : " \ "%04d-%02d-%02d %02d:%02d:%02d", prefix, crl->this_update.year, crl->this_update.mon, crl->this_update.day, crl->this_update.hour, crl->this_update.min, crl->this_update.sec ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%snext update : " \ + ret = polarssl_snprintf( p, n, "\n%snext update : " \ "%04d-%02d-%02d %02d:%02d:%02d", prefix, crl->next_update.year, crl->next_update.mon, crl->next_update.day, crl->next_update.hour, @@ -654,20 +659,20 @@ int x509_crl_info( char *buf, size_t size, const char *prefix, entry = &crl->entry; - ret = snprintf( p, n, "\n%sRevoked certificates:", + ret = polarssl_snprintf( p, n, "\n%sRevoked certificates:", prefix ); SAFE_SNPRINTF(); while( entry != NULL && entry->raw.len != 0 ) { - ret = snprintf( p, n, "\n%sserial number: ", + ret = polarssl_snprintf( p, n, "\n%sserial number: ", prefix ); SAFE_SNPRINTF(); ret = x509_serial_gets( p, n, &entry->serial ); SAFE_SNPRINTF(); - ret = snprintf( p, n, " revocation date: " \ + ret = polarssl_snprintf( p, n, " revocation date: " \ "%04d-%02d-%02d %02d:%02d:%02d", entry->revocation_date.year, entry->revocation_date.mon, entry->revocation_date.day, entry->revocation_date.hour, @@ -677,14 +682,14 @@ int x509_crl_info( char *buf, size_t size, const char *prefix, entry = entry->next; } - ret = snprintf( p, n, "\n%ssigned using : ", prefix ); + ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix ); SAFE_SNPRINTF(); ret = x509_sig_alg_gets( p, n, &crl->sig_oid1, crl->sig_pk, crl->sig_md, crl->sig_opts ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n" ); + ret = polarssl_snprintf( p, n, "\n" ); SAFE_SNPRINTF(); return( (int) ( size - n ) ); diff --git a/ext/polarssl-1.3/library/x509_crt.c b/ext/polarssl-1.3/library/x509_crt.c index d1d7d7396d..1ca61e5b38 100644 --- a/ext/polarssl-1.3/library/x509_crt.c +++ b/ext/polarssl-1.3/library/x509_crt.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,6 +40,10 @@ #include "polarssl/x509_crt.h" #include "polarssl/oid.h" + +#include +#include + #if defined(POLARSSL_PEM_PARSE_C) #include "polarssl/pem.h" #endif @@ -47,30 +51,33 @@ #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else -#define polarssl_malloc malloc +#include #define polarssl_free free +#define polarssl_malloc malloc +#define polarssl_snprintf snprintf #endif #if defined(POLARSSL_THREADING_C) #include "polarssl/threading.h" #endif -#include -#include #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include #else #include #endif -#include - #if defined(POLARSSL_FS_IO) +#include #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32) #include #include #include +#endif /* !_WIN32 || EFIX64 || EFI32 */ #endif + +#if !defined(POLARSSL_X509_MIN_VERIFY_MD_ALG) +#define POLARSSL_X509_MIN_VERIFY_MD_ALG POLARSSL_MD_SHA1 #endif /* Implementation that should never be optimized out by the compiler */ @@ -356,8 +363,7 @@ static int x509_get_subject_alt_name( unsigned char **p, if( cur->next != NULL ) return( POLARSSL_ERR_X509_INVALID_EXTENSIONS ); - cur->next = (asn1_sequence *) polarssl_malloc( - sizeof( asn1_sequence ) ); + cur->next = polarssl_malloc( sizeof( asn1_sequence ) ); if( cur->next == NULL ) return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + @@ -550,7 +556,7 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf, if( crt == NULL || buf == NULL ) return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); - p = (unsigned char *) polarssl_malloc( len = buflen ); + p = polarssl_malloc( len = buflen ); if( p == NULL ) return( POLARSSL_ERR_X509_MALLOC_FAILED ); @@ -613,14 +619,14 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf, return( ret ); } - crt->version++; - - if( crt->version > 3 ) + if( crt->version < 0 || crt->version > 2 ) { x509_crt_free( crt ); return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); } + crt->version++; + if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params1, &crt->sig_md, &crt->sig_pk, &crt->sig_opts ) ) != 0 ) @@ -758,7 +764,8 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf, if( crt->sig_oid1.len != crt->sig_oid2.len || memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 || sig_params1.len != sig_params2.len || - memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) + ( sig_params1.len != 0 && + memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) { x509_crt_free( crt ); return( POLARSSL_ERR_X509_SIG_MISMATCH ); @@ -807,7 +814,7 @@ int x509_crt_parse_der( x509_crt *chain, const unsigned char *buf, */ if( crt->version != 0 && crt->next == NULL ) { - crt->next = (x509_crt *) polarssl_malloc( sizeof( x509_crt ) ); + crt->next = polarssl_malloc( sizeof( x509_crt ) ); if( crt->next == NULL ) return( POLARSSL_ERR_X509_MALLOC_FAILED ); @@ -970,7 +977,7 @@ int x509_crt_parse_path( x509_crt *chain, const char *path ) WCHAR szDir[MAX_PATH]; char filename[MAX_PATH]; char *p; - int len = (int) strlen( path ); + size_t len = strlen( path ); WIN32_FIND_DATAW file_data; HANDLE hFind; @@ -985,7 +992,7 @@ int x509_crt_parse_path( x509_crt *chain, const char *path ) p = filename + len; filename[len++] = '*'; - w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir, + w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, MAX_PATH - 3 ); if( w_ret == 0 ) return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); @@ -1004,10 +1011,13 @@ int x509_crt_parse_path( x509_crt *chain, const char *path ) w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, lstrlenW( file_data.cFileName ), - p, len - 1, + p, (int) len - 1, NULL, NULL ); if( w_ret == 0 ) - return( POLARSSL_ERR_X509_FILE_IO_ERROR ); + { + ret = POLARSSL_ERR_X509_FILE_IO_ERROR; + goto cleanup; + } w_ret = x509_crt_parse_file( chain, filename ); if( w_ret < 0 ) @@ -1020,6 +1030,7 @@ int x509_crt_parse_path( x509_crt *chain, const char *path ) if( GetLastError() != ERROR_NO_MORE_FILES ) ret = POLARSSL_ERR_X509_FILE_IO_ERROR; +cleanup: FindClose( hFind ); #else /* _WIN32 */ int t_ret; @@ -1031,14 +1042,14 @@ int x509_crt_parse_path( x509_crt *chain, const char *path ) if( dir == NULL ) return( POLARSSL_ERR_X509_FILE_IO_ERROR ); -#if defined(POLARSSL_THREADING_PTHREAD) +#if defined(POLARSSL_THREADING_C) if( ( ret = polarssl_mutex_lock( &readdir_mutex ) ) != 0 ) return( ret ); -#endif +#endif /* POLARSSL_THREADING_C */ while( ( entry = readdir( dir ) ) != NULL ) { - snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name ); + polarssl_snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name ); if( stat( entry_name, &sb ) == -1 ) { @@ -1061,10 +1072,10 @@ int x509_crt_parse_path( x509_crt *chain, const char *path ) closedir( dir ); cleanup: -#if defined(POLARSSL_THREADING_PTHREAD) +#if defined(POLARSSL_THREADING_C) if( polarssl_mutex_unlock( &readdir_mutex ) != 0 ) ret = POLARSSL_ERR_THREADING_MUTEX_ERROR; -#endif +#endif /* POLARSSL_THREADING_C */ #endif /* _WIN32 */ @@ -1164,7 +1175,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, #define PRINT_ITEM(i) \ { \ - ret = snprintf( p, n, "%s" i, sep ); \ + ret = polarssl_snprintf( p, n, "%s" i, sep ); \ SAFE_SNPRINTF(); \ sep = ", "; \ } @@ -1237,7 +1248,7 @@ static int x509_info_ext_key_usage( char **buf, size_t *size, if( oid_get_extended_key_usage( &cur->buf, &desc ) != 0 ) desc = "???"; - ret = snprintf( p, n, "%s%s", sep, desc ); + ret = polarssl_snprintf( p, n, "%s%s", sep, desc ); SAFE_SNPRINTF(); sep = ", "; @@ -1267,41 +1278,41 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, p = buf; n = size; - ret = snprintf( p, n, "%scert. version : %d\n", + ret = polarssl_snprintf( p, n, "%scert. version : %d\n", prefix, crt->version ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "%sserial number : ", + ret = polarssl_snprintf( p, n, "%sserial number : ", prefix ); SAFE_SNPRINTF(); ret = x509_serial_gets( p, n, &crt->serial ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%sissuer name : ", prefix ); + ret = polarssl_snprintf( p, n, "\n%sissuer name : ", prefix ); SAFE_SNPRINTF(); ret = x509_dn_gets( p, n, &crt->issuer ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%ssubject name : ", prefix ); + ret = polarssl_snprintf( p, n, "\n%ssubject name : ", prefix ); SAFE_SNPRINTF(); ret = x509_dn_gets( p, n, &crt->subject ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%sissued on : " \ + ret = polarssl_snprintf( p, n, "\n%sissued on : " \ "%04d-%02d-%02d %02d:%02d:%02d", prefix, crt->valid_from.year, crt->valid_from.mon, crt->valid_from.day, crt->valid_from.hour, crt->valid_from.min, crt->valid_from.sec ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%sexpires on : " \ + ret = polarssl_snprintf( p, n, "\n%sexpires on : " \ "%04d-%02d-%02d %02d:%02d:%02d", prefix, crt->valid_to.year, crt->valid_to.mon, crt->valid_to.day, crt->valid_to.hour, crt->valid_to.min, crt->valid_to.sec ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%ssigned using : ", prefix ); + ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix ); SAFE_SNPRINTF(); ret = x509_sig_alg_gets( p, n, &crt->sig_oid1, crt->sig_pk, @@ -1315,7 +1326,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, return( ret ); } - ret = snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, + ret = polarssl_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, (int) pk_get_size( &crt->pk ) ); SAFE_SNPRINTF(); @@ -1325,20 +1336,20 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_BASIC_CONSTRAINTS ) { - ret = snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, + ret = polarssl_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, crt->ca_istrue ? "true" : "false" ); SAFE_SNPRINTF(); if( crt->max_pathlen > 0 ) { - ret = snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 ); + ret = polarssl_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 ); SAFE_SNPRINTF(); } } if( crt->ext_types & EXT_SUBJECT_ALT_NAME ) { - ret = snprintf( p, n, "\n%ssubject alt name : ", prefix ); + ret = polarssl_snprintf( p, n, "\n%ssubject alt name : ", prefix ); SAFE_SNPRINTF(); if( ( ret = x509_info_subject_alt_name( &p, &n, @@ -1348,7 +1359,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_NS_CERT_TYPE ) { - ret = snprintf( p, n, "\n%scert. type : ", prefix ); + ret = polarssl_snprintf( p, n, "\n%scert. type : ", prefix ); SAFE_SNPRINTF(); if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 ) @@ -1357,7 +1368,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_KEY_USAGE ) { - ret = snprintf( p, n, "\n%skey usage : ", prefix ); + ret = polarssl_snprintf( p, n, "\n%skey usage : ", prefix ); SAFE_SNPRINTF(); if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 ) @@ -1366,7 +1377,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_EXTENDED_KEY_USAGE ) { - ret = snprintf( p, n, "\n%sext key usage : ", prefix ); + ret = polarssl_snprintf( p, n, "\n%sext key usage : ", prefix ); SAFE_SNPRINTF(); if( ( ret = x509_info_ext_key_usage( &p, &n, @@ -1374,12 +1385,76 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, return( ret ); } - ret = snprintf( p, n, "\n" ); + ret = polarssl_snprintf( p, n, "\n" ); SAFE_SNPRINTF(); return( (int) ( size - n ) ); } +struct x509_crt_verify_string { + int code; + const char *string; +}; + +static const struct x509_crt_verify_string x509_crt_verify_strings[] = { + { BADCERT_EXPIRED, "The certificate validity has expired" }, + { BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" }, + { BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" }, + { BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" }, + { BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" }, + { BADCRL_EXPIRED, "The CRL is expired" }, + { BADCERT_MISSING, "Certificate was missing" }, + { BADCERT_SKIP_VERIFY, "Certificate verification was skipped" }, + { BADCERT_OTHER, "Other reason (can be used by verify callback)" }, + { BADCERT_FUTURE, "The certificate validity starts in the future" }, + { BADCRL_FUTURE, "The CRL is from the future" }, + { BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" }, + { BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" }, + { BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" }, + { BADCERT_BAD_KEY, "The certificate uses an invalid key (e.g. unsupported elliptic curve)" }, + { 0, NULL } +}; + +int x509_crt_verify_info( char *buf, size_t size, const char *prefix, + int flags ) +{ + int ret; + const struct x509_crt_verify_string *cur; + char *p = buf; + size_t n = size; + + for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ ) + { + if( ( flags & cur->code ) == 0 ) + continue; + + ret = polarssl_snprintf( p, n, "%s%s\n", prefix, cur->string ); + SAFE_SNPRINTF(); + flags ^= cur->code; + } + + if( flags != 0 ) + { + ret = polarssl_snprintf( p, n, "%sUnknown reason " + "(this should not happen)\n", prefix ); + SAFE_SNPRINTF(); + } + + return( (int) ( size - n ) ); +} + +/* + * Check md_alg against profile + * Return 0 if md_alg acceptable for this profile, -1 otherwise + */ +static int x509_check_md_alg( md_type_t md_alg ) +{ + if( md_alg >= POLARSSL_X509_MIN_VERIFY_MD_ALG ) + return( 0 ); + + return( -1 ); +} + #if defined(POLARSSL_X509_CHECK_KEY_USAGE) int x509_crt_check_key_usage( const x509_crt *crt, int usage ) { @@ -1487,6 +1562,15 @@ static int x509_crt_verifycrl( x509_crt *crt, x509_crt *ca, } #endif + /* + * Check if CRL is signed with a valid MD + */ + if( x509_check_md_alg( crl_list->sig_md ) != 0 ) + { + flags |= BADCRL_NOT_TRUSTED; + break; + } + /* * Check if CRL is correctly signed by the trusted CA */ @@ -1712,14 +1796,16 @@ static int x509_crt_check_parent( const x509_crt *child, static int x509_crt_verify_top( x509_crt *child, x509_crt *trust_ca, - x509_crl *ca_crl, int path_cnt, int *flags, + x509_crl *ca_crl, + int path_cnt, int self_cnt, int *flags, int (*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy ) { int ret; - int ca_flags = 0, check_path_cnt = path_cnt + 1; + int ca_flags = 0, check_path_cnt; unsigned char hash[POLARSSL_MD_MAX_SIZE]; const md_info_t *md_info; + x509_crt *future_past_ca = NULL; if( x509_time_expired( &child->valid_to ) ) *flags |= BADCERT_EXPIRED; @@ -1732,6 +1818,18 @@ static int x509_crt_verify_top( */ *flags |= BADCERT_NOT_TRUSTED; + /* + * Check if certificate is signed with a valid MD + */ + if( x509_check_md_alg( child->sig_md ) != 0 ) + { + *flags |= BADCERT_NOT_TRUSTED; + /* + * not signed with a valid MD, no need to check trust_ca + */ + trust_ca = NULL; + } + md_info = md_info_from_type( child->sig_md ); if( md_info == NULL ) { @@ -1748,8 +1846,10 @@ static int x509_crt_verify_top( if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 ) continue; + check_path_cnt = path_cnt + 1; + /* - * Reduce path_len to check against if top of the chain is + * Reduce check_path_cnt to check against if top of the chain is * the same as the trusted CA */ if( child->subject_raw.len == trust_ca->subject_raw.len && @@ -1759,8 +1859,9 @@ static int x509_crt_verify_top( check_path_cnt--; } + /* Self signed certificates do not count towards the limit */ if( trust_ca->max_pathlen > 0 && - trust_ca->max_pathlen < check_path_cnt ) + trust_ca->max_pathlen < check_path_cnt - self_cnt ) { continue; } @@ -1772,11 +1873,23 @@ static int x509_crt_verify_top( continue; } + if( x509_time_expired( &trust_ca->valid_to ) || + x509_time_future( &trust_ca->valid_from ) ) + { + if( future_past_ca == NULL ) + future_past_ca = trust_ca; + continue; + } + + break; + } + + if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL ) + { /* * Top of chain is signed by a trusted CA */ *flags &= ~BADCERT_NOT_TRUSTED; - break; } /* @@ -1825,8 +1938,9 @@ static int x509_crt_verify_top( } static int x509_crt_verify_child( - x509_crt *child, x509_crt *parent, x509_crt *trust_ca, - x509_crl *ca_crl, int path_cnt, int *flags, + x509_crt *child, x509_crt *parent, + x509_crt *trust_ca, x509_crl *ca_crl, + int path_cnt, int self_cnt, int *flags, int (*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy ) { @@ -1836,11 +1950,15 @@ static int x509_crt_verify_child( x509_crt *grandparent; const md_info_t *md_info; + /* Counting intermediate self signed certificates */ + if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) + self_cnt++; + /* path_cnt is 0 for the first intermediate CA */ if( 1 + path_cnt > POLARSSL_X509_MAX_INTERMEDIATE_CA ) { - *flags |= BADCERT_NOT_TRUSTED; - return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ); + /* return immediately as the goal is to avoid unbounded recursion */ + return( POLARSSL_ERR_X509_FATAL_ERROR ); } if( x509_time_expired( &child->valid_to ) ) @@ -1849,6 +1967,12 @@ static int x509_crt_verify_child( if( x509_time_future( &child->valid_from ) ) *flags |= BADCERT_FUTURE; + /* + * Check if certificate is signed with a valid MD + */ + if( x509_check_md_alg( child->sig_md ) != 0 ) + *flags |= BADCERT_NOT_TRUSTED; + md_info = md_info_from_type( child->sig_md ); if( md_info == NULL ) { @@ -1874,8 +1998,8 @@ static int x509_crt_verify_child( *flags |= x509_crt_verifycrl(child, parent, ca_crl); #endif - /* Look for a grandparent upwards the chain */ - for( grandparent = parent->next; + /* Look for a grandparent in trusted CAs */ + for( grandparent = trust_ca; grandparent != NULL; grandparent = grandparent->next ) { @@ -1884,20 +2008,51 @@ static int x509_crt_verify_child( break; } - /* Is our parent part of the chain or at the top? */ if( grandparent != NULL ) { - ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl, - path_cnt + 1, &parent_flags, f_vrfy, p_vrfy ); + ret = x509_crt_verify_top( parent, grandparent, ca_crl, + path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); } else { - ret = x509_crt_verify_top( parent, trust_ca, ca_crl, - path_cnt + 1, &parent_flags, f_vrfy, p_vrfy ); - if( ret != 0 ) - return( ret ); + /* Look for a grandparent upwards the chain */ + for( grandparent = parent->next; + grandparent != NULL; + grandparent = grandparent->next ) + { + /* +2 because the current step is not yet accounted for + * and because max_pathlen is one higher than it should be. + * Also self signed certificates do not count to the limit. */ + if( grandparent->max_pathlen > 0 && + grandparent->max_pathlen < 2 + path_cnt - self_cnt ) + { + continue; + } + + if( x509_crt_check_parent( parent, grandparent, + 0, path_cnt == 0 ) == 0 ) + break; + } + + /* Is our parent part of the chain or at the top? */ + if( grandparent != NULL ) + { + ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl, + path_cnt + 1, self_cnt, &parent_flags, + f_vrfy, p_vrfy ); + if( ret != 0 ) + return( ret ); + } + else + { + ret = x509_crt_verify_top( parent, trust_ca, ca_crl, + path_cnt + 1, self_cnt, &parent_flags, + f_vrfy, p_vrfy ); + if( ret != 0 ) + return( ret ); + } } /* child is verified to be a child of the parent, call verify callback */ @@ -1923,6 +2078,7 @@ int x509_crt_verify( x509_crt *crt, size_t cn_len; int ret; int pathlen = 0; + int selfsigned = 0; x509_crt *parent; x509_name *name; x509_sequence *cur = NULL; @@ -1979,27 +2135,55 @@ int x509_crt_verify( x509_crt *crt, } } - /* Look for a parent upwards the chain */ - for( parent = crt->next; parent != NULL; parent = parent->next ) + /* Look for a parent in trusted CAs */ + for( parent = trust_ca; parent != NULL; parent = parent->next ) { if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 ) break; } - /* Are we part of the chain or at the top? */ if( parent != NULL ) { - ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, - pathlen, flags, f_vrfy, p_vrfy ); + ret = x509_crt_verify_top( crt, parent, ca_crl, + pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) - return( ret ); + goto exit; } else { - ret = x509_crt_verify_top( crt, trust_ca, ca_crl, - pathlen, flags, f_vrfy, p_vrfy ); - if( ret != 0 ) - return( ret ); + /* Look for a parent upwards the chain */ + for( parent = crt->next; parent != NULL; parent = parent->next ) + if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 ) + break; + + /* Are we part of the chain or at the top? */ + if( parent != NULL ) + { + ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, + pathlen, selfsigned, flags, f_vrfy, p_vrfy ); + if( ret != 0 ) + goto exit; + } + else + { + ret = x509_crt_verify_top( crt, trust_ca, ca_crl, + pathlen, selfsigned, flags, f_vrfy, p_vrfy ); + if( ret != 0 ) + goto exit; + } + } + +exit: + /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by + * the SSL module for authmode optional, but non-zero return from the + * callback means a fatal error so it shouldn't be ignored */ + if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) + ret = POLARSSL_ERR_X509_FATAL_ERROR; + + if( ret != 0 ) + { + *flags = -1; + return( ret ); } if( *flags != 0 ) diff --git a/ext/polarssl-1.3/library/x509_csr.c b/ext/polarssl-1.3/library/x509_csr.c index a6fe581764..b3c8f29b7f 100644 --- a/ext/polarssl-1.3/library/x509_csr.c +++ b/ext/polarssl-1.3/library/x509_csr.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,6 +40,9 @@ #include "polarssl/x509_csr.h" #include "polarssl/oid.h" + +#include + #if defined(POLARSSL_PEM_PARSE_C) #include "polarssl/pem.h" #endif @@ -47,13 +50,13 @@ #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else -#define polarssl_malloc malloc +#include +#include #define polarssl_free free +#define polarssl_malloc malloc +#define polarssl_snprintf snprintf #endif -#include -#include - #if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32) #include #endif @@ -110,7 +113,7 @@ int x509_csr_parse_der( x509_csr *csr, /* * first copy the raw DER data */ - p = (unsigned char *) polarssl_malloc( len = buflen ); + p = polarssl_malloc( len = buflen ); if( p == NULL ) return( POLARSSL_ERR_X509_MALLOC_FAILED ); @@ -166,14 +169,14 @@ int x509_csr_parse_der( x509_csr *csr, return( ret ); } - csr->version++; - - if( csr->version != 1 ) + if( csr->version != 0 ) { x509_csr_free( csr ); return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); } + csr->version++; + /* * subject Name */ @@ -257,8 +260,8 @@ int x509_csr_parse_der( x509_csr *csr, */ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen ) { - int ret; #if defined(POLARSSL_PEM_PARSE_C) + int ret; size_t use_len; pem_context pem; #endif @@ -387,16 +390,16 @@ int x509_csr_info( char *buf, size_t size, const char *prefix, p = buf; n = size; - ret = snprintf( p, n, "%sCSR version : %d", + ret = polarssl_snprintf( p, n, "%sCSR version : %d", prefix, csr->version ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%ssubject name : ", prefix ); + ret = polarssl_snprintf( p, n, "\n%ssubject name : ", prefix ); SAFE_SNPRINTF(); ret = x509_dn_gets( p, n, &csr->subject ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%ssigned using : ", prefix ); + ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix ); SAFE_SNPRINTF(); ret = x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md, @@ -409,7 +412,7 @@ int x509_csr_info( char *buf, size_t size, const char *prefix, return( ret ); } - ret = snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, + ret = polarssl_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, (int) pk_get_size( &csr->pk ) ); SAFE_SNPRINTF(); diff --git a/ext/polarssl-1.3/library/x509write_crt.c b/ext/polarssl-1.3/library/x509write_crt.c index 3e850cecae..19dd0beae0 100644 --- a/ext/polarssl-1.3/library/x509write_crt.c +++ b/ext/polarssl-1.3/library/x509write_crt.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -39,6 +39,8 @@ #include "polarssl/asn1write.h" #include "polarssl/sha1.h" +#include + #if defined(POLARSSL_PEM_WRITE_C) #include "polarssl/pem.h" #endif /* POLARSSL_PEM_WRITE_C */ @@ -50,7 +52,7 @@ static void polarssl_zeroize( void *v, size_t n ) { void x509write_crt_init( x509write_cert *ctx ) { - memset( ctx, 0, sizeof(x509write_cert) ); + memset( ctx, 0, sizeof( x509write_cert ) ); mpi_init( &ctx->serial ); ctx->version = X509_CRT_VERSION_3; @@ -64,7 +66,7 @@ void x509write_crt_free( x509write_cert *ctx ) asn1_free_named_data_list( &ctx->issuer ); asn1_free_named_data_list( &ctx->extensions ); - polarssl_zeroize( ctx, sizeof(x509write_cert) ); + polarssl_zeroize( ctx, sizeof( x509write_cert ) ); } void x509write_crt_set_version( x509write_cert *ctx, int version ) @@ -139,10 +141,10 @@ int x509write_crt_set_basic_constraints( x509write_cert *ctx, { int ret; unsigned char buf[9]; - unsigned char *c = buf + sizeof(buf); + unsigned char *c = buf + sizeof( buf ); size_t len = 0; - memset( buf, 0, sizeof(buf) ); + memset( buf, 0, sizeof( buf ) ); if( is_ca && max_pathlen > 127 ) return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); @@ -162,7 +164,7 @@ int x509write_crt_set_basic_constraints( x509write_cert *ctx, return x509write_crt_set_extension( ctx, OID_BASIC_CONSTRAINTS, OID_SIZE( OID_BASIC_CONSTRAINTS ), - 0, buf + sizeof(buf) - len, len ); + 0, buf + sizeof( buf ) - len, len ); } #if defined(POLARSSL_SHA1_C) @@ -170,14 +172,14 @@ int x509write_crt_set_subject_key_identifier( x509write_cert *ctx ) { int ret; unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ - unsigned char *c = buf + sizeof(buf); + unsigned char *c = buf + sizeof( buf ); size_t len = 0; - memset( buf, 0, sizeof(buf) ); + memset( buf, 0, sizeof( buf ) ); ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->subject_key ) ); - sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); - c = buf + sizeof(buf) - 20; + sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); + c = buf + sizeof( buf ) - 20; len = 20; ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); @@ -185,21 +187,21 @@ int x509write_crt_set_subject_key_identifier( x509write_cert *ctx ) return x509write_crt_set_extension( ctx, OID_SUBJECT_KEY_IDENTIFIER, OID_SIZE( OID_SUBJECT_KEY_IDENTIFIER ), - 0, buf + sizeof(buf) - len, len ); + 0, buf + sizeof( buf ) - len, len ); } int x509write_crt_set_authority_key_identifier( x509write_cert *ctx ) { int ret; unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ - unsigned char *c = buf + sizeof(buf); + unsigned char *c = buf + sizeof( buf ); size_t len = 0; - memset( buf, 0, sizeof(buf) ); + memset( buf, 0, sizeof( buf ) ); ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->issuer_key ) ); - sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); - c = buf + sizeof(buf) - 20; + sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); + c = buf + sizeof( buf ) - 20; len = 20; ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); @@ -211,7 +213,7 @@ int x509write_crt_set_authority_key_identifier( x509write_cert *ctx ) return x509write_crt_set_extension( ctx, OID_AUTHORITY_KEY_IDENTIFIER, OID_SIZE( OID_AUTHORITY_KEY_IDENTIFIER ), - 0, buf + sizeof(buf) - len, len ); + 0, buf + sizeof( buf ) - len, len ); } #endif /* POLARSSL_SHA1_C */ @@ -257,7 +259,7 @@ int x509write_crt_set_ns_cert_type( x509write_cert *ctx, } static int x509_write_time( unsigned char **p, unsigned char *start, - const char *time, size_t size ) + const char *t, size_t size ) { int ret; size_t len = 0; @@ -265,10 +267,10 @@ static int x509_write_time( unsigned char **p, unsigned char *start, /* * write ASN1_UTC_TIME if year < 2050 (2 bytes shorter) */ - if( time[0] == '2' && time[1] == '0' && time [2] < '5' ) + if( t[0] == '2' && t[1] == '0' && t[2] < '5' ) { ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, - (const unsigned char *) time + 2, + (const unsigned char *) t + 2, size - 2 ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_UTC_TIME ) ); @@ -276,7 +278,7 @@ static int x509_write_time( unsigned char **p, unsigned char *start, else { ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, - (const unsigned char *) time, + (const unsigned char *) t, size ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_GENERALIZED_TIME ) ); @@ -306,9 +308,15 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size, c = tmp_buf + sizeof( tmp_buf ); /* Signature algorithm needed in TBS, and later for actual signature */ - pk_alg = pk_get_type( ctx->issuer_key ); - if( pk_alg == POLARSSL_PK_ECKEY ) + + /* There's no direct way of extracting a signature algorithm + * (represented as an element of pk_type_t) from a PK instance. */ + if( pk_can_do( ctx->issuer_key, POLARSSL_PK_RSA ) ) + pk_alg = POLARSSL_PK_RSA; + else if( pk_can_do( ctx->issuer_key, POLARSSL_PK_ECDSA ) ) pk_alg = POLARSSL_PK_ECDSA; + else + return( POLARSSL_ERR_X509_INVALID_ALG ); if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) @@ -319,13 +327,19 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size, /* * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */ - ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); - ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); - ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | - ASN1_SEQUENCE ) ); - ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); - ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | - ASN1_CONSTRUCTED | 3 ) ); + + /* Only for v3 */ + if( ctx->version == X509_CRT_VERSION_3 ) + { + ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, + ctx->extensions ) ); + ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); + ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | + ASN1_SEQUENCE ) ); + ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); + ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | + ASN1_CONSTRUCTED | 3 ) ); + } /* * SubjectPublicKeyInfo @@ -377,16 +391,20 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size, /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ - sub_len = 0; - ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) ); - len += sub_len; - ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) ); - ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | - ASN1_CONSTRUCTED | 0 ) ); + + if( ctx->version != X509_CRT_VERSION_1 ) + { + sub_len = 0; + ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) ); + len += sub_len; + ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) ); + ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | + ASN1_CONSTRUCTED | 0 ) ); + } ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | - ASN1_SEQUENCE ) ); + ASN1_SEQUENCE ) ); /* * Make signature @@ -406,6 +424,9 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size, ASN1_CHK_ADD( sig_and_oid_len, x509_write_sig( &c2, buf, sig_oid, sig_oid_len, sig, sig_len ) ); + if( len > (size_t)( c2 - buf ) ) + return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); + c2 -= len; memcpy( c2, c, len ); diff --git a/ext/polarssl-1.3/library/x509write_csr.c b/ext/polarssl-1.3/library/x509write_csr.c index 8f297a0116..74188823d8 100644 --- a/ext/polarssl-1.3/library/x509write_csr.c +++ b/ext/polarssl-1.3/library/x509write_csr.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -37,13 +37,13 @@ #include "polarssl/oid.h" #include "polarssl/asn1write.h" +#include +#include + #if defined(POLARSSL_PEM_WRITE_C) #include "polarssl/pem.h" #endif -#include -#include - /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -51,7 +51,7 @@ static void polarssl_zeroize( void *v, size_t n ) { void x509write_csr_init( x509write_csr *ctx ) { - memset( ctx, 0, sizeof(x509write_csr) ); + memset( ctx, 0, sizeof( x509write_csr ) ); } void x509write_csr_free( x509write_csr *ctx ) @@ -59,7 +59,7 @@ void x509write_csr_free( x509write_csr *ctx ) asn1_free_named_data_list( &ctx->subject ); asn1_free_named_data_list( &ctx->extensions ); - polarssl_zeroize( ctx, sizeof(x509write_csr) ); + polarssl_zeroize( ctx, sizeof( x509write_csr ) ); } void x509write_csr_set_md_alg( x509write_csr *ctx, md_type_t md_alg ) @@ -195,13 +195,20 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size, */ md( md_info_from_type( ctx->md_alg ), c, len, hash ); - pk_alg = pk_get_type( ctx->key ); - if( pk_alg == POLARSSL_PK_ECKEY ) + if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, + f_rng, p_rng ) ) != 0 ) + { + return( ret ); + } + + if( pk_can_do( ctx->key, POLARSSL_PK_RSA ) ) + pk_alg = POLARSSL_PK_RSA; + else if( pk_can_do( ctx->key, POLARSSL_PK_ECDSA ) ) pk_alg = POLARSSL_PK_ECDSA; + else + return( POLARSSL_ERR_X509_INVALID_ALG ); - if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, - f_rng, p_rng ) ) != 0 || - ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, + if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret ); @@ -214,6 +221,9 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size, ASN1_CHK_ADD( sig_and_oid_len, x509_write_sig( &c2, buf, sig_oid, sig_oid_len, sig, sig_len ) ); + if( len > (size_t)( c2 - buf ) ) + return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); + c2 -= len; memcpy( c2, c, len ); diff --git a/ext/polarssl-1.3/library/xtea.c b/ext/polarssl-1.3/library/xtea.c index cea9ff82f4..0558b93c89 100644 --- a/ext/polarssl-1.3/library/xtea.c +++ b/ext/polarssl-1.3/library/xtea.c @@ -3,7 +3,7 @@ * * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved * - * This file is part of mbed TLS (https://polarssl.org) + * This file is part of mbed TLS (https://tls.mbed.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,11 +30,16 @@ #include "polarssl/xtea.h" +#include + +#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else +#include #define polarssl_printf printf -#endif +#endif /* POLARSSL_PLATFORM_C */ +#endif /* POLARSSL_SELF_TEST */ #if !defined(POLARSSL_XTEA_ALT) @@ -190,9 +195,6 @@ int xtea_crypt_cbc( xtea_context *ctx, int mode, size_t length, #if defined(POLARSSL_SELF_TEST) -#include -#include - /* * XTEA tests vectors (non-official) */