Commit Graph

1898 Commits

Author SHA1 Message Date
Gilles Peskine
28f62f6212 Support running the benchmark with a single curve
If you pass a curve name to the benchmark program, the ECDH and ECDSA
benchmarks will only run for that particular curve. By default, all
curves are benchmarked.

To simplify the implementation, if you pass multiple curves, only the
last one will be benchmarked.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 22:51:25 +01:00
Bence Szépkúti
1de907d4a4 Introduce PSA_ALG_STREAM_CIPHER
This algorithm replaces the pre-existing stream cipher algorithms.
The underlying stream cipher is determined by the key type.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Gilles Peskine
db6b03b4f2 Remove old-style accelerator and entropy driver interfaces
The driver interfaces described in crypto_accel_driver.h and
crypto_entropy_driver.h are no longer being worked on. We do not
intend to finish the design of these interfaces or to implement them
in Mbed TLS. They have been superseded by the unified driver
interface (docs/proposed/psa-driver-interface.md), which is being
actively worked on both to finalize the specification and to implement
it in Mbed TLS.

The partially implemented dynamic secure element interface is staying
for now.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-30 17:37:14 +01:00
Rodrigo Dias Correa
80448aae2c Fix GCC warning about test_snprintf
GCC 11 generated the warnings because the parameter `ret_buf`
was declared as `const char[10]`, but some of the arguments
provided in `run_test_snprintf` are shorter literals, like "".

Now the type of `ret_buf` is `const char *`.
Both implementations of `test_snprintf` were fixed.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-25 01:13:12 -03:00
gabor-mezei-arm
fe30924c45 Use PSA_ERROR_DATA_INVALID error code
If the file is read correctly, but it contains data that isn't valid,
the crypto storage code returns PSA_ERROR_DATA_INVALID.
The PSA_ERROR_DATA_CORRUPT and PSA_ERROR_STORAGE_FAILURE error codes are
replaced with PSA_ERROR_DATA_INVALID, except in the ITS subsystem.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-11-24 13:37:52 +01:00
gabor-mezei-arm
3d8b4f54d3 Add missing error code documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-11-24 13:37:52 +01:00
Gilles Peskine
ed03890281 PSA: allow the configuration to favor HMAC_DRBG
Allow the user to configure PSA to use HMAC_DRBG even if CTR_DRBG is
available, or to explicitly select the hash algorithm to use for
HMAC_DRBG, by setting MBEDTLS_PSA_HMAC_DRBG_MD_TYPE in config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:42:54 +01:00
Gilles Peskine
f08b3f8624 Autonomous random driver: create configuration option
Create a configuration option for autonomous random drivers, i.e. PSA
crypto drivers that provide a random generator, that have their own
entropy source and do not support injecting entropy from another
source.

This commit only creates the configuration option. Subsequent commits
will add the implementation and tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 16:28:09 +01:00
Gilles Peskine
662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless
Openless PSA crypto APIs implementation
2020-11-20 18:48:33 +01:00
Ronald Cron
c9851141a2 programs: ssl: Fix printf parameter type cast
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
David Brown
a8e309e01d cmake: Fix added sources to targets
In cmake version < 3.0, the SOURCES property on targets cannot be
modified after the target is defined.  There are several instances in
the code that were using `target_properties()`, which is not available
in the older versions of cmake.  Unfortunately, the workaround in #3801
(381c1078fc) assumes that this SOURCES property can be modified.

Work around this by building up any necessary sources before declaring
the target.  This is more awkward, but needed to continue to be able to
support the old versions of cmake.

Fixes #3788.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-11-18 16:28:00 -07:00
Gilles Peskine
c70431451b
Merge pull request #3867 from gilles-peskine-arm/error-include-string
Fix several configuration-related issues
2020-11-17 20:32:59 +01:00
Ronald Cron
77c89f5ad6 Fix several typos
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-11 15:12:14 +01:00
Ronald Cron
adc2ff28b0 Adapt programs to PSA openless APIs
PSA and SSL programs are PSA clients thus should use
psa_key_id_t as the type for key identifiers, not
mbedtls_svc_key_id_t.

As a consequence, PSA, ssl_server2 and ssl_client2
programs cannot compile and must not be compiled if
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined.
Thus, add MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
compilation guard to those programs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
c4d1b514ab Define handles as key identifiers
Define psa_key_handle_t to be equal to
mbedtls_svc_key_id_t. Make the handle of a persistent
key be equal to its key identifier. For volatile keys,
make the key handle equal to the volatile key
identifier of the created volatile key.

The unit tests are modified just to make them compile
not to make them run successfully. They are fixed in
the subsequent commits.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
c26f8d467a Introduce psa_key_handle_is_null inline function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
91e9515424 Introduce PSA_KEY_HANDLE_INIT macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Gilles Peskine
f4a6a05e9d ssl_context_info: fix config requirements
Revealed by attempting to build in configs/config-no-entropy.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:17:07 +01:00
David Brown
381c1078fc cmake: Avoid using target_properties for old cmake
CMake versions less than 3.0 do not support the `target_sources`
command.  In order to be able to support v2.8.12.2 of cmake, directly
set the SOURCES property instead of using the target_sources command.

A future patch could reverse this, if the project decides to forgo
support for cmake versions less than 3.0.

Fixes #3801

Signed-off-by: David Brown <david.brown@linaro.org>
2020-11-03 15:38:38 -07:00
Johan Pascal
5fbe9e7ac0 remove useless parentheses
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 10:50:54 +01:00
Johan Pascal
5ef72d214f Style and typos
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
2258a4f481 Do not return a structure, use a return parameter
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
0dbcd1d3f0 Make API safer
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
20c7db3a67 API modified so server side can get mki value
+ client side discards self mki if server does not support it

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
76fdf1d60e Minor fix and improvements
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
9bc50b0122 Test check the key material exported match
- include interop with openssl client

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
d387aa0586 style + missing cast
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
253d0263a6 set protection profile API gets a MBEDTLS_TLS_SRTP_UNSET terminated list
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
43f9490a52 SRTP profiles definition use macros only
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
d576fdb1d6 Style + fix bound check in write_use_srt_ext
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
9bc97ca19d SRTP-DTLS protection profile configuration list not copied into ssl_config
+ improve test
+ minor style fix

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
8526957cd5 Minor style modifications
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
48f62e98a8 Fix ssl_client2 after rebase
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
1d957e61eb Fix build warning
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
b64eab7656 fix style
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
8f284c1b05 Add the SRTP configuration to query_config
Add the DTLS_SRTP configuration to `query_config`.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
65b56ef87f Change key derivation for srtp
Use the export keys functionality, to call the public API
`mbedtls_ssl_tls_prf()`, and remove the function
`mbedtls_ssl_get_dtls_srtp_key_material()`.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
a978804a1b Style fixes
1. Fix indentations.
2. Remove redundant whitespaces.
3. Keep short lines.
4. Grammar fixes.
5. Rephrase function description.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
ef72faf2bb Style fixes
1. Adjust to 80 colums where possible.
2. Add \ remove spaces where needed.
3. Fix alignments.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
311b95aafe Fix compilation errors
Fix compilation errors when `MBEDTLS_DTLS_SRTP` not set
1. Add file missed in previous commmit.
2. In sample applications, set `DFL_FORCE_SRTP_PROFILE` to 0.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
12c6eaddd5 Fix mki issues
1. Set correct mki from the `use_srtp` extension.
2. Use mki value received from the client as the mki used by server.
3. Use `mbedtls_ssl_dtls_srtp_set_mki_value()` as a client API only.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
6ea64518ad Add dtls-srtp to client and server examples
Add dtls-srtp to `ssl_client2` and `ssl_server2` examples,
for reference and for allowing in tests.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Gilles Peskine
935b4f96f9
Merge pull request #3407 from RcColes/development
Increase compatibility with external cmake
2020-10-28 12:29:14 +01:00
Gilles Peskine
2d0b7231f7
Merge pull request #3712 from jdurkop/psa-crypto-config-ecdsa-3670
Introduce MBEDTLS_PSA_CRYPTO_CONFIG and use it for ECDSA
2020-10-27 17:40:04 +01:00
Steven Cooreman
88ebb2d7d0 Include public and public-ish PSA headers in CPP check
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-22 11:55:50 +02:00
Nayna Jain
d696e7d91e programs/ssl: Fix incorrect EOF check in ssl_context_info.c
In `read_next_b64_code()`, the result of fgetc() is stored into a char,
but later compared against EOF, which is generally -1.  On platforms
where char is unsigned, this generates a compiler warning/error that the
comparison will never be true (causing a build failure).  The value will
never match, with the function ultimately bailing with a "Too many bad
symbols are detected" error.

On platforms with signed char, EOF is detected, but a file containing a
0xFF character will causes a premature end of file exit of the loop.

Fix this by changing the result to an int.

Fixes #3794.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
2020-10-20 13:31:32 -06:00
Raef Coles
995c66f702 Build: Add MBEDTLS_TARGET_PREFIX
Allows required targets to have prefixes added to them, so that external
projects can avoid target names clashing.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2020-10-20 13:44:44 +01:00
Ronald Cron
8f24a8bb34
Merge pull request #3595 from gilles-peskine-arm/cert-gen-cleanup-202008-development
Minor cleanups in certificate generation
2020-10-15 13:32:53 +02:00
Gilles Peskine
ef94c4fcf4
Merge pull request #3474 from ronald-cron-arm/common-mbedtls_param_failed
Common mbedtls_param_failed()
2020-10-06 22:15:42 +02:00
gabor-mezei-arm
de47217580
Do not print any messages if query_config option is used
To preserve the behaviour of the query_config option all message
is omitted it it is used.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-10-05 11:34:50 +02:00
gabor-mezei-arm
f1f7b29d76
Fix overiding of return value.
If MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED is defined, then the return value will be overridden by the extra code running after the removed return instruction.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-10-05 11:34:50 +02:00
gabor-mezei-arm
785958577e
Use goto exit instead of direct return
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-10-05 11:34:50 +02:00
gabor-mezei-arm
a9eecf1b19
If query_config is used only the config value is printed.
The extra code running after the removed return instruction should not generate any output. Only the read config value must be printed.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-10-05 11:34:41 +02:00
John Durkop
2542c21ba8 Add MBEDTLS_PSA_CRYPTO_CONFIG to test program
Since the recent changes required the addition of a new definition
in mbedtls/config.h, we also need to update query_config.c to account
for the new MBEDTLS_PSA_CRYPTO_CONFIG setting.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-24 21:06:35 -07:00
Cameron Nemo
e18d09de37 fix(programs/psa): commit python3 generated file
Python should not be required for the build when the no_test target is
used. This commit adds the generated file to the source tree and the
check-generated-files script, and removes the generation from (c)make.

Fixes #3524

Signed-off-by: Cameron Nemo <cnemo@tutanota.com>
2020-09-24 20:57:46 -07:00
Gilles Peskine
dc57c25e30
Merge pull request #3527 from ronald-cron-arm/key-extended-id
PSA key identifiers rework
2020-09-15 16:06:06 +02:00
Dave Rodgman
e5874e1903
Merge pull request #3525 from HowJMay/typo
Fix typo in comment
2020-09-10 12:39:25 +01:00
HowJMay
ccbd622ed7 Fix typo in comment
Fix typo in program/pkey/ecdh_curve25519.c

Signed-off-by: HowJMay <vulxj0j8j8@gmail.com>
2020-09-10 08:25:36 +08:00
Steven Cooreman
0d59f7b092 Add configuration flag MBEDTLS_PSA_CRYPTO_DRIVERS
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-04 14:22:26 +02:00
Steven Cooreman
a70d588f74 Add initial test driver conforming to the new spec
Also adjusted the different makefiles accordingly.
Note: driver lifetime is currently statically defined in the header, but
this will be replaced in the future based on autogeneration of lifetime
values by a script (TBD)

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-04 14:22:26 +02:00
Ronald Cron
71016a9ea7 psa: Rename psa_key_file_id_t to mbedtls_svc_key_id_t
With PSA crypto v1.0.0, a volatile key identifier may
contain a owner identifier but no file is associated
to it. Thus rename the type psa_key_file_id_t to
mbedtls_svc_key_id_t to avoid a direct link with a
file when a key identifier involves an owner
identifier.

The new type name is prefixed by mbedtls to highlight
that the type is specific to Mbed TLS implementation
and not defined in the PSA Cryptography API
specification.

The svc in the type name stands for service as this
is the key identifier type from the point of view of
the service providing the Cryptography services.
The service can be completely provided by the present
library or partially in case of a multi-client service.

As a consequence rename as well:
. MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER to
  MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
. PSA_KEY_ID_INIT to MBEDTLS_SVC_KEY_ID_INIT
. PSA_KEY_FILE_GET_KEY_ID to MBEDTLS_SVC_KEY_ID_GET_KEY_ID
. psa_key_file_id_make to mbedtls_svc_key_id_make

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Janos Follath
d2ce916b58 Merge branch 'development-restricted' 2020-08-26 14:15:34 +01:00
Janos Follath
d4ac4e037b
Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted
Constant-flow copy of HMAC from variable position
2020-08-25 14:35:55 +01:00
Gilles Peskine
ed19762a22
Merge pull request #3574 from makise-homura/e2k_support
Support building on e2k (Elbrus) architecture
2020-08-25 09:46:36 +02:00
Manuel Pégourié-Gonnard
6edfe60e0d
Merge pull request #2182 from hanno-arm/key_pwd
Add support for password protected key files to ssl_server2 and ssl_client2
2020-08-24 09:42:38 +02:00
makise-homura
e014fece50 Don't forget to free G, P, Q, ctr_drbg, and entropy
I might be wrong, but lcc's optimizer is curious about this,
and I am too: shouldn't we free allocated stuff correctly
before exiting `dh_genprime` in this certain point of code?

Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-22 23:56:46 +03:00
Gilles Peskine
384e274670 cert_req: discover hash algorithms automatically
Discover hash algorithms automatically rather than hard-coding a list,
as was previously done in cert_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 20:43:32 +02:00
Gilles Peskine
18292fe205 cert_write: discover hash algorithms automatically
Discover hash algorithms automatically rather than hard-coding a list.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 20:42:32 +02:00
Dan Handley
abccfc1684 Merge development into development-restricted
* development:
  Update copyright notices to use Linux Foundation guidance
  Undef ASSERT before defining it to ensure that no previous definition has sneaked in through included files.
  Add ChangeLog entry for X.509 CN-type vulnerability
  Improve documentation of cn in x509_crt_verify()
  Fix comparison between different name types
  Add test: DNS names should not match IP addresses
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ssl-opt.sh: remove old buildbot-specific condition
  ssl-opt.sh: add proxy to all DTLS tests

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-08-20 11:07:12 +01:00
Manuel Pégourié-Gonnard
73afa37507 Add option to test constant-flow with valgrind
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 10:22:41 +02:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
Hanno Becker
2d3ac68336 Parse key-file and -password parameters in same place in ssl_client2
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-08-17 09:44:44 +01:00
Hanno Becker
bffa54f4eb Add usage string for key_pwd argument in ssl_client2 program
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-08-17 09:44:41 +01:00
Hanno Becker
34ce81f896 Avoid overly long usage string literal in ssl_server2 program
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-08-17 09:40:54 +01:00
Hanno Becker
ca04fdc2cc Add support for password protected key file to ssl_client2
The example application programs/ssl/ssl_client2 allows the
configuration of a client CRT through the parameters
- crt_file, key_file
However, password protected key files are not supported.

This commit adds a new command line option
- key_pwd
which allow to specify a password for the key file specified
in the key_file parameter.
2020-08-14 09:58:51 +01:00
Hanno Becker
e58a630cb0 Add support for password protected key file to ssl_server2
The example application programs/ssl/ssl_server2 allows the
configuration of up to two CRTs through the command line
parameters
- crt_file, key_file
- crt_file2, key_file2.
However, password protected key files are not supported.

This commit adds command line options
- key_pwd
- key_pwd2
which allow to specify passwords for the key files specified
in key_file and key_file2, respectively.
2020-08-14 09:58:51 +01:00
Manuel Pégourié-Gonnard
eaa0739143
Merge pull request #716 from mpg/ct-varlen-hmac
Add constant-flow variable-length HMAC function
2020-08-10 12:40:33 +02:00
Manuel Pégourié-Gonnard
6240defd17 Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
This option allows to test the constant-flow nature of selected code, using
MemSan and the fundamental observation behind ctgrind that the set of
operations allowed on undefined memory by dynamic analysers is the same as the
set of operations allowed on secret data to avoid leaking it to a local
attacker via side channels, namely, any operation except branching and
dereferencing.

(This isn't the full story, as on some CPUs some instructions have variable
execution depending on the inputs, most notably division and on some cores
multiplication. However, testing that no branch or memory access depends on
secret data is already a good start.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-15 12:26:22 +02:00
Paul Elliott
75e27032d3 Rename DH Family Macros According to PSA Spec
Rename PSA_DH_GROUP_xxx to PSA_DH_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_GROUP to PSA_KEY_TYPE_DH_GET_FAMILY and rename
psa_dh_group_t to psa_dh_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:49 +01:00
Paul Elliott
8ff510ac26 Rename ECC Family Macros According to PSA Spec
Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename
psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:30 +01:00
Ronald Cron
a123614699 tests: Move mbedtls_param_failed() to test common code
This makes the implementation of mbedtls_param_failed()
for testing purpose available to programs. Thus removing
the ad-hoc implementations in programs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-02 09:59:38 +02:00
Janos Follath
be9a5752c2 Merge tag 'mbedtls-2.23.0' into merge-2.23.0-release-to-development
Mbed TLS 2.23.0
2020-07-01 11:23:17 +01:00
Ronald Cron
00890e3d10 programs: psa: Link against mbedcrypto not mbedtls
All programs in programs/psa are crypto only thus
just link against mbedcrypto instead of mbedtls.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
7d8661618b Use mbedtls_test_unhexify in programs
Use mbedtls_test_unhexify in programs instead of ad-hoc
implementations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
8dc0af2d4b programs: Link to tests common code
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
bfd45f1f11 programs: cmake: Use list of executables
Use list of executables to:
- factorize the code to define executables
- highlight the similarities and differences of the executable definitions
- avoid list duplication

Use alphabetic order for executables in lists.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:34:35 +02:00
Ronald Cron
0b90c9d747 programs: cmake: Fix relative path warnings
The path to source files were relative which triggered
warnings when generating the build system.

Move to absolute paths based on CMAKE_CURRENT_SOURCE_DIR.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:34:35 +02:00
Ronald Cron
27731130cf programs: ssl: cmake: Add missing executables
Add the executables missing in the list of executables
to install.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:34:11 +02:00
Ronald Cron
5df1be91f3 programs: ssl: cmake: Reorder declaration of executables
Reorder declaration of executables in alphabetic order.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:33:04 +02:00
Janos Follath
4d1884916b Merge branch 'development-restricted' into mbedtls-2.23.0r0 2020-06-25 09:17:25 +01:00
Gilles Peskine
e81dc00df4
Merge pull request #3422 from niacat/net-sockets-fixes
NetBSD 9.0 build fixes
2020-06-22 23:33:53 +02:00
Janos Follath
0c00407432
Merge pull request #3430 from bensze01/license
[Forward-port] Add Apache-2.0 headers to all source files
2020-06-18 15:54:26 +01:00
Manuel Pégourié-Gonnard
d335f2b6cb
Merge pull request #3421 from niacat/posix_c_source
Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99.
2020-06-18 13:01:38 +02:00
Bence Szépkúti
869746577a Add Apache-2.0 headers to all source files
Also normalize the first line of the copyright headers.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find scripts
find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i '

# Normalize the first line of the copyright headers (no text on the first line of a block comment)
/^\/\*.*Copyright.*Arm/I {
  i\
/*
  s/^\// /
}

/Copyright.*Arm/I {

  # Print copyright declaration
  p

  # Read the two lines immediately following the copyright declaration
  N
  N

  # Insert Apache header if it is missing
  /SPDX/! i\
 *  SPDX-License-Identifier: Apache-2.0\
 *\
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\
 *  not use this file except in compliance with the License.\
 *  You may obtain a copy of the License at\
 *\
 *  http://www.apache.org/licenses/LICENSE-2.0\
 *\
 *  Unless required by applicable law or agreed to in writing, software\
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
 *  See the License for the specific language governing permissions and\
 *  limitations under the License.

  # Clear copyright declaration from buffer
  D
}
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-16 17:38:44 +02:00
Bence Szépkúti
c7da1fe381 Add Apache-2.0 headers to all scripts
This commit was generated using the following script:

# ========================
#!/bin/sh

# Find scripts
find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i '

# Remove Mbed TLS declaration if it occurs before the copyright line
1,/Copyright.*Arm/I {
  /This file is part of/,$ {
    /Copyright.*Arm/I! d
  }
}

# Convert non-standard header in scripts/abi_check.py to the format used in the other scripts
/"""/,/"""/ {

  # Cut copyright declaration
  /Copyright.*Arm/I {
    h
    N
    d
  }

  # Paste copyright declaration
  /"""/ {
    x
    /./ {
      s/^/# /    # Add #
      x          # Replace orignal buffer with Copyright declaration
      p          # Print original buffer, insert newline
      i\

      s/.*//     # Clear original buffer
    }
    x
  }
}

/Copyright.*Arm/I {

  # Print copyright declaration
  p

  # Read the two lines immediately following the copyright declaration
  N
  N

  # Insert Apache header if it is missing
  /SPDX/! {
    i\
# SPDX-License-Identifier: Apache-2.0\
#\
# Licensed under the Apache License, Version 2.0 (the "License"); you may\
# not use this file except in compliance with the License.\
# You may obtain a copy of the License at\
#\
# http://www.apache.org/licenses/LICENSE-2.0\
#\
# Unless required by applicable law or agreed to in writing, software\
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
# See the License for the specific language governing permissions and\
# limitations under the License.

    # Insert Mbed TLS declaration if it is missing
    /This file is part of/! i\
#\
# This file is part of Mbed TLS (https://tls.mbed.org)
  }

  # Clear copyright declaration from buffer
  D
}
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:05:47 +02:00
Bence Szépkúti
700ee44545 Add missing copyright dates to scripts and sources
To find any files with a missing copyright declaration, use the following script:

# ========================
#!/bin/sh

# Find files with copyright declarations, and list their file extensions
exts=$(grep -Ril --exclude-dir .git --exclude-dir 3rdparty\
                 --exclude-dir programs/fuzz 'Copyright.*Arm' | sed '
  s/.*\///
  s/.*\./*./
  s/.*/-name "&"/
' | sort -u | sed -n '
  :l
    N
    $!bl
  s/\n/ -o /gp
')

# Find files with file extensions that ususally include copyright extensions,
# but don't include a copyright declaration themselves.
eval "find\
  '(' -path './.git' -o -path './3rdparty' -o -path './programs/fuzz' ')' -prune\
  -o ! -path './tests/data_files/format_pkcs12.fmt'\
     ! -path './programs/psa/psa_constant_names_generated.c'\
     '(' $exts ')' -print" | xargs grep -Li 'Copyright.*Arm'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:05:46 +02:00
Ron Eldor
65d8c2651d Show failure in ssl-opts.sh when key export fails
1. When `ssl_server2` export key functionality fails,
don't exit the server, but reset it, to have the
server recover for next connection.
2. Add text filters for `export keys functionality` test in ssl-opt.sh
to check for additional output, to verify if the export suceeded.

This was discovered in the `ssl-opt.sh` script, where the server exited,
before the test tried to kill the server priocess, resulting in a
`kill: No such process` message.

Fixes #2662

Signed-off-by: Ron Eldor <Ron.Eldor@arm.com>
2020-06-15 11:21:41 +03:00
nia
1c0c837ddc Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99.
Strict platforms cannot be expected to accept C99 code as valid
when earlier standards versions are selected.

This helps the programs build on Solaris-like platforms (e.g.
illumos).

Fixes #3420

Signed-off-by: nia <nia@netbsd.org>
2020-06-11 18:39:28 +01:00
nia
7eb0e62f64 ssl_mail_client: Define _XOPEN_SOURCE=600 for gethostname
Fixes building this program on NetBSD 9.0.

Signed-off-by: nia <nia@netbsd.org>
2020-06-11 14:05:34 +01:00
danh-arm
15fee93121
Merge pull request #3363 from bensze01/zeroize
Remove hardcoded line number from the zeroize test
2020-06-10 11:31:38 +01:00
okhowang(王沛文)
3c1b090e58 Use FindPython3 when cmake version >= 3.15.0
Signed-off-by: okhowang(王沛文) <okhowang@tencent.com>
2020-06-10 10:21:50 +08:00
Bence Szépkúti
5620d71d58 Remove hardcoded line number from the zeroize test
Instead, we insert a comment containing GDB_BREAK_HERE in the line we
want to break at, and let the gdb script search for it.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-09 12:52:04 +02:00
Manuel Pégourié-Gonnard
1a3f9edc08 Add config.h option MBEDTLS_ECP_NO_INTERNAL_RNG
No effect so far, except on dependency checking, as the feature it's meant to
disable isn't implemented yet (so the descriptions in config.h and the
ChangeLog entry are anticipation for now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 09:09:20 +02:00
Janos Follath
bba4c17b7a
Merge pull request #3315 from hanno-arm/tls13-experimental-macro
Add support for TLS 1.3 record protection routines
2020-06-04 15:51:54 +01:00
Manuel Pégourié-Gonnard
6abc20e0e3
Merge pull request #3378 from mpg/fix-ctr-drbg-deps
Fix undeclared dependencies on CTR_DRBG (and add test)
2020-06-03 10:55:52 +02:00
Gilles Peskine
d6916d74c5
Merge pull request #3121 from gilles-peskine-arm/invasive_testing_strategy-crypto
Invasive testing strategy

Create a new header `common.h`.

Introduce a configuration option `MBEDTLS_TEST_HOOKS` for test-specific code, to be used in accordance with the invasive testing strategy.
2020-06-02 16:55:48 +02:00
Gilles Peskine
73b394290a
Merge pull request #3367 from hug-dev/psa-constants-in-build-dir
Generate PSA constant names in CMake build dir
2020-06-02 12:29:46 +02:00
Hanno Becker
ceef848eb6 Rename TLS 1.3 padding granularity macro
This is to avoid confusion with the class of macros

MBEDTLS_SSL_PROTO_TLS1_X

which have an underscore between major and minor version number.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-06-02 06:16:00 +01:00
Hanno Becker
3427f1dad2 Update query_config.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-31 08:51:29 +01:00
Manuel Pégourié-Gonnard
a89040c7f5 Fix undeclared deps on CTR_DRBG in programs/fuzz
While at it, fix a few other obvious ones such as ENTROPY and TIMING_C when
applicable.

A non-regression test for CTR_DRBG will be added in a follow-up commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-29 11:27:08 +02:00
Hugues de Valon
235c72d3cb Generate PSA constant names in CMake build dir
This commit modifies the generate_psa_constants.py script to take as
input argument the location of where to write the
psa_constant_names_generated.c file.
For make-based build system, this commit does not change anything.
For CMake build system, this commit modifies the generation location of
that file to be inside the build directory and include it from there in
psa_constant_names.c

Fix #3365

Signed-off-by: Hugues de Valon <hugues.devalon@arm.com>
2020-05-28 16:51:21 +01:00
Hanno Becker
81f3662ae8 Update query_config.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Gilles Peskine
ee40e76943 Normalize line endings
Convert all text files to Unix line endings unless they're Windows
stuff.

Make sure that all text files have a trailing newline.

Remove whitespace at the end of lines.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:55:08 +02:00
danh-arm
4850263bb5
Merge pull request #3319 from Kxuan/development
Fix typo in program benchmark.
2020-05-18 10:10:25 +01:00
Gilles Peskine
e24fc7b0a1
Merge pull request #2595 from k-stachowiak/unified-exit-in-examples
Unify the example programs' termination
2020-05-12 10:46:47 +02:00
k-stachowiak
297896e6db Remove obsolete comment 2020-05-11 22:11:10 +02:00
Zhai Zhaoxuan
e22da99224
Fix typo in program benchmark.
Signed-off-by: Zhai Zhaoxuan <kxuanobj@gmail.com>
2020-05-09 23:50:32 +08:00
Gilles Peskine
d9f694960f
Merge pull request #3190 from gilles-peskine-arm/config-full-clarify-development
Clarify that the full config enables everything that can be tested together
2020-05-04 12:29:09 +02:00
Kenneth Soerensen
518d435e7b Fix GCC format-signedness warnings
Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2020-04-22 16:01:48 +02:00
Jaeden Amero
3a7ca1d0cb
Merge pull request #3194 from piotr-now/serialized_to_file
Saving the serialized context to a file
2020-04-20 15:50:12 +01:00
Gilles Peskine
b2971ff942 Strict C99: don't use extremely large string literals
Don't use string literals that are longer than 4095 bytes, which is
the minimum that C99 compilers are required to support. Compilers are
extremely likely to support longer literals, but `gcc -std=c99 -pedantic`
complains.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-20 15:39:36 +02:00
Gilles Peskine
a5fc939bdd Strict C99: don't use a signed* when an unsigned* is expected
It works in practice on almost every platform, given that we're only
using the wrong type in cases where the value is guaranteed to stay
within the value bits of a signed int. But even in this case it may or
may not be strictly conforming. Anyway `gcc -std=c99 -pedantic`
rejects it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-20 15:39:36 +02:00
Gilles Peskine
23352a39a9
Merge pull request #3177 from mpg/fix-overflow-benchmark-dev
Fix arithmetic overflow in benchmark
2020-04-20 12:02:45 +02:00
Piotr Nowicki
3de298f18f Saving the serialized context to a file
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-17 16:26:43 +02:00
Piotr Nowicki
136bebf934 Add missing newline character
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-17 14:47:33 +02:00
Manuel Pégourié-Gonnard
6ff11895f4 Sort lists in .gitignore files
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:58:54 +02:00
Manuel Pégourié-Gonnard
6f830251a1 Sort lists in CMakeLists.txt files
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:58:54 +02:00
Manuel Pégourié-Gonnard
10a5b535f1 Sort lists in Makefiles and have one item per line
A file generated based on the output of `make list` from programs has been
re-generated.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:57:50 +02:00
Manuel Pégourié-Gonnard
5edd388da0 Get rid of a magic value in benchmark.c
Also update its value while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:28:25 +02:00
Piotr Nowicki
97dcb1c8f2 Add required configuration to the ssl_context_info
Required:
  MBEDTLS_X509_CRT_PARSE_C
  MBEDTLS_ERROR_C

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 16:40:48 +02:00
Piotr Nowicki
02cc3fb070 Add dynamic buffer allocation and size checking
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 16:40:48 +02:00
Piotr Nowicki
bc876d4516 Rename program 'ssl_base64_dump' to 'ssl_context_info'
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 16:40:48 +02:00
Piotr Nowicki
f86192f72a Add support for Microsoft Visual Studio
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 16:40:48 +02:00
Piotr Nowicki
e5fa8b7cdf Add certificate printing
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 16:40:42 +02:00
Piotr Nowicki
4e192000fa Add session deserializing (not completed)
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
ab3ecd8ac2 Print more information and add TODOs
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
6b2baf99f1 Print mbedtls version and configuration
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
c7d681c5bd Add base64 code decoding
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
6842c9bde8 Add printing the read base64 code
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
14d3105f78 Add reading base64 code from file
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
88ebbbf0fe Add function for parsing arguments
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
9370f90d46 Initial work on the ssl dump program from base64 code
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Jaeden Amero
66e21efe47
Merge pull request #3163 from AndrzejKurek/variable-buffers-renegotiation
Variable buffers & renegotiation - fixes
2020-04-09 12:11:02 +01:00
Andrzej Kurek
90c6e84a9c
Split the maximum fragment length into two - an input and output MFL
Since the server might want to have a different maximum fragment length
for the outgoing messages than the negotiated one - introduce a new way of
computing it. This commit also adds additional ssl-opt.sh tests ensuring
that the maximum fragment lengths are set as expected. 
mbedtls_ssl_get_max_frag_len() is now a deprecated function,
being an alias to mbedtls_ssl_get_output_max_frag_len(). The behaviour
of this function is the same as before.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-04-09 04:30:34 -04:00
Manuel Pégourié-Gonnard
e52fd3fa55 Fix integer overflow in benchmark program
When building with MBEDTLS_MEMORY_DEBUG enabled, and running the ecdh part,
the benchmark program would start writing a very large number of space
characters on stdout, and would have to be killed because it never seemed to
terminate.

This was due to an integer overflow in computing how many space to leave after
the title in order to get memory measurements aligned, which resulted in up
to SIZE_MAX spaces being printed.

This commit just fixes the overflow, the next commit is going to fix the magic
number (12).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-09 10:11:17 +02:00
Gilles Peskine
3124164f81
Merge pull request #3132 from mpg/fix-reconnect
Fix issues in handling of client reconnecting from the same port
2020-04-02 19:21:01 +02:00
Manuel Pégourié-Gonnard
f4563b4c8b Fix some style issues in udp_proxy
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 12:07:13 +02:00
Manuel Pégourié-Gonnard
2353636225
Merge pull request #3013 from eozturk1/development
Fix debug message by using the correct function name called
2020-03-31 09:53:20 +02:00
Manuel Pégourié-Gonnard
baad2de6d8 Add negative test for hard reconnect cookie check
The server must check client reachability (we chose to do that by checking a
cookie) before destroying the existing association (RFC 6347 section 4.2.8).
Let's make sure we do, by having a proxy-in-the-middle inject a ClientHello -
the server should notice, but not destroy the connection.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-27 10:50:05 +01:00
Gilles Peskine
fea6eaf5e3 Declare MBEDTLS_TEST_HOOKS in config.h
When this option is enabled, the product includes additional
interfaces that enable additional tests. This option should not be
enabled in production, but is included in the "full" build to enable
the extra tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-24 22:56:45 +01:00
Gilles Peskine
3ed2de9f54 Refresh generated files 2020-03-23 21:54:07 +01:00
Gilles Peskine
5e7d6fd240 Merge 'mbedtls/development' into merge-crypto-unremoved-20200304
Merge the latest state of the target branch (mbedtls/development) into the
pull request to merge mbed-crypto into mbedtls.

Conflicts:

* ChangeLog: add/add conflict. Resolve by using the usual section order.
2020-03-23 18:02:07 +01:00
Gilles Peskine
5ec51f923a Future-proof make clean under Windows
In Windows cmd, `del foo` succeeds if `foo` doesn't exist, but
`del *.ext` fails if `*.ext` doesn't match any files. Therefore we use
the idiom `if exist *.ext del *.ext` to delete files matching
wildcards.

We've accidentally used `if exist $(some_list) del $(some_list)`, and
that's wrong, because it's only syntactically correct if
`$(some_list)` contains exactly one element. As long as `$(some_list)`
contains actual file names and not wildcards, just use `del $(some_list)`.
2020-03-23 17:55:32 +01:00
Gilles Peskine
eccd888717 Rename identifiers containing double-underscore
Rename identifiers containing double-underscore (`__`) to avoid `__`.
The reason to avoid double-underscore is that all identifiers
containing double-underscore are reserved in C++. Rename all such
identifiers that appear in any public header, including ssl_internal.h
which is in principle private but in practice is installed with the
public headers.

This commit makes check-names.sh pass.

```
perl -i -pe 's/\bMBEDTLS_SSL__ECP_RESTARTABLE\b/MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED/g; s/\bMBEDTLS_KEY_EXCHANGE_(_\w+)_(_\w+)\b/MBEDTLS_KEY_EXCHANGE${1}${2}/g' include/mbedtls/*.h library/*.c programs/*/*.c scripts/data_files/rename-1.3-2.0.txt tests/suites/*.function
```
2020-03-23 17:55:32 +01:00
Gilles Peskine
aae57bffd9 Remove remaining references to the crypto subdirectory 2020-03-23 17:55:31 +01:00
Gilles Peskine
37940d923e Restore linking against all libraries in the cmake_subproject test 2020-03-23 17:55:31 +01:00
Gilles Peskine
4973196e5a Restore fuzz to the cmake build 2020-03-23 17:55:31 +01:00
Gilles Peskine
b22d0cfa99 Re-generate automatically generated files
```
scripts/generate_features.pl
scripts/generate_errors.pl
scripts/generate_query_config.pl
scripts/generate_visualc_files.pl
```
2020-03-23 17:55:31 +01:00
Gilles Peskine
b99bd39b4e Merge mbed-crypto into mbedtls: the merge commit
Merge `unremove-non-crypto` into `mbedtls/development`. The branch
`unremove-non-crypto` was obtained by starting from `mbed-crypto/development`,
then reverting many commits that removed X.509 and TLS functionality when Mbed
Crypto forked from Mbed TLS (the “unremoval”), then make a few tweaks to
facilitate the merge.

The unremoval step restored old versions of some tls files. If a file doesn't
exist in mbed-crypto, check out the mbedtls version, regardless of what
happened during the unremoval of tls files in the crypto tree. Also
unconditionally take the mbedtls version of a few files where the
modifications are completely project-specific and are not relevant in
mbed-crypto:

* `.github/issue_template.md`: completely different. We may want to reconcile
  them independently as a follow-up.
* `.travis.yml`: would only be reverted to an earlier tls version.
* `README.md`: completely different. We may want to reconcile them
  independently as a follow-up.
* `doxygen/input/doc_mainpage.h`: the changes in crypto were minimal and not
  relevant except as a stopgap as mbed-crypto did not have its own product
  versioning in the Doxygen documentation.
* `tests/.jenkins/Jenkinsfile`: completely different.
* `tests/data_files/Makefile`: there were no changes in mbed-crypto,
  but the unremoval step restored an old version.

Shell script for everything to do after the merge apart from the conflict
resolution:
```
tls_files=($(comm -23 <(git ls-tree -r --name-only HEAD) <(git ls-tree -r --name-only $(git merge-base upstream-crypto/development MERGE_HEAD))))
tls_files+=($tls_files .github/issue_template.md .travis.yml README.md doxygen/input/doc_mainpage.h tests/.jenkins/Jenkinsfile tests/data_files/Makefile)
git checkout --theirs HEAD -- $tls_files
git add -- $tls_files
```

Resolve the remaining conflicts:

* `library/CMakeLists.txt`:
    * Keep the TLS definition of `src_crypto`
    * `USE_SHARED_MBEDTLS_LIBRARY`: keep all three libraries, with both
      `include` and `crypto/include` in `target_include_directories`, all with
      version `2.21.0`.
* `programs/Makefile`:
    * Reconcile the APPS lists (add/add from a differently-formatted common
      ancestor): insert the `psa/*` from crypto into the tls list.
    * Keep the `fuzz` target defined only in tls version.
    * Keep the recipe (only in tls version) cleaning `ssl_pthread_server`
      stuff for the `clean` target.
* `scripts/config.py`:
    * `include_in_full`: add/add conflict. Keep both.
* `tests/scripts/all.sh`:
    * `component_test_no_use_psa_crypto_full_cmake_asan`: partially old
      version in crypto. Take the tls version.
    * `component_test_malloc_0_null` and more: take
      `component_test_malloc_0_null` from crypto (with `config.py` rather than
      `config.pl`, and with `$ASAN_FLAGS` rather than an explicit list), but
      add the call to `ssl-opt.sh` from tls. Take the other components from
      crypto.

With this commit, building and running the unit tests with both `make ` and
`cmake` work in the default configuration on Linux. Other platforms, build
systems and configurations are likely not to work, and there is some
regression in test coverage.

There is some loss of functionality because the unremoval step restored older
versions of tls content. This commit contains the latest tls version of
tls-only files, but some changes from the tls side in files that existed on
both sides have regressed. Most problematic changes are hunks that remove some
tls-specific feature and contain either a C preprocessor symbol identifying a
tls-specific module or option, or the name of a tls-specific file. Hunks
that remove a tls-specific preprocessor symbol can be identified with the
regular expression `^-.*MBEDTLS_(ERR_)?(PKCS11|X509|NET|SSL)_`.

Subsequent commits will revert a few parts of the patch from this merge commit
in order to restore the tls functionality that it removes, ensure that the
test coverage includes what was covered in either branch, and fix test
failures.
2020-03-23 17:54:46 +01:00
Gilles Peskine
7e771c767f Link test programs that only use platform functions with mbedcrypto
Even if other higher-level libraries were added, these programs would
only link with the crypto library, which is the one that contains
platform functions.
2020-03-19 14:23:45 +01:00
Gilles Peskine
f66346eaf8 Revert "Remove Diffie-Hellman examples"
This reverts commit bea98b4581.

Conflicts:
* programs/Makefile:
  * APPS: the layout of the definition has changed. re-add dh_client
    and dh_server appropriately.

Run scripts/generate_visualc_files.pl to account for the added programs.
2020-03-19 14:23:45 +01:00
Gilles Peskine
1bc9c135b3 Revert "selftest: Remove X.509 selftest"
This reverts commit 47a3635fc7.
2020-03-19 14:23:45 +01:00
Gilles Peskine
169087482f Revert "pkey: Remove dependency on X.509"
This reverts commit bf564c77fa.
2020-03-19 14:23:45 +01:00
Gilles Peskine
9e277f4408 Revert "cpp_dummy_build: Remove X.509 dependency"
This reverts commit 4c1fdb5129.
2020-03-19 14:23:45 +01:00
Gilles Peskine
6bbe783908 Revert "Remove pkcs11-helper option"
This reverts commit d832f187f7.

Conflicts:
* CMakeLists.txt:
  * USE_PKCS11_HELPER_LIBRARY: there has been a change immediately before
    where it was removed. Just re-add what was removed.
* tests/CMakeLists.txt:
  * USE_PKCS11_HELPER_LIBRARY: there has been a change immediately before
    where it was removed. Just re-add what was removed.
2020-03-19 14:07:55 +01:00
Gilles Peskine
5bb8bec1de Revert "Remove zlib"
This reverts commit d874a1fd14.

Conflicts:
* CMakeLists.txt:
  * ENABLE_ZLIB_SUPPORT: there has been a change immediately after
    where it was removed. Just re-add what was removed.
* tests/CMakeLists.txt:
  * ENABLE_ZLIB_SUPPORT: there has been a change immediately after
    where it was removed. Just re-add what was removed.
2020-03-19 14:07:55 +01:00
Gilles Peskine
70824f2c9e Revert "Remove programs that depend on TLS or X.509"
This reverts commit 0688e4f266.

Run scripts/generate_visualc_files.pl to account for the added programs.
2020-03-19 14:07:55 +01:00
Gilles Peskine
4fa9f9f744 Revert "programs, tests: Depend only on libmbedcrypto"
This reverts commit 986a15199d.
2020-03-19 14:07:55 +01:00
Gilles Peskine
4e1174967a Revert "config: Remove TLS and NET options"
This reverts commit 1c66e48670.

Conflicts:
* include/mbedtls/check_config.h:
    * MBEDTLS_SSL_PROTO_SSL3: there has been an addition (of
      MBEDTLS_SHA512_NO_SHA384) at the place where it was removed. Re-add it
      after (alphabetical order).
    * MBEDTLS_ENABLE_WEAK_CIPHERSUITES: there has been an addition (of
      MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) at the place where it was removed.
      Re-add it after (alphabetical order).
    * MBEDTLS_SSL_ALL_ALERT_MESSAGES: there has been an addition (of
      MBEDTLS_SHA512_SMALLER) at the place where it was removed. Re-add it
      after (alphabetical order).
* include/mbedtls/config.h:
    * MBEDTLS_ENABLE_WEAK_CIPHERSUITES: there has been an addition (of
      MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) at the place where it was removed.
      Re-add it after (alphabetical order).
    * MBEDTLS_SSL_ALL_ALERT_MESSAGES: there has been an addition (of
      MBEDTLS_SHA512_SMALLER) at the place where it was removed. Re-add it
      after (alphabetical order).
* library/version_features.c: re-generate by running
  scripts/generate_features.pl.
* programs/test/query_config.c: re-generate by running
  scripts/generate_query_config.pl.
* scripts/config.pl: this file has been replaced by config.py. Port
  the reversed changes to config.py:
    * Revert removing three symbols from the list of symbols to
      exclude from full.
    * Revert removing one symbol (MBEDTLS_NET_C) from the list of symbols
      to exclude from baremetal.
* scripts/footprint.sh:
    * Re-add the line to unset MBEDTLS_NET_C, but with config.py instead of
      config.pl.
* tests/scripts/all.sh:
    * component_test_no_platform: re-add the line to unset MBEDTLS_NET_C, but
      with config.py instead of config.pl.
    * component_build_arm_none_eabi_gcc,
    component_build_arm_none_eabi_gcc_no_udbl_division,
    component_build_arm_none_eabi_gcc_no_64bit_multiplication,
    component_build_armcc: these components now use the baremetal
    configuration, so they do not need to turn off MBEDTLS_NET_C explicitly.
2020-03-19 13:55:04 +01:00
Gilles Peskine
252e391cca Revert "config: Remove X.509 options"
This reverts commit bb1f701212.

* include/mbedtls/check_config.h:
    * MBEDTLS_X509_RSASSA_PSS_SUPPORT: there has been an addition (of
      MBEDTLS_SHA512_NO_SHA384) at the place where it was removed.
      Re-add it before MBEDTLS_SHA512_NO_SHA384 to keep it grouped
      with MBEDTLS_RSA_C.

Conflicts:
* scripts/config.pl: this file has been replaced by config.py. Port
  the reversed changes to config.py:
    * Revert removing three symbols from the list of symbols to
      exclude from full.
2020-03-19 13:53:18 +01:00
Gilles Peskine
458b8f2a59 Revert "Remove unused TLS, NET, and X.509 files"
This reverts commit a4308b29a4.
2020-03-19 13:36:33 +01:00
Jaeden Amero
c31f970a46
Merge pull request #3075 from AndrzejKurek/variable-buffer-size
Variable buffer size
2020-03-10 21:46:35 +04:00
Gilles Peskine
40f17dc803 Revert "Remove certs.h"
This reverts commit b8e4ae18cf.
2020-03-04 15:39:14 +01:00
Piotr Nowicki
0937ed29b9
Add an acceptance test for memory usage after handshake
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-04 09:28:35 -05:00
Gilles Peskine
59e584949d
Merge pull request #3067 from gilles-peskine-arm/fuzz_pubkey-rsa_export
Fix fuzz_pubkey on valid RSA keys
2020-03-04 11:23:14 +01:00
Darryl Green
b33cc7688e
Add I/O buffer length fields to mbedtls_ssl_context
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Darryl Green <darryl.green@arm.com>
2020-03-03 10:44:49 -05:00
Manuel Pégourié-Gonnard
f03c13c046
Merge pull request #3050 from mpg/skip-close-notify-dev
Fix possible close_notify/ClientHello confusion
2020-03-03 12:11:48 +01:00
Gilles Peskine
ae463e6505 Move EXTRA_GENERATED mentions to a separate line
This makes reconciliation with other branches that don't have
it (mbedtls, backports) easier.
2020-02-26 14:44:40 +01:00
Manuel Pégourié-Gonnard
56941fe6a2 Fix possible close_notify/ClientHello confusion
The ssl-opt.sh test cases using session resumption tend to fail occasionally
on the CI due to a race condition in how ssl_server2 and ssl_client2 handle
the reconnection cycle.

The server does the following in order:
- S1 send application data
- S2 send a close_notify alert
- S3 close the client socket
- S4 wait for a "new connection" (actually a new datagram)
- S5 start a handshake

The client does the following in order:
- C1 wait for and read application data from the server
- C2 send a close_notify alert
- C3 close the server socket
- C4 reset session data and re-open a server socket
- C5 start a handshake

If the client has been able to send the close_notify (C2) and if has been
delivered to the server before if closes the client socket (S3), when the
server reaches S4, the datagram that we start the new connection will be the
ClientHello and everything will be fine.

However if S3 wins the race and happens before the close_notify is delivered,
in S4 the close_notify is what will be seen as the first datagram in a new
connection, and then in S5 this will rightfully be rejected as not being a
valid ClientHello and the server will close the connection (and go wait for
another one). The client will then fail to read from the socket and exit
non-zero and the ssl-opt.sh harness will correctly report this as a failure.

In order to avoid this race condition in test using ssl_client2 and
ssl_server2, this commits introduces a new command-line option
skip_close_notify to ssl_client2 and uses it in all ssl-opt.sh tests that use
session resumption with DTLS and ssl_server2.

This works because ssl_server2 knows how many messages it expects in each
direction and in what order, and closes the connection after that rather than
relying on close_notify (which is also why there was a race in the first
place).

Tests that use another server (in practice there are two of them, using
OpenSSL as a server) wouldn't work with skip_close_notify, as the server won't
close the connection until the client sends a close_notify, but for the same
reason they don't need it (there is no race between receiving close_notify and
closing as the former is the cause of the later).

An alternative approach would be to make ssl_server2 keep the connection open
until it receives a close_notify. Unfortunately it creates problems for tests
where we simulate a lossy network, as the close_notify could be lost (and the
client can't retransmit it). We could modify udp_proxy with an option to never
drop alert messages, but when TLS 1.3 comes that would no longer work as the
type of messages will be encrypted.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 09:33:45 +01:00
Gilles Peskine
d7fb66fd13 If a key is not of a supported type, something went wrong 2020-02-25 19:54:27 +01:00
Gilles Peskine
e60b365a5e EC keys can have the type MBEDTLS_PK_ECKEY_DH too 2020-02-25 19:54:07 +01:00
Gilles Peskine
f02b984f86 Sanity check on elliptic curve keys: check that the group is known 2020-02-25 19:52:44 +01:00
Gilles Peskine
8d36696e1f Fix fuzz_pubkey failure on valid RSA keys
On a valid RSA public key, mbedtls_rsa_export should succeed if you
ask for the public fields, but fail if you ask for private fields. The
code was expecting to succeed when asking for private fields, so
failed on every valid RSA public key.
2020-02-25 19:51:07 +01:00
Gilles Peskine
6fc21f630c Add a calloc self-test
Add a very basic test of calloc to the selftest program. The selftest
program acts in its capacity as a platform compatibility checker rather
than in its capacity as a test of the library.

The main objective is to report whether calloc returns NULL for a size
of 0. Also observe whether a free/alloc sequence returns the address
that was just freed and whether a size overflow is properly detected.
2020-02-11 19:26:27 +01:00
Gilles Peskine
db0cb2578c Fix CTR_DRBG benchmark
You can't reuse a CTR_DRBG context without free()ing it and
re-init()ing. This generally happened to work, but was never
guaranteed. It could have failed with alternative implementations of
the AES module because mbedtls_ctr_drbg_seed() calls
mbedtls_aes_init() on a context which is already initialized if
mbedtls_ctr_drbg_seed() hasn't been called before, plausibly causing a
memory leak. Calling free() and seed() with no intervening init fails
when MBEDTLS_THREADING_C is enabled and all-bits-zero is not a valid
mutex representation. So add the missing free() and init().
2020-02-11 19:26:27 +01:00
Gilles Peskine
e732f04443 cmake: link programs that only use x509 with libmbedx509
When building with CMake, for sample programs that only use
functionality in libmbedcrypto and libmbedx509, link with
libmbedx509, not with libmbedtls.

cert_app makes a TLS connection, so do link it with libmbedtls.
2020-02-11 19:26:27 +01:00
Gilles Peskine
e123395317 cmake: link programs that only use crypto with libmbedcrypto
When building with CMake, for sample programs that only use
functionality in libmbedcrypto (i.e. crypto and platform), link with
libmbedcrypto, not with libmbedtls.

This doesn't change the result, because the linker skips libraries in
which no symbol is used, but it changes the build dependencies, and it
has the advantage of bringing programs/*/CMakeLists.txt closer to the
corresponding files under crypto/.

The programs concerned are crypto sample and test programs, and
programs that only use (potential) platform functions such as
mbedtls_printf. dh_client and dh_server keep linking with mbedtls
because they use functions from the net_sockets module.
2020-02-11 19:26:27 +01:00
Jaeden Amero
7cb47de12a query_config: Move to programs/test
As the SSL programs, like ssl_client2 and ssl_server2, are dependent on
SSL and therefore about to be removed, the only consumer of query_config
is the query_compile_time_config test. As such, it makes sense to move
query_config to be next to what uses it.
2020-02-11 19:26:27 +01:00
Jaeden Amero
93a0f90dca pkey/rsa_genkey: Remove commented out code
There is some commented out X.509 certificate writing code present in
rsa_genkey. It looks like it has been commented out since the beginning
of time. Let's remove it, since commented out code is not in good style.
2020-02-11 19:26:27 +01:00
Jaeden Amero
ed736992d5 pkey: Remove dependency on X.509 2020-02-11 19:26:27 +01:00
Gilles Peskine
8de196a590 programs/Makefile: List all programs one by one
This makes it easier to add or remove programs as well as see which
programs were added or removed in diffs.

Side port of 30fae8ee7d in mbed-crypto.
2020-02-11 19:26:27 +01:00
Gilles Peskine
4e8b594002 Fix uninitialized variable in an edge case
If `context_buf = mbedtls_calloc( 1, buf_len )` failed,
`context_buf_len` was not initialized. Noticed by
`gcc -Os -Werror=maybe-uninitialized`.

This was only a problem in ssl_server2 (a test program), only with
MBEDTLS_SSL_CONTEXT_SERIALIZATION enabled.
2020-02-03 19:49:55 +01:00
Gilles Peskine
2579675935 Merge remote-tracking branch 'upstream-public/development' into development
Files deleted by us: keep them deleted.

```
git rm $(git status -s | sed -n 's/^DU //p')
```

Individual files with conflicts:

* `README.md`: keep the crypto version.
* `doxygen/input/doc_mainpage.h`: keep the crypto version (with an obsolete Mbed Crypto version number).
* `include/mbedtls/error.h`:
    * `ERROR`: similar additions made through parallel commits, with only whitespace differences. Align with the tls version.
* `library/CMakeLists.txt`: keep the crypto version.
* `library/Makefile`: keep the crypto version.
* `scripts/generate_errors.pl`: keep the crypto version (the relevant changes were made through parallel commits).
* `tests/scripts/check-test-cases.py`:
    * `Results`: keep the crypto version, which has both the new argument to the constructor (added in crypto only) and the class docstring (added through parallel commits).
* `tests/suites/helpers.function`:
    * `ARRAY_LENGTH`, `ASSERT_ALLOC`: additions in the same location. Keep both, in indifferent order.
* `tests/suites/target_test.function`:
    * `receive_uint32`: keep the crypto version which has an additional bug fix. The tls changes made in tls are irrelevant after this bug fix.
* `visualc/VS2010/mbedTLS.vcxproj`: run `scripts/generate_visualc_files.pl`.

Review of non-conflicting changes:

* `all.sh`: 1 change.
    * zlib test components: don't add them.
* `include/CMakeLists.txt`: 1 change.
    * `target_include_directories`: doesn't work as is (different target name). Don't take the change.
* All other non-conflicting changes: take them.
2020-02-03 18:52:36 +01:00
Gilles Peskine
36ce88be1e
Merge pull request #2999 from catenacyber/fuzzrsa
Checks mbedtls_rsa_export return in fuzz targets
2020-01-31 16:38:43 +01:00
Gilles Peskine
f65ed6f254 Change key types to a 16-bit encoding
All key types now have an encoding on 32 bits where the bottom 16 bits
are zero. Change to using 16 bits only.

Keep 32 bits for key types in storage, but move the significant
half-word from the top to the bottom.

Likewise, change EC curve and DH group families from 32 bits out of
which the top 8 and bottom 16 bits are zero, to 8 bits only.

Reorder psa_core_key_attributes_t to avoid padding.
2020-01-31 10:24:21 +01:00
Ercan Ozturk
d437309ae2 Fix debug message by using the correct function name called 2020-01-28 21:51:04 -08:00
Philippe Antoine
8b1ed1cf0e Adds explicit include to stdlib.h for abort 2020-01-22 16:22:36 +01:00
Philippe Antoine
7d4bd6f15f Checks mbedtls_rsa_export_crt return in fuzz targets 2020-01-22 14:14:18 +01:00
Philippe Antoine
66070bc19d Checks mbedtls_rsa_export return in fuzz targets 2020-01-22 13:54:56 +01:00
Gilles Peskine
2ac4d86040 Fix file leak in test program
A similar bug was fixed earlier in ssl_server2, but we missed the fix
in ssl_client2.
2020-01-21 17:39:52 +01:00