Commit graph

5955 commits

Author SHA1 Message Date
Hanno Becker 00cfc1ce52 Add "e exp master" TLS 1.3 key schedule label
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-09 10:41:23 +01:00
Hanno Becker 70d7fb0c2d Don't hardcode TLS 1.3 labels in test cases
ssl_tls1_3_keys.c exports a structure containing all labels used
in the TLS 1.3 key schedule, but the TLS 1.3 key scheduling unit
tests so far replicated those labels in the test file. In particular,
wrong label values in ssl_tls1_3_keys.c wouldn't have been caught
by the unit tests.

This commit modifies the TLS 1.3 key schedule unit tests to use
the TLS 1.3 labels as exported by ssl_tls1_3_keys.c. This not only
makes sure that those labels are correct, but also avoids hardcoding
their hex-encoding in the test file.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-09 10:17:37 +01:00
Hanno Becker 90551c7a26 Use uniform naming scheme for TLS 1.3 label structure
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-09 09:25:23 +01:00
Hanno Becker a3a5a4e1f9 Please check-names.sh
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:33:48 +01:00
Hanno Becker 815869ac9c Improve documentation of ssl_tls1_3_hkdf_encode_label()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:16:16 +01:00
Hanno Becker 00debc734b Minor improvement in ssl_tls13_keys.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:12:24 +01:00
Hanno Becker 493ea7f4ae Remove instances of camelCase in TLS 1.3 key schedule
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:08:06 +01:00
Hanno Becker 939bb4d8f6 Initialize TLS 1.3 label prefix with string literal
This is in line with how the entries of the TLS 1.3 label
structure `mbedtls_ssl_tls1_3_labels` are initialized.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:48:55 +01:00
Hanno Becker 9cb0a146f1 Remove duplicated computation of TLS 1.3 HKDF label length
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:48:14 +01:00
Hanno Becker e4435ea777 Introduce TLS 1.3 labels in a single place
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:43:52 +01:00
Hanno Becker 1981cb2972 Use uniform naming for TLS 1.3 label fields
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:36:29 +01:00
Hanno Becker 58c5cea73b Include common.h from ssl_tls13_keys.c
`common.h` takes care of the logic of chosing the correct
configuration file, so we don't need to replicate it in
each source file.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:31:33 +01:00
Hanno Becker e9cccb440c Implement TLS 1.3 key evolution function
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Hanno Becker b35d52240b Implement TLS 1.3 key derivation function Derive-Secret
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Hanno Becker 3385a4d5cf Implement TLS 1.3 traffic key generation
See the documentation in library/ssl_tls13_keys.h.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Hanno Becker be9d6648f8 Implement TLS 1.3 key derivation function HKDF-Expand-Label
This commit introduces a new file library/ssl_tls13_key.c
which will subsequently be populated with functionality relating
to the TLS 1.3 key schedule.

Those functions are expected to be internal and are documented
in the internal header library/ssl_tls13_keys.h.

The first function to be implemented is the key expansion
function `HKDF-Expand-Label`. See the documentation in
library/ssl_tls13_keys.h for more information.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:06 +01:00
Janos Follath 17ffc5da8d Bump version to Mbed TLS 2.24.0
Executed "./scripts/bump_version.sh --version 2.24.0"

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 16:22:57 +01:00
Janos Follath d2ce916b58 Merge branch 'development-restricted' 2020-08-26 14:15:34 +01:00
Gilles Peskine d4b9133850
Merge pull request #3611 from gilles-peskine-arm/psa-coverity-cleanups-202008
Minor fixes in PSA code and tests
2020-08-26 13:18:27 +02:00
Gilles Peskine 9e4d4387f0
Merge pull request #3433 from raoulstrackx/raoul/verify_crl_without_time
Always revoke certificate on CRL
2020-08-26 12:56:11 +02:00
Gilles Peskine 169ca7f06d psa_crypto_storage: Annotate file removal after a failed creation
Let static analyzers know that it's ok if psa_its_remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:50:06 +02:00
Gilles Peskine bab1b52048 psa_its: Annotate file removal after a failed creation
Let static analyzers know that it's ok if remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:49:19 +02:00
Janos Follath d4ac4e037b
Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted
Constant-flow copy of HMAC from variable position
2020-08-25 14:35:55 +01:00
Gilles Peskine ed19762a22
Merge pull request #3574 from makise-homura/e2k_support
Support building on e2k (Elbrus) architecture
2020-08-25 09:46:36 +02:00
makise-homura af9513bb48 A different approach of signed-to-unsigned comparison
Suggsted by @hanno-arm

Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-24 23:42:49 +03:00
Manuel Pégourié-Gonnard ba6fc9796a Fix a typo in a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-24 12:59:55 +02:00
Manuel Pégourié-Gonnard 6edfe60e0d
Merge pull request #2182 from hanno-arm/key_pwd
Add support for password protected key files to ssl_server2 and ssl_client2
2020-08-24 09:42:38 +02:00
Manuel Pégourié-Gonnard 1a6af8489e
Merge pull request #3578 from gilles-peskine-arm/md_setup-leak-development
Fix memory leak in mbedtls_md_setup with HMAC
2020-08-21 09:19:12 +02:00
Dan Handley 50118144c6 Update remaining copyright notices to use Linux Foundation guidance
Update copyright notices to newly added files since merge of original
PR #3546 "Update copyright notices to use Linux Foundation guidance".
Generated using the same script.

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-08-20 11:20:12 +01:00
Dan Handley abccfc1684 Merge development into development-restricted
* development:
  Update copyright notices to use Linux Foundation guidance
  Undef ASSERT before defining it to ensure that no previous definition has sneaked in through included files.
  Add ChangeLog entry for X.509 CN-type vulnerability
  Improve documentation of cn in x509_crt_verify()
  Fix comparison between different name types
  Add test: DNS names should not match IP addresses
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ssl-opt.sh: remove old buildbot-specific condition
  ssl-opt.sh: add proxy to all DTLS tests

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-08-20 11:07:12 +01:00
Manuel Pégourié-Gonnard de1cf2c5e1 Make mbedtls_ssl_cf_memcpy_offset() constant-flow
all.sh component test_valgrind_constant_flow is now passing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 10:22:41 +02:00
Manuel Pégourié-Gonnard 73afa37507 Add option to test constant-flow with valgrind
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 10:22:41 +02:00
Gilles Peskine d15c740df6 Fix memory leak in mbedtls_md_setup with HMAC
mbedtls_md_setup() allocates a hash-specific context and then, if
requested, an extra HMAC context. If the second allocation failed, the
hash context was not freed.

Fix this by ensuring that the mbedtls_md_context_t object is always in
a consistent state, in particular, that the md_info field is always
set. For robustness, ensure that the object is in a consistent state
even on errors (other than BAD_INPUT_DATA if the object was not in a
consistent state on entry).

Fix #3486

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-19 12:04:56 +02:00
Manuel Pégourié-Gonnard 7fe2c5f086 Add mbedtls_ssl_cf_memcpy_offset() with tests
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296

The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-19 11:56:02 +02:00
Manuel Pégourié-Gonnard 3c31afaca6 Use temporary buffer to hold the peer's HMAC
This paves the way for a constant-flow implementation of HMAC checking, by
making sure that the comparison happens at a constant address. The missing
step is obviously to copy the HMAC from the secret offset to this temporary
buffer with constant flow, which will be done in the next few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-19 11:56:01 +02:00
Bence Szépkúti 1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
makise-homura 0be6aa9957 Get back -Wsign-compare and fix sources according to it
Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-18 23:52:53 +03:00
Raoul Strackx a4e86141f1 Always revoke certificate on CRL
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-08-17 09:05:03 +02:00
Gilles Peskine c60c30eb68
Merge pull request #3557 from Ouss4/assert
Ensure that only one definition of ASSERT is present
2020-08-14 23:24:04 +02:00
Gilles Peskine 71f4fa13bb
Merge pull request #721 from gilles-peskine-arm/x509parse_crl-empty_entry-development
Fix buffer overflow in x509_get_entries (oss-fuzz 24123)
2020-08-14 23:22:31 +02:00
Manuel Pégourié-Gonnard 8ca03a7b68
Merge pull request #3554 from mpg/x509-verify-non-dns-san-dev
X509 verify non-DNS SANs
2020-08-14 11:32:22 +02:00
Hanno Becker 5c5efdfcf9 Fix format specifier in ssl_ciphersuite_match() 2020-08-14 09:59:26 +01:00
Hanno Becker 3c88c65426 Fix debug format specifier in ClientHello ciphersuite log 2020-08-14 09:59:26 +01:00
Hanno Becker ecea07d6c3 Unify ciphersuite related debug output on client and server
The client previously reproted the offered ciphersuites through
their numerical identifier only, while the server reported them
through their name.

This commit modifies the debug output on client and server to
both use the format `ID (NAME)` for the ciphersuites.
2020-08-14 09:58:51 +01:00
Manuel Pégourié-Gonnard c4af324a4b Merge branch 'development' into development-restricted
* development: (55 commits)
  Log change as bugfix
  Add changelog entry
  Clarify updates to the persistent state in storage
  With multiple applicable transparent drivers, the order is unspecified
  Minor clarifications
  Give some examples of purpsoses of pure-software transparent driver
  Fix typos
  Add a link to the PSA API specification
  Explain locations vs lifetimes
  Initialize key pointer in ecdh to NULL
  Add buffer zeroization when ecp_write_key fails
  Simplified key slot deletion
  Style fixes
  Use arc4random_buf instead of rand on NetBSD
  Apply review feedback
  Update open question section about public key storage
  Remove the paragraph about declaring application needs
  Change driver persistent data to a callback interface
  Rework and expand key management in opaque drivers
  Fix typos and copypasta
  ...
2020-08-14 10:11:21 +02:00
Gilles Peskine 3890f7cd3d
Merge pull request #3540 from gufe44/netbsd-rand-arc4random_buf
Use arc4random_buf instead of rand on NetBSD
2020-08-13 15:27:45 +02:00
Ouss4 e0b2687a2d Undef ASSERT before defining it to ensure that no previous definition
has sneaked in through included files.

Signed-off-by: Ouss4 <abdelatif.guettouche@gmail.com>
2020-08-12 20:02:25 +01:00
Gilles Peskine e900b59703
Merge pull request #719 from gabor-mezei-arm/689_zeroising_of_plaintext_buffers
Zeroising of plaintext buffers in mbedtls_ssl_read()
2020-08-12 18:51:42 +02:00
Manuel Pégourié-Gonnard f3e4bd8632 Fix comparison between different name types
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-11 10:24:21 +02:00
Manuel Pégourié-Gonnard eaa0739143
Merge pull request #716 from mpg/ct-varlen-hmac
Add constant-flow variable-length HMAC function
2020-08-10 12:40:33 +02:00