Commit graph

12401 commits

Author SHA1 Message Date
Jaeden Amero 481659a9c0 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Fix uninitialized variable in x509_crt
  Add a ChangeLog entry for mbedtls_net_close()
  Added mbedtls_net_close and use it in ssl_fork_server to correctly disassociate the client socket from the parent process and the server socket from the child process.
  Add ChangeLog entry
  fix memory leak in mpi_miller_rabin()
2019-09-03 19:42:19 +01:00
Jaeden Amero 3d7005f851 Merge remote-tracking branch 'tls/pr/2363' into development
* origin/pr/2363:
  Add ChangeLog entry
  fix memory leak in mpi_miller_rabin()
2019-09-03 19:32:45 +01:00
Jaeden Amero 8dd6bc7ac4 Merge remote-tracking branch 'origin/pr/2803' into development
* origin/pr/2803:
  Add a ChangeLog entry for mbedtls_net_close()
  Added mbedtls_net_close and use it in ssl_fork_server to correctly disassociate the client socket from the parent process and the server socket from the child process.
2019-09-03 16:41:51 +01:00
Jaeden Amero 3f0fc38735 Merge remote-tracking branch 'origin/pr/2795' into development
* origin/pr/2795:
  Fix uninitialized variable in x509_crt
2019-09-03 16:33:59 +01:00
Guy Wild 802b19f661 Update getting_started.md 2019-09-03 16:40:44 +03:00
Jaeden Amero a66fc94547 Merge remote-tracking branch 'origin/pr/2363' into development
* origin/pr/2363:
  Add ChangeLog entry
  fix memory leak in mpi_miller_rabin()
2019-09-03 13:45:34 +01:00
Gilles Peskine dc3a179995 Fix copypasta in msg 2019-09-03 14:11:36 +02:00
Gilles Peskine 6ce30722d0 When not using PSA crypto, disable it
In the test with the full config without MBEDTLS_USE_PSA_CRYPTO, don't
build MBEDTLS_PSA_CRYPTO_C, since it isn't supposed to be used.
2019-09-03 14:11:36 +02:00
Gilles Peskine 751bb4c0e1 Disable MEMORY_BUFFER_ALLOC with ASan
MBEDTLS_MEMORY_BUFFER_ALLOC_C makes ASan mostly ineffective since it
hides allocations. So disable it when testing with ASan.
2019-09-03 14:11:36 +02:00
Gilles Peskine c6f1c84663 Remove config.pl calls with no effect
When MBEDTLS_MEMORY_BUFFER_ALLOC_C is disabled, other
MBEDTLS_MEMORY_xxx options have no effect, so don't bother unsetting
them explicitly.
2019-09-03 14:11:36 +02:00
Guy Wild c03c0fcd93 Update getting_started.md 2019-09-03 13:18:04 +03:00
Unknown d364f4c7dd ssl-opt.sh: wait for proxy to start before running the script further 2019-09-02 10:42:57 -04:00
Ko- cb260bb30d Fix -O0 build for Aarch64 bignum multiplication. 2019-09-02 13:44:57 +02:00
Ko- 05cff953c9 Make GNUC-compatible compilers use the right mbedtls_t_udbl again on Aarch64 builds. 2019-09-02 13:44:57 +02:00
Ko- cc1871e674 Add optimized bignum multiplication for Aarch64.
x0-x3 are skipped such that function parameters to not have to be moved.
MULADDC_INIT and MULADDC_STOP are mostly empty because it is more
efficient to keep everything in registers (and that should easily be
possible). I considered a MULADDC_HUIT implementation, but could not
think of something that would be more efficient than basically 8
consecutive MULADDC_CORE. You could combine the loads and stores, but
it's probably more efficient to interleave them with arithmetic,
depending on the specific microarchitecture. NEON allows to do a
64x64->128 bit multiplication (and optional accumulation) in one
instruction, but is not great at handling carries.
2019-09-02 13:44:57 +02:00
Ko- 03d2daf55c Enable 64-bit limbs for all Aarch64 builds.
GCC and Clang do not define __ARMCC_VERSION when building for Aarch64.
Yet they should also use 64-bit limbs for Aarch64 builds.
2019-09-02 13:44:57 +02:00
Jaeden Amero 4cf0e7e4d2 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (42 commits)
  Handle deleting non-existant files on Windows
  Update submodule
  Use 3rdparty headers from the submodule
  Add Everest components to all.sh
  3rdparty: Add config checks for Everest
  Fix macros in benchmark.c
  Update generated files
  3rdparty: Fix inclusion order of CMakeLists.txt
  Fix trailing whitespace
  ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
  ECDH: Fix use of ECDH API in full handshake benchmark
  ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark
  ECDH: Fix Everest x25519 make_public
  Fix file permissions
  3rdparty: Rename THIRDPARTY_OBJECTS
  3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
  3rdparty: Fix Makefile coding conventions
  ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
  Add a changelog entry for Everest ECDH (X25519)
  Document that curve lists can include partially-supported curves
  ...
2019-08-30 16:24:18 +01:00
Jaeden Amero 49fcbeab14 Merge remote-tracking branch 'origin/pr/2799' into development
Manually edit ChangeLog to ensure correct placement of ChangeLog notes.

* origin/pr/2799: (42 commits)
  Handle deleting non-existant files on Windows
  Update submodule
  Use 3rdparty headers from the submodule
  Add Everest components to all.sh
  3rdparty: Add config checks for Everest
  Fix macros in benchmark.c
  Update generated files
  3rdparty: Fix inclusion order of CMakeLists.txt
  Fix trailing whitespace
  ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
  ECDH: Fix use of ECDH API in full handshake benchmark
  ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark
  ECDH: Fix Everest x25519 make_public
  Fix file permissions
  3rdparty: Rename THIRDPARTY_OBJECTS
  3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
  3rdparty: Fix Makefile coding conventions
  ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
  Add a changelog entry for Everest ECDH (X25519)
  Document that curve lists can include partially-supported curves
  ...
2019-08-30 15:50:45 +01:00
Darryl Green 9b9a790be6 Handle deleting non-existant files on Windows
If we try to delete a non-existant file using del on Windows, as
can happen when running make clean, del will throw an error. Make
the Makefiles more robust by only deleting files if they exist.
2019-08-30 15:45:46 +01:00
Jaeden Amero d031378ff5 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Update library version to 2.19.0
  ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
  ssl-opt.sh: Duplicate context serialization tests for CID
  Fix SSL context deserialization
2019-08-30 15:30:58 +01:00
Jaeden Amero 379964a7b6 Merge remote-tracking branch 'origin/pr/2814' into development
* origin/pr/2814:
  Update library version to 2.19.0
2019-08-30 14:40:57 +01:00
Jaeden Amero 84f5d036d0 Merge remote-tracking branch 'origin/pr/2810' into development
* origin/pr/2810:
  ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
  ssl-opt.sh: Duplicate context serialization tests for CID
  Fix SSL context deserialization
2019-08-30 14:40:30 +01:00
Darryl Green fe997c646b Update library version to 2.19.0 2019-08-30 13:02:16 +01:00
Andy Gross 1f62714db8 Fix uninitialized variable in x509_crt
This patch fixes an issue we encountered with more stringent compiler
warnings.  The signature_is_good variable has a possibility of being
used uninitialized.  This patch moves the use of the variable to a
place where it cannot be used while uninitialized.

Signed-off-by: Andy Gross <andy.gross@linaro.org>
2019-08-30 14:48:36 +03:00
Jaeden Amero 822b8f65bd
Merge pull request #238 from hanno-arm/hmac_drbg_entropy_incompatibility_fix-crypto
HMAC DRBG: Split entropy-gathering requests to reduce request sizes
2019-08-30 12:15:16 +01:00
Hanno Becker e0b90ece55 ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
This commit splits each test in ssl-opt.sh related to context serialization
in three tests, exercising the use of CCM, GCM and ChaChaPoly separately.

The reason is that the choice of primitive affects the presence and size
of an explicit IV, and we should test that space for those IVs is correctly
restored during context deserialization; in fact, this was not the case
previously, as fixed in the last commit, and was not caught by the tests
because only ChaChaPoly was tested.
2019-08-30 12:14:38 +01:00
Hanno Becker 1b18fd3afe ssl-opt.sh: Duplicate context serialization tests for CID
This commit introduces a variant of each existing test for
context serialization in ssl-opt.sh that also uses the DTLS
Connection ID feature.
2019-08-30 12:14:38 +01:00
Hanno Becker 361b10d1c4 Fix SSL context deserialization
The SSL context maintains a set of 'out pointers' indicating the
address at which to write the header fields of the next outgoing
record. Some of these addresses have a static offset from the
beginning of the record header, while other offsets can vary
depending on the active record encryption mechanism: For example,
if an explicit IV is in use, there's an offset between the end
of the record header and the beginning of the encrypted data to
allow the explicit IV to be placed in between; also, if the DTLS
Connection ID (CID) feature is in use, the CID is part of the
record header, shifting all subsequent information (length, IV, data)
to the back.
When setting up an SSL context, the out pointers are initialized
according to the identity transform + no CID, and it is important
to keep them up to date whenever the record encryption mechanism
changes, which is done by the helper function ssl_update_out_pointers().

During context deserialization, updating the out pointers according
to the deserialized record transform went missing, leaving the out
pointers the initial state. When attemping to encrypt a record in
this state, this lead to failure if either a CID or an explicit IV
was in use. This wasn't caught in the tests by the bad luck that
they didn't use CID, _and_ used the default ciphersuite based on
ChaChaPoly, which doesn't have an explicit IV. Changing either of
this would have made the existing tests fail.

This commit fixes the bug by adding a call to ssl_update_out_pointers()
to ssl_context_load() implementing context deserialization.

Extending test coverage is left for a separate commit.
2019-08-30 12:14:25 +01:00
Hanno Becker a823d4c7f0 HMAC DRBG: Split entropy-gathering requests to reduce request sizes
According to SP800-90A, the DRBG seeding process should use a nonce
of length `security_strength / 2` bits as part of the DRBG seed. It
further notes that this nonce may be drawn from the same source of
entropy that is used for the first `security_strength` bits of the
DRBG seed. The present HMAC DRBG implementation does that, requesting
`security_strength * 3 / 2` bits of entropy from the configured entropy
source in total to form the initial part of the DRBG seed.

However, some entropy sources may have thresholds in terms of how much
entropy they can provide in a single call to their entropy gathering
function which may be exceeded by the present HMAC DRBG implementation
even if the threshold is not smaller than `security_strength` bits.
Specifically, this is the case for our own entropy module implementation
which only allows requesting at most 32 Bytes of entropy at a time
in configurations disabling SHA-512, and this leads to runtime failure
of HMAC DRBG when used with Mbed Crypto' own entropy callbacks in such
configurations.

This commit fixes this by splitting the seed entropy acquisition into
two calls, one requesting `security_strength` bits first, and another
one requesting `security_strength / 2` bits for the nonce.

Fixes #237.
2019-08-30 11:16:24 +01:00
Janos Follath 31465c6c1f Update submodule 2019-08-29 16:12:38 +01:00
Janos Follath 4f055f4ca2 Use 3rdparty headers from the submodule 2019-08-29 16:12:38 +01:00
Gilles Peskine 0c6b79979c Add Everest components to all.sh
Test a native build and a 32-bit build. For variety, the native build
is with CMake and clang, and the 32-bit build is with GNU make and
gcc.
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 9c1b56b43a 3rdparty: Add config checks for Everest 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 9e8076ffdc Fix macros in benchmark.c
#2124 may suffer from the same problem.
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 3669c80a90 Update generated files 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 015f55b558 3rdparty: Fix inclusion order of CMakeLists.txt
This is so that third-party modules pick up the INSTALL_MBEDTLS_HEADERS variable.
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 12f359f7da Fix trailing whitespace 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger cc91fe2667 ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 5d536cd814 ECDH: Fix use of ECDH API in full handshake benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 1a2d9f7f41 ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger ed5f3f063f ECDH: Fix Everest x25519 make_public 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger e1dfc9884a Fix file permissions 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 54d09ad0df 3rdparty: Rename THIRDPARTY_OBJECTS 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 50d9f095ec 3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 37eb90617a 3rdparty: Fix Makefile coding conventions 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 8cd4fba777 ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do 2019-08-29 16:12:38 +01:00
Gilles Peskine 0a92cc1f5c Add a changelog entry for Everest ECDH (X25519) 2019-08-29 16:12:38 +01:00
Gilles Peskine 7e65c05bb0 Document that curve lists can include partially-supported curves
Document that a curve returned by mbedtls_ecp_curve_list() or
mbedtls_ecp_grp_id_list() may lack support for ECDH or ECDSA.

Add a corresponding changelog entry, under "API Changes" because we
have changed the behavior: formerly, these functions skipped ECDH-only
curves, although this was not documented.
2019-08-29 16:12:38 +01:00
Gilles Peskine c6c7c49fd6 Add mbedtls_ecdh_can_do
All curves can currently do ECDH, but to make the API symmetric and
future-proof, add mbedtls_ecdh_can_do() to go with mbedtls_ecdsa_can_do().
2019-08-29 16:12:38 +01:00
Gilles Peskine b14c4a533d Fix build with gcc -Wshadow 2019-08-29 16:12:38 +01:00