Commit graph

9536 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard fa3b3e0d88
Merge pull request #745 from mpg/changelog-for-local-lucky13-2.16-restricted
[Backport 2.16] Add a ChangeLog entry for local Lucky13 variant
2020-08-26 11:52:25 +02:00
Raoul Strackx 75475d8465 Always revoke certificate on CRL
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-08-26 11:42:52 +02:00
Manuel Pégourié-Gonnard f0a3cddefe Clarify that the Lucky 13 fix is quite general
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-26 10:58:02 +02:00
Manuel Pégourié-Gonnard c9ebbd5843 Add a ChangeLog entry for local Lucky13 variant
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-26 10:58:02 +02:00
Janos Follath 5b2e60dc36
Merge pull request #741 from mpg/cf-varpos-copy-2.16-restricted
[backport 2.16] Constant-flow copy of HMAC from variable position
2020-08-25 14:35:45 +01:00
Manuel Pégourié-Gonnard ab9ec32879 Fix a typo in a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:43:10 +02:00
Manuel Pégourié-Gonnard 46f49a8bbc Improve comments on constant-flow testing in config.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:42:21 +02:00
Manuel Pégourié-Gonnard f08284769d Add an option to test constant-flow with valgrind
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:26:37 +02:00
Manuel Pégourié-Gonnard 590b2d9614 Add mbedtls_ssl_cf_memcpy_offset() with tests
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296

The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:18:11 +02:00
Manuel Pégourié-Gonnard ce45d1a759 Use temporary buffer to hold the peer's HMAC
This paves the way for a constant-flow implementation of HMAC checking, by
making sure that the comparison happens at a constant address. The missing
step is obviously to copy the HMAC from the secret offset to this temporary
buffer with constant flow, which will be done in the next few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:07:25 +02:00
Manuel Pégourié-Gonnard f0b469e42b Merge branch 'mbedtls-2.16' into mbedtls-2.16-restricted
* mbedtls-2.16: (32 commits)
  A different approach of signed-to-unsigned comparison
  Fix bug in redirection of unit test outputs
  Don't forget to free G, P, Q, ctr_drbg, and entropy
  Backport e2k support to mbedtls-2.7
  compat.sh: stop using allow_sha1
  compat.sh: quit using SHA-1 certificates
  compat.sh: enable CBC-SHA-2 suites for GnuTLS
  Fix license header in pre-commit hook
  Update copyright notices to use Linux Foundation guidance
  Fix building on NetBSD 9.0
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ssl-opt.sh: remove old buildbot-specific condition
  ssl-opt.sh: add proxy to all DTLS tests
  Log change as bugfix
  Add changelog entry
  ...
2020-08-25 10:58:15 +02:00
Gilles Peskine 14cb46de24
Merge pull request #3598 from makise-homura/mbedtls-2.16
Backport 2.16: Support building on e2k (Elbrus) architecture
2020-08-25 09:46:39 +02:00
makise-homura 8c3fa63f90 A different approach of signed-to-unsigned comparison
Suggested by @hanno-arm

Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-24 23:40:59 +03:00
Gilles Peskine d69edda8de
Merge pull request #3601 from gufe44/helpers-redirect-restore-output-2.16
[Backport 2.16] Fix bug in redirection of unit test outputs
2020-08-24 10:45:11 +02:00
gufe44 650ce76544 Fix bug in redirection of unit test outputs
Avoid replacing handle. stdout is defined as a macro on several platforms.

Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-23 22:38:51 +02:00
makise-homura 03b4ef6a05 Don't forget to free G, P, Q, ctr_drbg, and entropy
I might be wrong, but lcc's optimizer is curious about this,
and I am too: shouldn't we free allocated stuff correctly
before exiting `dh_genprime` in this certain point of code?

Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-23 00:41:59 +03:00
makise-homura 50f6a192b5 Backport e2k support to mbedtls-2.7
Covers commits ac2fd65, 0be6aa9, e74f372, e559550
from `development` branch

Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-23 00:39:15 +03:00
Gilles Peskine e6e812a712 Commit the intermediate files cert_md*.csr
They are used to generate cert_md*.crt.

Regenerate cert_md5.crt which had previously been generated for a
different key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 20:35:55 +02:00
Gilles Peskine 6b739bb138 Fix "make -C tests/data_files"
It wasn't working when invoking programs/x509/cert_write or
programs/x509/cert_req due to relying on the current directory rather
than the location of the makefile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 19:54:18 +02:00
Gilles Peskine c3d0a7f1ec cert_req: discover hash algorithms automatically
Discover hash algorithms automatically rather than hard-coding a list,
as was previously done in cert_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 19:54:04 +02:00
Gilles Peskine db1e7a8f7b cert_write: support all hash algorithms
For some reason, RIPEMD160, SHA224 and SHA384 were not supported.

This fixes the build recipes for tests/data_files/cert_sha224.crt and
tests/data_files/cert_sha384.crt .

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 18:58:33 +02:00
Gilles Peskine 0ac8a78aa7
Merge pull request #3593 from mpg/fix-compat.sh-with-ubuntu-16.04-gnutls-2.16
[backport 2.16] Fix compat.sh with ubuntu 16.04 gnutls
2020-08-21 14:18:33 +02:00
Manuel Pégourié-Gonnard 300e1b3a6f compat.sh: stop using allow_sha1
After the changes of certificates, it's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:17 +02:00
Manuel Pégourié-Gonnard 91615cf7ff compat.sh: quit using SHA-1 certificates
Replace server2.crt with server2-sha256.crt which, as the name implies, is
just the SHA-256 version of the same certificate.

Replace server1.crt with cert_sha256.crt which, as the name doesn't imply, is
associated with the same key and just have a slightly different Subject Name,
which doesn't matter in this instance.

The other certificates used in this script (server5.crt and server6.crt) are
already signed with SHA-256.

This change is motivated by the fact that recent versions of GnuTLS (or older
versions with the Debian patches) reject SHA-1 in certificates by default, as
they should. There are options to still accept it (%VERIFY_ALLOW_BROKEN and
%VERIFY_ALLOW_SIGN_WITH_SHA1) but:

- they're not available in all versions that reject SHA-1-signed certs;
- moving to SHA-2 just seems cleaner anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:17 +02:00
Manuel Pégourié-Gonnard 0e7bdd1340 compat.sh: enable CBC-SHA-2 suites for GnuTLS
Recent GnuTLS packages on Ubuntu 16.04 have them disabled.

From /usr/share/doc/libgnutls30/changelog.Debian.gz:

gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Lucky-13 issues
    [...]
    - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
      ciphersuites were removed from defaults in lib/gnutls_priority.c,
      tests/priorities.c.

Since we do want to test the ciphersuites, explicitly re-enable them in the
server's priority string. (This is a no-op with versions of GnuTLS where those
are already enabled by default.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:16 +02:00
Gilles Peskine 2dcd0674e6
Merge pull request #3582 from bensze01/license-2.16
2.16 only: Fix license header in pre-commit hook
2020-08-20 09:43:56 +02:00
Bence Szépkúti 2645bcc709 Fix license header in pre-commit hook
The file was not updated to include the GPL 2.0+ header as well when it
was backported.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 17:54:47 +02:00
danh-arm 2823efabc8
Merge pull request #3580 from bensze01/copyright-2.16
[Backport 2.16] Update copyright notices to use Linux Foundation guidance
2020-08-19 16:31:50 +01:00
Bence Szépkúti a2947ac7bb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 16:37:36 +02:00
Manuel Pégourié-Gonnard daba4f67cc
Merge pull request #3555 from mpg/x509-verify-non-dns-san-2.16
[Backport 2.16]  X509 verify non-DNS SANs
2020-08-18 10:02:08 +02:00
Manuel Pégourié-Gonnard b9c64e4538
Merge pull request #3558 from gufe44/net-sockets-fixes-2.16
[Backport 2.16] NetBSD 9.0 build fixes
2020-08-18 09:13:30 +02:00
Manuel Pégourié-Gonnard 5bfa623e9b
Merge pull request #3565 from mpg/improve-ssl-opt-logs-2.16
[Backport 2.16] Improve ssl-opt.sh logs
2020-08-17 12:05:16 +02:00
gufe44 19735b69b8 Fix building on NetBSD 9.0
Fixes #2310

Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-17 07:31:06 +02:00
Gilles Peskine 4ca60502d8
Merge pull request #734 from gilles-peskine-arm/x509parse_crl-empty_entry-2.16
Backport 2.16: Fix buffer overflow in x509_get_entries (oss-fuzz 24123)
2020-08-14 23:22:23 +02:00
Manuel Pégourié-Gonnard 62870c9a7e Remove obsolete buildbot reference in compat.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard a1919ad6e0 Fix misuse of printf in shell script
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard 7442f843d5 Fix added proxy command when IPv6 is used
For explicit proxy commands (included with `-p "$P_PXY <args>` in the test
case), it's the test's writer responsibility to handle IPv6; only fix the
proxy command when we're auto-adding it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard 581af9f720 Simplify test syntax
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard bedcb3eb24 Fix logic error in setting client port
We need to do this after we possibly added the proxy.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard cbd5c03343 ssl-opt.sh: include test name in log files
This is a convenience for when we get log files from failed CI runs, or attach
them to bug reports, etc.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard e63fc6d52b ssl-opt.sh: remove old buildbot-specific condition
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard fcf6c16470 ssl-opt.sh: add proxy to all DTLS tests
A lot of DTLS test are timing-sensitive, especially those that contain
assertions about retransmission. Sometimes some DTLS test fails intermittently
on the CI with no clear apparent reason; we need more information in the log
to understand the cause of those failures.

Adding a proxy means we'll get timing information from the proxy logs.

An alternative would be to add timing information to the debug output of
ssl_server2 and ssl_client2. But that's more complex because getting
sub-second timing info is outside the scope of the C standard, and our current
timing module only provides a APi for sub-second intervals, not absolute time.
Using the proxy is easier as it's a single point that sees all messages, so
elapsed time is fine here, and it's already implemented in the proxy output.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Gilles Peskine 9acf943b98
Merge pull request #3560 from gufe44/netbsd-rand-arc4random_buf-2.16
[Backport 2.16] Use arc4random_buf instead of rand on NetBSD
2020-08-13 15:27:53 +02:00
Gilles Peskine 1505e42de9
Merge pull request #3548 from mpg/check-generated-files-2.16
[Backport 2.16] Add update option to check-generated-files
2020-08-13 11:24:26 +02:00
gufe44 ba5cba838c Log change as bugfix
Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-13 06:46:57 +02:00
gufe44 d5f8c26e01 Add changelog entry
Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-13 06:46:04 +02:00
gufe44 3fa7c64edf Use arc4random_buf instead of rand on NetBSD
Avoid old implementation of rand returning numbers with cyclical lower bits. Allow tests to pass.

Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-13 06:45:27 +02:00
Gilles Peskine 0ca801af76
Merge pull request #732 from gabor-mezei-arm/689_bp216_zeroising_of_plaintext_buffers
[Backport 2.16] Zeroising of plaintext buffers in mbedtls_ssl_read()
2020-08-12 18:51:44 +02:00
Gilles Peskine de7e03688d
Merge pull request #3489 from CodeMonkeyLeet/mbedtls-2.16_backport_3464
Backport 2.16: PR #3464 Dynamically allocate requested CSR write buffer size
2020-08-12 18:22:22 +02:00
Gilles Peskine 4ddfdbf76a Add the decomposition of the base case as a comment
Put the base good case first, then the bad cases derived from it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-12 12:50:42 +02:00