Commit Graph

4180 Commits

Author SHA1 Message Date
Andrzej Kurek
2349c4db88 Adapt to the new key allocation mechanism 2019-01-08 09:36:01 -05:00
Hanno Becker
0e810b9648 Don't call memcpy with NULL pointer in mbedtls_mpi_read_binary()
mbedtls_mpi_read_binary() calls memcpy() with the source pointer being
the source pointer passed to mbedtls_mpi_read_binary(), the latter may
be NULL if the buffer length is 0 (and this happens e.g. in the ECJPAKE
test suite). The behavior of memcpy(), in contrast, is undefined when
called with NULL source buffer, even if the length of the copy operation
is 0.

This commit fixes this by explicitly checking that the source pointer is
not NULL before calling memcpy(), and skipping the call otherwise.
2019-01-03 17:13:11 +00:00
Hanno Becker
9f6d16ad79 Fix preprocessor macro existence check in bignum.c 2019-01-02 17:15:06 +00:00
Hanno Becker
6dab6200c6 Fix typo after rebase 2019-01-02 16:42:29 +00:00
Hanno Becker
5d91c0bbee Add missing macro existence check in byte swapping code in bignum.c 2019-01-02 11:38:14 +00:00
Hanno Becker
f872007782 Optimize mpi_bigendian_to_host() for speed and size
Use GCC / Clang builtins for byte swapping.
2019-01-02 11:38:14 +00:00
Hanno Becker
2be8a55f72 Change signature of mpi_bigendian_to_host() to reflect usage 2019-01-02 11:37:25 +00:00
Hanno Becker
da1655a48e Remove temporary stack-buffer from mbedtls_mpi_fill_random()
Context: The function `mbedtls_mpi_fill_random()` uses a temporary stack
buffer to hold the random data before reading it into the target MPI.

Problem: This is inefficient both computationally and memory-wise.
Memory-wise, it may lead to a stack overflow on constrained devices with
limited stack.

Fix: This commit introduces the following changes to get rid of the
temporary stack buffer entirely:

1. It modifies the call to the PRNG to output the random data directly
   into the target MPI's data buffer.

This alone, however, constitutes a change of observable behaviour:
The previous implementation guaranteed to interpret the bytes emitted by
the PRNG in a big-endian fashion, while rerouting the PRNG output into the
target MPI's limb array leads to an interpretation that depends on the
endianness of the host machine.
As a remedy, the following change is applied, too:

2. Reorder the bytes emitted from the PRNG within the target MPI's
   data buffer to ensure big-endian semantics.

Luckily, the byte reordering was already implemented as part of
`mbedtls_mpi_read_binary()`, so:

3. Extract bigendian-to-host byte reordering from
   `mbedtls_mpi_read_binary()` to a separate internal function
   `mpi_bigendian_to_host()` to be used by `mbedtls_mpi_read_binary()`
   and `mbedtls_mpi_fill_random()`.
2019-01-02 11:37:25 +00:00
Simon Butcher
6c164e754b Update the version of the library to 2.16.0 2018-12-21 10:51:51 +00:00
Simon Butcher
b6cdf980bc Merge remote-tracking branch 'public/pr/1721' into development-restricted 2018-12-20 12:37:13 +00:00
Simon Butcher
ad7c2105a2 Merge remote-tracking branch 'public/pr/2274' into development 2018-12-20 12:16:57 +00:00
Simon Butcher
12b4240300 Merge remote-tracking branch 'public/pr/2288' into development 2018-12-20 12:16:46 +00:00
Simon Butcher
c831193c85 Merge remote-tracking branch 'public/pr/2302' into development 2018-12-20 12:16:39 +00:00
Simon Butcher
1efda39f8a Merge remote-tracking branch 'public/pr/2297' into development 2018-12-20 12:16:29 +00:00
Simon Butcher
5aa7809ac8 Merge remote-tracking branch 'public/pr/2275' into development 2018-12-20 12:15:19 +00:00
Simon Butcher
780cf189b0 Merge remote-tracking branch 'public/pr/2271' into development 2018-12-20 12:15:08 +00:00
Simon Butcher
032c037052 Merge remote-tracking branch 'public/pr/2270' into development 2018-12-20 12:04:13 +00:00
Simon Butcher
a033633bb0 Merge remote-tracking branch 'public/pr/2269' into development 2018-12-20 12:02:56 +00:00
Simon Butcher
70935a4001 Merge remote-tracking branch 'public/pr/2299' into development 2018-12-20 12:02:23 +00:00
Simon Butcher
003c0e032f Merge remote-tracking branch 'public/pr/2292' into development 2018-12-20 12:02:17 +00:00
Simon Butcher
decf2f5c2c Merge remote-tracking branch 'public/pr/2291' into development 2018-12-20 12:02:11 +00:00
Simon Butcher
65ce5dc981 Merge remote-tracking branch 'public/pr/2290' into development 2018-12-20 12:02:05 +00:00
Simon Butcher
ad2e0dae32 Merge remote-tracking branch 'public/pr/2283' into development 2018-12-20 12:01:58 +00:00
Simon Butcher
0bbf7f450d Merge remote-tracking branch 'public/pr/2279' into development 2018-12-20 12:01:49 +00:00
Simon Butcher
962b7b17d5 Merge remote-tracking branch 'public/pr/2273' into development 2018-12-20 12:01:17 +00:00
Simon Butcher
6be67a6518 Merge remote-tracking branch 'public/pr/2281' into development 2018-12-20 12:01:09 +00:00
Simon Butcher
dac513e246 Merge remote-tracking branch 'public/pr/2282' into development 2018-12-20 12:01:04 +00:00
Simon Butcher
ccafd14fee Merge remote-tracking branch 'public/pr/2276' into development 2018-12-20 12:00:57 +00:00
Simon Butcher
2a8d32c6c1 Merge remote-tracking branch 'public/pr/2287' into development 2018-12-20 12:00:50 +00:00
Manuel Pégourié-Gonnard
01d4b76b7e Remove faulty cipher_finish calls from nist_kw
The calls to cipher_finish didn't actually do anything:
- the cipher mode is always ECB
- in that case cipher_finish() only sets *olen to zero, and returns either 0
  or an error depending on whether there was pending data
- olen is a local variable in the caller, so setting it to zero right before
  returning is not essential
- the return value of cipher_finis() was not checked by the caller so that's
  not useful either
- the cipher layer does not have ALT implementations so the behaviour
  described above is unconditional on ALT implementations (in particular,
cipher_finish() can't be useful to hardware as (with ECB) it doesn't call any
functions from lower-level modules that could release resources for example)

Since the calls are causing issues with parameter validation, and were no
serving any functional purpose, it's simpler to just remove them.
2018-12-20 12:15:40 +01:00
Hanno Becker
2f6de42622 Move SHA256_VALIDATE[_RET] outside of MBEDTLS_SHA256_ALT guard
Somehow, mbedtls_sha256_ret() is defined even if MBEDTLS_SHA256_ALT
is set, and it is using SHA256_VALIDATE_RET. The documentation should
be enhanced to indicate that MBEDTLS_SHA256_ALT does _not_ replace
the entire module, but only the core SHA-256 functions.
2018-12-20 10:24:29 +00:00
Hanno Becker
c756049dc3 Move SHA512_VALIDATE[_RET] outside of MBEDTLS_SHA512_ALT guard
Somehow, mbedtls_sha512_ret() is defined even if MBEDTLS_SHA512_ALT
is set, and it is using SHA512_VALIDATE_RET. The documentation should
be enhanced to indicate that MBEDTLS_SHA512_ALT does _not_ replace
the entire module, but only the core SHA-512 functions.
2018-12-20 10:24:00 +00:00
Hanno Becker
b3c70230d2 Move SHA1_VALIDATE[_RET] outside of MBEDTLS_SHA1_ALT guard
Somehow, mbedtls_sha1_ret() is defined even if MBEDTLS_SHA1_ALT
is set, and it is using SHA1_VALIDATE_RET. The documentation should
be enhanced to indicate that MBEDTLS_SHA1_ALT does _not_ replace
the entire module, but only the core SHA-1 functions.
2018-12-20 10:18:05 +00:00
k-stachowiak
6adb0574ea Improve details of CCM parameter validation and documentation 2018-12-19 19:02:39 +01:00
k-stachowiak
f712534801 Add missing validation code in CCM 2018-12-19 19:02:39 +01:00
k-stachowiak
ff8a0989c8 Allow empty arguments in some CCM functions' parameter validation 2018-12-19 19:02:39 +01:00
k-stachowiak
fd42d531ba Explicitly allow NULL as an argument to mbedtls_ccm_free() 2018-12-19 19:02:39 +01:00
k-stachowiak
26d365eb54 Add parameter validation for CCM 2018-12-19 19:02:39 +01:00
Gilles Peskine
6af45ec53e PK: document context validity requirements
Document when a context must be initialized or not, when it must be
set up or not, and whether it needs a private key or a public key will
do.

The implementation is sometimes more liberal than the documentation,
accepting a non-set-up context as a context that can't perform the
requested information. This preserves backward compatibility.
2018-12-19 18:10:03 +01:00
Hanno Becker
f25ee7f79d Fix parameter validation for mbedtls_mpi_lsb()
The MPI_VALIDATE_RET() macro cannot be used for parameter
validation of mbedtls_mpi_lsb() because this function returns
a size_t.

Use the underlying MBEDTLS_INTERNAL_VALIDATE_RET() insteaed,
returning 0 on failure.

Also, add a test for this behaviour.
2018-12-19 16:51:50 +00:00
Gilles Peskine
8c71b3ecb3 pk_parse*keyfile: explicitly validate path=NULL
Don't rely on the check in pk_load_file, that's fragile.
2018-12-19 17:37:02 +01:00
k-stachowiak
516897a44a Remove unnecessary parameter validation from the Cipher module 2018-12-19 17:34:58 +01:00
k-stachowiak
1a9df6bcb7 Improve style in the Cipher module 2018-12-19 17:34:58 +01:00
k-stachowiak
95070a8286 Make some cipher parameter validation unconditional 2018-12-19 17:34:58 +01:00
k-stachowiak
c29d94c7bf Account for optional NULL buffer arguments in the Cipher module 2018-12-19 17:34:13 +01:00
k-stachowiak
a539070f82 Make all parameter validation tests optional 2018-12-19 17:34:13 +01:00
Krzysztof Stachowiak
e0215d7869 Add Cipher module parameter validation 2018-12-19 17:34:13 +01:00
k-stachowiak
21298a20c4 Improve parameter validation in mbedtls_gcm_free() 2018-12-19 17:32:19 +01:00
k-stachowiak
8ffc92a1e8 Add parameter validation for the GCM module 2018-12-19 17:30:38 +01:00
Hanno Becker
8ce11a323e Minor improvements to bignum module 2018-12-19 16:18:52 +00:00
Gilles Peskine
ee3cfec3cc PK sign/verify: hash=NULL is ok if md_alg=0 and hash_len=0 2018-12-19 17:11:44 +01:00
Gilles Peskine
159171b72a PK parse/write: support keylen=0 correctly
A 0-length buffer for the key is a legitimate edge case. Ensure that
it works, even with buf=NULL. Document the key and keylen parameters.

There are already test cases for parsing an empty buffer. A subsequent
commit will add tests for writing to an empty buffer.
2018-12-19 17:03:28 +01:00
Hanno Becker
70ded3602c Minor improvements to Camellia module and documentation 2018-12-19 13:42:05 +00:00
Gilles Peskine
1f19fa6f62 PK: Fix free(NULL) in library and tests
free() functions are documented as no-ops on NULL. Implement and test
this correctly.
2018-12-19 14:18:39 +01:00
Hanno Becker
541aa69de4 Implement parameter validation for Blowfish module 2018-12-19 12:52:59 +00:00
Hanno Becker
b54ae0bc0d Implement parameter validation for ARIA module 2018-12-19 12:51:00 +00:00
Hanno Becker
ff62f44ad7 Remove duplicated parameter check in CAMELLIA module 2018-12-19 12:47:55 +00:00
Hanno Becker
b4b7fb7504 Implement parameter validation for CAMELLIA module 2018-12-19 12:47:55 +00:00
Hanno Becker
9994e0d7cf Regenerate errors.c 2018-12-19 09:55:40 +00:00
Hanno Becker
d8e4f4a764 Regenerate errors.c 2018-12-19 09:54:55 +00:00
Hanno Becker
859522a31c Regenerate errors.c 2018-12-19 09:54:14 +00:00
Hanno Becker
185e516309 Minor fixes to ECJPAKE parameter validation 2018-12-19 09:48:50 +00:00
Hanno Becker
b7a04a7851 Fix mbedtls_ecp_curve_info_from_name() for NULL input 2018-12-19 08:52:05 +00:00
Hanno Becker
80f71689ee Add parameter validation to mbedtls_ecp_restart_init() 2018-12-19 08:51:52 +00:00
Simon Butcher
54b789aa74 Merge remote-tracking branch 'public/pr/2298' into development 2018-12-19 08:08:14 +00:00
Gilles Peskine
e97dc60b42 Implement parameter validation in pk, pkparse and pkwrite
Add checks for null pointers under MBEDTLS_CHECK_PARAMS.

In functions that perform operations with a context, only check if the
context pointer is non-null under MBEDTLS_CHECK_PARAMS. In the default
configuration, unconditionally dereference the context pointer.

In functions that query a context, support NULL as a
pointer-to-context argument, and return the same value as for a
context which has been initialized but not set up.
2018-12-19 00:55:36 +01:00
Hanno Becker
c81cfece8f Minor fixes to parameter validation in ECDH module 2018-12-18 23:32:42 +00:00
Hanno Becker
a7634e8347 Fix wrong invocation of parameter validation macro in ECDH module 2018-12-18 18:45:00 +00:00
Hanno Becker
54c91dd235 Remove double semicolon from bignum.c 2018-12-18 18:12:13 +00:00
Hanno Becker
73d7d79bc1 Implement parameter validation for MPI module 2018-12-18 18:12:13 +00:00
Hanno Becker
38e15d49f3 Don't declare MBEDTLS-namespace identifiers in sha512.c 2018-12-18 17:54:00 +00:00
Hanno Becker
8d215e7130 Don't define MBEDTLS-namespace macros in sha256.c 2018-12-18 17:53:21 +00:00
Hanno Becker
039ccab243 Don't declare MBEDTLS-namespace macros in sha1.c 2018-12-18 17:52:14 +00:00
Hanno Becker
2f660d047d Forbid passing NULL input buffers to RSA encryption routines 2018-12-18 17:07:30 +00:00
Hanno Becker
adc9b178ca Minor improvements to DHM module 2018-12-18 16:59:09 +00:00
Hanno Becker
5c14ed6f86 Implement parameter validation for DHM module 2018-12-18 16:59:09 +00:00
Hanno Becker
ca6f4585c7 Fix parameter validation in SHA-512 module 2018-12-18 16:36:26 +00:00
Hanno Becker
596e014a06 Add validation is is224 argument in mbedtls_sha256_starts_ret() 2018-12-18 16:31:06 +00:00
Hanno Becker
230b4f4159 Fix definition of MBEDTLS_SHA256_VALIDATE[_RET] in sha256.c 2018-12-18 16:31:06 +00:00
Hanno Becker
236ea16c01 Fix wrong conditional in free() functions 2018-12-18 15:30:30 +00:00
Hanno Becker
e463c42902 Minor improvements 2018-12-18 15:30:30 +00:00
Hanno Becker
305e4e4f32 Implement parameter validation for ChaCha/Poly modules 2018-12-18 15:30:30 +00:00
Andres Amaya Garcia
863d483965 Add MBEDTLS_ERR_SHA512_BAD_INPUT_DATA to error.{h,c} 2018-12-18 15:06:39 +00:00
Andres Amaya Garcia
ba519b94a5 Add parameter validation to SHA-512 module 2018-12-18 15:06:39 +00:00
Hanno Becker
b86e684ed4 Move/remove param validation in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
- The validity of the input and output parameters is checked by
  parameter validation.
- A PRNG is required in public mode only (even though it's also
  recommended in private mode), so move the check to the
  corresponding branch.
2018-12-18 14:46:04 +00:00
Hanno Becker
319ae11ab3 Implement parameter validation in ECDSA module 2018-12-18 14:31:50 +00:00
Hanno Becker
71c8e1b8d8 Implement parameter validation in ECJPAKE module 2018-12-18 14:31:18 +00:00
Hanno Becker
91796d7471 Implement parameter validation in ECDH module 2018-12-18 14:30:39 +00:00
Hanno Becker
ddeeed7d1b Implement parameter validation for RSA module 2018-12-18 13:38:05 +00:00
Hanno Becker
4f8e8e5805 Implement parameter validation for ECP module 2018-12-18 13:00:48 +00:00
Andres Amaya Garcia
9e76c0e77f Add MBEDTLS_ERR_SHA256_BAD_INPUT_DATA to error.{h,c} 2018-12-18 11:41:20 +00:00
Andres Amaya Garcia
79e593f617 Add parameter validation to SHA-256 module 2018-12-18 11:41:20 +00:00
Hanno Becker
b3906d8829 Minor fixes to implementation of SHA1 parameter validation 2018-12-18 11:37:28 +00:00
Andres Amaya Garcia
a685d4f28d Add MBEDTLS_ERR_SHA1_BAD_INPUT_DATA to error.{h,c} 2018-12-18 11:37:28 +00:00
Andres Amaya Garcia
f7c43b3145 Add parameter validation to SHA-1 2018-12-18 11:37:28 +00:00
Manuel Pégourié-Gonnard
e55e103bfe Fix off-by-one in iv_off check and add tests 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
5b89c09273 Add check for iv_off in AES-CFB128 and AES-OFB
The check is mandatory as skipping it results in buffer overread of arbitrary
size.
2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
998a358529 Make a check more explicit in aes.c
The check was already done later when calling ECB, (as evidenced by the tests
passing, which have a call with data_unit set to NULL), but it's more readable
to have it here too, and more helpful when debugging.
2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
eb6d3968b1 Fix some whitespace issues in aes.c 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
2bc535be86 Add parameter validation for AES-CTR 2018-12-18 12:22:40 +01:00