Commit graph

6563 commits

Author SHA1 Message Date
Simon Butcher c37966239c Merge remote-tracking branch 'public/pr/2080' into mbedtls-2.7-restricted-proposed 2018-11-07 13:34:27 +00:00
Simon Butcher ce8c509b3e Merge remote-tracking branch 'public/pr/2135' into mbedtls-2.7-restricted-proposed 2018-11-07 13:33:09 +00:00
Simon Butcher a5c0071cd2 Merge remote-tracking branch 'public/pr/2153' into mbedtls-2.7-restricted-proposed 2018-11-07 13:32:53 +00:00
Simon Butcher b7d2d5c933 Merge remote-tracking branch 'public/pr/2155' into mbedtls-2.7-restricted-proposed 2018-11-07 13:32:04 +00:00
Simon Butcher 0afa2ef6c4 Merge remote-tracking branch 'public/pr/2176' into mbedtls-2.7-restricted-proposed 2018-11-07 13:31:39 +00:00
Hanno Becker 0a08a4a68d Adapt ChangeLog 2018-11-06 13:19:06 +00:00
Hanno Becker 18a4cbfac3 Don't perform binary comparison of CRL issuer and CA subject
Previously, when checking whether a CRT was revoked through
one of the configured CRLs, the library would only consider
those CRLs whose `issuer` field binary-matches the `subject`
field of the CA that has issued the CRT in question. If those
fields were not binary equivalent, the corresponding CRL was
discarded.

This is not in line with RFC 5280, which demands that the
comparison should be format- and case-insensitive. For example:

- If the same string is once encoded as a `PrintableString` and
  another time as a `UTF8String`, they should compare equal.
- If two strings differ only in their choice of upper and lower case
  letters, they should compare equal.

This commit fixes this by using the dedicated x509_name_cmp()
function to compare the CRL issuer with the CA subject.

Fixes #1784.
2018-11-06 13:18:40 +00:00
Hanno Becker 52da7ee9e0 Move static x509_name_cmp() in library/x509_crt.c
A subsequent change will need this function earlier
within the file.
2018-11-06 13:18:23 +00:00
Hanno Becker 2130163012 Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.

The test files were generated using PR #1641 which
- adds a build instruction for test-ca.crt to
  tests/data_files/Makefile which allows easy
  change of the subject DN.
- changes the default string format from `PrintableString`
  to `UTF8String`.

Specifically:
- `test-ca_utf8.crt` was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641.
- `test-ca_uppercase.crt`, too, was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641, after modifying the subject DN line in the build
   instruction for `test-ca.crt` in `tests/data_files/Makefile`.
-  `test-ca_printable.crt` is a copy of `test-ca.crt`
   because at the time of this commit, `PrintableString` is
   still the default string format.
2018-11-06 13:17:07 +00:00
Simon Butcher 7b28abc8ae Merge remote-tracking branch 'public/pr/2045' into mbedtls-2.7-proposed 2018-11-04 18:53:52 +00:00
Simon Butcher 5a15fa3cdc Merge remote-tracking branch 'public/pr/2096' into mbedtls-2.7-proposed 2018-11-04 18:48:46 +00:00
Simon Butcher fa8c974329 Merge remote-tracking branch 'public/pr/2115' into mbedtls-2.7-proposed 2018-11-04 18:42:47 +00:00
Hanno Becker 0b0753c588 Adapt ChangeLog 2018-10-30 10:09:24 +00:00
Hanno Becker 3ddf101ac1 Correct typo in documentation of MBEDTLS_SSL_RENEGOTIATION 2018-10-30 09:39:35 +00:00
Hanno Becker 995878cc00 Improve documentation of mbedtls_ssl_get_verify_result()
Fixes #517.
2018-10-30 09:35:16 +00:00
Simon Butcher e2a6f01f3f Merge remote-tracking branch 'public/pr/1763' into mbedtls-2.7-proposed 2018-10-28 18:13:46 +00:00
Simon Butcher 80544a1fc2 Merge remote-tracking branch 'public/pr/2057' into mbedtls-2.7-proposed 2018-10-28 17:23:49 +00:00
Simon Butcher 50f03ce4fb Merge remote-tracking branch 'public/pr/2071' into mbedtls-2.7-proposed 2018-10-28 16:55:12 +00:00
Simon Butcher 1222dddbd0 Merge remote-tracking branch 'public/pr/2112' into mbedtls-2.7-proposed 2018-10-28 16:22:29 +00:00
Simon Butcher 0ef20f765c Merge remote-tracking branch 'public/pr/2109' into mbedtls-2.7-proposed 2018-10-28 16:17:17 +00:00
Simon Butcher ec3f9c362d Merge remote-tracking branch 'public/pr/2032' into mbedtls-2.7 2018-10-27 18:34:46 +01:00
Simon Butcher e7bc4fc47f Merge remote-tracking branch 'public/pr/2041' into mbedtls-2.7 2018-10-27 18:28:03 +01:00
Simon Butcher 6d5db78b86 Merge remote-tracking branch 'public/pr/2037' into mbedtls-2.7 2018-10-27 18:01:49 +01:00
Hanno Becker 85adbfa9ef Adapt ChangeLog 2018-10-25 15:50:41 +01:00
Hanno Becker 5cc4f76f5f Reinitialize PK ctx in mbedtls_pk_parse_key before reuse are free
Context: This commit makes a change to mbedtls_pk_parse_key() which
is responsible for parsing of private keys. The function doesn't know
the key format in advance (PEM vs. DER, encrypted vs. unencrypted) and
tries them one by one, resetting the PK context in between.

Issue: The previous code resets the PK context through a call to
mbedtls_pk_free() along, lacking the accompanying mbedtls_pk_init()
call. Practically, this is not an issue because functionally
mbedtls_pk_free() + mbedtls_pk_init() is equivalent to mbedtls_pk_free()
with the current implementation of these functions, but strictly
speaking it's nonetheless a violation of the API semantics according
to which xxx_free() functions leave a context in uninitialized state.
(yet not entirely random, because xxx_free() functions must be idempotent,
so they cannot just fill the context they operate on with garbage).

Change: The commit adds calls to mbedtls_pk_init() after those calls
to mbedtls_pk_free() within mbedtls_pk_parse_key() after which the
PK context might still be used.
2018-10-25 15:24:21 +01:00
Simon Butcher 2adf43a30b
Merge pull request #2122 from dgreen-arm/mbedtls-2.7-jenkinsfile
Backport 2.7: Add Jenkinsfile for PR job
2018-10-19 17:01:16 +01:00
Darryl Green 37b35b13e6 Add Jenkinsfile for PR job 2018-10-19 15:25:57 +01:00
Simon Butcher 437f96e3a4 Add a macro to define the memory size in ssl_server2.c
When MBEDTLS_MEMORY_BUFFER_ALLOC_C was defined, the sample ssl_server2.c was
using its own memory buffer for memory allocated by the library. The memory
used wasn't obvious, so this adds a macro for the memory buffer allocated to
make the allocated memory size more obvious and hence easier to configure.
2018-10-18 10:08:56 +01:00
Simon Butcher 35007df398 Increase the memory buffer size for ssl_server2.c
Newer features in the library have increased the overall RAM usage of the
library, when all features are enabled. ssl_server2.c, with all features enabled
was running out of memory for the ssl-opt.sh test 'Authentication: client
max_int chain, server required'.

This commit increases the memory buffer allocation for ssl_server2.c to allow
the test to work with all features enabled.
2018-10-18 10:08:53 +01:00
Hanno Becker 7e1913bfa8 Adapt ChangeLog 2018-10-17 14:54:28 +01:00
Hanno Becker ca31b47188 Fail when encountering invalid CBC padding in EtM records
This commit changes the behavior of the record decryption routine
`ssl_decrypt_buf()` in the following situation:
1. A CBC ciphersuite with Encrypt-then-MAC is used.
2. A record with valid MAC but invalid CBC padding is received.
In this situation, the previous code would not raise and error but
instead forward the decrypted packet, including the wrong padding,
to the user.

This commit changes this behavior to return the error
MBEDTLS_ERR_SSL_INVALID_MAC instead.

While erroneous, the previous behavior does not constitute a
security flaw since it can only happen for properly authenticated
records, that is, if the peer makes a mistake while preparing the
padded plaintext.
2018-10-17 14:54:16 +01:00
Hanno Becker ddf9d9645a Add missing return value check in ECDSA test suite
The test case `ecdsa_det_test_vectors` from the ECDSA test suite
called `mbedtls_md()` without checking its return value.
2018-10-17 14:00:59 +01:00
Hanno Becker 74a1c4b178 Adapt ChangeLog 2018-10-16 09:14:07 +01:00
Hanno Becker d82e0c0235 Add missing zeroization of reassembled handshake messages
This commit ensures that buffers holding fragmented or
handshake messages get zeroized before they are freed
when the respective handshake message is no longer needed.
Previously, the handshake message content would leak on
the heap.
2018-10-16 09:14:03 +01:00
Hanno Becker 9a1a151a1a Zeroize sensitive data in aescrypt2 and crypt_and_hash examples
This commit replaces multiple `memset()` calls in the example
programs aes/aescrypt2.c and aes/crypt_and_hash.c by calls to
the reliable zeroization function `mbedtls_zeroize()`.

While not a security issue because the code is in the example
programs, it's bad practice and should be fixed.
2018-10-15 13:26:37 +01:00
Hanno Becker 643f311921 Omit runtime configuration of calloc/free if macro config enabled
This commit removes the definition of the API function

`mbedtls_platform_set_calloc_free()`

from `library/platform.c` in case the macros

`MBEDTLS_PLATFORM_CALLOC_MACRO`
`MBEDTLS_PLATFORM_FREE_MACRO`

for compile time configuration of calloc/free are set.

This is in line with the corresponding header `mbedtls/platform.h`
which declares `mbedtls_platform_set_calloc_free()` only if
`MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO` are not defined.

Fixes #1642.
2018-10-11 11:10:14 +01:00
Hanno Becker 72311b468d Add test for MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO to all.sh
This commit adds a test to tests/scripts/all.sh exercising an
ASan build of the default configuration with

MBEDTLS_PLATFORM_MEMORY enabled,
MBEDTLS_PLATFORM_CALLOC_MACRO set to std calloc
MBEDTLS_PLATFORM_FREE_MACRO   set to std free

(This should functionally be indistinguishable from a default build)
2018-10-11 11:10:09 +01:00
Hanno Becker 591cdb0daa Adapt ChangeLog 2018-10-09 12:46:02 +01:00
Hanno Becker f690ffa53c Fix ordering of free()ing of internal structures in ssl_server2
If `MBEDTLS_MEMORY_BUFFER_ALLOC_C` is configured and Mbed TLS'
custom buffer allocator is used for calloc() and free(), the
read buffer used by the server example application is allocated
from the buffer allocator, but freed after the buffer allocator
has been destroyed. If memory backtracing is enabled, this leaves
a memory leak in the backtracing structure allocated for the buffer,
as found by valgrind.

Fixes #2069.
2018-10-09 12:45:46 +01:00
Hanno Becker 16a77626de Adapt ChangeLog 2018-10-05 09:55:34 +01:00
Hanno Becker 294e584e5e Fix memory leak and freeing without initialization in cert_write
* The variables `csr` and `issuer_crt` are initialized but not freed.
* The variable `entropy` is unconditionally freed in the cleanup section
  but there's a conditional jump to that section before its initialization.
  This cmmot Moves it to the other initializations happening before the
  first conditional jump to the cleanup section.

Fixes #1422.
2018-10-05 09:55:13 +01:00
Gilles Peskine 3400b4dbd6 check-files: exclude .git and third-party files
Exclude ".git" directories anywhere. This avoids spurious errors in git
checkouts that contain branch names that look like a file
check-files.py would check. Fix #1713

Exclude "mbed-os" anywhere and "examples" from the root. Switch to the
new mechanism to exclude "yotta/module". These are directories where
we store third-party files that do not need to match our preferences.

Exclude "cov-int" from the root. Fix #1691
2018-10-02 13:14:58 +02:00
Simon Butcher 1a37b91a51 Add ChangeLog entry for Windows threading fix 2018-10-01 15:54:26 +01:00
irwir 88eeb4f3f7 Implicit _endthread call: comment changed 2018-10-01 14:33:34 +01:00
irwir 5afc7ba8bf Added spaces after type casts
`(void) TimerContext;` seems more consistent with the current style than ((void) TimerContext);
No objections to changing this if necessary.
2018-10-01 14:33:25 +01:00
irwir 8efb3cc0d1 Replace Windows API threading with CRT functions 2018-10-01 14:33:16 +01:00
Simon Butcher eb219391fa Fix run-test-suites.pl to screen for files
Changes run-test-suites.pl to filter out directories, and select only files
as on OSX, test coverage tests create .dSYM directories which were being
accidentally selected to execute.
2018-09-30 21:57:34 +01:00
Simon Butcher 7c9086b0ff Update ChangeLog with dtls sample IPv6 change 2018-09-30 16:25:48 +01:00
Simon Butcher 5c0204ef62 Change the default IP addresses for DTLS samples
Changes the IP address to bind to for dtls_server.c to be "::" or optionally
"0.0.0.0" if the preprocessor symbol FORCE_IPV4 is defined.

Also changes the destinaton IP address for dtls_client.c to be "::1" or if
FORCE_IPV4 symbol is defined "127.0.0.1".

This change allows on compilation dtls_server.c and dtls_client.c to both be
compiled to use either IPv4 or IPv6 so out of the box they will work together
without problem, and to avoid dtls_server.c binding to IPv6 and dtls_client.c
binding to IPv4.
2018-09-30 16:03:48 +01:00
Gilles Peskine fa1a314bc4 Look for documentation only in specific directories
Generate the documentation from include and doxygen/input only. Don't
get snared by files containing Doxygen comments that lie in other
directories such as tests, yotta, crypto/include, ...

The only difference this makes in a fresh checkout is that the
documentation no longer lists target_config.h. This file is from
yotta, does not contain any Doxygen comment, and its inclusion in the
rendered documentation was clearly an oversight.
2018-09-28 17:36:19 +02:00