Index: dll/3rdparty/mbedtls/base64.c =================================================================== --- dll/3rdparty/mbedtls/base64.c (revision 75080) +++ dll/3rdparty/mbedtls/base64.c (working copy) @@ -194,7 +194,11 @@ return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || dlen < n ) Index: dll/3rdparty/mbedtls/bignum.c =================================================================== --- dll/3rdparty/mbedtls/bignum.c (revision 75080) +++ dll/3rdparty/mbedtls/bignum.c (working copy) @@ -536,7 +536,12 @@ n = mbedtls_mpi_bitlen( X ); if( radix >= 4 ) n >>= 1; if( radix >= 16 ) n >>= 1; - n += 3; + /* + * Round up the buffer length to an even value to ensure that there is + * enough room for hexadecimal values that can be represented in an odd + * number of digits. + */ + n += 3 + ( ( n + 1 ) & 1 ); if( buflen < n ) { Index: dll/3rdparty/mbedtls/cipher.c =================================================================== --- dll/3rdparty/mbedtls/cipher.c (revision 75080) +++ dll/3rdparty/mbedtls/cipher.c (working copy) @@ -328,9 +328,9 @@ * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && - ilen + ctx->unprocessed_len <= block_size ) || + ilen <= block_size - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && - ilen + ctx->unprocessed_len < block_size ) ) + ilen < block_size - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); Index: dll/3rdparty/mbedtls/cmac.c =================================================================== --- dll/3rdparty/mbedtls/cmac.c (revision 75080) +++ dll/3rdparty/mbedtls/cmac.c (working copy) @@ -28,7 +28,7 @@ * * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The * CMAC Mode for Authentication - * http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf + * http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf * * - RFC 4493 - The AES-CMAC Algorithm * https://tools.ietf.org/html/rfc4493 @@ -64,7 +64,7 @@ #if defined(MBEDTLS_SELF_TEST) #include #define mbedtls_printf printf -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C || MBEDTLS_DES_C */ +#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_PLATFORM_C */ /* Implementation that should never be optimized out by the compiler */ @@ -82,7 +82,7 @@ * with R_64 = 0x1B and R_128 = 0x87 * * Input and output MUST NOT point to the same buffer - * Block size must be 8 byes or 16 bytes - the block sizes for DES and AES. + * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES. */ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, @@ -107,7 +107,7 @@ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } - for( i = blocksize - 1; i >= 0; i-- ) + for( i = (int)blocksize - 1; i >= 0; i-- ) { output[i] = input[i] << 1 | overflow; overflow = input[i] >> 7; @@ -211,7 +211,7 @@ if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - if( ( retval = mbedtls_cipher_setkey( ctx, key, keybits, + if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits, MBEDTLS_ENCRYPT ) ) != 0 ) return( retval ); @@ -246,8 +246,8 @@ { mbedtls_cmac_context_t* cmac_ctx; unsigned char *state; - int n, j, ret = 0; - size_t olen, block_size; + int ret = 0; + size_t n, j, olen, block_size; if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || ctx->cmac_ctx == NULL ) @@ -282,8 +282,9 @@ /* n is the number of blocks including any final partial block */ n = ( ilen + block_size - 1 ) / block_size; - /* Iterate across the input data in block sized chunks */ - for( j = 0; j < n - 1; j++ ) + /* Iterate across the input data in block sized chunks, excluding any + * final partial or complete block */ + for( j = 1; j < n; j++ ) { cmac_xor_block( state, input, state, block_size ); @@ -471,8 +472,9 @@ #if defined(MBEDTLS_SELF_TEST) /* - * CMAC test data from SP800-38B Appendix D.1 (corrected) - * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf + * CMAC test data for SP800-38B + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CMAC.pdf + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/TDES_CMAC.pdf * * AES-CMAC-PRF-128 test data from RFC 4615 * https://tools.ietf.org/html/rfc4615#page-4 @@ -484,14 +486,15 @@ #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) /* All CMAC test inputs are truncated from the same 64 byte buffer. */ static const unsigned char test_message[] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, - 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, - 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 + /* PT */ + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; #endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */ @@ -498,114 +501,133 @@ #if defined(MBEDTLS_AES_C) /* Truncation point of message for AES CMAC tests */ static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { + /* Mlen */ 0, 16, - 40, + 20, 64 }; -/* AES 128 CMAC Test Data */ +/* CMAC-AES128 Test Data */ static const unsigned char aes_128_key[16] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, - 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde + /* K1 */ + 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, + 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde }, { - 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, - 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b + /* K2 */ + 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, + 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b } }; static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, - 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 + /* Example #1 */ + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }, { - 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, - 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + /* Example #2 */ + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }, { - 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, - 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 + /* Example #3 */ + 0x7d, 0x85, 0x44, 0x9e, 0xa6, 0xea, 0x19, 0xc8, + 0x23, 0xa7, 0xbf, 0x78, 0x83, 0x7d, 0xfa, 0xde }, { - 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, - 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe + /* Example #4 */ + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } }; -/* AES 192 CMAC Test Data */ +/* CMAC-AES192 Test Data */ static const unsigned char aes_192_key[24] = { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b }; static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { - 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, - 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 + /* K1 */ + 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, + 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 }, { - 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, - 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c + /* K2 */ + 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, + 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c } }; static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, - 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 + /* Example #1 */ + 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, + 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 }, { - 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, - 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 + /* Example #2 */ + 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, + 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 }, { - 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, - 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e + /* Example #3 */ + 0x3d, 0x75, 0xc1, 0x94, 0xed, 0x96, 0x07, 0x04, + 0x44, 0xa9, 0xfa, 0x7e, 0xc7, 0x40, 0xec, 0xf8 }, { - 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, - 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 + /* Example #4 */ + 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, + 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 } }; -/* AES 256 CMAC Test Data */ +/* CMAC-AES256 Test Data */ static const unsigned char aes_256_key[32] = { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 }; static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { - 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, - 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f + /* K1 */ + 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, + 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f }, { - 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, - 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 + /* K2 */ + 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, + 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 } }; static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { - 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, - 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 + /* Example #1 */ + 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, + 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 }, { - 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, - 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c + /* Example #2 */ + 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, + 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c }, { - 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, - 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6 + /* Example #3 */ + 0x15, 0x67, 0x27, 0xdc, 0x08, 0x78, 0x94, 0x4a, + 0x02, 0x3c, 0x1f, 0xe0, 0x3b, 0xad, 0x6d, 0x93 }, { - 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, - 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 + /* Example #4 */ + 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, + 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 } }; #endif /* MBEDTLS_AES_C */ @@ -614,66 +636,84 @@ /* Truncation point of message for 3DES CMAC tests */ static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { 0, - 8, + 16, 20, 32 }; -/* 3DES 2 Key CMAC Test Data */ +/* CMAC-TDES (Generation) - 2 Key Test Data */ static const unsigned char des3_2key_key[24] = { - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, - 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 + /* Key1 */ + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + /* Key2 */ + 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xEF, 0x01, + /* Key3 */ + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static const unsigned char des3_2key_subkeys[2][8] = { { - 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef + /* K1 */ + 0x0d, 0xd2, 0xcb, 0x7a, 0x3d, 0x88, 0x88, 0xd9 }, { - 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 + /* K2 */ + 0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2 } }; static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { { - 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 + /* Sample #1 */ + 0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60 }, { - 0x4f, 0xf2, 0xab, 0x81, 0x3c, 0x53, 0xce, 0x83 + /* Sample #2 */ + 0xcc, 0x18, 0xa0, 0xb7, 0x9a, 0xf2, 0x41, 0x3b }, { - 0x62, 0xdd, 0x1b, 0x47, 0x19, 0x02, 0xbd, 0x4e + /* Sample #3 */ + 0xc0, 0x6d, 0x37, 0x7e, 0xcd, 0x10, 0x19, 0x69 }, { - 0x31, 0xb1, 0xe4, 0x31, 0xda, 0xbc, 0x4e, 0xb8 + /* Sample #4 */ + 0x9c, 0xd3, 0x35, 0x80, 0xf9, 0xb6, 0x4d, 0xfb } }; -/* 3DES 3 Key CMAC Test Data */ +/* CMAC-TDES (Generation) - 3 Key Test Data */ static const unsigned char des3_3key_key[24] = { - 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, - 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, - 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 + /* Key1 */ + 0x01, 0x23, 0x45, 0x67, 0x89, 0xaa, 0xcd, 0xef, + /* Key2 */ + 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, + /* Key3 */ + 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23 }; static const unsigned char des3_3key_subkeys[2][8] = { { - 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f + /* K1 */ + 0x9d, 0x74, 0xe7, 0x39, 0x33, 0x17, 0x96, 0xc0 }, { - 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 + /* K2 */ + 0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b } }; static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { { - 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 + /* Sample #1 */ + 0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50 }, { - 0x8e, 0x8f, 0x29, 0x31, 0x36, 0x28, 0x37, 0x97 + /* Sample #2 */ + 0x30, 0x23, 0x9c, 0xf1, 0xf5, 0x2e, 0x66, 0x09 }, { - 0x74, 0x3d, 0xdb, 0xe0, 0xce, 0x2d, 0xc2, 0xed + /* Sample #3 */ + 0x6c, 0x9f, 0x3e, 0xe4, 0x92, 0x3f, 0x6b, 0xe2 }, { - 0x33, 0xe6, 0xb1, 0x09, 0x24, 0x00, 0xea, 0xe5 + /* Sample #4 */ + 0x99, 0x42, 0x9b, 0xd0, 0xbF, 0x79, 0x04, 0xe5 } }; @@ -682,8 +722,9 @@ #if defined(MBEDTLS_AES_C) /* AES AES-CMAC-PRF-128 Test Data */ static const unsigned char PRFK[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + /* Key */ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xed, 0xcb }; @@ -694,25 +735,25 @@ 10 }; -/* PRF M */ +/* Message */ static const unsigned char PRFM[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 }; static const unsigned char PRFT[NB_PRF_TESTS][16] = { { - 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, - 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a + 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, + 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a }, { - 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, - 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d + 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, + 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d }, { - 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, - 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d + 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, + 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d } }; #endif /* MBEDTLS_AES_C */ Index: dll/3rdparty/mbedtls/ctr_drbg.c =================================================================== --- dll/3rdparty/mbedtls/ctr_drbg.c (revision 75080) +++ dll/3rdparty/mbedtls/ctr_drbg.c (working copy) @@ -292,7 +292,8 @@ unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT || + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); Index: dll/3rdparty/mbedtls/debug.c =================================================================== --- dll/3rdparty/mbedtls/debug.c (revision 75080) +++ dll/3rdparty/mbedtls/debug.c (working copy) @@ -73,7 +73,7 @@ */ #if defined(MBEDTLS_THREADING_C) char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */ - mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", ssl, str ); + mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str ); ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr ); #else ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str ); Index: dll/3rdparty/mbedtls/ecp_curves.c =================================================================== --- dll/3rdparty/mbedtls/ecp_curves.c (revision 75080) +++ dll/3rdparty/mbedtls/ecp_curves.c (working copy) @@ -1215,7 +1215,7 @@ int ret; size_t i; mbedtls_mpi M, R; - mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R]; + mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; if( N->n < p_limbs ) return( 0 ); @@ -1237,7 +1237,7 @@ memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); if( shift != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) @@ -1259,7 +1259,7 @@ memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); if( shift != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) Index: dll/3rdparty/mbedtls/md2.c =================================================================== --- dll/3rdparty/mbedtls/md2.c (revision 75080) +++ dll/3rdparty/mbedtls/md2.c (working copy) @@ -160,7 +160,7 @@ while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; Index: dll/3rdparty/mbedtls/net_sockets.c =================================================================== --- dll/3rdparty/mbedtls/net_sockets.c (revision 75080) +++ dll/3rdparty/mbedtls/net_sockets.c (working copy) @@ -135,7 +135,8 @@ /* * Initiate a TCP connection with host:port and the given protocol */ -int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ) +int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, + const char *port, int proto ) { int ret; struct addrinfo hints, *addr_list, *cur; @@ -240,7 +241,7 @@ } } - /* I we ever get there, it's a success */ + /* Bind was successful */ ret = 0; break; } @@ -324,7 +325,7 @@ { /* TCP: actual accept() */ ret = client_ctx->fd = (int) accept( bind_ctx->fd, - (struct sockaddr *) &client_addr, &n ); + (struct sockaddr *) &client_addr, &n ); } else { Index: dll/3rdparty/mbedtls/pem.c =================================================================== --- dll/3rdparty/mbedtls/pem.c (revision 75080) +++ dll/3rdparty/mbedtls/pem.c (working copy) @@ -46,12 +46,12 @@ #define mbedtls_free free #endif +#if defined(MBEDTLS_PEM_PARSE_C) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if defined(MBEDTLS_PEM_PARSE_C) void mbedtls_pem_init( mbedtls_pem_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_pem_context ) ); @@ -251,7 +251,7 @@ enc = 0; - if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) @@ -264,22 +264,22 @@ #if defined(MBEDTLS_DES_C) - if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) + if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; s1 += 23; - if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 16; } - else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) + else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_CBC; s1 += 18; - if( pem_get_iv( s1, pem_iv, 8) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 16; @@ -287,9 +287,11 @@ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) + if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) { - if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if( s2 - s1 < 22 ) + return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); + else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) enc_alg = MBEDTLS_CIPHER_AES_128_CBC; else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) enc_alg = MBEDTLS_CIPHER_AES_192_CBC; @@ -299,7 +301,7 @@ return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); s1 += 22; - if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) + if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 32; @@ -318,7 +320,7 @@ ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } - if( s1 == s2 ) + if( s1 >= s2 ) return( MBEDTLS_ERR_PEM_INVALID_DATA ); ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); Index: dll/3rdparty/mbedtls/pk.c =================================================================== --- dll/3rdparty/mbedtls/pk.c (revision 75080) +++ dll/3rdparty/mbedtls/pk.c (working copy) @@ -31,6 +31,8 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h" +#include "mbedtls/bignum.h" + #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif @@ -41,6 +43,8 @@ #include "mbedtls/ecdsa.h" #endif +#include + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -211,6 +215,11 @@ int ret; const mbedtls_pk_rsassa_pss_options *pss_opts; +#if defined(MBEDTLS_HAVE_INT64) + if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* MBEDTLS_HAVE_INT64 */ + if( options == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -234,7 +243,7 @@ return( 0 ); #else return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); -#endif +#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ } /* General case: no options */ Index: dll/3rdparty/mbedtls/pk_wrap.c =================================================================== --- dll/3rdparty/mbedtls/pk_wrap.c (revision 75080) +++ dll/3rdparty/mbedtls/pk_wrap.c (working copy) @@ -32,6 +32,7 @@ /* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" +#include "mbedtls/bignum.h" #include @@ -51,6 +52,8 @@ #define mbedtls_free free #endif +#include + #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { @@ -76,6 +79,11 @@ { int ret; +#if defined(MBEDTLS_HAVE_INT64) + if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* MBEDTLS_HAVE_INT64 */ + if( sig_len < ((mbedtls_rsa_context *) ctx)->len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); @@ -95,6 +103,11 @@ unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { +#if defined(MBEDTLS_HAVE_INT64) + if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* MBEDTLS_HAVE_INT64 */ + *sig_len = ((mbedtls_rsa_context *) ctx)->len; return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, @@ -404,6 +417,11 @@ { mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; +#if defined(MBEDTLS_HAVE_INT64) + if( UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* MBEDTLS_HAVE_INT64 */ + *sig_len = rsa_alt->key_len_func( rsa_alt->key ); return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, Index: dll/3rdparty/mbedtls/pkparse.c =================================================================== --- dll/3rdparty/mbedtls/pkparse.c (revision 75080) +++ dll/3rdparty/mbedtls/pkparse.c (working copy) @@ -1189,12 +1189,12 @@ #endif /* MBEDTLS_PEM_PARSE_C */ /* - * At this point we only know it's not a PEM formatted key. Could be any - * of the known DER encoded private key formats - * - * We try the different DER format parsers to see if one passes without - * error - */ + * At this point we only know it's not a PEM formatted key. Could be any + * of the known DER encoded private key formats + * + * We try the different DER format parsers to see if one passes without + * error + */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, pwd, pwdlen ) ) == 0 ) Index: dll/3rdparty/mbedtls/platform.c =================================================================== --- dll/3rdparty/mbedtls/platform.c (revision 75080) +++ dll/3rdparty/mbedtls/platform.c (working copy) @@ -239,7 +239,7 @@ } fclose( file ); - return( n ); + return( (int)n ); } int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) @@ -257,7 +257,7 @@ } fclose( file ); - return( n ); + return( (int)n ); } #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ Index: dll/3rdparty/mbedtls/ssl_cookie.c =================================================================== --- dll/3rdparty/mbedtls/ssl_cookie.c (revision 75080) +++ dll/3rdparty/mbedtls/ssl_cookie.c (working copy) @@ -100,7 +100,7 @@ mbedtls_md_free( &ctx->hmac_ctx ); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_free( &ctx->mutex ); #endif mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); Index: dll/3rdparty/mbedtls/ssl_tls.c =================================================================== --- dll/3rdparty/mbedtls/ssl_tls.c (revision 75080) +++ dll/3rdparty/mbedtls/ssl_tls.c (working copy) @@ -3430,7 +3430,7 @@ if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) { - /* Dont check write errors as we can't do anything here. + /* Don't check write errors as we can't do anything here. * If the error is permanent we'll catch it later, * if it's not, then hopefully it'll work next time. */ (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); @@ -6008,8 +6008,9 @@ const char **p; /* - * "Empty strings MUST NOT be included and byte strings MUST NOT be - * truncated". Check lengths now rather than later. + * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings + * MUST NOT be truncated." + * We check lengths now rather than later. */ tot_len = 0; for( p = protos; *p != NULL; p++ ) @@ -6483,6 +6484,10 @@ */ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) { + size_t ep_len = ssl_ep_len( ssl ); + int in_ctr_cmp; + int out_ctr_cmp; + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) @@ -6490,8 +6495,12 @@ return( 0 ); } - if( memcmp( ssl->in_ctr, ssl->conf->renego_period, 8 ) <= 0 && - memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 ) + in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len ); + out_ctr_cmp = memcmp( ssl->out_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len ); + + if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) { return( 0 ); } @@ -7232,8 +7241,8 @@ #if defined(MBEDTLS_SSL_RENEGOTIATION) conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; - memset( conf->renego_period, 0xFF, 7 ); - conf->renego_period[7] = 0x00; + memset( conf->renego_period, 0x00, 2 ); + memset( conf->renego_period + 2, 0xFF, 6 ); #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) @@ -7587,7 +7596,7 @@ * and, for DTLS, to/from TLS equivalent. * * For TLS this is the identity. - * For DTLS, use one complement (v -> 255 - v, and then map as follows: + * For DTLS, use 1's complement (v -> 255 - v, and then map as follows: * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) */ @@ -7646,8 +7655,7 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: - ssl->handshake->calc_verify = ssl_calc_verify_tls; - break; + return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_SSL_HASH_SHA1: Index: dll/3rdparty/mbedtls/x509.c =================================================================== --- dll/3rdparty/mbedtls/x509.c (revision 75080) +++ dll/3rdparty/mbedtls/x509.c (working copy) @@ -482,14 +482,20 @@ } } -static int x509_parse_int(unsigned char **p, unsigned n, int *res){ +static int x509_parse_int( unsigned char **p, size_t n, int *res ) +{ *res = 0; - for( ; n > 0; --n ){ - if( ( **p < '0') || ( **p > '9' ) ) return MBEDTLS_ERR_X509_INVALID_DATE; + + for( ; n > 0; --n ) + { + if( ( **p < '0') || ( **p > '9' ) ) + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + *res *= 10; - *res += (*(*p)++ - '0'); + *res += ( *(*p)++ - '0' ); } - return 0; + + return( 0 ); } static int x509_date_is_valid(const mbedtls_x509_time *time) @@ -520,6 +526,70 @@ } /* + * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) + * field. + */ +static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, + mbedtls_x509_time *time ) +{ + int ret; + + /* + * Minimum length is 10 or 12 depending on yearlen + */ + if ( len < yearlen + 8 ) + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + len -= yearlen + 8; + + /* + * Parse year, month, day, hour, minute + */ + CHECK( x509_parse_int( p, yearlen, &time->year ) ); + if ( 2 == yearlen ) + { + if ( time->year < 50 ) + time->year += 100; + + time->year += 1900; + } + + CHECK( x509_parse_int( p, 2, &time->mon ) ); + CHECK( x509_parse_int( p, 2, &time->day ) ); + CHECK( x509_parse_int( p, 2, &time->hour ) ); + CHECK( x509_parse_int( p, 2, &time->min ) ); + + /* + * Parse seconds if present + */ + if ( len >= 2 ) + { + CHECK( x509_parse_int( p, 2, &time->sec ) ); + len -= 2; + } + else + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + + /* + * Parse trailing 'Z' if present + */ + if ( 1 == len && 'Z' == **p ) + { + (*p)++; + len--; + } + + /* + * We should have parsed all characters at this point + */ + if ( 0 != len ) + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + + CHECK( x509_date_is_valid( time ) ); + + return ( 0 ); +} + +/* * Time ::= CHOICE { * utcTime UTCTime, * generalTime GeneralizedTime } @@ -528,7 +598,7 @@ mbedtls_x509_time *time ) { int ret; - size_t len; + size_t len, year_len; unsigned char tag; if( ( end - *p ) < 1 ) @@ -538,55 +608,20 @@ tag = **p; if( tag == MBEDTLS_ASN1_UTC_TIME ) - { - (*p)++; - ret = mbedtls_asn1_get_len( p, end, &len ); - - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); - - CHECK( x509_parse_int( p, 2, &time->year ) ); - CHECK( x509_parse_int( p, 2, &time->mon ) ); - CHECK( x509_parse_int( p, 2, &time->day ) ); - CHECK( x509_parse_int( p, 2, &time->hour ) ); - CHECK( x509_parse_int( p, 2, &time->min ) ); - if( len > 10 ) - CHECK( x509_parse_int( p, 2, &time->sec ) ); - if( len > 12 && *(*p)++ != 'Z' ) - return( MBEDTLS_ERR_X509_INVALID_DATE ); - - time->year += 100 * ( time->year < 50 ); - time->year += 1900; - - CHECK( x509_date_is_valid( time ) ); - - return( 0 ); - } + year_len = 2; else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME ) - { - (*p)++; - ret = mbedtls_asn1_get_len( p, end, &len ); + year_len = 4; + else + return( MBEDTLS_ERR_X509_INVALID_DATE + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); + (*p)++; + ret = mbedtls_asn1_get_len( p, end, &len ); - CHECK( x509_parse_int( p, 4, &time->year ) ); - CHECK( x509_parse_int( p, 2, &time->mon ) ); - CHECK( x509_parse_int( p, 2, &time->day ) ); - CHECK( x509_parse_int( p, 2, &time->hour ) ); - CHECK( x509_parse_int( p, 2, &time->min ) ); - if( len > 12 ) - CHECK( x509_parse_int( p, 2, &time->sec ) ); - if( len > 14 && *(*p)++ != 'Z' ) - return( MBEDTLS_ERR_X509_INVALID_DATE ); + if( ret != 0 ) + return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); - CHECK( x509_date_is_valid( time ) ); - - return( 0 ); - } - else - return( MBEDTLS_ERR_X509_INVALID_DATE + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return x509_parse_time( p, len, year_len, time ); } int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ) @@ -663,7 +698,7 @@ /* * X.509 Extensions (No parsing of extensions, pointer should - * be either manually updated or extensions should be parsed! + * be either manually updated or extensions should be parsed!) */ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag ) Index: dll/3rdparty/mbedtls/x509_crl.c =================================================================== --- dll/3rdparty/mbedtls/x509_crl.c (revision 75080) +++ dll/3rdparty/mbedtls/x509_crl.c (working copy) @@ -527,16 +527,17 @@ if( ( ret = mbedtls_x509_crl_parse_der( chain, pem.buf, pem.buflen ) ) != 0 ) { + mbedtls_pem_free( &pem ); return( ret ); } - - mbedtls_pem_free( &pem ); } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + else if( is_pem ) { mbedtls_pem_free( &pem ); return( ret ); } + + mbedtls_pem_free( &pem ); } /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte. * And a valid CRL cannot be less than 1 byte anyway. */ Index: dll/3rdparty/mbedtls/x509_crt.c =================================================================== --- dll/3rdparty/mbedtls/x509_crt.c (revision 75080) +++ dll/3rdparty/mbedtls/x509_crt.c (working copy) @@ -971,10 +971,8 @@ */ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { -#ifndef __REACTOS__ +#if defined(MBEDTLS_PEM_PARSE_C) int success = 0, first_error = 0, total_failed = 0; -#endif -#if defined(MBEDTLS_PEM_PARSE_C) int buf_format = MBEDTLS_X509_FORMAT_DER; #endif @@ -1126,7 +1124,7 @@ p = filename + len; filename[len++] = '*'; - w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir, + w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, MAX_PATH - 3 ); if( w_ret == 0 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); @@ -1908,6 +1906,7 @@ int check_path_cnt; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md_info; + mbedtls_x509_crt *future_past_ca = NULL; if( mbedtls_x509_time_is_past( &child->valid_to ) ) *flags |= MBEDTLS_X509_BADCERT_EXPIRED; @@ -1962,23 +1961,27 @@ continue; } - if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) + if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, + child->sig_md, hash, mbedtls_md_get_size( md_info ), + child->sig.p, child->sig.len ) != 0 ) { continue; } - if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) + if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) || + mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) { - continue; - } + if ( future_past_ca == NULL ) + future_past_ca = trust_ca; - if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, - child->sig_md, hash, mbedtls_md_get_size( md_info ), - child->sig.p, child->sig.len ) != 0 ) - { continue; } + break; + } + + if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL ) + { /* * Top of chain is signed by a trusted CA */ @@ -1986,8 +1989,6 @@ if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - - break; } /* @@ -2007,6 +2008,12 @@ ((void) ca_crl); #endif + if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) + ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED; + + if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) + ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; + if( NULL != f_vrfy ) { if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, Index: dll/3rdparty/mbedtls/x509_csr.c =================================================================== --- dll/3rdparty/mbedtls/x509_csr.c (revision 75080) +++ dll/3rdparty/mbedtls/x509_csr.c (working copy) @@ -267,8 +267,8 @@ */ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) { +#if defined(MBEDTLS_PEM_PARSE_C) int ret; -#if defined(MBEDTLS_PEM_PARSE_C) size_t use_len; mbedtls_pem_context pem; #endif Index: sdk/include/reactos/libs/mbedtls/cmac.h =================================================================== --- sdk/include/reactos/libs/mbedtls/cmac.h (revision 75080) +++ sdk/include/reactos/libs/mbedtls/cmac.h (working copy) @@ -60,9 +60,13 @@ /** * \brief Set the CMAC key and prepare to authenticate the input * data. - * Should be called with an initialised cipher context. + * Should be called with an initialized cipher context. * - * \param ctx Cipher context + * \param ctx Cipher context. This should be a cipher context, + * initialized to be one of the following types: + * MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB, + * MBEDTLS_CIPHER_AES_256_ECB or + * MBEDTLS_CIPHER_DES_EDE3_ECB. * \param key CMAC key * \param keybits length of the CMAC key in bits * (must be acceptable by the cipher) @@ -117,7 +121,7 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); /** - * \brief Output = Generic_CMAC( hmac key, input buffer ) + * \brief Output = Generic_CMAC( cmac key, input buffer ) * * \param cipher_info message digest info * \param key CMAC key Index: sdk/include/reactos/libs/mbedtls/compat-1.3.h =================================================================== --- sdk/include/reactos/libs/mbedtls/compat-1.3.h (revision 75080) +++ sdk/include/reactos/libs/mbedtls/compat-1.3.h (working copy) @@ -2455,7 +2455,6 @@ #define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support #define ssl_set_authmode mbedtls_ssl_conf_authmode #define ssl_set_bio mbedtls_ssl_set_bio -#define ssl_set_bio mbedtls_ssl_set_bio_timeout #define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain #define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting #define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites Index: sdk/include/reactos/libs/mbedtls/config.h =================================================================== --- sdk/include/reactos/libs/mbedtls/config.h (revision 75080) +++ sdk/include/reactos/libs/mbedtls/config.h (working copy) @@ -1527,7 +1527,7 @@ * library/pkwrite.c * library/x509_create.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c */ #define MBEDTLS_ASN1_WRITE_C @@ -1890,7 +1890,7 @@ * * Enable the generic message digest layer. * - * Module: library/mbedtls_md.c + * Module: library/md.c * Caller: * * Uncomment to enable generic message digest wrappers. @@ -1902,7 +1902,7 @@ * * Enable the MD2 hash algorithm. * - * Module: library/mbedtls_md2.c + * Module: library/md2.c * Caller: * * Uncomment to enable support for (rare) MD2-signed X.509 certs. @@ -1914,7 +1914,7 @@ * * Enable the MD4 hash algorithm. * - * Module: library/mbedtls_md4.c + * Module: library/md4.c * Caller: * * Uncomment to enable support for (rare) MD4-signed X.509 certs. @@ -1926,8 +1926,8 @@ * * Enable the MD5 hash algorithm. * - * Module: library/mbedtls_md5.c - * Caller: library/mbedtls_md.c + * Module: library/md5.c + * Caller: library/md.c * library/pem.c * library/ssl_tls.c * @@ -1984,11 +1984,11 @@ * library/rsa.c * library/x509.c * library/x509_create.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c * * This modules translates between OIDs and internal values. */ @@ -2016,9 +2016,9 @@ * Module: library/pem.c * Caller: library/dhm.c * library/pkparse.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -2034,7 +2034,7 @@ * Module: library/pem.c * Caller: library/pkwrite.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -2064,8 +2064,8 @@ * Enable the generic public (asymetric) key parser. * * Module: library/pkparse.c - * Caller: library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * Caller: library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_PK_C * @@ -2156,8 +2156,8 @@ * * Enable the RIPEMD-160 hash algorithm. * - * Module: library/mbedtls_ripemd160.c - * Caller: library/mbedtls_md.c + * Module: library/ripemd160.c + * Caller: library/md.c * */ #define MBEDTLS_RIPEMD160_C @@ -2185,8 +2185,8 @@ * * Enable the SHA1 cryptographic hash algorithm. * - * Module: library/mbedtls_sha1.c - * Caller: library/mbedtls_md.c + * Module: library/sha1.c + * Caller: library/md.c * library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2201,9 +2201,9 @@ * * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. * - * Module: library/mbedtls_sha256.c + * Module: library/sha256.c * Caller: library/entropy.c - * library/mbedtls_md.c + * library/md.c * library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2218,9 +2218,9 @@ * * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. * - * Module: library/mbedtls_sha512.c + * Module: library/sha512.c * Caller: library/entropy.c - * library/mbedtls_md.c + * library/md.c * library/ssl_cli.c * library/ssl_srv.c * @@ -2368,9 +2368,9 @@ * Enable X.509 core for using certificates. * * Module: library/x509.c - * Caller: library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * Caller: library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, * MBEDTLS_PK_PARSE_C @@ -2384,7 +2384,7 @@ * * Enable X.509 certificate parsing. * - * Module: library/mbedtls_x509_crt.c + * Module: library/x509_crt.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2400,8 +2400,8 @@ * * Enable X.509 CRL parsing. * - * Module: library/mbedtls_x509_crl.c - * Caller: library/mbedtls_x509_crt.c + * Module: library/x509_crl.c + * Caller: library/x509_crt.c * * Requires: MBEDTLS_X509_USE_C * @@ -2414,7 +2414,7 @@ * * Enable X.509 Certificate Signing Request (CSR) parsing. * - * Module: library/mbedtls_x509_csr.c + * Module: library/x509_csr.c * Caller: library/x509_crt_write.c * * Requires: MBEDTLS_X509_USE_C Index: sdk/include/reactos/libs/mbedtls/rsa.h =================================================================== --- sdk/include/reactos/libs/mbedtls/rsa.h (revision 75080) +++ sdk/include/reactos/libs/mbedtls/rsa.h (working copy) @@ -208,7 +208,7 @@ * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note This function does NOT take care of message - * padding. Also, be sure to set input[0] = 0 or assure that + * padding. Also, be sure to set input[0] = 0 or ensure that * input is smaller than N. * * \note The input and output buffers must be large Index: sdk/include/reactos/libs/mbedtls/ssl.h =================================================================== --- sdk/include/reactos/libs/mbedtls/ssl.h (revision 75080) +++ sdk/include/reactos/libs/mbedtls/ssl.h (working copy) @@ -1148,7 +1148,7 @@ * * \note See the documentation of \c mbedtls_ssl_set_timer_t and * \c mbedtls_ssl_get_timer_t for the conventions this pair of - * callbacks must fallow. + * callbacks must follow. * * \note On some platforms, timing.c provides * \c mbedtls_timing_set_delay() and @@ -2185,7 +2185,7 @@ /** * \brief Set record counter threshold for periodic renegotiation. - * (Default: 2^64 - 256.) + * (Default: 2^48 - 1) * * Renegotiation is automatically triggered when a record * counter (outgoing or ingoing) crosses the defined @@ -2196,9 +2196,17 @@ * Lower values can be used to enforce policies such as "keys * must be refreshed every N packets with cipher X". * + * The renegotiation period can be disabled by setting + * conf->disable_renegotiation to + * MBEDTLS_SSL_RENEGOTIATION_DISABLED. + * + * \note When the configured transport is + * MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation + * period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM, + * the maximum renegotiation period is 2^64 - 1. + * * \param conf SSL configuration * \param period The threshold value: a big-endian 64-bit number. - * Set to 2^64 - 1 to disable periodic renegotiation */ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, const unsigned char period[8] ); @@ -2430,7 +2438,7 @@ * \param len how many bytes must be written * * \return the number of bytes actually written (may be less than len), - * or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ, + * or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ, * or another negative error code. * * \note If this function returns something other than a positive @@ -2515,7 +2523,6 @@ * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS * \param preset a MBEDTLS_SSL_PRESET_XXX value - * (currently unused). * * \note See \c mbedtls_ssl_conf_transport() for notes on DTLS. * Index: sdk/include/reactos/libs/mbedtls/version.h =================================================================== --- sdk/include/reactos/libs/mbedtls/version.h (revision 75080) +++ sdk/include/reactos/libs/mbedtls/version.h (working copy) @@ -41,7 +41,7 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 4 -#define MBEDTLS_VERSION_PATCH 0 +#define MBEDTLS_VERSION_PATCH 2 /** * The single version number has the following structure: @@ -48,9 +48,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02040000 -#define MBEDTLS_VERSION_STRING "2.4.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.0" +#define MBEDTLS_VERSION_NUMBER 0x02040200 +#define MBEDTLS_VERSION_STRING "2.4.2" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.2" #if defined(MBEDTLS_VERSION_C) Index: sdk/include/reactos/libs/mbedtls/x509.h =================================================================== --- sdk/include/reactos/libs/mbedtls/x509.h (revision 75080) +++ sdk/include/reactos/libs/mbedtls/x509.h (working copy) @@ -159,7 +159,7 @@ #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) #define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14) -#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */ +#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* * Storage format identifiers