Commit Graph

9441 Commits

Author SHA1 Message Date
Janos Follath
22a854ab96 Add missing ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-08 23:45:45 +00:00
Janos Follath
15e860c639 Merge branch 'mbedtls-2.16-restricted' into mbedtls-2.16.9r0-pr 2020-12-08 21:00:17 +00:00
Gilles Peskine
9e8acb6861
Merge pull request #3935 from paul-elliott-arm/fix_pem_write_2_16
Backport 2.16: Remove Extraneous bytes from buffer post pem write
2020-12-08 12:31:47 +01:00
Paul Elliott
319b5939dd Remove Extraneous bytes from buffer post pem write
In order to remove large buffers from the stack, the der data is written
into the same buffer that the pem is eventually written into, however
although the pem data is zero terminated, there is now data left in the
buffer after the zero termination, which can cause
mbedtls_x509_crt_parse to fail to parse the same buffer if passed back
in. Patches also applied to mbedtls_pk_write_pubkey_pem, and
mbedtls_pk_write_key_pem, which use similar methods of writing der data
to the same buffer, and tests modified to hopefully catch any future
regression on this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-12-07 16:47:02 +00:00
Ronald Cron
3f35b87db9
Merge pull request #3938 from geecrypt/mbedtls-2.16
Backport to Mbedtls 2.16:  Support set *_drbg reseed interval before seed
2020-12-07 14:30:13 +01:00
Gilles Peskine
8ed9ac85e5
Merge pull request #3513 from gilles-peskine-arm/ecp-bignum-error-checks-2.16
Backport 2.16: add missing some error checks in ECP and bignum
2020-12-07 13:06:42 +01:00
Janos Follath
bcfa41753d
Merge pull request #782 from chris-jones-arm/mbedtls-2.16-restricted
[Backport 2.16] Fix Diffie-Hellman large key size DoS
2020-12-07 09:27:55 +00:00
gacquroff
07d1f47a39 Add changelog entry file for bugfix 2927
Signed-off-by: gacquroff <gavina352@gmail.com>
2020-12-03 13:41:45 -08:00
Gavin Acquroff
77cb30c3cb Support set *_drbg reseed interval before seed
mbedtls_ctr_drbg_set_reseed_interval() and
mbedtls_hmac_drbg_set_reseed_interval() can now be called before
their seed functions and the reseed_interval value will persist.
Previously it would be overwritten with the default value.

*_drbg_reseed_interval is now set in init() and free().

mbedtls_ctr_drbg_free() and mbedtls_hmac_drbg_free() now
reset the drbg context to the state immediately after init().

Tests:
- Added test to check that DRBG reseeds when reseed_counter
reaches reseed_interval, if reseed_interval set before seed
and reseed_interval is less than MBEDTLS_*_DRBG_RESEED_INTERVAL.

Signed-off-by: gacquroff <gavina352@gmail.com>
2020-12-03 13:30:36 -08:00
Chris Jones
5dd1e266e1 Fix exponentiation tests with MBEDTLS_MPI_MAX_BITS larger than 256
Fixes an issue where configs that had `MBEDTLS_MPI_MAX_BITS` greater than 256
but smaller than the test that was running (792 bits) the test would fail
incorrectly.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 17:56:21 +00:00
Chris Jones
74b7ee4f12 Fix test_suite_dhm build
Fix build as the name of the random function changed from development to 2.7.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 17:55:59 +00:00
Chris Jones
c7ea6340cf Fix whitespace in changelog entry
Extra whitespace and a missing newline at end of file was causing an error with
`check_files.py`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:11:23 +00:00
Chris Jones
49e6e9d410 Move dependancy to specific test cases
Move dependancy on `MBEDTLS_MPI_MAX_BITS` to apply to the specific test cases
which will break when `MBEDTLS_MPI_MAX_BITS` is too small. This re-enables
previous tests that were turned off accidentally.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:11:20 +00:00
Chris Jones
ce6fa8f411 Fix broken testing on numbers that may be greater than MPI_MAX_SIZE
Previously `mbedtls_mpi_exp_mod` was tested with values that were over
`MBEDTLS_MPI_MAX_SIZE` in size. This is useful to do as some paths are only
taken when the exponent is large enough however, on builds where
`MBEDTLS_MPI_MAX_SIZE` is under the size of these test values.

This fix turns off these tests when `MBEDTLS_MPI_MAX_SIZE` is too small to
safely test (notably this is the case in config-thread.h).

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
877329af75 Fix cases where exponentiation was not fully tested
In two test cases, the exponentiation computation was not being fully tested
as when A_bytes (the base) == N_bytes (the modulus) -> A = N. When this is the
case A is reduced to 0 and therefore the result of the computation will always
be 0.

This fixes that issue and therefore increases the test coverage to ensure
different computations are actually being run.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
a18813ea1c Reword test cases
Reword test cases to be easier to read and understand.
Adds comments to better explain what the test is doing.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
4a0ccb6862 Extend exponentiation test coverage
Add two further boundary tests for cases where both the exponent and modulus to
`mbedtls_mpi_exp_mod()` are `MBEDTLS_MPI_MAX_SIZE`, or longer, bytes long.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
415c7be0aa Test that overly large Diffie-Hellman keys are rejected
Adds test cases to ensure that `mbedtls_mpi_exp_mod` will return an error with
an exponent or modulus that is greater than `MBEDTLS_MPI_MAX_SIZE` in size.

Adds test cases to ensure that Diffie-Hellman will fail to make a key pair
(using `mbedtls_dhm_make_public`) when the prime modulus is greater than
`MBEDTLS_MPI_MAX_SIZE` in size.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
25038abadb Add ChangeLog entry for modular exponentiation size limit
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
63d19c0586 Test that overly large Diffie-Hellman keys are rejected
Add a test case to ensure `mbedtls_mpi_exp_mod` fails when using a key size
larger than MBEDTLS_MPI_MAX_SIZE.
Add a test case to ensure that Diffie-Hellman operations fail when using a key
size larger than MBEDTLS_MPI_MAX_SIZE.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:33 +00:00
Chris Jones
ad59a2a4a7 Fix potential DoS by limiting number sizes in exponentiation
Check that the exponent and modulus is below `MBEDTLS_MPI_MAX_BITS` before
performing a time expensive operation (modular exponentiation). This prevents
a potential DoS from Diffie-Hellman computations with extremely
large key sizes.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:02:20 +00:00
Gilles Peskine
4c1939738d
Merge pull request #779 from paul-elliott-arm/discrepancy_cert_2_16
Backport 2.16: Add missing tag check to signature check on certificate load
2020-12-03 12:19:30 +01:00
Paul Elliott
027b601690 Add tag check to cert algorithm check
Add missing tag check for algorithm parameters when comparing the
signature in the description part of the cert against the actual
signature whilst loading a certificate. This was found by a
certificate (created by fuzzing) that openssl would not verify, but
mbedtls would.

Regression test added (one of the client certs modified accordingly)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-12-02 11:03:58 +00:00
Gilles Peskine
e98bbbeb06
Merge pull request #3925 from rodrigo-dc/mbedtls-2.16
Backport 2.16: Fix build failure on gcc-11
2020-12-01 13:26:23 +01:00
Gilles Peskine
7bd481cad2
Merge pull request #769 from gilles-peskine-arm/mpi_fill_random-rng_failure-2.16
Backport 2.16: handle RNG failure in mbedtls_mpi_fill_random
2020-11-30 18:01:58 +01:00
Rodrigo Dias Correa
d2d0e70276 Move declaration to fix C90 warning
"declaration-after-statement" was generated because that code was
backported from the development branch, which currently uses C99.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-28 14:59:56 -03:00
Rodrigo Dias Correa
0b9bc0bd77 Change function casting in ssl_calc_finished_tls_sha384
`finish_sha384_t` was made more generic by using `unsigned char*`
instead of `unsigned char[48]` as the second parameter.
This change tries to make the function casting more robust against
future improvements of gcc analysis.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-28 14:39:08 -03:00
Rodrigo Dias Correa
671600cd44 Fix GCC warning in ssl_calc_finished_tls_sha384
This commit fixes the same warning fixed by baeedbf9, but without
wasting RAM. By casting `mbedtls_sha512_finish_ret()`, `padbuf`
could be kept 48 bytes long without triggering any warnings.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-28 14:38:30 -03:00
Rodrigo Dias Correa
d31012ecea Add changelog entry file to ChangeLog.d
Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-28 14:27:31 -03:00
Rodrigo Dias Correa
56ad24cad7 Fix GCC warning in ssl_calc_finished_tls_sha384
GCC 11 generated a warning because `padbuf` was too small to be
used as an argument for `mbedtls_sha512_finish_ret`. The `output`
parameter of `mbedtls_sha512_finish_ret` has the type
`unsigned char[64]`, but `padbuf` was only 48 bytes long.

Even though `ssl_calc_finished_tls_sha384` uses only 48 bytes for
the hash output, the size of `padbuf` was increased to 64 bytes.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-28 14:27:03 -03:00
Rodrigo Dias Correa
d552630f33 Fix GCC warning about test_snprintf
GCC 11 generated the warnings because the parameter `ret_buf`
was declared as `const char[10]`, but some of the arguments
provided in `run_test_snprintf` are shorter literals, like "".

Now the type of `ret_buf` is `const char *`.
Both implementations of `test_snprintf` were fixed.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-28 14:04:49 -03:00
Rodrigo Dias Correa
1a0c7fb383 Fix mismatched function parameters (prototype/definition)
In GCC 11, parameters declared as arrays in function prototypes
cannot be declared as pointers in the function definition. The
same is true for the other way around.

The definition of `mbedtls_aes_cmac_prf_128` was changed to match
its public prototype in `cmac.h`. The type `output` was
`unsigned char *`, now is `unsigned char [16]`.

In `ssl_tls.c`, all the `ssl_calc_verify_*` variants now use pointers
for the output `hash` parameter. The array parameters were removed
because those functions must be compatible with the function pointer
`calc_verify` (defined in `ssl_internal.h`).

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-28 12:14:57 -03:00
Rodrigo Dias Correa
0391ea39c1 Fix build failure on gcc-11
Function prototypes changed to use array parameters instead of
pointers.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-28 09:26:52 -03:00
Ronald Cron
bc60d69153
Merge pull request #3908 from gilles-peskine-arm/sha512-doc-internal-fix-2.16
Backport 2.16: Move "internal use" sentence attached to the wrong function
2020-11-27 08:52:11 +01:00
Gilles Peskine
0525114752 Handle random generator failure in mbedtls_mpi_fill_random()
Discuss the impact in a changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-25 16:18:39 +01:00
Gilles Peskine
2f78062e75 Test mbedtls_mpi_fill_random
Positive tests: test that the RNG has the expected size, given that we
know how many leading zeros it has because we know how the function
consumes bytes and when the test RNG produces null bytes.

Negative tests: test that if the RNG is willing to emit less than the
number of wanted bytes, the function fails.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-25 16:18:39 +01:00
Gilles Peskine
debf3ae54e
Merge pull request #3879 from chris-jones-arm/mbedtls-2.16
Backport 2.16: Fix _POSIX_C_SOURCE typos
2020-11-23 23:41:28 +01:00
Gilles Peskine
e3645ee8b4 Move "internal use" sentence attached to the wrong function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-22 14:03:57 +01:00
Ronald Cron
3cfee6c71e
Merge pull request #3869 from gilles-peskine-arm/cscope-make-2.16
Backport 2.16: Add makefile target for cscope.out + .gitignore
2020-11-20 16:50:16 +01:00
Gilles Peskine
25dee5df1a Add abstract target names for index generation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-20 12:04:54 +01:00
Gilles Peskine
9f0da915b5
Merge pull request #3893 from maroneze/mbedtls-2.16
Backport 2.16: Fix another use of uinitialized memory in ssl_parse_encrypted_pms
2020-11-18 18:40:50 +01:00
André Maroneze
e78a0c3e14 Fix another use of uinitialized memory in ssl_parse_encrypted_pms
Complement to 0a8352b4: peer_pmslen is not initialized when decryption
fails, so '|= peer_pmslen' may access uninitialized memory, as indicated
by Frama-C/Eva.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: André Maroneze <maroneze@users.noreply.github.com>
2020-11-18 13:54:38 +01:00
Gilles Peskine
481ff8e621
Merge pull request #3886 from gilles-peskine-arm/error-include-string-2.16
Backport 2.16: Fix several configuration-related issues
2020-11-17 20:33:01 +01:00
Gilles Peskine
8ffc158c36 Add a build with MBEDTLS_ERROR_STRERROR_DUMMY
Add a build with MBEDTLS_ERROR_STRERROR_DUMMY but not MBEDTLS_ERROR_C.
Previously, both options were enabled by default, but
MBEDTLS_ERROR_STRERROR_DUMMY only matters when MBEDTLS_ERROR_C is
enabled, so its effect was not tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 13:09:41 +01:00
Gilles Peskine
43f2f4eeed Add missing config from test-ref-configs.pl
The sample configuration file config-no-entropy.h was not being tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 13:07:58 +01:00
Gilles Peskine
0ac6e0a8dc Sort entries to make it easier to eyeball the list
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 13:07:58 +01:00
Gilles Peskine
076c97e29a Simplify conditional guards in error.c
Simplify the guards on MBEDTLS_ERROR_C and MBEDTLS_ERROR_STRERROR_DUMMY.

No longer include superfluous headers and definition: string.h and
platform.h are only needed for MBEDTLS_ERROR_C; time_t is not needed
at all.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 13:07:51 +01:00
Chris Jones
0a635600ba Fixes two _POSIX_C_SOURCE typos.
Contribution from gufe44.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-11-13 09:17:16 +00:00
Gilles Peskine
a3e57531d1
Merge pull request #3602 from gufe44/arc4random_buf-implicit-2.16
[Backport 2.16] NetBSD/OpenBSD symbol availability fix
2020-11-12 12:12:45 +01:00
Gilles Peskine
bc7379022f Ignore cscope index
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 21:28:15 +01:00