Commit graph

8977 commits

Author SHA1 Message Date
Andres Amaya Garcia 9f3bdb87e5 Add test for MBEDTLS_SSL_HW_RECORD_ACCEL in all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 10:14:28 +01:00
Andres Amaya Garcia 52dbda62a0 Fix compilation issue when DTLS and SSL_HW_RECORD_ACCEL are on
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 10:13:27 +01:00
Janos Follath 0fce215851
Merge pull request #3053 from yanesca/bump-version-2.16.5
Bump version 2.16.5
2020-02-19 17:14:10 +00:00
Janos Follath 04039a5893 Add release info to ChangeLog 2020-02-19 12:12:38 +00:00
Janos Follath 334cf59930 Bump version to Mbed TLS 2.16.5 2020-02-19 12:03:00 +00:00
Gilles Peskine 0b59b6d82d
Merge pull request #3048 from mpg/fix-rsa-complete-2.16
[backport 2.16] Fix pk_parse_key()'s use of rsa_complete()
2020-02-19 10:23:11 +01:00
Manuel Pégourié-Gonnard 6444d1557d Add ChangeLog entries for pk_parse_key() fixes 2020-02-19 09:31:38 +01:00
Manuel Pégourié-Gonnard d09fcdedb9 Fix pkparse bug wrt MBEDTLS_RSA_ALT
Some code paths want to access members of the mbedtls_rsa_context structure.
We can only do that when using our own implementation, as otherwise we don't
know anything about that structure.
2020-02-18 10:49:06 +01:00
Manuel Pégourié-Gonnard 96ed13e21b Test each failure mode of pk_parse_key_pkcs1_der()
(Only the top-level ones, ie, for each call to eg asn1_get_mpi(), ensure
there's at least one test case that makes this call fail in one way, but don't
test the various ways to make asn1_get_mpi fail - that should be covered
elsewhere.)

- the new checks added by the previous commits needed exercising
- existing tests sometimes had wrong descriptions or where passing for the
  wrong reason (eg with the "length mismatch" test, the function actually
failed before reaching the length check)
- while at it, add tests for the rest as well

The valid minimal-size key was generated with:

openssl genrsa 128 2>/dev/null | openssl rsa -outform der 2>/dev/null | xxd -p
2020-02-18 10:49:06 +01:00
Manuel Pégourié-Gonnard 12fb9c383d Clean up test function pk_parse_key
- remove incorrect compile-time dependency (the individual cases already have
  correct run-time dependency information)
- remove unused argument
- remove unused stack buffer
- remove useless code block
2020-02-18 10:49:06 +01:00
Manuel Pégourié-Gonnard 25bb8dc228 Check public part when parsing private RSA key 2020-02-18 10:49:06 +01:00
Manuel Pégourié-Gonnard 9ab0305700 Don't pass zero to rsa_complete() as a param
When parsing a PKCS#1 RSAPrivateKey structure, all parameters are always
present. After importing them, we need to call rsa_complete() for the sake of
alternative implementations. That function interprets zero as a signal for
"this parameter was not provided". As that's never the case, we mustn't pass
any zero value to that function, so we need to explicitly check for it.
2020-02-18 10:49:06 +01:00
Manuel Pégourié-Gonnard a59988e197
Merge pull request #3029 from gilles-peskine-arm/test-opt-all-2.16
Backport 2.16: Fix and test the full config with gcc and clang
2020-02-11 09:17:09 +01:00
Manuel Pégourié-Gonnard 8d9b1c471c
Merge pull request #3027 from gilles-peskine-arm/mpi_copy_shrink-2.16
Backport 2.16: Improve robustness and testing of mbedtls_mpi_copy
2020-02-06 09:52:11 +01:00
Janos Follath b458b1f552
Merge pull request #3034 from yanesca/revert_pr_3012
Revert "Merge pull request #3012 from Patater/dev/jp-bennett/developm…
2020-02-05 15:13:02 +00:00
Janos Follath cabf0eed66 Revert "Merge pull request #3012 from Patater/dev/jp-bennett/development-2.16"
This reverts commit 7550e857bf, reversing
changes made to d0c2575324.

stat() will never return S_IFLNK as the file type, as stat()
explicitly follows symlinks.

Fixes #3005.
2020-02-04 14:42:15 +00:00
Janos Follath 82ebf511e9
Merge pull request #3019 from mpg/fix-ssl-opt-gnutls-no-sha1-2.16
[backport 2.16] Fix ssl-opt.sh for GnuTLS versions rejecting SHA-1
2020-02-04 11:18:30 +00:00
Gilles Peskine 0fe92c2f4f Test GCC and Clang with common build options
Goals:
* Build with common compilers with common options, so that we don't
  miss a (potentially useful) warning only triggered with certain
  build options.
* A previous commit removed -O0 test jobs, leaving only the one with
  -m32. We have inline assembly that is disabled with -O0, falling
  back to generic C code. This commit restores a test that runs the
  generic C code on a 64-bit platform.
2020-02-03 20:03:39 +01:00
Gilles Peskine 99d70d8cb1 Replace -O0 by -O1 or -Os in most components
Gcc skips some analyses when compiling with -O0, so we may miss
warnings about things like uninitialized variables.
2020-02-03 20:03:39 +01:00
Gilles Peskine 8ece8572b2 shrink tests: clearer description 2020-02-03 16:21:32 +01:00
Gilles Peskine e0ced3a3d6 Move test functions from Lilliput to Blefuscu
We normally represent bignums in big-endian order and there is no
reason to deviate here.
2020-02-03 16:21:31 +01:00
Gilles Peskine 56427c2d2b Minor comment improvement 2020-02-03 16:21:31 +01:00
Gilles Peskine 27c15c7853 Improve comments in mpi_shrink 2020-02-03 16:21:31 +01:00
Gilles Peskine 3e9f5228c8 mpi_copy: make the 0 case slightly more robust
If Y was constructed through functions in this module, then Y->n == 0
iff Y->p == NULL. However we do not prevent filling mpi structures
manually, and zero may be represented with n=0 and p a valid pointer.
Most of the code can cope with such a representation, but for the
source of mbedtls_mpi_copy, this would cause an integer underflow.
Changing the test for zero from Y->p==NULL to Y->n==0 causes this case
to work at no extra cost.
2020-02-03 16:21:31 +01:00
Gilles Peskine 8fe3b79cdb Better coverage for copy and swap
Cover more cases: different signs, different zeronesses, repeated
argument.
2020-02-03 16:21:31 +01:00
Gilles Peskine e6cca7c937 Bignum copy/shrink: More precise test case descriptions 2020-02-03 16:21:31 +01:00
Gilles Peskine c63676a0bb
Merge pull request #3016 from jack-fortanix/jack/parse-rsa-crt-2.16
Backport 2.16: Parse RSA parameters DP, DQ and QP from PKCS1 private keys
2020-01-31 16:37:41 +01:00
Gilles Peskine 4cc20f6f3d Fix duplicated Bugfix section in the changelog 2020-01-31 12:20:10 +01:00
Gilles Peskine 216c44d6eb Add changelog entry 2020-01-31 12:06:43 +01:00
Manuel Pégourié-Gonnard a7b9007d60
Merge pull request #2972 from mpg/add-zlib-tests-2.16
[2.16] Add zlib tests
2020-01-31 09:22:30 +01:00
Manuel Pégourié-Gonnard d20ae896ea De-duplicate SHA1-independent test in ssl-opt.sh
The splitting of this test into two versions depending on whether SHA-1 was
allowed by the server was a mistake in
5d2511c4d4 - the test has nothing to do with
SHA-1 in the first place, as the server doesn't request a certificate from
the client so it doesn't matter if the server accepts SHA-1 or not.
2020-01-30 12:48:46 +01:00
Manuel Pégourié-Gonnard 7c9add2f64 Fix ssl-opt.sh for GnuTLS versions rejecting SHA-1
While the whole script makes (often implicit) assumptions about the version of
GnuTLS used, generally speaking it should work out of the box with the version
packaged on our reference testing platform, which is Ubuntu 16.04 so far.

With the update from Jan 8 2020 (3.4.10-4ubuntu1.6), the patches for rejecting
SHA-1 in certificate signatures were backported, so we should avoid presenting
SHA-1 signed certificates to a GnuTLS peer in ssl-opt.sh.
2020-01-30 11:25:22 +01:00
Jack Lloyd b10fd065be Parse RSA parameters DP, DQ and QP from PKCS1 private keys
Otherwise these values are recomputed in mbedtls_rsa_deduce_crt, which
currently suffers from side channel issues in the computation of QP
(see https://eprint.iacr.org/2020/055). By loading the pre-computed
values not only is the side channel avoided, but runtime overhead of
loading RSA keys is reduced.

Discussion in https://github.com/ARMmbed/mbed-crypto/issues/347

Backport of https://github.com/ARMmbed/mbed-crypto/pull/352
2020-01-29 13:09:55 -05:00
Janos Follath bac9f1bfb0 Merge pull request #3001 from from gilles-peskine-arm/coverity-20200115-2.16 into mbedtls-2.16 2020-01-29 14:49:23 +00:00
Janos Follath 1f10f2e282
Merge pull request #3014 from mpg/fix-attribution-ecdsa-inc
[2.16] Fix contributor names in ChangeLog
2020-01-29 14:07:17 +00:00
Manuel Pégourié-Gonnard 58c27790de Fix previous ChangeLog merging error 2020-01-29 11:32:09 +01:00
Manuel Pégourié-Gonnard cc41e6cd75 Fix contributor names in ChangeLog 2020-01-29 10:47:34 +01:00
Manuel Pégourié-Gonnard 114d339756 Add detection for zlib headers to all.sh 2020-01-29 09:50:54 +01:00
Jaeden Amero 7550e857bf
Merge pull request #3012 from Patater/dev/jp-bennett/development-2.16
Backport 2.16: Allow loading symlinked certificates
2020-01-28 15:55:54 +00:00
Janos Follath d0c2575324
Merge pull request #2992 from yanesca/bump-version-2.16.4
Bump version to Mbed TLS 2.16.4
2020-01-28 11:32:46 +00:00
Jaeden Amero 68a24eba00 Add ChangeLog entry
Add a ChangeLog entry for Jonathan Bennett's contribution which allows
loading symlinked certificates.
2020-01-28 11:29:16 +00:00
Jonathan Bennett 6f45cb995b Allow loading symlinked certificates
When mbedtls_x509_crt_parse_path() checks each object in the supplied path, it only processes regular files. This change makes it also accept a symlink to a file. Fixes #3005.

This was observed to be a problem on Fedora/CentOS/RHEL systems, where the ca-bundle in the default location is actually a symlink.
2020-01-28 11:28:42 +00:00
Manuel Pégourié-Gonnard b0deeccc58
Merge pull request #3007 from mpg/fix-ecdsa-pointer-inc
[Backport 2.16] Fix incrementing pointer instead of value
2020-01-28 09:26:43 +01:00
Gilles Peskine 75aab5276f Add missing return code check on calls to mbedtls_md() 2020-01-27 15:16:16 +01:00
Gilles Peskine 1a30fbbd3b Check that mbedtls_mpi_grow succeeds 2020-01-27 15:16:16 +01:00
Gilles Peskine 83a5672ae1 Remove redundant block_size validity check
Check the value only once, as soon as we've obtained it.
2020-01-27 15:16:16 +01:00
Manuel Pégourié-Gonnard 42b8194b53 Fix incrementing pointer instead of value
This was introduced by a hasty search-and-replace that didn't account for C's
operator precedence when changing those variables to pointer types.
2020-01-24 12:35:47 +01:00
Gilles Peskine 42e4f6b706 Add changelog entry for the unchecked mbedtls_md call 2020-01-22 19:04:19 +01:00
Gilles Peskine 3a3b161e96 Add missing return code check on call to mbedtls_md() 2020-01-22 18:59:37 +01:00
Janos Follath 32b0216dd7 Bump version to Mbed TLS 2.16.4 2020-01-20 14:32:57 +00:00