Commit graph

7445 commits

Author SHA1 Message Date
Gilles Peskine 5706e920a4 Remove a useless zeroization
Remove the zeroization of a pointer variable in the AES block
functions. The code was valid but spurious and misleading since it
looked like a mistaken attempt to zeroize the pointed-to buffer.
Reported by Antonio de la Piedra, CEA Leti, France.

Note that we do not zeroize the buffer here because these are the
round keys, and they need to stay until all the blocks are processed.
They will be zeroized in mbedtls_aes_free().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-22 09:43:53 +02:00
Ronald Cron dac5edc01f
Merge pull request #3747 from gilles-peskine-arm/verbosify-cmake-tests-2.7
Backport 2.7: all.sh: Enable verbose failure messages for CMake
2020-10-21 10:41:07 +02:00
Ronald Cron c10e6022ee
Merge pull request #3597 from gilles-peskine-arm/cert-gen-cleanup-202008-2.7
Backport 2.7: Minor cleanups in certificate generation
2020-10-15 13:33:49 +02:00
Gilles Peskine 85e05d87b5 Fix "make -C tests/data_files -f ..."
The toplevel directory is actually just ../..: the makefile commands
are executed in the subdirectory. $(PWD) earlier was wrong because it
comes from the shell, not from make. Looking up $(MAKEFILE_LIST) is
wrong because it indicates where the makefile is (make -f), not which
directory to work in (make -C).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-07 11:22:35 +02:00
Gilles Peskine b8d0c2a7b6 Fix "make -C tests/data_files"
It wasn't working when invoking programs/x509/cert_write or
programs/x509/cert_req due to relying on the current directory rather
than the location of the makefile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-07 11:16:56 +02:00
Gilles Peskine 7399b8abd6 Commit the intermediate files cert_md*.csr
They are used to generate cert_md*.crt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-07 11:16:56 +02:00
Gilles Peskine 8a1face5a5 Remove duplicate rule to generate cert_md5.crt
There were two rules that generated similar files, but with different
dates. Keep the one that's similar to md2 and md4.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-07 11:16:56 +02:00
Gilles Peskine b72d131ff0 cert_req: discover hash algorithms automatically
Discover hash algorithms automatically rather than hard-coding a list,
as was previously done in cert_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-07 11:16:56 +02:00
Jaeden Amero de97d1f2f8 all.sh: Enable verbose failure messages for CMake
Set the CMake-observed variable `CTEST_OUTPUT_ON_FAILURE`, so that when
a "make test" run by CMake fails, verbose test output about the detail
of failure is available.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-06 12:39:54 +02:00
Janos Follath 7e7c815aa0
Merge pull request #3733 from gilles-peskine-arm/changelog-user-visible-only-2.7
Backport 2.7: Only use ChangeLog to inform users, not for acknowledgement
2020-10-01 11:36:59 +01:00
Gilles Peskine 8c79c3f985 When to write a changelog: minor improvements
Mention sample programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:35:25 +02:00
Gilles Peskine 1ffd967411 Explain when to write a changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:35:25 +02:00
Gilles Peskine 57205b2297 We no longer credit contributors in the changelog
From now on, external contributions are no longer acknowledged in the
changelog file. They of course remain acknowledged in the Git history.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:35:05 +02:00
Gilles Peskine a89b650314 Remove changelog entries without a user-visible impact
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:35:05 +02:00
Janos Follath b016d8d524
Merge pull request #3729 from pkolbus/issue-3647-2.7
Backport 2.7: Restore retry in rsa_prepare_blinding()
2020-09-30 16:22:56 +01:00
Peter Kolbus e634564381 Restore retry in rsa_prepare_blinding()
Starting with commit 49e94e3, the do/while loop in
`rsa_prepare_blinding()` was changed to a `do...while(0)`, which
prevents retry from being effective and leaves dead code.

Restore the while condition to retry, and lift the calls to finish the
computation out of the while loop by by observing that they are
performed only when `mbedtls_mpi_inv_mod()` returns zero.

Signed-off-by: Peter Kolbus <peter.kolbus@garmin.com>
2020-09-30 07:39:15 -05:00
Gilles Peskine 2983b27a08
Merge pull request #3707 from ronald-cron-arm/feature/fix_return_code_1-2.7
Backport 2.7: Fix return code expression in pkparse
2020-09-22 18:52:09 +02:00
Jens Reimann 45a595845d fix return code
Signed-off-by: Jens Reimann <jreimann@redhat.com>
2020-09-22 16:19:25 +02:00
Gilles Peskine dc5fd035e6
Merge pull request #3661 from bensze01/typo-2.7
Backport 2.7: Fix typo in mbedtls_ssl_set_bio description.
2020-09-11 21:17:48 +02:00
Christopher bfb2d13642 Update ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt
Co-authored-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Christopher Moynihan <christophm@gmail.com>
2020-09-09 14:15:22 +02:00
Christopher Moynihan 7ad671b96e Fix typo in mbedtls_ssl_set_bio description.
Description referred to mbedtls_ssl_sent_t callback,
but the callback is named mbedtls_ssl_send_t.

Signed-off-by: Christopher Moynihan <christophm@gmail.com>
2020-09-09 14:15:22 +02:00
Manuel Pégourié-Gonnard 5796dfe197
Merge pull request #3652 from d-otte/mbedtls-2.7
Backport 2.7: adjusting size of sliding window array to correct size
2020-09-09 10:00:01 +02:00
Daniel Otte 72a410dcfc adding entry file to ChangeLog.d for backport of PR3592
Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:25:01 +02:00
Daniel Otte d9854684b9 adjusting comment on sliding window memory usage.
The comment now uses '**' as exponentiation operator.

Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:24:48 +02:00
Daniel Otte e6f2fb4878 fixing spelling mistakes (window <-- windows)
Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:24:39 +02:00
Daniel Otte 1939460417 adjusting size of sliding window array to correct size.
Probably the `W[2 << MBEDTLS_MPI_WINDOW_SIZE]` notation is based on a transcription of 2**MBEDTLS_MPI_WINDOW_SIZE.

Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:24:31 +02:00
Gilles Peskine 75ffb27577
Merge pull request #3627 from gilles-peskine-arm/test-fail-report-first-2.7
Backport 2.7: Report the first unit test failure, not the last one
2020-09-05 11:16:08 +02:00
Gilles Peskine cb0ec05717 Initialize ret from test code
The test function mbedtls_mpi_lt_mpi_ct did not initialize ret in test
code. If there was a bug in library code whereby the library function
mbedtls_mpi_lt_mpi_ct() did not set ret when it should, we might have
missed it if ret happened to contain the expected value. So initialize
ret to a value that we never expect.

In Mbed TLS 2.7.17, the lack of initialization also caused Valgrind to
fail on a Clang 3.8 build with -O1 or more (not with -O0). As far as I
can tell, this is an instance of a known bug/feature in Clang which
sometimes generates code that contains a conditional jump based on
memory which is not initialized at the C level. This is not really a
bug in Clang as a C compiler since the code has the same behavior
whether the branch is taken or not, and therefore the branch is not
observable at the C level. However, the branch on C-uninitialized
memory causes a false positive from Valgrind. Here are some reports of
this Clang behavior:
* https://lists.llvm.org/pipermail/llvm-dev/2016-November/107428.html
* https://bugs.llvm.org/show_bug.cgi?id=32604

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 15:18:07 +02:00
Gilles Peskine d4c9fd1e0a Report the first failure, not the last one
If test_fail is called multiple times in the same test case, report
the location of the first failure, not the last one.

With this change, you no longer need to take care in tests that use
auxiliary functions not to fail in the main function if the auxiliary
function has failed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-31 10:24:12 +02:00
Janos Follath 7cd4d2dadb
Merge pull request #750 from ARMmbed/mbedtls-2.7.17r0-pr
Prepare Release Candidate for Mbed TLS 2.7.17
2020-08-27 11:33:03 +01:00
Janos Follath 6badb015eb Update ChangeLog header
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 15:36:15 +01:00
Janos Follath 0db765ac65 Bump version to Mbed TLS 2.7.17
Executed "./scripts/bump_version.sh --version 2.7.17"

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 15:28:48 +01:00
Janos Follath 681a74dd5e Assemble ChangeLog
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 14:50:38 +01:00
Janos Follath 93c784b356 Merge branch 'mbedtls-2.7-restricted' 2020-08-26 14:16:29 +01:00
Gilles Peskine 934fe1ef18
Merge pull request #3561 from raoulstrackx/raoul/verify_crl_without_time_bp2.7
Backport 2.7: Always revoke certificate on CRL
2020-08-26 12:56:18 +02:00
Manuel Pégourié-Gonnard d4c464ff22
Merge pull request #746 from mpg/changelog-for-local-lucky13-2.7-restricted
[Backport 2.7] Add a ChangeLog entry for local Lucky13 variant
2020-08-26 11:52:29 +02:00
Raoul Strackx 2a8e9587a7 Always revoke certificate on CRL
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-08-26 11:38:41 +02:00
Manuel Pégourié-Gonnard f530c8018b Clarify that the Lucky 13 fix is quite general
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-26 10:58:35 +02:00
Manuel Pégourié-Gonnard c3f68378bc Add a ChangeLog entry for local Lucky13 variant
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-26 10:58:35 +02:00
Janos Follath 117587d544
Merge pull request #742 from mpg/cf-varpos-copy-2.7-restricted
[backport 2.7] Constant-flow copy of HMAC from variable position
2020-08-25 14:35:36 +01:00
Manuel Pégourié-Gonnard 520e78b830 Fix a typo in a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 12:01:11 +02:00
Manuel Pégourié-Gonnard f4435c4fed Improve comments on constant-flow testing in config.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 12:01:11 +02:00
Manuel Pégourié-Gonnard 426c2d4a38 Add an option to test constant-flow with valgrind
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 12:01:09 +02:00
Manuel Pégourié-Gonnard 3b490a0a01 Add mbedtls_ssl_cf_memcpy_offset() with tests
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296

The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 12:00:07 +02:00
Manuel Pégourié-Gonnard bf7a49eacc Use temporary buffer to hold the peer's HMAC
This paves the way for a constant-flow implementation of HMAC checking, by
making sure that the comparison happens at a constant address. The missing
step is obviously to copy the HMAC from the secret offset to this temporary
buffer with constant flow, which will be done in the next few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 12:00:07 +02:00
Manuel Pégourié-Gonnard d863a67a74 Merge branch 'mbedtls-2.7' into mbedtls-2.7-restricted
* mbedtls-2.7: (28 commits)
  A different approach of signed-to-unsigned comparison
  Update the copy of tests/data_files/server2-sha256.crt in certs.c
  Fix bug in redirection of unit test outputs
  Backport e2k support to mbedtls-2.7
  Don't forget to free G, P, Q, ctr_drbg, and entropy
  Regenerate server2-sha256.crt with a PrintableString issuer
  Regenerate test client certificates with a PrintableString issuer
  cert_write: support all hash algorithms
  compat.sh: stop using allow_sha1
  compat.sh: quit using SHA-1 certificates
  compat.sh: enable CBC-SHA-2 suites for GnuTLS
  Fix license header in pre-commit hook
  Update copyright notices to use Linux Foundation guidance
  Fix building on NetBSD 9.0
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ...
2020-08-25 10:59:51 +02:00
Gilles Peskine 84be024eb0
Merge pull request #3594 from gilles-peskine-arm/fix-compat.sh-with-ubuntu-16.04-gnutls-2.7
Backport 2.7: Fix compat.sh with ubuntu 16.04 gnutls 2.7
2020-08-25 10:00:54 +02:00
Gilles Peskine 46b3fc221e
Merge pull request #3599 from makise-homura/mbedtls-2.7
Backport 2.7: Support building on e2k (Elbrus) architecture
2020-08-25 09:46:42 +02:00
makise-homura 329fe7e043 A different approach of signed-to-unsigned comparison
Suggested by @hanno-arm

Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-24 18:39:56 +03:00
Gilles Peskine 1323fba357 Update the copy of tests/data_files/server2-sha256.crt in certs.c
Before this commit, certs.c had a copy of a different version of
tests/data_files/server2-sha256.crt (from the then development branch)
which was generated by cert_write. Update certs.c with the new
tests/data_files/server2-sha256.crt which is also generated by
cert_write.

The new copy has the same size as the old copy so there is no concern
about existing application binaries relying on the size. (The old
tests/data_files/server2-sha256.crt had a different size because it
had been generated by openssl and so had slightly different content.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-24 15:15:00 +02:00