Commit graph

12805 commits

Author SHA1 Message Date
Piotr Nowicki d796e19d3b Fix memory allocation fail in TCP mock socket
Because two buffers were aliased too early in the code, it was possible that
after an allocation failure, free() would be called twice for the same pointer.
2020-01-28 13:04:21 +01:00
Janos Follath 4c987e2c83
Merge pull request #2993 from yanesca/bump-version-2.20.0
Bump version to Mbed TLS 2.20.0
2020-01-28 11:31:57 +00:00
Manuel Pégourié-Gonnard 042c5e4217
Merge pull request #3000 from gilles-peskine-arm/changelog-2.20.0
Add changelog entries for the crypto changes in 2.20.0
2020-01-28 09:38:30 +01:00
Manuel Pégourié-Gonnard 358462df85
Merge pull request #354 from mpg/fix-ecdsa-pointer-inc
Fix incrementing pointer instead of value
2020-01-28 09:26:28 +01:00
Jack Lloyd 60239753d2 Avoid memory leak when RSA-CRT is not enabled in build 2020-01-27 17:53:36 -05:00
Zachary J. Fields 96134effea
Update ChangeLog 2020-01-27 16:12:02 -06:00
Janos Follath 4c736fb6a8 Update Mbed Crypto SO version
The recent update changed the Mbed Crypto SO version, get Mbed TLS in
sync.
2020-01-27 16:37:14 +00:00
Janos Follath ceceedb532 Update Mbed Crypto to 3.0.1 2020-01-27 16:23:55 +00:00
Janos Follath 1146b4e060
Merge pull request #348 from yanesca/bump-version-to-mbed-tls-2.20.0
Bump version to Mbed TLS 2.20.0 and crypto SO version to 4
2020-01-27 15:56:45 +00:00
Gilles Peskine e3b285d2c8 Add crypto security fixes merged after mbedcrypto-3.0.0 2020-01-27 14:24:19 +01:00
Jaeden Amero 62236d7651 Add ChangeLog entry
Add a ChangeLog entry for Jonathan Bennett's contribution which allows
loading symlinked certificates.
2020-01-24 18:20:56 +00:00
Jonathan Bennett fdc16f36b4 Allow loading symlinked certificates
When mbedtls_x509_crt_parse_path() checks each object in the supplied path, it only processes regular files. This change makes it also accept a symlink to a file. Fixes #3005.

This was observed to be a problem on Fedora/CentOS/RHEL systems, where the ca-bundle in the default location is actually a symlink.
2020-01-24 09:12:03 -06:00
Manuel Pégourié-Gonnard ee4ba54d8d Fix incrementing pointer instead of value
This was introduced by a hasty search-and-replace that didn't account for C's
operator precedence when changing those variables to pointer types.
2020-01-24 12:11:56 +01:00
Manuel Pégourié-Gonnard 2b9b780ac0 Rename internal macro for consistency
Other modules have similar internal macros using _LENGTH in the name.
2020-01-24 11:01:02 +01:00
Manuel Pégourié-Gonnard b7f7092f57 Remove preprocessor directive for consistency
Other cases in this switch statement aren't guarded either.
2020-01-24 10:59:08 +01:00
Manuel Pégourié-Gonnard 3a3b5c7827 Improve doxygen formatting 2020-01-24 10:57:25 +01:00
Manuel Pégourié-Gonnard f2e2902c5a Add detection for zlib headers to all.sh 2020-01-24 10:44:13 +01:00
Manuel Pégourié-Gonnard c40b685837 Fix bug in record decompression
ssl_decompress_buf() was operating on data from the ssl context, but called at
a point where this data is actually in the rec structure. Call it later so
that the data is back to the ssl structure.
2020-01-24 10:44:13 +01:00
Manuel Pégourié-Gonnard 342d2ca9ab Add test for record compression in ssl-opt.sh
Deprecated but still needs to be tested.
2020-01-24 10:44:13 +01:00
Manuel Pégourié-Gonnard 95e04490fa Add all.sh components with ZLIB enabled
ZLIB support is deprecated, but until it's removed it should still be tested.
2020-01-24 10:44:13 +01:00
Gilles Peskine 80fcacebdb Add changelog entry for the zlib support fix 2020-01-24 09:35:01 +01:00
jiblime 9f25b8deff Fixes definition error when the deprecated MBEDTLS_ZLIB_SUPPORT and ENABLE_ZLIB_SUPPORT macro are defined/enabled for zlib support in mbedtls
100% tests passed, 0 tests failed out of 85

https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1842

https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1862
2020-01-24 09:34:06 +01:00
Jack Lloyd 8c2631b6d3 Address review comments 2020-01-23 17:23:52 -05:00
Jack Lloyd 80cc811039 Parse RSA parameters DP, DQ and QP from PKCS1 private keys
Otherwise these values are recomputed in mbedtls_rsa_deduce_crt, which
currently suffers from side channel issues in the computation of QP (see
https://eprint.iacr.org/2020/055). By loading the pre-computed values not
only is the side channel avoided, but runtime overhead of loading RSA keys
is reduced.

Discussion in https://github.com/ARMmbed/mbed-crypto/issues/347
2020-01-22 17:34:29 -05:00
Gilles Peskine 50f577067c Fix GitHub repository indications for crypto changes in 2.20
The content was originally written for mbed-crypto. Change pull
request references to be relative to mbedtls instead.
2020-01-22 19:02:59 +01:00
Gilles Peskine 8c7d2c25a4 Remove markdown artifacts 2020-01-22 19:02:09 +01:00
Gilles Peskine 4073d4e529 Add changelog entry for the unchecked mbedtls_md call 2020-01-22 18:58:20 +01:00
Gilles Peskine 6a4c340c36 Add changelog entries for the crypto changes in 2.20.0
Describe changes between mbedcrypto-2.0.0 (version in Mbed TLS 2.19.0)
and mbedcrypto-3.0.0 (version in Mbed TLS 2.20.0).
2020-01-22 18:28:24 +01:00
Philippe Antoine 8b1ed1cf0e Adds explicit include to stdlib.h for abort 2020-01-22 16:22:36 +01:00
Piotr Nowicki 890b5ca330 Change non-blocking read/write in TCP mock socket
Previously mocked non-blocking read/write was returning 0 when buffer was empty/full. That was causing ERR_SSL_CONN_EOF error in tests which was using these mocked callbacks. Beside that non-blocking read/write was returning ERR_SSL_WANT_READ/_WRITE depending on block pattern set by test design. Such behavior forced to redesign of these functions so that they could be used in other tests
2020-01-22 14:15:17 +01:00
Philippe Antoine 7d4bd6f15f Checks mbedtls_rsa_export_crt return in fuzz targets 2020-01-22 14:14:18 +01:00
Philippe Antoine 66070bc19d Checks mbedtls_rsa_export return in fuzz targets 2020-01-22 13:54:56 +01:00
Piotr Nowicki fb437d72ef Fix segmentation fault in mbedtls_test_buffer
This error occurs when free space in the buffer is in the middle (the buffer has come full circle) and function mbedtls_test_buffer_put is called. Then the arguments for memcpy are calculated incorrectly and program ends with segmentation fault
2020-01-22 13:25:36 +01:00
Andrzej Kurek bc483dea84 Add a message-based socket mock connection to the ssl tests
The connection will send/receive full messages.
2020-01-22 06:38:03 -05:00
Andrzej Kurek 13719cdae4 Add a message metadata queue in ssl tests
Add a metadata queue that will be used on top of the ring buffer callbacks.
Add normal and negative tests.
2020-01-22 06:36:39 -05:00
Andrzej Kurek f7774146b6 ssl test suite: enable dropping bytes from buffer
Add an option to not pass any buffer to mbedtls_test_buffer_get to drop data.
2020-01-22 06:34:59 -05:00
Gilles Peskine 95c893d17f More systematic handling of trailing garbage in parse_prefixes
Before, the string to parse may contain trailing garbage (there was
never more than one byte), and there was a separate argument
indicating the length of the content. Now, the string to parse is the
exact content, and the test code runs an extra test step with a
trailing byte added.
2020-01-21 21:29:37 +01:00
Gilles Peskine ef4183858a Document how tested prefix lengths are chosen 2020-01-21 21:29:37 +01:00
Gilles Peskine 9c673233bc Fix outcome file leak if execute_tests exits early
If there was a fatal error (bizarre behavior from the standard
library, or missing test data file), execute_tests did not close the
outcome file. Fix this.
2020-01-21 18:03:56 +01:00
Gilles Peskine 2ac4d86040 Fix file leak in test program
A similar bug was fixed earlier in ssl_server2, but we missed the fix
in ssl_client2.
2020-01-21 17:39:52 +01:00
Gilles Peskine b08e44fda7 Add missing return code check on call to mbedtls_md() 2020-01-21 16:56:14 +01:00
Gilles Peskine 84984ae220 Add missing return code check on calls to mbedtls_md() 2020-01-21 16:52:08 +01:00
Gilles Peskine 9018b11302 Check that mbedtls_mpi_grow succeeds 2020-01-21 16:30:53 +01:00
Gilles Peskine 292672eb12 If ASSERT_ALLOC_WEAK fails, mark the test as skipped, not passed
This was the intended behavior of ASSERT_ALLOC_WEAK all along, but
skipping was not implemented yet when ASSERT_ALLOC_WEAK was
introduced.
2020-01-21 16:20:04 +01:00
Gilles Peskine 42a1acfd0e get_len_step: Fix end-of-buffer calculation when buffer_size==0
Fix get_len_step when buffer_size==0. The intent of this test is to
ensure (via static or runtime buffer overflow analysis) that
mbedtls_asn1_get_len does not attempt to access beyond the end of the
buffer. When buffer_size is 0 (reached from get_len when parsing a
1-byte buffer), the buffer is buf[1..1] because allocating a 0-byte
buffer might yield a null pointer rather than a valid pointer. In this
case the end of the buffer is p==buf+1, not buf+buffer_size which is
buf+0.

The test passed because calling mbedtls_asn1_get_len(&p,end,...) with
end < p happens to work, but this is not guaranteed.
2020-01-21 16:12:07 +01:00
Janos Follath 2e9f108fbd Bump version to Mbed TLS 2.20.0 2020-01-21 14:08:26 +00:00
Gilles Peskine a2bdcb9e3a Remove redundant block_size validity check
Check the value only once, as soon as we've obtained it.
2020-01-21 15:02:14 +01:00
Gilles Peskine 322752ba20 Minor comment improvement 2020-01-21 13:59:51 +01:00
Gilles Peskine e2f563e22e Improve comments in mpi_shrink 2020-01-20 21:17:43 +01:00
Gilles Peskine db42062cb9 mpi_copy: make the 0 case slightly more robust
If Y was constructed through functions in this module, then Y->n == 0
iff Y->p == NULL. However we do not prevent filling mpi structures
manually, and zero may be represented with n=0 and p a valid pointer.
Most of the code can cope with such a representation, but for the
source of mbedtls_mpi_copy, this would cause an integer underflow.
Changing the test for zero from Y->p==NULL to Y->n==0 causes this case
to work at no extra cost.
2020-01-20 21:12:50 +01:00