Hello community, here is the log from the commit of package mbedtls for openSUSE:Factory checked in at 2016-07-21 07:52:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mbedtls (Old) and /work/SRC/openSUSE:Factory/.mbedtls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mbedtls" Changes: -------- --- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes 2016-01-15 10:38:40.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.mbedtls.new/mbedtls.changes 2016-07-21 07:53:01.000000000 +0200 @@ -1,0 +2,33 @@ +Thu Jul 14 12:00:56 UTC 2016 - [email protected] + +- Update to version 1.3.17 (boo#988956): + * Security + + Fix missing padding length check in + mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 + + Fix a potential integer underflow to buffer overread in + mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable + remotely in SSL/TLS. + + Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and + mbedtls_rsa_rsaes_oaep_encrypt + * Bugfix + + Fix bug in mbedtls_mpi_add_mpi() that caused wrong results + when the three arguments where the same (in-place doubling). + Found and fixed by Janos Follath. #309 + + Fix issue in Makefile that prevented building using armar. + + Fix issue that caused a hang up when generating RSA keys of + odd bitlength + + Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made + null pointer dereference possible. + + Fix issue that caused a crash if invalid curves were passed + to mbedtls_ssl_conf_curves. #373 + * Changes + + On ARM platforms, when compiling with -O0 with GCC, Clang or + armcc5, don't use the optimized assembly for bignum + multiplication. This removes the need to pass + -fomit-frame-pointer to avoid a build error with -O0. + + Disabled SSLv3 in the default configuration. + + Fix non-compliance server extension handling. Extensions for + SSLv3 are now ignored, as required by RFC6101. + +------------------------------------------------------------------- Old: ---- mbedtls-1.3.16-gpl.tgz New: ---- mbedtls-1.3.17-gpl.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mbedtls.spec ++++++ --- /var/tmp/diff_new_pack.U6XBxK/_old 2016-07-21 07:53:02.000000000 +0200 +++ /var/tmp/diff_new_pack.U6XBxK/_new 2016-07-21 07:53:02.000000000 +0200 @@ -18,7 +18,7 @@ %define lib_name lib%{name}9 Name: mbedtls -Version: 1.3.16 +Version: 1.3.17 Release: 0 Summary: Open Source embedded SSL/TLS cryptographic library License: GPL-2.0+ @@ -27,7 +27,7 @@ Source: https://tls.mbed.org/download/%{name}-%{version}-gpl.tgz Source99: baselibs.conf BuildRequires: cmake -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -76,7 +76,6 @@ make -C build test %{?_smp_mflags} %post -n %{lib_name} -p /sbin/ldconfig - %postun -n %{lib_name} -p /sbin/ldconfig %files devel ++++++ mbedtls-1.3.16-gpl.tgz -> mbedtls-1.3.17-gpl.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/ChangeLog new/mbedtls-1.3.17/ChangeLog --- old/mbedtls-1.3.16/ChangeLog 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/ChangeLog 2016-06-27 21:00:26.000000000 +0200 @@ -1,12 +1,45 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.3.17 branch 2016-06-28 + +Security + * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt + required by PKCS1 v2.2 + * Fix a potential integer underflow to buffer overread in + mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in + SSL/TLS. + * Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + +Bugfix + * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three + arguments where the same (in-place doubling). Found and fixed by Janos + Follath. #309 + * Fix issue in Makefile that prevented building using armar. #386 + * Fix issue that caused a hang up when generating RSA keys of odd bitlength + * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer + dereference possible. + * Fix issue that caused a crash if invalid curves were passed to + mbedtls_ssl_conf_curves. #373 + +Changes + * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, + don't use the optimized assembly for bignum multiplication. This removes + the need to pass -fomit-frame-pointer to avoid a build error with -O0. + * Disabled SSLv3 in the default configuration. + * Fix non-compliance server extension handling. Extensions for SSLv3 are now + ignored, as required by RFC6101. + = mbed TLS 1.3.16 released 2016-01-05 Security * Fix potential double free when mbedtls_asn1_store_named_data() fails to allocate memory. Only used for certificate generation, not triggerable remotely in SSL/TLS. Found by RafaĆ Przywara. #367 - * Disable MD5 handshake signatures in TLS 1.2 by default + * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the + SLOTH attack on TLS 1.2 server authentication (other attacks from the + SLOTH paper do not apply to any version of mbed TLS or PolarSSL). + https://www.mitls.org/pages/attacks/SLOTH Bugfix * Fix over-restricive length limit in GCM. Found by Andreas-N. #362 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/doxygen/input/doc_mainpage.h new/mbedtls-1.3.17/doxygen/input/doc_mainpage.h --- old/mbedtls-1.3.16/doxygen/input/doc_mainpage.h 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/doxygen/input/doc_mainpage.h 2016-06-27 21:00:26.000000000 +0200 @@ -4,7 +4,7 @@ */ /** - * @mainpage mbed TLS v1.3.16 source code documentation + * @mainpage mbed TLS v1.3.17 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/doxygen/mbedtls.doxyfile new/mbedtls-1.3.17/doxygen/mbedtls.doxyfile --- old/mbedtls-1.3.16/doxygen/mbedtls.doxyfile 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/doxygen/mbedtls.doxyfile 2016-06-27 21:00:26.000000000 +0200 @@ -28,7 +28,7 @@ # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v1.3.16" +PROJECT_NAME = "mbed TLS v1.3.17" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/include/polarssl/bn_mul.h new/mbedtls-1.3.17/include/polarssl/bn_mul.h --- old/mbedtls-1.3.16/include/polarssl/bn_mul.h 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/include/polarssl/bn_mul.h 2016-06-27 21:00:26.000000000 +0200 @@ -560,7 +560,23 @@ #endif /* TriCore */ -#if defined(__arm__) +/* + * gcc -O0 by default uses r7 for the frame pointer, so it complains about our + * use of r7 below, unless -fomit-frame-pointer is passed. Unfortunately, + * passing that option is not easy when building with yotta. + * + * On the other hand, -fomit-frame-pointer is implied by any -Ox options with + * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by + * clang and armcc5 under the same conditions). + * + * So, only use the optimized assembly below for optimized build, which avoids + * the build error and is pretty reasonable anyway. + */ +#if defined(__GNUC__) && !defined(__OPTIMIZE__) +#define CANNOT_USE_R7 +#endif + +#if defined(__arm__) && !defined(CANNOT_USE_R7) #if defined(__thumb__) && !defined(__thumb2__) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/include/polarssl/config.h new/mbedtls-1.3.17/include/polarssl/config.h --- old/mbedtls-1.3.16/include/polarssl/config.h 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/include/polarssl/config.h 2016-06-27 21:00:26.000000000 +0200 @@ -1012,7 +1012,7 @@ * * Comment this macro to disable support for SSL 3.0 */ -#define POLARSSL_SSL_PROTO_SSL3 +//#define POLARSSL_SSL_PROTO_SSL3 /** * \def POLARSSL_SSL_PROTO_TLS1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/include/polarssl/version.h new/mbedtls-1.3.17/include/polarssl/version.h --- old/mbedtls-1.3.16/include/polarssl/version.h 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/include/polarssl/version.h 2016-06-27 21:00:26.000000000 +0200 @@ -40,16 +40,16 @@ */ #define POLARSSL_VERSION_MAJOR 1 #define POLARSSL_VERSION_MINOR 3 -#define POLARSSL_VERSION_PATCH 16 +#define POLARSSL_VERSION_PATCH 17 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define POLARSSL_VERSION_NUMBER 0x01031000 -#define POLARSSL_VERSION_STRING "1.3.16" -#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.16" +#define POLARSSL_VERSION_NUMBER 0x01031100 +#define POLARSSL_VERSION_STRING "1.3.17" +#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.17" #if defined(POLARSSL_VERSION_C) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/library/CMakeLists.txt new/mbedtls-1.3.17/library/CMakeLists.txt --- old/mbedtls-1.3.16/library/CMakeLists.txt 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/library/CMakeLists.txt 2016-06-27 21:00:26.000000000 +0200 @@ -117,7 +117,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedtls SHARED ${src}) - set_target_properties(mbedtls PROPERTIES VERSION 1.3.16 SOVERSION 9) + set_target_properties(mbedtls PROPERTIES VERSION 1.3.17 SOVERSION 9) target_link_libraries(mbedtls ${libs}) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/library/Makefile new/mbedtls-1.3.17/library/Makefile --- old/mbedtls-1.3.16/library/Makefile 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/library/Makefile 2016-06-27 21:00:26.000000000 +0200 @@ -93,9 +93,9 @@ libmbedtls.a: $(OBJS) echo " AR $@" - $(AR) rc $@ $(OBJS) + $(AR) -rc $@ $(OBJS) echo " RL $@" - $(AR) s $@ + $(AR) -s $@ libpolarssl.$(DLEXT): libmbedtls.$(DLEXT) echo " LN $@ -> $?" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/library/bignum.c new/mbedtls-1.3.17/library/bignum.c --- old/mbedtls-1.3.16/library/bignum.c 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/library/bignum.c 2016-06-27 21:00:26.000000000 +0200 @@ -889,7 +889,7 @@ { int ret; size_t i, j; - t_uint *o, *p, c; + t_uint *o, *p, c, tmp; if( X == B ) { @@ -912,10 +912,14 @@ o = B->p; p = X->p; c = 0; + /* + * tmp is used because it might happen that p == o + */ for( i = 0; i < j; i++, o++, p++ ) { + tmp= *o; *p += c; c = ( *p < c ); - *p += *o; c += ( *p < *o ); + *p += tmp; c += ( *p < tmp ); } while( c != 0 ) @@ -930,7 +934,6 @@ } cleanup: - return( ret ); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/library/net.c new/mbedtls-1.3.17/library/net.c --- old/mbedtls-1.3.16/library/net.c 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/library/net.c 2016-06-27 21:00:26.000000000 +0200 @@ -500,15 +500,19 @@ */ void net_usleep( unsigned long usec ) { +#if defined(_WIN32) + Sleep( ( usec + 999 ) / 1000 ); +#else struct timeval tv; tv.tv_sec = usec / 1000000; -#if !defined(_WIN32) && ( defined(__unix__) || defined(__unix) || \ - ( defined(__APPLE__) && defined(__MACH__) ) ) +#if defined(__unix__) || defined(__unix) || \ + ( defined(__APPLE__) && defined(__MACH__) ) tv.tv_usec = (suseconds_t) usec % 1000000; #else tv.tv_usec = usec % 1000000; #endif select( 0, NULL, NULL, NULL, &tv ); +#endif } #endif /* POLARSSL_HAVE_TIME */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/library/rsa.c new/mbedtls-1.3.17/library/rsa.c --- old/mbedtls-1.3.16/library/rsa.c 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/library/rsa.c 2016-06-27 21:00:26.000000000 +0200 @@ -97,7 +97,8 @@ if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); - mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G ); + mpi_init( &P1 ); mpi_init( &Q1 ); + mpi_init( &H ); mpi_init( &G ); /* * find primes P and Q with Q < P so that: @@ -107,14 +108,19 @@ do { - MPI_CHK( mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0, + MPI_CHK( mpi_gen_prime( &ctx->P, nbits >> 1, 0, f_rng, p_rng ) ); - MPI_CHK( mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0, + if( nbits % 2 ) + { + MPI_CHK( mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0, f_rng, p_rng ) ); - - if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) - mpi_swap( &ctx->P, &ctx->Q ); + } + else + { + MPI_CHK( mpi_gen_prime( &ctx->Q, nbits >> 1, 0, + f_rng, p_rng ) ); + } if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; @@ -519,7 +525,8 @@ olen = ctx->len; hlen = md_get_size( md_info ); - if( olen < ilen + 2 * hlen + 2 ) + // first comparison checks for overflow + if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); memset( output, 0, olen ); @@ -580,12 +587,14 @@ if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V15 ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); - if( f_rng == NULL ) + // We don't check p_rng because it won't be dereferenced here + if( f_rng == NULL || input == NULL || output == NULL ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - if( olen < ilen + 11 ) + // first comparison checks for overflow + if( ilen + 11 < ilen || olen < ilen + 11 ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); nb_pad = olen - 3 - ilen; @@ -695,6 +704,12 @@ if( md_info == NULL ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + hlen = md_get_size( md_info ); + + // checking for integer underflow + if( 2 * hlen + 2 > ilen ) + return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + /* * RSA operation */ @@ -710,6 +725,10 @@ */ hlen = md_get_size( md_info ); + // checking for integer underflow + if( 2 * hlen + 2 > ilen ) + return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + md_init( &md_ctx ); md_init_ctx( &md_ctx, md_info ); @@ -844,6 +863,8 @@ bad |= *p++; /* Must be zero */ } + bad |= ( pad_count < 8 ); + if( bad ) return( POLARSSL_ERR_RSA_INVALID_PADDING ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/library/ssl_cli.c new/mbedtls-1.3.17/library/ssl_cli.c --- old/mbedtls-1.3.16/library/ssl_cli.c 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/library/ssl_cli.c 2016-06-27 21:00:26.000000000 +0200 @@ -330,6 +330,12 @@ for( info = ecp_curve_list(); info->grp_id != POLARSSL_ECP_DP_NONE; info++ ) { #endif + if( info == NULL ) + { + SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); + return; + } + elliptic_curve_len += 2; } @@ -349,7 +355,6 @@ for( info = ecp_curve_list(); info->grp_id != POLARSSL_ECP_DP_NONE; info++ ) { #endif - elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/library/ssl_srv.c new/mbedtls-1.3.17/library/ssl_srv.c --- old/mbedtls-1.3.16/library/ssl_srv.c 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/library/ssl_srv.c 2016-06-27 21:00:26.000000000 +0200 @@ -1564,154 +1564,164 @@ } #endif /* POLARSSL_SSL_FALLBACK_SCSV */ - ext = buf + 44 + sess_len + ciph_len + comp_len; - - while( ext_len ) + /* Do not parse the extensions if the protocol is SSLv3 */ +#if defined(POLARSSL_SSL_PROTO_SSL3) + if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) { - unsigned int ext_id = ( ( ext[0] << 8 ) - | ( ext[1] ) ); - unsigned int ext_size = ( ( ext[2] << 8 ) - | ( ext[3] ) ); +#endif - if( ext_size + 4 > ext_len ) - { - SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - switch( ext_id ) + ext = buf + 44 + sess_len + ciph_len + comp_len; + + while( ext_len ) { -#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) - case TLS_EXT_SERVERNAME: - SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) ); - if( ssl->f_sni == NULL ) - break; - - ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */ - - case TLS_EXT_RENEGOTIATION_INFO: - SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) ); -#if defined(POLARSSL_SSL_RENEGOTIATION) - renegotiation_info_seen = 1; -#endif + unsigned int ext_id = ( ( ext[0] << 8 ) + | ( ext[1] ) ); + unsigned int ext_size = ( ( ext[2] << 8 ) + | ( ext[3] ) ); + + if( ext_size + 4 > ext_len ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + switch( ext_id ) + { + #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) + case TLS_EXT_SERVERNAME: + SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) ); + if( ssl->f_sni == NULL ) + break; + + ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */ - ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; - -#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ - defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) - case TLS_EXT_SIG_ALG: - SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); -#if defined(POLARSSL_SSL_RENEGOTIATION) - if( ssl->renegotiation == SSL_RENEGOTIATION ) + case TLS_EXT_RENEGOTIATION_INFO: + SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) ); + #if defined(POLARSSL_SSL_RENEGOTIATION) + renegotiation_info_seen = 1; + #endif + + ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); break; -#endif - ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_PROTO_TLS1_2 && - POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ - -#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) - case TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: - SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) ); - - ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; - - case TLS_EXT_SUPPORTED_POINT_FORMATS: - SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) ); - ssl->handshake->cli_exts |= TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; - - ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */ - -#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) - case TLS_EXT_MAX_FRAGMENT_LENGTH: - SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) ); - - ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(POLARSSL_SSL_TRUNCATED_HMAC) - case TLS_EXT_TRUNCATED_HMAC: - SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) ); - - ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_TRUNCATED_HMAC */ - -#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC) - case TLS_EXT_ENCRYPT_THEN_MAC: - SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) ); - - ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */ - -#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET) - case TLS_EXT_EXTENDED_MASTER_SECRET: - SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) ); - - ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(POLARSSL_SSL_SESSION_TICKETS) - case TLS_EXT_SESSION_TICKET: - SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) ); - - ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_SESSION_TICKETS */ - -#if defined(POLARSSL_SSL_ALPN) - case TLS_EXT_ALPN: - SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); - - ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* POLARSSL_SSL_SESSION_TICKETS */ - - default: - SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", - ext_id ) ); - } + #if defined(POLARSSL_SSL_PROTO_TLS1_2) && \ + defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED) + case TLS_EXT_SIG_ALG: + SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); + #if defined(POLARSSL_SSL_RENEGOTIATION) + if( ssl->renegotiation == SSL_RENEGOTIATION ) + break; + #endif + + ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_PROTO_TLS1_2 && + POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */ - ext_len -= 4 + ext_size; - ext += 4 + ext_size; + #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) + case TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: + SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) ); + + ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; - if( ext_len > 0 && ext_len < 4 ) - { - SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + case TLS_EXT_SUPPORTED_POINT_FORMATS: + SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) ); + ssl->handshake->cli_exts |= TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; + + ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */ + + #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) + case TLS_EXT_MAX_FRAGMENT_LENGTH: + SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) ); + + ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ + + #if defined(POLARSSL_SSL_TRUNCATED_HMAC) + case TLS_EXT_TRUNCATED_HMAC: + SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) ); + + ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_TRUNCATED_HMAC */ + + #if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC) + case TLS_EXT_ENCRYPT_THEN_MAC: + SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) ); + + ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */ + + #if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET) + case TLS_EXT_EXTENDED_MASTER_SECRET: + SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) ); + + ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */ + + #if defined(POLARSSL_SSL_SESSION_TICKETS) + case TLS_EXT_SESSION_TICKET: + SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) ); + + ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_SESSION_TICKETS */ + + #if defined(POLARSSL_SSL_ALPN) + case TLS_EXT_ALPN: + SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); + + ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; + #endif /* POLARSSL_SSL_SESSION_TICKETS */ + + default: + SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", + ext_id ) ); + } + + ext_len -= 4 + ext_size; + ext += 4 + ext_size; + + if( ext_len > 0 && ext_len < 4 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } } + +#if defined(POLARSSL_SSL_PROTO_SSL3) } +#endif /* * Renegotiation security checks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/programs/pkey/rsa_decrypt.c new/mbedtls-1.3.17/programs/pkey/rsa_decrypt.c --- old/mbedtls-1.3.16/programs/pkey/rsa_decrypt.c 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/programs/pkey/rsa_decrypt.c 2016-06-27 21:00:26.000000000 +0200 @@ -30,7 +30,9 @@ #include "polarssl/platform.h" #else #include <stdio.h> +#include <stdlib.h> #define polarssl_printf printf +#define polarssl_exit exit #endif #if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \ @@ -58,7 +60,7 @@ int main( int argc, char *argv[] ) { FILE *f; - int ret, c; + int return_val, exit_val, c; size_t i; rsa_context rsa; entropy_context entropy; @@ -69,7 +71,7 @@ ((void) argv); memset(result, 0, sizeof( result ) ); - ret = 1; + exit_val = 0; if( argc != 1 ) { @@ -79,18 +81,23 @@ polarssl_printf( "\n" ); #endif - goto exit; + polarssl_exit( 1 ); } polarssl_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); entropy_init( &entropy ); - if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + rsa_init( &rsa, RSA_PKCS_V15, 0 ); + + return_val = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) + strlen( pers ) ); + if( return_val != 0 ) { - polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + exit_val = 1; + polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", + return_val ); goto exit; } @@ -99,23 +106,24 @@ if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL ) { + exit_val = 1; polarssl_printf( " failed\n ! Could not open rsa_priv.txt\n" \ " ! Please run rsa_genkey first\n\n" ); goto exit; } - rsa_init( &rsa, RSA_PKCS_V15, 0 ); - - if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 || - ( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 || - ( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 || - ( ret = mpi_read_file( &rsa.P , 16, f ) ) != 0 || - ( ret = mpi_read_file( &rsa.Q , 16, f ) ) != 0 || - ( ret = mpi_read_file( &rsa.DP, 16, f ) ) != 0 || - ( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || - ( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) - { - polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", ret ); + if( ( return_val = mpi_read_file( &rsa.N , 16, f ) ) != 0 || + ( return_val = mpi_read_file( &rsa.E , 16, f ) ) != 0 || + ( return_val = mpi_read_file( &rsa.D , 16, f ) ) != 0 || + ( return_val = mpi_read_file( &rsa.P , 16, f ) ) != 0 || + ( return_val = mpi_read_file( &rsa.Q , 16, f ) ) != 0 || + ( return_val = mpi_read_file( &rsa.DP, 16, f ) ) != 0 || + ( return_val = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || + ( return_val = mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) + { + exit_val = 1; + polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", + return_val ); goto exit; } @@ -126,10 +134,9 @@ /* * Extract the RSA encrypted value from the text file */ - ret = 1; - if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL ) { + exit_val = 1; polarssl_printf( "\n ! Could not open %s\n\n", "result-enc.txt" ); goto exit; } @@ -144,6 +151,7 @@ if( i != rsa.len ) { + exit_val = 1; polarssl_printf( "\n ! Invalid RSA signature format\n\n" ); goto exit; } @@ -154,11 +162,13 @@ polarssl_printf( "\n . Decrypting the encrypted data" ); fflush( stdout ); - if( ( ret = rsa_pkcs1_decrypt( &rsa, ctr_drbg_random, &ctr_drbg, - RSA_PRIVATE, &i, buf, result, - 1024 ) ) != 0 ) - { - polarssl_printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret ); + if( ( return_val = rsa_pkcs1_decrypt( &rsa, ctr_drbg_random, &ctr_drbg, + RSA_PRIVATE, &i, buf, result, + 1024 ) ) != 0 ) + { + exit_val = 1; + polarssl_printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", + return_val ); goto exit; } @@ -166,17 +176,16 @@ polarssl_printf( "The decrypted result is: '%s'\n\n", result ); - ret = 0; - exit: ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); + rsa_free( &rsa ); #if defined(_WIN32) polarssl_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif - return( ret ); + return( exit_val ); } #endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_FS_IO */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/programs/pkey/rsa_encrypt.c new/mbedtls-1.3.17/programs/pkey/rsa_encrypt.c --- old/mbedtls-1.3.16/programs/pkey/rsa_encrypt.c 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/programs/pkey/rsa_encrypt.c 2016-06-27 21:00:26.000000000 +0200 @@ -30,8 +30,10 @@ #include "polarssl/platform.h" #else #include <stdio.h> +#include <stdlib.h> #define polarssl_fprintf fprintf #define polarssl_printf printf +#define polarssl_exit exit #endif #if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \ @@ -59,7 +61,7 @@ int main( int argc, char *argv[] ) { FILE *f; - int ret; + int return_val, exit_val; size_t i; rsa_context rsa; entropy_context entropy; @@ -68,7 +70,7 @@ unsigned char buf[512]; const char *pers = "rsa_encrypt"; - ret = 1; + exit_val = 0; if( argc != 2 ) { @@ -78,18 +80,24 @@ polarssl_printf( "\n" ); #endif - goto exit; + polarssl_exit( 1 ); } polarssl_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); entropy_init( &entropy ); - if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + rsa_init( &rsa, RSA_PKCS_V15, 0 ); + + return_val = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ); + + if( return_val != 0 ) + { + exit_val = 1; + polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", + return_val ); goto exit; } @@ -98,18 +106,18 @@ if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL ) { - ret = 1; + exit_val = 1; polarssl_printf( " failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n" ); + " ! Please run rsa_genkey first\n\n" ); goto exit; } - rsa_init( &rsa, RSA_PKCS_V15, 0 ); - - if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 || - ( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + if( ( return_val = mpi_read_file( &rsa.N, 16, f ) ) != 0 || + ( return_val = mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { - polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", ret ); + exit_val = 1; + polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", + return_val ); goto exit; } @@ -119,6 +127,7 @@ if( strlen( argv[1] ) > 100 ) { + exit_val = 1; polarssl_printf( " Input data larger than 100 characters.\n\n" ); goto exit; } @@ -131,11 +140,13 @@ polarssl_printf( "\n . Generating the RSA encrypted value" ); fflush( stdout ); - if( ( ret = rsa_pkcs1_encrypt( &rsa, ctr_drbg_random, &ctr_drbg, - RSA_PUBLIC, strlen( argv[1] ), - input, buf ) ) != 0 ) - { - polarssl_printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret ); + if( ( return_val = rsa_pkcs1_encrypt( &rsa, ctr_drbg_random, &ctr_drbg, + RSA_PUBLIC, strlen( argv[1] ), + input, buf ) ) != 0 ) + { + exit_val = 1; + polarssl_printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", + return_val ); goto exit; } @@ -144,7 +155,7 @@ */ if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL ) { - ret = 1; + exit_val = 1; polarssl_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" ); goto exit; } @@ -160,13 +171,14 @@ exit: ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); + rsa_free( &rsa ); #if defined(_WIN32) polarssl_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif - return( ret ); + return( exit_val ); } #endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_ENTROPY_C && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/programs/pkey/rsa_sign.c new/mbedtls-1.3.17/programs/pkey/rsa_sign.c --- old/mbedtls-1.3.16/programs/pkey/rsa_sign.c 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/programs/pkey/rsa_sign.c 2016-06-27 21:00:26.000000000 +0200 @@ -67,6 +67,7 @@ unsigned char buf[POLARSSL_MPI_MAX_SIZE]; char filename[512]; + rsa_init( &rsa, RSA_PKCS_V15, 0 ); ret = 1; if( argc != 2 ) @@ -91,8 +92,6 @@ goto exit; } - rsa_init( &rsa, RSA_PKCS_V15, 0 ); - if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 || ( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 || ( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 || @@ -160,6 +159,8 @@ exit: + rsa_free( &rsa ); + #if defined(_WIN32) polarssl_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/programs/pkey/rsa_verify.c new/mbedtls-1.3.17/programs/pkey/rsa_verify.c --- old/mbedtls-1.3.16/programs/pkey/rsa_verify.c 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/programs/pkey/rsa_verify.c 2016-06-27 21:00:26.000000000 +0200 @@ -66,7 +66,9 @@ unsigned char buf[POLARSSL_MPI_MAX_SIZE]; char filename[512]; + rsa_init( &rsa, RSA_PKCS_V15, 0 ); ret = 1; + if( argc != 2 ) { polarssl_printf( "usage: rsa_verify <filename>\n" ); @@ -88,8 +90,6 @@ goto exit; } - rsa_init( &rsa, RSA_PKCS_V15, 0 ); - if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 || ( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { @@ -152,6 +152,8 @@ exit: + rsa_free( &rsa ); + #if defined(_WIN32) polarssl_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/tests/CMakeLists.txt new/mbedtls-1.3.17/tests/CMakeLists.txt --- old/mbedtls-1.3.16/tests/CMakeLists.txt 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/tests/CMakeLists.txt 2016-06-27 21:00:26.000000000 +0200 @@ -77,6 +77,7 @@ add_test_suite(mpi) add_test_suite(pbkdf2) add_test_suite(pem) +add_test_suite(pkcs1_v15) add_test_suite(pkcs1_v21) add_test_suite(pkcs5) add_test_suite(pk) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/tests/Makefile new/mbedtls-1.3.17/tests/Makefile --- old/mbedtls-1.3.16/tests/Makefile 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/tests/Makefile 2016-06-27 21:00:26.000000000 +0200 @@ -75,7 +75,7 @@ test_suite_md$(EXEXT) test_suite_mdx$(EXEXT) \ test_suite_memory_buffer_alloc$(EXEXT) \ test_suite_mpi$(EXEXT) test_suite_pbkdf2$(EXEXT) \ - test_suite_pem$(EXEXT) \ + test_suite_pem$(EXEXT) test_suite_pkcs1_v15$(EXEXT) \ test_suite_pkcs1_v21$(EXEXT) test_suite_pkcs5$(EXEXT) \ test_suite_pkparse$(EXEXT) test_suite_pkwrite$(EXEXT) \ test_suite_pk$(EXEXT) \ @@ -367,6 +367,10 @@ echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test_suite_pkcs1_v15$(EXEXT): test_suite_pkcs1_v15.c $(DEP) + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + test_suite_pkcs1_v21$(EXEXT): test_suite_pkcs1_v21.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/tests/compat.sh new/mbedtls-1.3.17/tests/compat.sh --- old/mbedtls-1.3.16/tests/compat.sh 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/tests/compat.sh 2016-06-27 21:00:26.000000000 +0200 @@ -45,7 +45,7 @@ fi # default values for options -MODES="ssl3 tls1 tls1_1 tls1_2" +MODES="tls1 tls1_1 tls1_2" VERIFIES="NO YES" TYPES="ECDSA RSA PSK" FILTER="" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/tests/scripts/all.sh new/mbedtls-1.3.17/tests/scripts/all.sh --- old/mbedtls-1.3.16/tests/scripts/all.sh 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/tests/scripts/all.sh 2016-06-27 21:00:26.000000000 +0200 @@ -103,6 +103,27 @@ ./compat.sh cd .. +msg "build: Default + SSLv3 (ASan build)" # ~ 6 min +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set POLARSSL_SSL_PROTO_SSL3 +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make + +msg "test: SSLv3 - main suites and selftest (ASan build)" # ~ 50s +make test +programs/test/selftest + +msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min +cd tests +./compat.sh -m 'ssl3 tls1 tls1_1 tls1_2' +cd .. + +msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min +cd tests +./ssl-opt.sh +cd .. + msg "build: cmake, full config, clang" # ~ 50s cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -213,7 +234,8 @@ scripts/config.pl unset POLARSSL_THREADING_C scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset POLARSSL_MEMORY_BUFFER_ALLOC_C # calls exit -CC=armcc WARNING_CFLAGS= make lib 2> armcc.stderr +CC=armcc AR=armar WARNING_CFLAGS= +make lib 2> armcc.stderr if [ -s armcc.stderr ]; then cat armcc.stderr exit 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/tests/ssl-opt.sh new/mbedtls-1.3.17/tests/ssl-opt.sh --- old/mbedtls-1.3.16/tests/ssl-opt.sh 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/tests/ssl-opt.sh 2016-06-27 21:00:26.000000000 +0200 @@ -66,6 +66,13 @@ done } +# skip next test if the flag is not enabled in config.h +requires_config_enabled() { + if grep "^#define $1" $CONFIG_H > /dev/null; then :; else + SKIP_NEXT="YES" + fi +} + # skip next test if OpenSSL can't send SSLv2 ClientHello requires_openssl_with_sslv2() { if [ -z "${OPENSSL_HAS_SSL2:-}" ]; then @@ -560,6 +567,7 @@ -C "using encrypt then mac" \ -S "using encrypt then mac" +requires_config_enabled POLARSSL_SSL_PROTO_SSL3 run_test "Encrypt then MAC: client SSLv3, server enabled" \ "$P_SRV debug_level=3 min_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -572,13 +580,14 @@ -C "using encrypt then mac" \ -S "using encrypt then mac" +requires_config_enabled POLARSSL_SSL_PROTO_SSL3 run_test "Encrypt then MAC: client enabled, server SSLv3" \ "$P_SRV debug_level=3 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3 min_version=ssl3" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \ - -s "found encrypt then mac extension" \ + -S "found encrypt then mac extension" \ -S "server hello, adding encrypt then mac extension" \ -C "found encrypt_then_mac extension" \ -C "using encrypt then mac" \ @@ -619,6 +628,7 @@ -C "using extended master secret" \ -S "using extended master secret" +requires_config_enabled POLARSSL_SSL_PROTO_SSL3 run_test "Extended Master Secret: client SSLv3, server enabled" \ "$P_SRV debug_level=3 min_version=ssl3" \ "$P_CLI debug_level=3 force_version=ssl3" \ @@ -630,12 +640,13 @@ -C "using extended master secret" \ -S "using extended master secret" +requires_config_enabled POLARSSL_SSL_PROTO_SSL3 run_test "Extended Master Secret: client enabled, server SSLv3" \ "$P_SRV debug_level=3 force_version=ssl3" \ "$P_CLI debug_level=3 min_version=ssl3" \ 0 \ -c "client hello, adding extended_master_secret extension" \ - -s "found extended master secret extension" \ + -S "found extended master secret extension" \ -S "server hello, adding extended master secret extension" \ -C "found extended_master_secret extension" \ -C "using extended master secret" \ @@ -748,6 +759,7 @@ -s "Read from client: 1 bytes read" \ -s "122 bytes read" +requires_config_enabled POLARSSL_SSL_PROTO_SSL3 run_test "CBC Record splitting: SSLv3, splitting" \ "$P_SRV min_version=ssl3" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ @@ -1454,6 +1466,7 @@ -c "skip write certificate verify" \ -C "! ssl_handshake returned" +requires_config_enabled POLARSSL_SSL_PROTO_SSL3 run_test "Authentication: client no cert, ssl3" \ "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \ "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \ @@ -2159,6 +2172,7 @@ # Tests for ciphersuites per version +requires_config_enabled POLARSSL_SSL_PROTO_SSL3 run_test "Per-version suites: SSL3" \ "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=ssl3" \ @@ -2199,6 +2213,7 @@ # Tests for small packets +requires_config_enabled POLARSSL_SSL_PROTO_SSL3 run_test "Small packet SSLv3 BlockCipher" \ "$P_SRV min_version=ssl3" \ "$P_CLI request_size=1 force_version=ssl3 \ @@ -2206,6 +2221,7 @@ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled POLARSSL_SSL_PROTO_SSL3 run_test "Small packet SSLv3 StreamCipher" \ "$P_SRV min_version=ssl3 arc4=1" \ "$P_CLI request_size=1 force_version=ssl3 \ @@ -2338,8 +2354,19 @@ 0 \ -s "Read from client: 1 bytes read" +# A test for extensions in SSLv3 + +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +run_test "SSLv3 with extensions, server side" \ + "$P_SRV min_version=ssl3 debug_level=3" \ + "$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \ + 0 \ + -S "dumping 'client hello extensions'" \ + -S "server hello, total extension length:" + # Test for large packets +requires_config_enabled POLARSSL_SSL_PROTO_SSL3 run_test "Large packet SSLv3 BlockCipher" \ "$P_SRV min_version=ssl3" \ "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ @@ -2347,6 +2374,7 @@ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled POLARSSL_SSL_PROTO_SSL3 run_test "Large packet SSLv3 StreamCipher" \ "$P_SRV min_version=ssl3 arc4=1" \ "$P_CLI request_size=16384 force_version=ssl3 \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/tests/suites/test_suite_mpi.data new/mbedtls-1.3.17/tests/suites/test_suite_mpi.data --- old/mbedtls-1.3.16/tests/suites/test_suite_mpi.data 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/tests/suites/test_suite_mpi.data 2016-06-27 21:00:26.000000000 +0200 @@ -295,6 +295,15 @@ Test mpi_add_mpi #2 mpi_add_mpi:10:"643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"56125680981752282333498088313568935051383833838594899821664631784577337171193624243181360054669678410455329112434552942717084003541384594864129940145043086760031292483340068923506115878221189886491132772739661669044958531131327771":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924" +Base test mpi_add_mpi inplace #1 +mpi_add_mpi_inplace:10:"12345678":10:"24691356" + +Test mpi_add_mpi inplace #2 +mpi_add_mpi_inplace:10:"643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"1287616013607108878460259709922985398302772215068026865836146879048276529684741260122739430789478268181845874665180769440794266671939098512645241958073373266427807905932350214193538360035292323703146295192780306" + +Test mpi_add_mpi inplace #3 +mpi_add_mpi_inplace:16:"ffffffffffffffffffffffffffffffff":16:"01fffffffffffffffffffffffffffffffe" + Test mpi_add_int #1 mpi_add_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227022647561" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/tests/suites/test_suite_mpi.function new/mbedtls-1.3.17/tests/suites/test_suite_mpi.function --- old/mbedtls-1.3.16/tests/suites/test_suite_mpi.function 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/tests/suites/test_suite_mpi.function 2016-06-27 21:00:26.000000000 +0200 @@ -440,6 +440,32 @@ /* END_CASE */ /* BEGIN_CASE */ +void mpi_add_mpi_inplace( int radix_X, char *input_X, int radix_A, char *input_A ) +{ + mpi X, A; + mpi_init( &X ); mpi_init( &A ); + + TEST_ASSERT( mpi_read_string( &A, radix_A, input_A ) == 0 ); + + TEST_ASSERT( mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mpi_sub_abs( &X, &X, &X ) == 0 ); + TEST_ASSERT( mpi_cmp_int( &X, 0 ) == 0 ); + + TEST_ASSERT( mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mpi_add_abs( &X, &X, &X ) == 0 ); + TEST_ASSERT( mpi_cmp_mpi( &X, &A ) == 0 ); + + TEST_ASSERT( mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mpi_add_mpi( &X, &X, &X ) == 0 ); + TEST_ASSERT( mpi_cmp_mpi( &X, &A ) == 0 ); + +exit: + mpi_free( &X ); mpi_free( &A ); +} +/* END_CASE */ + + +/* BEGIN_CASE */ void mpi_add_abs( int radix_X, char *input_X, int radix_Y, char *input_Y, int radix_A, char *input_A ) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/tests/suites/test_suite_pkcs1_v15.data new/mbedtls-1.3.17/tests/suites/test_suite_pkcs1_v15.data --- old/mbedtls-1.3.16/tests/suites/test_suite_pkcs1_v15.data 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.17/tests/suites/test_suite_pkcs1_v15.data 2016-06-27 21:00:26.000000000 +0200 @@ -0,0 +1,35 @@ +RSAES-V15 Encryption Test Vector Int +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f67c6697351ff4aec29cdbaabf2fbe3467cc254f81be8e78d765a2e63339fc99a66320db73158a35a255d051758e95ed4abb2cdc69bb454110e827441213ddc8770e93ea141e1fc673e017e97eadc6b968f385c2aecb03bfb32":"6c5ebca6116b1e91316613fbb5e93197270a849122d549122d05815e2626f80d20f7f3f038c98295203c0f7f6bb8c3568455c67dec82bca86be86eff43b56b7ba2d15375f9a42454c2a2c709953a6e4a977462e35fd21a9c2fb3c0ad2a370f7655267bf6f04814784982988e663b869fc8588475af860d499e5a6ffdfc2c6bfd":0 + +RSAES-V15 Decryption Test Vector Int +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 + +RSAES-V15 Encryption Test Vector Data just fits +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0 + +RSAES-V15 Decryption Test Vector Data just fits +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0 + +RSAES-V15 Encryption Test Vector Data too long 1 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":POLARSSL_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 7 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":POLARSSL_ERR_RSA_INVALID_PADDING + +RSAES-V15 Encryption Test Vector Data too long 3 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":POLARSSL_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 5 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":POLARSSL_ERR_RSA_INVALID_PADDING + +RSAES-V15 Encryption Test Vector Data too long 8 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":POLARSSL_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 0 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":POLARSSL_ERR_RSA_INVALID_PADDING + +RSASSA-V15 Signing Test Vector Int +pkcs1_rsassa_v15_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":16:"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":POLARSSL_MD_SHA1:POLARSSL_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0 + +RSASSA-V15 Verification Test Vector Int +pkcs1_rsassa_v15_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":POLARSSL_MD_SHA1:POLARSSL_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/tests/suites/test_suite_pkcs1_v15.function new/mbedtls-1.3.17/tests/suites/test_suite_pkcs1_v15.function --- old/mbedtls-1.3.16/tests/suites/test_suite_pkcs1_v15.function 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.17/tests/suites/test_suite_pkcs1_v15.function 2016-06-27 21:00:26.000000000 +0200 @@ -0,0 +1,211 @@ +/* BEGIN_HEADER */ +#include "polarssl/rsa.h" +#include "polarssl/md.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:POLARSSL_PKCS1_V15:POLARSSL_RSA_C:POLARSSL_SHA1_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E, + char *input_E, int hash, + char *message_hex_string, char *seed, + char *result_hex_str, int result ) +{ + unsigned char message_str[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + unsigned char rnd_buf[1000]; + rsa_context ctx; + size_t msg_len; + rnd_buf_info info; + + info.length = unhexify( rnd_buf, seed ); + info.buf = rnd_buf; + + rsa_init( &ctx, RSA_PKCS_V15, hash ); + memset( message_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + + TEST_ASSERT( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len ); + + TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + } + +exit: + rsa_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, + int radix_Q, char *input_Q, int radix_N, + char *input_N, int radix_E, char *input_E, + int hash, char *result_hex_str, char *seed, + char *message_hex_string, int result ) +{ + unsigned char message_str[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + rsa_context ctx; + mpi P1, Q1, H, G; + size_t output_len; + rnd_pseudo_info rnd_info; + ((void) seed); + + mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G ); + rsa_init( &ctx, RSA_PKCS_V15, hash ); + + memset( message_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); + TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); + TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); + TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 ); + TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); + TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); + TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); + TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + + TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 ); + + unhexify( message_str, message_hex_string ); + + TEST_ASSERT( rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len ); + + TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 ); + } + +exit: + mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G ); + rsa_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q, + char *input_Q, int radix_N, char *input_N, + int radix_E, char *input_E, int digest, int hash, + char *message_hex_string, char *salt, + char *result_hex_str, int result ) +{ + unsigned char message_str[1000]; + unsigned char hash_result[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + unsigned char rnd_buf[1000]; + rsa_context ctx; + mpi P1, Q1, H, G; + size_t msg_len; + rnd_buf_info info; + + info.length = unhexify( rnd_buf, salt ); + info.buf = rnd_buf; + + mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G ); + rsa_init( &ctx, RSA_PKCS_V15, hash ); + + memset( message_str, 0x00, 1000 ); + memset( hash_result, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); + TEST_ASSERT( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); + TEST_ASSERT( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); + TEST_ASSERT( mpi_gcd( &G, &ctx.E, &H ) == 0 ); + TEST_ASSERT( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); + TEST_ASSERT( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); + TEST_ASSERT( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); + TEST_ASSERT( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + + TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + + if( md_info_from_type( digest ) != NULL ) + TEST_ASSERT( md( md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + + TEST_ASSERT( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len); + + TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + } + +exit: + mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G ); + rsa_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E, + char *input_E, int digest, int hash, + char *message_hex_string, char *salt, + char *result_hex_str, int result ) +{ + unsigned char message_str[1000]; + unsigned char hash_result[1000]; + unsigned char result_str[1000]; + rsa_context ctx; + size_t msg_len; + ((void) salt); + + rsa_init( &ctx, RSA_PKCS_V15, hash ); + memset( message_str, 0x00, 1000 ); + memset( hash_result, 0x00, 1000 ); + memset( result_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( rsa_check_pubkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + unhexify( result_str, result_hex_str ); + + if( md_info_from_type( digest ) != NULL ) + TEST_ASSERT( md( md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + + TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, digest, 0, hash_result, result_str ) == result ); + +exit: + rsa_free( &ctx ); +} +/* END_CASE */ + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/tests/suites/test_suite_rsa.data new/mbedtls-1.3.17/tests/suites/test_suite_rsa.data --- old/mbedtls-1.3.16/tests/suites/test_suite_rsa.data 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/tests/suites/test_suite_rsa.data 2016-06-27 21:00:26.000000000 +0200 @@ -345,7 +345,7 @@ RSA Public (Data larger than N) rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":POLARSSL_ERR_RSA_PUBLIC_FAILED + POLARSSL_ERR_MPI_BAD_INPUT_DATA -RSA Generate Key +RSA Generate Key - 128bit key rsa_gen_key:128:3:0 RSA Generate Key (Number of bits too small) @@ -354,9 +354,15 @@ RSA Generate Key (Exponent too small) rsa_gen_key:128:2:POLARSSL_ERR_RSA_BAD_INPUT_DATA -RSA Generate Key +RSA Generate Key - 1024 bit key rsa_gen_key:1024:3:0 +RSA Generate Key - 2048 bit key +rsa_gen_key:2048:3:0 + +RSA Generate Key - 1025 bit key +rsa_gen_key:1025:3:0 + RSA PKCS1 Encrypt Bad RNG depends_on:POLARSSL_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":POLARSSL_ERR_RSA_RNG_FAILED diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.16/tests/suites/test_suite_version.data new/mbedtls-1.3.17/tests/suites/test_suite_version.data --- old/mbedtls-1.3.16/tests/suites/test_suite_version.data 2016-01-04 23:49:30.000000000 +0100 +++ new/mbedtls-1.3.17/tests/suites/test_suite_version.data 2016-06-27 21:00:26.000000000 +0200 @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"1.3.16" +check_compiletime_version:"1.3.17" Check runtime library version -check_runtime_version:"1.3.16" +check_runtime_version:"1.3.17" Check for POLARSSL_VERSION_C check_feature:"POLARSSL_VERSION_C":0
