Commit graph

9380 commits

Author SHA1 Message Date
Gilles Peskine 23cb65e32f
Merge pull request #3863 from gabor-mezei-arm/3818_bp216_MBEDTLS_AES_SETKEY_DEC_ALT_excludes_MBEDTLS_CIPHER_MODE_XTS
[Backport 2.16] Make the aes xts methods independent from MBEDTLS_AES_SETKEY_DEC_ALT
2020-11-09 20:44:12 +01:00
Gilles Peskine 22c4385e25
Merge pull request #3861 from bensze01/ecb_iv_fix-2.16
Backport 2.16: Do not set IV size for ECB mode ciphers
2020-11-06 18:00:41 +01:00
gabor-mezei-arm 13b8a26730
Make the aes xts methods independent from MBEDTLS_AES_SETKEY_DEC_ALT
This is fix for the MBEDTLS_AES_SETKEY_DEC_ALT macro switch is including the aes xts methods
and building with a custom mbedtls_aes_setkey_dec function will disable the aes xts methods.
The fix is separating the aes xts methods and the MBEDTLS_AES_SETKEY_DEC_ALT can only
switch the presence of the mbedtls_aes_setkey_dec function.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-11-06 16:24:19 +01:00
Bence Szépkúti 567bd958ff Do not set IV size for ECB mode ciphers
ECB mode ciphers do not use IVs

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-11-06 15:26:52 +01:00
Janos Follath 23055427af
Merge pull request #3851 from d3zd3z/fix3801-2.16
cmake: Avoid using target_properties for old cmake
2020-11-05 11:56:22 +00:00
Gilles Peskine 9a8aee45b6
Merge pull request #3812 from ronald-cron-arm/aes-zeroize-less-2.16
Backport 2.16: Remove a useless zeroization
2020-11-04 23:43:32 +01:00
David Brown ff28df98f5 cmake: Avoid using target_properties for old cmake
CMake versions less than 3.0 do not support the `target_sources`
command.  In order to be able to support v2.8.12.2 of cmake, add the
extra targets directly to the target command.

This is a backport from the development branch, except that the uses in
this branch are simpler, and modifying the SOURCES property directly is
not needed.

Fixes #3801

Signed-off-by: David Brown <david.brown@linaro.org>
2020-11-04 10:43:58 -07:00
Ronald Cron 0df9c529a9
Merge pull request #3828 from gilles-peskine-arm/ssl-opt-gnutls-printf-2.16
Backport 2.16: Fix printf escape errors in shell scripts
2020-11-04 17:52:08 +01:00
Gilles Peskine ffdcadf084 Fix printf escape errors in shell scripts
Fix `printf "$foo"` which treats the value of `foo` as a printf format
rather than a string.

I used the following command to find potentially problematic lines:
```
git ls-files '*.sh' | xargs egrep 'printf +("?[^"]*|[^ ]*)\$'
```
The remaining ones are false positives for this regexp.

The errors only had minor consequences: the output of `ssl-opt.sh`
contained lines like
```
Renegotiation: gnutls server strict, client-initiated .................. ./tests/ssl-opt.sh: 741: printf: %S: invalid directive
PASS
```
and in case of failure the GnuTLS command containing a substring like
`--priority=NORMAL:%SAFE_RENEGOTIATION` was not included in the log
file. With the current tests, there was no risk of a test failure
going undetected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-27 23:41:28 +01:00
Gilles Peskine 663d0993ec ssl-opt.sh --help: don't show regexps for -f and -e
Showing a regexp to say that by default all tests are executed is not
particularly helpful.

If we ever add a default exclusion list or a default filter, we can
edit the documentation again.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-27 23:41:02 +01:00
Gilles Peskine 91ee76380c Put local variables in a struct
This way we can have a single call to mbedtls_platform_zeroize, which
saves a few bytes of code size.

Additionally, on my PC, I notice a significant speed improvement
(x86_64 build with MBEDTLS_AESNI_C disabled, gcc 5.4.0 -O3). I don't
have an explanation for that (I expected no measurable difference).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-22 09:21:11 +02:00
Gilles Peskine 02c7b48a70 Remove a useless zeroization
Remove the zeroization of a pointer variable in the AES block
functions. The code was valid but spurious and misleading since it
looked like a mistaken attempt to zeroize the pointed-to buffer.
Reported by Antonio de la Piedra, CEA Leti, France.

Note that we do not zeroize the buffer here because these are the
round keys, and they need to stay until all the blocks are processed.
They will be zeroized in mbedtls_aes_free().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-22 09:20:57 +02:00
Ronald Cron fbd0110dbd
Merge pull request #3746 from gilles-peskine-arm/verbosify-cmake-tests-2.16
Backport 2.16: all.sh: Enable verbose failure messages for CMake
2020-10-22 08:48:17 +02:00
Ronald Cron b74e0d0bc5
Merge pull request #3596 from gilles-peskine-arm/cert-gen-cleanup-202008-2.16
Backport 2.16: Minor cleanups in certificate generation
2020-10-15 13:33:12 +02:00
Gilles Peskine e944cac87a
Merge pull request #3529 from ronald-cron-arm/common-mbedtls_param_failed-2.16
[Backport 2.16] Backport clean-up in tests done in #3474
2020-10-06 22:15:47 +02:00
Jaeden Amero bd1b89a354 all.sh: Enable verbose failure messages for CMake
Set the CMake-observed variable `CTEST_OUTPUT_ON_FAILURE`, so that when
a "make test" run by CMake fails, verbose test output about the detail
of failure is available.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-06 12:39:34 +02:00
Gilles Peskine 2f26bf7e88
Merge pull request #3735 from gilles-peskine-arm/entropy_poll-_gnu_source-2.16
Backport 2.16: Don't redefine _GNU_SOURCE if it's already defined
2020-10-05 17:25:29 +02:00
Gilles Peskine 90b545881c Fix the build when _GNU_SOURCE is defined to a non-empty value
Fix #3432.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 17:17:37 +02:00
Janos Follath 188e192eeb
Merge pull request #3732 from gilles-peskine-arm/changelog-user-visible-only-2.16
Backport 2.16: Only use ChangeLog to inform users, not for acknowledgement
2020-10-01 11:37:09 +01:00
Gilles Peskine e1a7cad3c6 When to write a changelog: minor improvements
Mention sample programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:34:22 +02:00
Gilles Peskine 27db5e4405 Explain when to write a changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:34:22 +02:00
Gilles Peskine 36c2ea5376 We no longer credit contributors in the changelog
From now on, external contributions are no longer acknowledged in the
changelog file. They of course remain acknowledged in the Git history.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:32:29 +02:00
Gilles Peskine 4785ec1dbc Remove changelog entries without a user-visible impact
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:31:55 +02:00
Janos Follath 319eee5fdd
Merge pull request #3728 from pkolbus/issue-3647-2.16
Backport 2.16: Restore retry in rsa_prepare_blinding()
2020-09-30 16:23:04 +01:00
Peter Kolbus b2aeb75509 Restore retry in rsa_prepare_blinding()
Starting with commit 49e94e3, the do/while loop in
`rsa_prepare_blinding()` was changed to a `do...while(0)`, which
prevents retry from being effective and leaves dead code.

Restore the while condition to retry, and lift the calls to finish the
computation out of the while loop by by observing that they are
performed only when `mbedtls_mpi_inv_mod()` returns zero.

Signed-off-by: Peter Kolbus <peter.kolbus@garmin.com>
2020-09-30 07:22:42 -05:00
Gilles Peskine e39d14b142 Fix "make -C tests/data_files -f ..."
The toplevel directory is actually just ../..: the makefile commands
are executed in the subdirectory. $(PWD) earlier was wrong because it
comes from the shell, not from make. Looking up $(MAKEFILE_LIST) is
wrong because it indicates where the makefile is (make -f), not which
directory to work in (make -C).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-24 16:45:45 +02:00
Gilles Peskine 506498eaa3
Merge pull request #3708 from ronald-cron-arm/feature/fix_return_code_1-2.16
Backport 2.16: Fix return code expression in pkparse
2020-09-22 18:52:03 +02:00
Jens Reimann 84d4f022e2 fix return code
Signed-off-by: Jens Reimann <jreimann@redhat.com>
2020-09-22 16:22:27 +02:00
Gilles Peskine e72c8d28f1
Merge pull request #3687 from Jongy/fix-docs-mbedtls-2.16
Backport 2.16: Fix docs to desribe written-into buffer parameter as writable
2020-09-17 00:02:36 +02:00
Yonatan Goldschmidt f9604bbdc1 Fix docs to desribe written-into buffer parameter as writable
Signed-off-by: Yonatan Goldschmidt <yon.goldschmidt@gmail.com>
2020-09-16 21:56:11 +03:00
Gilles Peskine 30b242de50
Merge pull request #3660 from bensze01/typo-2.16
Backport 2.16: Fix typo in mbedtls_ssl_set_bio description.
2020-09-11 21:17:44 +02:00
Christopher 2681e99a41 Update ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt
Co-authored-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Christopher Moynihan <christophm@gmail.com>
2020-09-09 14:05:02 +02:00
Christopher Moynihan 0c633dab7f Fix typo in mbedtls_ssl_set_bio description.
Description referred to mbedtls_ssl_sent_t callback,
but the callback is named mbedtls_ssl_send_t.

Signed-off-by: Christopher Moynihan <christophm@gmail.com>
2020-09-09 14:05:01 +02:00
Manuel Pégourié-Gonnard 99693aab21
Merge pull request #3651 from d-otte/mbedtls-2.16
Backport 2.16: adjusting size of sliding window array to correct size
2020-09-09 10:00:11 +02:00
Daniel Otte 1bfb45cb93 adding entry file to ChangeLog.d for backport of PR3592
Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:09:34 +02:00
Daniel Otte e4dbb99f9f adjusting comment on sliding window memory usage.
The comment now uses '**' as exponentiation operator.

Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:08:15 +02:00
Daniel Otte 639c5e5713 fixing spelling mistakes (window <-- windows)
Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:08:00 +02:00
Daniel Otte 359d049f1b adjusting size of sliding window array to correct size.
Probably the `W[2 << MBEDTLS_MPI_WINDOW_SIZE]` notation is based on a transcription of 2**MBEDTLS_MPI_WINDOW_SIZE.

Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:07:19 +02:00
Gilles Peskine ad5c5a2763
Merge pull request #3626 from gilles-peskine-arm/test-fail-report-first-2.16
Backport 2.16: Report the first unit test failure, not the last one
2020-09-05 11:16:02 +02:00
Gilles Peskine 319ecf3192 Initialize ret from test code
The test function mbedtls_mpi_lt_mpi_ct did not initialize ret in test
code. If there was a bug in library code whereby the library function
mbedtls_mpi_lt_mpi_ct() did not set ret when it should, we might have
missed it if ret happened to contain the expected value. So initialize
ret to a value that we never expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 15:33:11 +02:00
Gilles Peskine dfb5cff2f5 Report the first failure, not the last one
If test_fail is called multiple times in the same test case, report
the location of the first failure, not the last one.

With this change, you no longer need to take care in tests that use
auxiliary functions not to fail in the main function if the auxiliary
function has failed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-31 10:11:47 +02:00
Janos Follath 848a4e06b3
Merge pull request #749 from ARMmbed/mbedtls-2.16.8r0-pr
Prepare Release Candidate for Mbed TLS 2.16.8
2020-08-27 11:32:13 +01:00
Janos Follath 627aeef6ae Update ChangeLog header
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 15:34:41 +01:00
Janos Follath 1bfb580f8c Bump version to Mbed TLS 2.16.8
Executed "./scripts/bump_version.sh --version 2.16.8"

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 15:26:49 +01:00
Janos Follath 4ac5a7be5a Assemble ChangeLog
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 14:49:52 +01:00
Janos Follath 36169d479f Merge branch 'mbedtls-2.16-restricted' 2020-08-26 14:16:04 +01:00
Gilles Peskine de4bcf22c1
Merge pull request #3562 from raoulstrackx/raoul/verify_crl_without_time_bp2.16
Backport 2.16: Always revoke certificate on CRL
2020-08-26 12:56:15 +02:00
Manuel Pégourié-Gonnard fa3b3e0d88
Merge pull request #745 from mpg/changelog-for-local-lucky13-2.16-restricted
[Backport 2.16] Add a ChangeLog entry for local Lucky13 variant
2020-08-26 11:52:25 +02:00
Raoul Strackx 75475d8465 Always revoke certificate on CRL
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-08-26 11:42:52 +02:00
Manuel Pégourié-Gonnard f0a3cddefe Clarify that the Lucky 13 fix is quite general
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-26 10:58:02 +02:00