Commit graph

8891 commits

Author SHA1 Message Date
Jack Lloyd b25719b031 Fix errors in AEAD test function
It was failing to set the key in the ENCRYPT direction before encrypting.
This just happened to work for GCM and CCM.

After re-encrypting, compare the length to the expected ciphertext
length not the plaintext length. Again this just happens to work for
GCM and CCM since they do not perform any kind of padding.
2019-03-14 11:06:02 +02:00
Junhwan Park 60ee28b36b x509.c: Fix potential memory leak in X.509 self test
Found and fixed by Junhwan Park in #2106.

Signed-off-by: Junhwan Park <semoking@naver.com>
2019-03-11 15:19:05 +02:00
Janos Follath 61ccc131d0 Remove Circle CI script
We are running an equivalent set of test by other means and therefore
this script is no longer needed.
2019-03-11 11:19:06 +00:00
Janos Follath 7ffe827fca Add ChangeLog entry for new function 2019-03-06 16:51:22 +00:00
Janos Follath 5f72119116 Add ChangeLog entry 2019-03-06 16:51:22 +00:00
Janos Follath d73f61332e Correct deterministic ECDSA behavior
We were still reusing the internal HMAC-DRBG of the deterministic ECDSA
for blinding. This meant that with cryptographically low likelyhood the
result was not the same signature as the one the deterministic ECDSA
algorithm has to produce (however it is still a valid ECDSA signature).

To correct this we seed a second HMAC-DRBG with the same seed to restore
correct behavior. We also apply a label to avoid reusing the bits of the
ephemeral key for a different purpose and reduce the chance that they
leak.

This workaround can't be implemented in the restartable case without
penalising the case where external RNG is available or completely
defeating the purpose of the restartable feature, therefore in this case
the small chance of incorrect behavior remains.
2019-03-06 16:51:22 +00:00
Janos Follath 9f24b73151 Add warning for alternative ECDSA implementations
Alternative implementations are often hardware accelerators and might
not need an RNG for blinding. But if they do, then we make them misuse
the RNG in the deterministic case.

There are several way around this:
- Exposing a lower level function for replacement. This would be the
optimal solution, but litters the API and is not backward compatible.
- Introducing a new compile time option for replacing the deterministic
function. This would mostly cover the same code as
MBEDTLS_ECDSA_DETERMINISTIC and would be yet another compile time flag.
- Reusing the existing MBEDTLS_ECDSA_DETERMINISTIC macro. This changes
the algorithm used by the PK layer from deterministic to randomised if
the alternative implementation is present.

This commit implements the third option. This is a temporary solution
and should be fixed at the next device driver API change.
2019-03-06 16:51:22 +00:00
Janos Follath 7e83344543 Test the new deterministic ECDSA function 2019-03-06 16:51:22 +00:00
Janos Follath 86d8c673c2 Fix ChangeLog entry ordering 2019-03-06 15:21:45 +00:00
Janos Follath f1713e96c9 Add a safer deterministic ECDSA function
`mbedtls_ecdsa_sign_det` reuses the internal HMAC-DRBG instance to
implement blinding. The advantage of this is that the algorithm is
deterministic too, not just the resulting signature. The drawback is
that the blinding is always the same for the same key and message.
This diminishes the efficiency of blinding and leaks information about
the private key.

A function that takes external randomness fixes this weakness.
2019-03-06 14:41:44 +00:00
Janos Follath 870ed0008a Fix typo 2019-03-06 13:51:30 +00:00
Janos Follath 276284fd2e Add non-regression test for buffer overflow 2019-03-06 13:51:25 +00:00
Hanno Becker c1fa6cdab6 Improve documentation of mbedtls_mpi_write_string() 2019-03-06 13:51:19 +00:00
Hanno Becker ae499753a2 Adapt ChangeLog 2019-03-06 13:51:12 +00:00
Hanno Becker af97cae27d Fix 1-byte buffer overflow in mbedtls_mpi_write_string()
This can only occur for negative numbers. Fixes #2404.
2019-03-06 13:50:54 +00:00
Ron Eldor 1fea599ecc Change Perl to Python in test builds
Change references to Perl when mentioning building the tests, to Python,
as this is now the script that builds the tests. Fixes #2078.
2019-03-06 15:32:55 +02:00
irwir 5b9e318e34 Fix default port number information 2019-03-06 15:15:28 +02:00
Jaeden Amero cef29a2fd0 Merge remote-tracking branch 'origin/pr/2401' into mbedtls-2.16
* origin/pr/2401:
  Add ChangeLog entry
  Fix private DER output shifted by one byte.
2019-03-05 16:37:13 +00:00
Jaeden Amero b0abd1c84f Merge remote-tracking branch 'origin/pr/2388' into mbedtls-2.16
* origin/pr/2388:
  Update change log
  all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1
  Fix DEADCODE in mbedtls_mpi_exp_mod()
2019-03-05 16:34:40 +00:00
Jaeden Amero 6b79a1115e Merge remote-tracking branch 'origin/pr/2293' into mbedtls-2.16
* origin/pr/2293:
  Declare test_suite_aes.ofb to CMake
  Add a facility to skip running some test suites
  run-test-suites: update the documentation
2019-03-05 16:31:02 +00:00
Jaeden Amero 203123b5b7 Merge remote-tracking branch 'origin/pr/1818' into mbedtls-2.16
* origin/pr/1818:
  Move ChangeLog entry from Bugfix to Changes section
  Adapt ChangeLog
  Return from debugging functions if SSL context is unset
2019-03-05 16:28:18 +00:00
Jaeden Amero daed232dd7 Merge remote-tracking branch 'origin/pr/2436' into mbedtls-2.16
* origin/pr/2436:
  Use certificates from data_files and refer them
  Specify server certificate to use in SHA-1 test
  refactor CA and SRV certificates into separate blocks
  refactor SHA-1 certificate defintions and assignment
  refactor server SHA-1 certificate definition into a new block
  define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME
  server SHA-256 certificate now follows the same logic as CA SHA-256 certificate
  add entry to ChangeLog
2019-03-05 16:26:34 +00:00
Gilles Peskine d2d7b5cf11 Ignore more generated files: seedfile, apidoc 2019-03-04 18:22:01 +01:00
Gilles Peskine f91c5a8535 Improve .gitignore grouping and documentation 2019-03-04 18:22:01 +01:00
Gilles Peskine 6663e9c18f Generate tags for Vi, for Emacs and with Global 2019-03-04 18:22:01 +01:00
Simon Butcher 799cd57c72 Merge remote-tracking branch 'restricted/pr/550' into mbedtls-2.16
* restricted/pr/550:
  Update query_config.c
  Fix failure in SSLv3 per-version suites test
  Adjust DES exclude lists in test scripts
  Clarify 3DES changes in ChangeLog
  Fix documentation for 3DES removal
  Exclude 3DES tests in test scripts
  Fix wording of ChangeLog and 3DES_REMOVE docs
  Reduce priority of 3DES ciphersuites
2019-03-01 13:05:43 +00:00
Simon Butcher e6a3f57898 Merge remote-tracking branch 'public/pr/2429' into mbedtls-2.16
* public/pr/2429:
  Add ChangeLog entry for unused bits in bitstrings
  Improve docs for ASN.1 bitstrings and their usage
  Add tests for (named) bitstring to suite_asn1write
  Fix ASN1 bitstring writing
2019-03-01 13:04:04 +00:00
Simon Butcher 3664fdb5f6 Merge remote-tracking branch 'public/pr/2449' into mbedtls-2.16
* public/pr/2449:
  Reword changelog entry
  Reenable GnuTLS next based tests
2019-03-01 13:01:54 +00:00
Manuel Pégourié-Gonnard 2eee0c3166 Update query_config.c 2019-03-01 10:30:30 +01:00
Manuel Pégourié-Gonnard f1e62e8e1e Fix failure in SSLv3 per-version suites test
The test used 3DES as the suite for SSLv3, which now makes the handshake fails
with "no ciphersuite in common", failing the test as well. Use Camellia
instead (as there are not enough AES ciphersuites before TLS 1.2 to
distinguish between the 3 versions).

Document some dependencies, but not all. Just trying to avoid introducing new
issues by using a new cipher here, not trying to make it perfect, which is a
much larger task out of scope of this commit.
2019-03-01 10:30:11 +01:00
Andres Amaya Garcia 37e0a8c455 Adjust DES exclude lists in test scripts 2019-03-01 10:30:11 +01:00
Andres Amaya Garcia 03afdc0971 Clarify 3DES changes in ChangeLog 2019-03-01 10:30:11 +01:00
Andres Amaya Garcia 7c86e9a03e Fix documentation for 3DES removal 2019-03-01 10:29:49 +01:00
Andres Amaya Garcia ac9c5221c5 Exclude 3DES tests in test scripts 2019-03-01 10:29:49 +01:00
Andres Amaya Garcia 6882ec1521 Fix wording of ChangeLog and 3DES_REMOVE docs 2019-03-01 10:29:49 +01:00
Andres Amaya Garcia 5d8aade01d Reduce priority of 3DES ciphersuites 2019-03-01 10:29:13 +01:00
Gilles Peskine afd19dd9b6 Silence pylint
Silence pylint in specific places where we're doing slightly unusual
or dodgy, but correct.
2019-02-25 21:42:32 +01:00
Gilles Peskine 6fc5215831 check-files.py: readability improvement in permission check 2019-02-25 21:42:32 +01:00
Gilles Peskine 21e85f78b8 check-files.py: use class fields for class-wide constants
In an issue tracker, heading and files_exemptions are class-wide
constants, so make them so instead of being per-instance fields.
2019-02-25 21:42:32 +01:00
Gilles Peskine d5240ec4c7 check-files.py: clean up class structure
Line issue trackers are conceptually a subclass of file issue
trackers: they're file issue trackers where issues arise from checking
each line independently. So make it an actual subclass.

Pylint pointed out the design smell: there was an abstract method that
wasn't always overridden in concrete child classes.
2019-02-25 21:42:32 +01:00
Gilles Peskine 9df176320e abi_check.py: Document more methods 2019-02-25 21:42:32 +01:00
Gilles Peskine 7660549187 check-files.py: document some classes and methods
Document all classes and longer methods.

Declare a static method as such. Pointed out by pylint.
2019-02-25 21:42:32 +01:00
Gilles Peskine 7b9fcdc2d5 Fix pylint errors going uncaught
Make check-python-files.sh run pylint on all *.py files (in
directories where they are known to be present), rather than list
files explicitly.

Fix a bug whereby the return status of check-python-files.sh was only
based on the last file passing, i.e. errors in other files were
effectively ignored.

Make check-python-files.sh run pylint unconditionally. Since pylint3
is not critical, make all.sh to skip running check-python-files.sh if
pylint3 is not available.
2019-02-25 21:42:32 +01:00
Gilles Peskine e70c6dcee0 Call pylint3, not pylint
We use Python 3, so call Pylint for Python 3, not for Python 2.
2019-02-25 21:42:32 +01:00
Gilles Peskine 5612a9372b New, documented pylint configuration
The pylint configuration in .pylint was a modified version of the
output of `pylint --generate-rcfile` from an unknown version of
pylint. Replace it with a file that only contains settings that are
modified from the default, with an explanation of why each setting is
modified.

The new .pylintrc was written from scratch, based on the output of
pylint on the current version of the files and on a judgement of what
to silence generically, what to silence on a case-by-case basis and
what to fix.
2019-02-25 21:42:32 +01:00
Jaeden Amero 2c1d492ccc Merge remote-tracking branch 'origin/pr/2428' into mbedtls-2.16 2019-02-22 12:53:27 +00:00
Gilles Peskine 05fcf4f3c5 Fix mbedtls_ecdh_get_params with new ECDH context
The new check for matching groups in mbedtls_ecdh_get_params only worked
with legacy ECDH contexts. Make it work with the new context format.
2019-02-22 12:51:51 +01:00
Gilles Peskine 661610c8e0 Add changelog entry for mbedtls_ecdh_get_params robustness 2019-02-22 10:24:31 +01:00
Gilles Peskine b47045a18e Fix ecdh_get_params with mismatching group
If mbedtls_ecdh_get_params is called with keys belonging to
different groups, make it return an error the second time, rather than
silently interpret the first key as being on the second curve.

This makes the non-regression test added by the previous commit pass.
2019-02-22 10:24:31 +01:00
Gilles Peskine 62a73511f1 Add test case for ecdh_get_params with mismatching group
Add a test case for doing an ECDH calculation by calling
mbedtls_ecdh_get_params on both keys, with keys belonging to
different groups. This should fail, but currently passes.
2019-02-22 10:24:31 +01:00