Commit graph

453 commits

Author SHA1 Message Date
Glenn Strauss de081ce75c Reset dhm_P and dhm_G if config call repeated
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-11 20:07:44 -05:00
Dave Rodgman 0798a827c8 Assemble changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:48:21 +00:00
Ronald Cron 2d2fb47e45 Add change log for #4883
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 11:47:25 +00:00
Dave Rodgman 04e920410d Add missing changelog for ARIA (#5051)
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-14 12:53:07 +00:00
Dave Rodgman 08412e2a67 Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.28.0rc0-pr
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-14 12:52:51 +00:00
Gilles Peskine c97cc18fb8
Merge pull request #5327 from gilles-peskine-arm/zeroize-tag-2.28
Backport 2.2x: Zeroize expected MAC/tag intermediate variables
2021-12-13 19:09:32 +01:00
Gilles Peskine 384b98bdae
Merge pull request #5310 from paul-elliott-arm/pkcs12_fix_2.x
Backport 2.x: Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:44 +01:00
Gilles Peskine d61551c017 Generalize MAC zeroization changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:55:17 +01:00
Paul Elliott 7a342a24ff Delete unneccesary changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:14:45 +00:00
Paul Elliott 2ab9a7a57a Stop CMake out of source tests running on 16.04
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:14:45 +00:00
Gilles Peskine 2b3f21dc0b Catch failures of md_hmac operations
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 15:02:06 +01:00
Gilles Peskine d8e2e8347b Zeroize local MAC variables
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 14:24:23 +01:00
Gilles Peskine 9e8f3a6b71
Merge pull request #5308 from minosgalanakis/development_2.x
Backport 2.x: Document platform architecture portability constraints
2021-12-10 21:13:09 +01:00
Paul Elliott f294ff5d87 Make changelog more specific
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-10 17:48:12 +00:00
Paul Elliott fe724fe618 Fix for pkcs12 with NULL or zero length password
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-10 17:48:12 +00:00
Minos Galanakis 5c93a9f214 Update changelog & readme
This patch adds explicit wording to state
that Two's complement is the official
supported signed integer representation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2021-12-10 15:57:54 +00:00
Manuel Pégourié-Gonnard c3319e73db
Merge pull request #5189 from gilles-peskine-arm/struct_reordering_2.x
Backport 2.x: Reorder structure fields to maximize usage of immediate offset access
2021-12-09 12:54:13 +01:00
Manuel Pégourié-Gonnard 9ac32eb123
Merge pull request #863 from davidhorstmann-arm/2.x-fix-session-copy-bug
Backport 2.x: [session] fix a session copy bug
2021-12-09 09:21:33 +01:00
David Horstmann 0add7f96ac Add changelog entry for session copy bugfix
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-12-08 13:29:55 +00:00
Gilles Peskine 582f2398d4
Merge pull request #5167 from tom-cosgrove-arm/fix-builds-with-only-mbedtls_bignum_c-defined
Backport 2.x: Fix builds when config.h only defines MBEDTLS_BIGNUM_C
2021-12-07 12:38:04 +01:00
Ronald Cron e7a5e985ae Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:23:27 +01:00
Gilles Peskine ad47e6d160 Add changelog entry for build error fixes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-06 20:58:51 +01:00
Paul Elliott 14148c4fbe Fix Changelog
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:08:30 +00:00
Paul Elliott 954578644f Fix compilation errors.
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:08:23 +00:00
Gilles Peskine 3107b337e1
Merge pull request #5154 from gabor-mezei-arm/3649_bp2x_move_constant_time_functions_into_separate_module
[Backport 2.x] Move constant-time functions into a separate module
2021-11-24 19:33:03 +01:00
Gilles Peskine 989a4e9388
Merge pull request #5132 from openluopworld/origin/development_2.x
Backport 2.x: Fix GCM calculation with very long IV
2021-11-22 22:22:47 +01:00
Bence Szépkúti 358e0ea464 Indicate nonce sizes invalid for ChaCha20-Poly1305
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 14:03:08 +01:00
Gilles Peskine c0656b43f1 Note the reordered fields in SSL structures
This is technically an API break according to the unwritten rules of API
compatibility for Mbed TLS 2.x. However, it is very unlikely to affect any
realistic application, with the possible exception of applications that
define a global constant of type mbedtls_ssl_config.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-16 19:00:04 +01:00
Gabor Mezei 84d739846c
Update changelog with the new public API
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:33:19 +01:00
gabor-mezei-arm 10117d673e
Add changelog entry
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:52 +01:00
Gilles Peskine 95c3971c81
Merge pull request #5133 from haampie/fix/DT_NEEDED_for_shared_libraries-2.x
Backport 2.x: DT_NEEDED for shared builds in makefile
2021-11-05 12:04:33 +01:00
Harmen Stoppels 3ed4263ad7 DT_NEEDED for shared builds in makefile
The makefile build specifies -L. -lmbedx509 -lmbedcrypto flags first,
and only then object files referencing symbols from those libraries.

In this order the linker will not add the linked libraries to the
DT_NEEDED section because they are not referenced yet (at least that
happens for me on ubuntu 20.04 with the default gnu compiler tools).

By first specifying the object files and then the linked libraries, we
do end up with libmbedx509 and libmbedcrypto in the DT_NEEDED sections.

This way running dlopen(...) on libmedtls.so just works.

Note that the CMake build does this by default.

Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
2021-11-05 09:31:22 +01:00
openluopworld 5d5f520d3a An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <wuhanluop@163.com>
2021-11-05 00:13:43 +08:00
Gilles Peskine 19191039f9 Note the change to PSA_ALG_IS_HASH_AND_SIGN in the changelog
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 13:19:02 +01:00
Mateusz Starzyk 21cac07626 Add changelog entry for new PSA Crypto API macros.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-11-03 12:38:57 +01:00
Manuel Pégourié-Gonnard 1f1bc2df7c
Merge pull request #5117 from gilles-peskine-arm/psa-rsa-pss_any_salt-2.x
Backport 2.x: PSA: fix salt length for PSS verification
2021-10-29 16:36:46 +02:00
Manuel Pégourié-Gonnard 0c81ba7856
Merge pull request #4944 from gilles-peskine-arm/remove-greentea-2.x
Backport 2.x: Remove on-target testing
2021-10-29 09:33:26 +02:00
Gilles Peskine 44fa40cd56 Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length
PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:27 +02:00
Gilles Peskine 1222fed513 Fix typo in documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine 3f0722c1af Fix the build of sample programs without mbedtls_strerror
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine 327c33fc7f Base64 range-based constant-flow code: changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:22:43 +02:00
Gilles Peskine e4739ab5ef
Merge pull request #5038 from mprse/issue_4551_2x
Backport 2.x: Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key #5037
2021-10-18 10:39:26 +02:00
Gilles Peskine 95f2324c5e
Merge pull request #4845 from mstarzyk-mobica/ecb-alt-ret-2.2x
Backport 2.2x: Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:04 +02:00
Przemyslaw Stekiel d6ead7ca84 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-11 16:39:32 +02:00
Przemyslaw Stekiel 479a13d181 Add change-log entry
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 12:40:55 +02:00
Gilles Peskine a4e060b87b
Merge pull request #5000 from mprse/mbedtls_cipher_setup_psa_ECB_2x
Backport 2.x: Fix test gap: mbedtls_cipher_setup_psa() with ECB
2021-10-01 14:49:25 +02:00
Przemyslaw Stekiel 7ab374f6b5 Add change-log: fix-mbedtls_cipher_crypt-aes-ecb.txt
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-30 13:12:22 +02:00
Gilles Peskine 8472a10594 New configuration option MBEDTLS_CHECK_RETURN_WARNING
MBEDTLS_CHECK_RETURN_TYPICAL defaults off, but is enabled if
MBEDTLS_CHECK_RETURN_WARNING is enabled at compile time.
(MBEDTLS_CHECK_RETURN_CRITICAL is always enabled.)

The default is off so that a plausible program that builds with one version
of Mbed TLS in the default configuration will still build under the next
version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 20:42:51 +02:00
Gilles Peskine 377a310da4 Catch failures of AES or DES operations
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 20:40:31 +02:00
Gilles Peskine 186c0216b0
Merge pull request #4978 from davidhorstmann-arm/2.x-fix-aarch64-asm-constraints
Backport 2.x: Fix aarch64 assembly for bignum multiplication
2021-09-27 09:01:12 +02:00