Commit Graph

8125 Commits

Author SHA1 Message Date
Hanno Becker
50cb93a04c Generate server1* CRTs and CSRs through Mbed TLS applications
Previously, CSRs and CRTs from the server1* family in testa/data_files
were generated through OpenSSL. This commit changes the build instructions
to use Mbed TLS' example applications programs/x509/cert_write and
programs/x509/cert_req instead.
2018-11-02 09:01:49 +00:00
Hanno Becker
56e84632ef Add 'password' cmd line parameter to cert_req example program 2018-11-01 16:46:40 +00:00
Hanno Becker
f745733bb1 Add 'md' cmd line parameter to cert_req example program
This commit adds a command line option `md` to the example application
`programs/x509/cert_req` allowing to specify the hash algorithm to use
when signing the CSR.
2018-11-01 16:46:37 +00:00
Ron Eldor
2b161c33be Fix compilation issue
Fix compilation error when both `MBEDTLS_ECP_RESTARTABLE` and the
alternative definition of ECDH function are defined.
2018-11-01 16:18:20 +02:00
Ron Eldor
936d284f4d Minor fixes
1. Fix unused symbols compilation warnings.
2. Add comments for the closing `endif`.
2018-11-01 13:05:52 +02:00
Ron Eldor
8493f80e65 conditionaly compile ECDH and ECDSA alt functions
Return the condition compilation flags surrounding
`mbedtls_ecdh_compute_shared()`, `mbedtls_ecdh_gen_public()`,
`mbedtls_ecdsa_sign()` and `mbedtls_ecdsa_verify()` that were accidentally
removed in a previous merge.
Resolves #2163
2018-11-01 11:32:15 +02:00
Krzysztof Stachowiak
c388a8c394 Fix typo in a test condition code 2018-10-31 16:49:20 +01:00
Simon Butcher
2b5be1e630 Fix ChangeLog entry for #2069
The fix for #2069 had accidentally been added to features, not bugfixes.
2018-10-30 15:55:10 +00:00
Hanno Becker
0bb204cab1 Adapt ChangeLog 2018-10-30 10:08:33 +00:00
Simon Butcher
7904f94550 Merge remote-tracking branch 'public/pr/1099' into development-proposed 2018-10-28 18:10:37 +00:00
Simon Butcher
4a865ef233 Add ChangeLog entry for PR #1618 - ARM DSP instruction support 2018-10-28 18:00:51 +00:00
Simon Butcher
d5bf428a7b Merge remote-tracking branch 'public/pr/1618' into development-proposed 2018-10-28 17:29:13 +00:00
Simon Butcher
5706452787 Merge remote-tracking branch 'public/pr/2056' into development-proposed 2018-10-28 17:21:29 +00:00
Simon Butcher
b4e5451326 Merge remote-tracking branch 'public/pr/2070' into development-proposed 2018-10-28 16:53:48 +00:00
Simon Butcher
17a0fab345 Merge remote-tracking branch 'public/pr/2111' into development-proposed 2018-10-28 16:22:18 +00:00
Simon Butcher
02ef525a7b Merge remote-tracking branch 'public/pr/2107' into development-proposed 2018-10-28 16:16:58 +00:00
Simon Butcher
a07d86e8af Merge remote-tracking branch 'public/pr/1902' into development 2018-10-27 18:36:55 +01:00
Simon Butcher
ef263ebcd7 Merge remote-tracking branch 'public/pr/1993' into development 2018-10-27 18:36:28 +01:00
Simon Butcher
3869384ddb Merge remote-tracking branch 'public/pr/2031' into development 2018-10-27 18:34:18 +01:00
Simon Butcher
da095619bb Merge remote-tracking branch 'public/pr/2142' into development 2018-10-27 18:30:08 +01:00
Simon Butcher
ddc9e26b3b Merge remote-tracking branch 'public/pr/1627' into development 2018-10-27 18:27:41 +01:00
Simon Butcher
78dd2e55bf Merge remote-tracking branch 'public/pr/1806' into development 2018-10-27 17:59:17 +01:00
Simon Butcher
1daecb4fea Merge remote-tracking branch 'public/pr/1281' into development 2018-10-27 17:46:13 +01:00
Simon Butcher
e783f4a767 Merge remote-tracking branch 'public/pr/1609' into development 2018-10-27 17:35:25 +01:00
Hanno Becker
b10c66073f Detect unsigned integer overflow in mbedtls_ecp_check_budget()
This commit modifies a bounds check in `mbedtls_ecp_check_budget()` to
be correct even if the requested number of ECC operations would overflow
the operation counter.
2018-10-26 15:09:35 +01:00
Hanno Becker
abdf67ee9f Cast number of operations to uint in MBEDTLS_ECP_BUDGET
Context:
The macro `MBEDTLS_ECP_BUDGET()` is called before performing a
number of potentially time-consuming ECC operations. If restartable
ECC is enabled, it wraps a call to `mbedtls_ecp_check_budget()`
which in turn checks if the requested number of operations can be
performed without exceeding the maximum number of consecutive ECC
operations.

Issue:
The function `mbedtls_ecp_check_budget()` expects a the number
of requested operations to be given as a value of type `unsigned`,
while some calls of the wrapper macro `MBEDTLS_ECP_BUDGET()` use
expressions of type `size_t`.
This rightfully leads to warnings about implicit truncation
from `size_t` to `unsigned` on some compilers.

Fix:
This commit makes the truncation explicit by adding an explicit cast
to `unsigned` in the expansion of the `MBEDTLS_ECP_BUDGET()` macro.

Justification:
Functionally, the new version is equivalent to the previous code.
The warning about truncation can be discarded because, as can be
inferred from `ecp.h`, the number of requested operations is never
larger than 1000.
2018-10-26 15:06:51 +01:00
Hanno Becker
0eb8fb85a6 Correct typo in documentation of MBEDTLS_SSL_RENEGOTIATION 2018-10-26 09:53:16 +01:00
Simon Butcher
76cf60beb3 Remove merge conflict marker in ssl-opt.sh
Commit 6346a75dfb introduced a merge conflict marker into ssl-opt.sh
by accident. This commit removes it.
2018-10-25 21:51:32 +01:00
Hanno Becker
a7d2fa7891 Adapt ChangeLog 2018-10-25 16:11:15 +01:00
Hanno Becker
6934e9b288 Indentation fix 2018-10-25 16:07:16 +01:00
Hanno Becker
137015c1b1 Fix unsafe bounds checks in ssl_load_session()
Fixes #659 reported by Guido Vranken.
2018-10-25 16:07:08 +01:00
Hanno Becker
e4f965da14 Adapt ChangeLog 2018-10-25 15:21:28 +01:00
Simon Butcher
169712e15a Merge remote-tracking branch 'restricted/pr/390' into development 2018-10-24 18:34:30 +01:00
Hanno Becker
9543373668 Use brackets around shift operations
Use `( x >> y ) & z` instead of `x >> y & z`. Both are equivalent
by operator precedence, but the former is more readable and the
commonly used idiom in the library.
2018-10-24 13:31:49 +01:00
Jaeden Amero
a74faba27a aes: xts: Correct NIST 80-38E to 800-38E
Correct a typo in an AES XTS implementation comment where the relevant
NIST standard was incorrectly referred to as NIST 80-38E instead of NIST
800-38E.
2018-10-23 12:07:18 +01:00
Jaeden Amero
8381fcb3f9 aes: xts: Update inaccurate comments
It is inaccurate to call a data unit a "sector". A disk sector is a
common use case for the data unit, but there exist other types of data
units that are not sectors.
2018-10-23 12:07:18 +01:00
Hanno Becker
cc40d86edb Improve documentation of mbedtls_ssl_get_verify_result()
Fixes #517.
2018-10-23 10:28:01 +01:00
Manuel Pégourié-Gonnard
a966fdea72 Fix some documentation typos and improve a comment 2018-10-23 10:41:11 +02:00
Brian J Murray
f343de12dc typo fix 2018-10-22 16:41:35 -07:00
Simon Butcher
c774e32939 Merge remote-tracking branch 'restricted/pr/517' into development 2018-10-22 14:23:29 +01:00
Simon Butcher
837f821bc2 Merge remote-tracking branch 'public/pr/1990' into development 2018-10-22 14:22:56 +01:00
Manuel Pégourié-Gonnard
ca29fdf569 Fix some typos in documentation and comments 2018-10-22 09:56:53 +02:00
Manuel Pégourié-Gonnard
bcedb92e7b Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development:
  Add Jenkinsfile for PR job
2018-10-22 09:52:46 +02:00
Simon Butcher
c028afba53
Merge pull request #2121 from dgreen-arm/mbedtls-jenkinsfile
Add Jenkinsfile for PR job
2018-10-19 17:02:07 +01:00
Darryl Green
b51e267bee Add Jenkinsfile for PR job 2018-10-19 15:25:10 +01:00
Hanno Becker
5e0924cb52 Adapt ChangeLog 2018-10-18 12:12:14 +01:00
Hanno Becker
27516979c1 Entropy: Fall through to /dev/random if getrandom() syscall unknown
This commit fixes issue #1212 related to platform-specific entropy
polling in an syscall-emulated environment.

Previously, the implementation of the entropy gathering function
`mbedtls_platform_entropy_poll()` for linux machines used the
following logic to determine how to obtain entropy from the kernel:

1. If the getrandom() system call identifier SYS_getrandom is present and
   the kernel version is 3.17 or higher, use syscall( SYS_getrandom, ... )
2. Otherwise, fall back to reading from /dev/random.

There are two issues with this:

1. Portability:
   When cross-compiling the code for a different
   architecture and running it through system call
   emulation in qemu, qemu reports the host kernel
   version through uname but, as of v.2.5.0,
   doesn't support emulating the getrandom() syscall.
   This leads to `mbedtls_platform_entropy_poll()`
   failing even though reading from /dev/random would
   have worked.

2. Style:
   Extracting the linux kernel version from
   the output of `uname` is slightly tedious.

This commit fixes both by implementing the suggestion in #1212:
- It removes the kernel-version detection through uname().
- Instead, it checks whether `syscall( SYS_getrandom, ... )`
  fails with errno set to ENOSYS indicating an unknown system call.
  If so, it falls through to trying to read from /dev/random.

Fixes #1212.
2018-10-18 12:12:04 +01:00
Hanno Becker
f24c3360fc Adapt ChangeLog 2018-10-17 14:53:05 +01:00
Hanno Becker
dd3ab13da3 Fail when encountering invalid CBC padding in EtM records
This commit changes the behavior of the record decryption routine
`ssl_decrypt_buf()` in the following situation:
1. A CBC ciphersuite with Encrypt-then-MAC is used.
2. A record with valid MAC but invalid CBC padding is received.
In this situation, the previous code would not raise and error but
instead forward the decrypted packet, including the wrong padding,
to the user.

This commit changes this behavior to return the error
MBEDTLS_ERR_SSL_INVALID_MAC instead.

While erroneous, the previous behavior does not constitute a
security flaw since it can only happen for properly authenticated
records, that is, if the peer makes a mistake while preparing the
padded plaintext.
2018-10-17 14:43:14 +01:00
Hanno Becker
198611db32 Add missing return value check in ECDSA test suite
The test case `ecdsa_det_test_vectors` from the ECDSA test suite
called `mbedtls_md()` without checking its return value.
2018-10-17 13:58:19 +01:00