Commit graph

1162 commits

Author SHA1 Message Date
Gilles Peskine c2e5cdd536 Explain aescrypt2 better and warn that it doesn't do things properly 2018-07-30 20:11:05 +02:00
Gilles Peskine 6b9cbb8685 Copyediting 2018-07-30 20:06:19 +02:00
Simon Butcher 2c92949e0a Merge remote-tracking branch 'public/pr/1198' into development 2018-07-24 17:20:17 +01:00
Simon Butcher c88c627fba Merge remote-tracking branch 'public/pr/1658' into development 2018-07-24 17:19:10 +01:00
Jaeden Amero 4ed32d065b cpp_dummy_build: Add NIST key wrapping header 2018-07-24 16:51:09 +01:00
Ron Eldor 9ab746c7c9 Add selftests
Add selftests for key wrapping
2018-07-24 16:43:20 +01:00
Simon Butcher fb3b0320d0 Merge remote-tracking branch 'public/pr/919' into development 2018-07-24 13:28:51 +01:00
Simon Butcher 116ac43d00 Merge remote-tracking branch 'public/pr/1852' into development 2018-07-24 12:18:59 +01:00
Simon Butcher cce68bec1d Add a macro to define the memory size in ssl_server2.c
When MBEDTLS_MEMORY_BUFFER_ALLOC_C was defined, the sample ssl_server2.c was
using its own memory buffer for memory allocated by the library. The memory
used wasn't obvious, so this adds a macro for the memory buffer allocated to
make the allocated memory size more obvious and hence easier to configure.
2018-07-23 14:26:09 +01:00
Simon Butcher ccbd46435f Increase the memory buffer size for ssl_server2.c
Newer features in the library have increased the overall RAM usage of the
library, when all features are enabled. ssl_server2.c, with all features enabled
was running out of memory for the ssl-opt.sh test 'Authentication: client
max_int chain, server required'.

This commit increases the memory buffer allocation for ssl_server2.c to allow
the test to work with all features enabled.
2018-07-22 14:43:39 +01:00
Andres Amaya Garcia ce6fbac247 Fix ssl_client2 to send 0-length app data 2018-07-20 23:09:29 +01:00
Simon Butcher 7d728bd70e Merge remote-tracking branch 'public/pr/1454' into development 2018-07-20 14:33:44 +01:00
Simon Butcher fad547072a Merge remote-tracking branch 'public/pr/532' into development 2018-07-19 16:15:51 +01:00
Ron Eldor 278af4536c Fix hmac_drbg failure in benchmark, with threading
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-05 14:33:22 +03:00
Andrzej Kurek 991f9fefd9 all_sh: add a check for header inclusion in cpp_dummy_build.cpp
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 09:08:21 -04:00
Nicholas Wilson 61fa436ad3 Address review comments - tidy usage of macros to use minimal values 2018-06-28 17:09:21 +01:00
Simon Butcher 19c01efda1 Merge remote-tracking branch 'public/pr/1258' into development 2018-06-28 11:44:59 +01:00
Andrzej Kurek 037ec4b416 Replace tabs with spaces 2018-06-28 05:07:08 -04:00
Andrzej Kurek 89c048c101 Tests: add a test for cpp linking
Change the name of header_test to cpp_dumy_build
Update the test description to better reflect its contents
2018-06-28 05:07:08 -04:00
Andrzej Kurek 0211c32c9a Change the cpp test to be optional
Remove unnecessary defines from the test.
Test by defining TEST_CPP using makefiles or cmake.
2018-06-28 05:07:08 -04:00
Andrzej Kurek 40741f8ce5 Add a test with a cpp executable including all mbed TLS headers
In case of any problems with the 'extern "C"' directives,
building the executable will fail
2018-06-28 05:05:40 -04:00
Ron Eldor bf4709978c Adjust to new RSA infrastructure
Don't access the rsa cotext parameters directly, but use
the local `mbedtls_mpi` variable that were exported.
2018-06-27 11:51:46 +03:00
Andrzej Kurek 755890f529 Remove trailing whitespace 2018-06-27 03:57:15 -04:00
Ron Eldor a522147f58 Fix compilation errors after updating
Fix compilation errorsthat happened after new code introduced
by updating the branch. Replaced `exit` label with `cleanup`.
2018-06-27 09:19:38 +03:00
Nicholas Wilson 2682edf205 Fix build using -std=c99
In each place where POSIX/GNU functions are used, the file must declare
that it wants POSIX functionality before including any system headers.
2018-06-25 12:00:26 +01:00
Manuel Pégourié-Gonnard 51d7cfe026 Fix coverity warnings in benchmark.c
Functions time with TIME_AND_TSC() didn't have their return values checked.
I'm not sure whether Coverity complained about existing uses, but it did about
new ones, since we consistently check their return values everywhere but here,
which it rightfully finds suspicious.

So, let's check return values. This probably adds a few cycles to existing
loop overhead, but on my machine (x86_64) the added overhead is less than the
random-looking variation between various runs, so it's acceptable.

Some calls had their own particular error checking; remove that in favour of
the new general solution.
2018-06-25 11:19:51 +02:00
Ron Eldor 7a81426a1a Fix style issue
Add space before and after paranthesis.
2018-06-24 16:34:15 +03:00
Ron Eldor 6a9257bc57 Add check for return code of bignumber code
Add check for return code of `mbedtls_mpi_write_file`
as commented by @sbutcher-arm
2018-06-24 16:33:09 +03:00
Andrzej Kurek da4029d665 ssl_server2: add buffer overhead for a termination character
Switch to mbedtls style of memory allocation
2018-06-20 07:07:55 -04:00
Andrzej Kurek 30e731decd Added buffer_size and response_size options for ssl-server2.
Added appropriate tests.
2018-06-20 04:22:06 -04:00
Manuel Pégourié-Gonnard 79d9b50421 Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development: (180 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-20 09:46:17 +02:00
Manuel Pégourié-Gonnard 0dadba2b58 Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (182 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-19 11:13:50 +02:00
Simon Butcher 688a456f58 Merge remote-tracking branch 'public/pr/1734' into development 2018-06-17 17:35:34 +01:00
Simon Butcher 5f57f1e3cc Merge remote-tracking branch 'public/pr/1270' into development 2018-06-15 14:17:31 +01:00
Gilles Peskine d5d983e168 ssl_server2: handle mbedtls_x509_dn_gets failure
If mbedtls_x509_dn_gets fails, the server could end up calling printf
on an uninitialized buffer. Check if the function succeeds. Found by
Coverity.
2018-06-15 14:05:10 +02:00
Andres Amaya Garcia 6b9bcd6267 Remove redundant ret = 1 in dh_client.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia eb8bca6561 Add missing platform macro defines in cert_app.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia bce5f7882c Add missing platform macro defines in pk_decrypt.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 7d42965ea8 Fix typo in platform macro defines for examples 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 28abd8e98c Fix ret code in gen_random_havege.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 25b5af58b4 Fix ret code in rsa_encrypt.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 7fe4edf8c0 Fix ret code in rsa_decrypt.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 7a9d01ceed Fix ret code in cert_app.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia dabd78fdc3 Fix ret code in generic_sum.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 9f3379d3ca Fix ret code in pk_verify.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 82b2726b4c Fix ret code in pk_sign.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 0a7522c127 Fix ret code in pk_encrypt.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 52898179cf Fix ret code in pk_encrypt.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia f47c9c11d1 Fix ret code in ecdh_curve25519.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia d905db65b7 Fix ret code in mpi_demo.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 78dabe07bf Fix ret code in pem2der.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 357b0b283a Fix ret code in ssl_cert_test.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 80081a68cd Fix ret code in udp_proxy.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 57a0c9b62c Fix ret code in req_app.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 898b208929 Fix ret code in crl_app.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia f9a54d339f Fix ret code in cert_write.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia aacd928f97 Fix ret code in cert_req.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 67a42acfb8 Fix ret code in ssl_mail_client.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 4be53b5519 Fix ret code in ssl_fork_server.c 2018-06-14 23:01:10 +01:00
Andres Amaya Garcia 5517202541 Fix ret code in ssl_client1.c 2018-06-14 23:01:10 +01:00
Andres Amaya Garcia 73d4a5f131 Fix ret code in gen_random_ctr_drbg.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 55a0d56b33 Fix ret code in gen_entropy.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia a8332637d7 Fix ret code in rsa_verify_pss.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 0a860f6301 Fix ret code in rsa_verify.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 3c41e564f8 Fix ret code in rsa_sign_pss.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 1a66056c77 Fix ret code in rsa_sign.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 70e1ffdacd Fix ret code in rsa_genkey.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia ed68488e28 Fix ret code in key_app_writer.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 0faf1a5c01 Fix ret code in key_app.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 208c217dfa Fix ret code in gen_key.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 2602a1fbc5 Fix ret code in ecdsa.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 03a992c817 Fix ret code in dh_server.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia d6bfeff289 Fix ret code in dh_genprime.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 898841dc71 Fix ret code in dh_client.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 4c47df6f3f Fix ret code in crypt_and_hash.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia 388c1b124e Fix ret code in aescrypt2.c 2018-06-14 22:59:57 +01:00
Gilles Peskine 4481744538 Fix memory leak in ssl_server2 with SNI + async callback
In ssl_server2, the private key objects are normally local variables
of the main function. However this does not hold for private keys in
the SNI configuration. When async callbacks are used, the test code
transfers the ownership of the private keys to the async callbacks.
Therefore the test code must free the SNI private keys through the
async callbacks (but it must not free the straight private keys this
way since they are not even heap-allocated).
2018-06-14 13:26:52 +02:00
Gilles Peskine e247989061 SNI + SSL async callback: make all keys async
When testing async callbacks with SNI, make all the keys async, not
just the first one. Otherwise the test is fragile with respect to
whether a key is used directly or through the async callbacks.
2018-06-14 13:26:52 +02:00
Gilles Peskine 2636fade52 ssl_async_resume: free the operation context on error 2018-06-14 13:26:52 +02:00
Gilles Peskine f5a9996088 ssl_server2: get op_name from context in ssl_async_resume as well 2018-06-14 13:26:52 +02:00
Gilles Peskine 3dae1cfa3a Async callback: use mbedtls_pk_check_pair to compare keys
In the current test code, the object that is used as a public key in
the certificate also contains a private key. However this is because
of the way the stest code is built and does not demonstrate the API in
a useful way. Use mbedtls_pk_check_pair, which is not what real-world
code would do (since the private key would typically be in an external
cryptoprocessor) but is a more representative placeholder.
2018-06-14 13:26:51 +02:00
Gilles Peskine a668c60186 Rename mbedtls_ssl_async_{get,set}_data for clarity
Rename to mbedtls_ssl_get_async_operation_data and
mbedtls_ssl_set_async_operation_data so that they're about
"async operation data" and not about some not-obvious "data".
2018-06-14 13:26:51 +02:00
Gilles Peskine 166ce748cf SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
The certificate passed to async callbacks may not be the one set by
mbedtls_ssl_conf_own_cert. For example, when using an SNI callback,
it's whatever the callback is using. Document this, and add a test
case (and code sample) with SNI.
2018-06-14 13:26:51 +02:00
Gilles Peskine d6fbfde994 ssl_async_set_key: detect if ctx->slots overflows 2018-06-14 13:26:51 +02:00
Gilles Peskine 4d9ec4dcf7 Fix uninitialized variable in ssl_server2 2018-06-14 13:26:51 +02:00
Gilles Peskine 6331d78675 Don't use the printf format %zd
We target C89 libc, so don't use %zd or %zu. Just use %u, and make
slot numbers `unsigned` for simplicity.
2018-06-14 13:26:51 +02:00
Gilles Peskine 3f3ada8839 Fix memory leak in ssl_server2 with SNI + async callback
In ssl_server2, the private key objects are normally local variables
of the main function. However this does not hold for private keys in
the SNI configuration. When async callbacks are used, the test code
transfers the ownership of the private keys to the async callbacks.
Therefore the test code must free the SNI private keys through the
async callbacks (but it must not free the straight private keys this
way since they are not even heap-allocated).
2018-06-13 18:09:28 +02:00
Gilles Peskine 157f6d8f74 SNI + SSL async callback: make all keys async
When testing async callbacks with SNI, make all the keys async, not
just the first one. Otherwise the test is fragile with respect to
whether a key is used directly or through the async callbacks.
2018-06-13 18:06:51 +02:00
Jaeden Amero 09317083b5 benchmark: Add comma at end of help message
The help message was missing a comma after "hmac_drbg". Add the missing
comma.
2018-06-13 12:16:25 +01:00
Jaeden Amero 9366feb504 aes: xts: Add new context structure
Add a new context structure for XTS. Adjust the API for XTS to use the new
context structure, including tests suites and the benchmark program. Update
Doxgen documentation accordingly.
2018-06-13 12:05:04 +01:00
Jaeden Amero e9ecf00007 aes: Remove AES-XEX
AES-XEX is a building block for other cryptographic standards and not yet a
standard in and of itself. We'll just provide the standardized AES-XTS
algorithm, and not AES-XEX. The AES-XTS algorithm and interface provided
can be used to perform the AES-XEX algorithm when the length of the input
is a multiple of the AES block size.
2018-06-13 12:03:29 +01:00
Aorimn 5f77801ac3 Implement AES-XTS mode
XTS mode is fully known as "xor-encrypt-xor with ciphertext-stealing".
This is the generalization of the XEX mode.
This implementation is limited to an 8-bits (1 byte) boundary, which
doesn't seem to be what was thought considering some test vectors [1].

This commit comes with tests, extracted from [1], and benchmarks.
Although, benchmarks aren't really nice here, as they work with a buffer
of a multiple of 16 bytes, which isn't a challenge for XTS compared to
XEX.

[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:03:27 +01:00
Aorimn daf7045372 Add benchmark for AES-XEX
This commit adds benchmark based on what has already been done with
AES-CBC mode.
2018-06-13 12:02:30 +01:00
Manuel Pégourié-Gonnard 558da9c3fe Make SSL error code more generic
It's undesirable to have users of the SSL layer check for an error code
specific to a lower-level layer, both out of general layering principles, and
also because if we later make another crypto module gain resume capabilities,
we would need to change the contract again (checking for a new module-specific
error code).
2018-06-13 12:02:12 +02:00
Manuel Pégourié-Gonnard da19f4c79f Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
Summary of merge conflicts:

include/mbedtls/ecdh.h -> documentation style
include/mbedtls/ecdsa.h -> documentation style
include/mbedtls/ecp.h -> alt style, new error codes, documentation style
include/mbedtls/error.h -> new error codes
library/error.c -> new error codes (generated anyway)
library/ecp.c:
    - code of an extracted function was changed
library/ssl_cli.c:
    - code addition on one side near code change on the other side
      (ciphersuite validation)
library/x509_crt.c -> various things
    - top fo file: helper structure added near old zeroize removed
    - documentation of find_parent_in()'s signature: improved on one side,
      added arguments on the other side
    - documentation of find_parent()'s signature: same as above
    - verify_chain(): variables initialised later to give compiler an
      opportunity to warn us if not initialised on a code path
    - find_parent(): funcion structure completely changed, for some reason git
      tried to insert a paragraph of the old structure...
    - merge_flags_with_cb(): data structure changed, one line was fixed with a
      cast to keep MSVC happy, this cast is already in the new version
    - in verify_restratable(): adjacent independent changes (function
      signature on one line, variable type on the next)
programs/ssl/ssl_client2.c:
    - testing for IN_PROGRESS return code near idle() (event-driven):
      don't wait for data in the the socket if ECP_IN_PROGRESS
tests/data_files/Makefile: adjacent independent additions
tests/suites/test_suite_ecdsa.data: adjacent independent additions
tests/suites/test_suite_x509parse.data: adjacent independent additions

* development: (1059 commits)
  Change symlink to hardlink to avoid permission issues
  Fix out-of-tree testing symlinks on Windows
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  ...
2018-06-13 09:52:54 +02:00
Simon Butcher ae4cafa2a6 Merge remote-tracking branch 'public/pr/795' into development 2018-06-12 16:55:47 +01:00
Gilles Peskine 3cde2fca53 ssl_async_resume: free the operation context on error 2018-06-12 14:17:39 +02:00
Manuel Pégourié-Gonnard 39b1904b9f Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (97 commits)
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  Remove useless parameter from function
  Wipe sensitive info from the stack
  ...
2018-06-07 12:02:55 +02:00
Azim Khan 1a8ef0772c Fix coverity defects 2018-06-06 03:44:03 +01:00
Manuel Pégourié-Gonnard 9c82e2ce49 Fix some whitespace issues 2018-06-04 12:30:16 +02:00