Commit Graph

7332 Commits

Author SHA1 Message Date
Gilles Peskine
7b5f0d3cfc Travis: run Pylint
Declare an explicit Python version. Pick 3.5 which is the default
version on Ubuntu 16.04. This is necessary on Travis to have a working
pip for Python 3.

Install Pylint 2.4.4. There's nothing special about this version, it's
just the latest version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:25:45 +02:00
Gilles Peskine
a7ef8a1d7f Travis: move doxygen dependencies into the "sanity" job
Only this job uses doxygen and graphviz.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:25:45 +02:00
Gilles Peskine
b9d0fd60e4 Travis: split the build into three parallel jobs
Split the build between:
* Basic checks
* A build in the default configuration with extensive tests
* Builds in other configurations with less testing

The intent is to have one shorter job with basic tests, and two longer
jobs that take roughly the same amount of time (split as evenly as
possible while keeping an easy-to-understand separation).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:25:44 +02:00
Gilles Peskine
e021233cbc Travis: don't test with both gcc and clang
In practice, we hardly ever get different outcomes, so there is no
gain in running tests with different compilers.

Experimentally, with the builds and tests we currently do and with the
compiler versions on a Travis Ubuntu 16.04, gcc jobs are significantly
faster than clang jobs (13 min vs 24 min). So use gcc.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:24:42 +02:00
Gilles Peskine
cd7b0422ef all.sh: make the arm-gcc cross-compiler prefix configurable
Make it possible to use a compiler that isn't in $PATH, or that's
installed with a different name, or even a compiler for a different
target such as arm-linux-gnueabi.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:24:40 +02:00
Gilles Peskine
bfda033f3d all.sh: run selftest in the full config and with ASan
Almost everything the selftest program does is in the test suites. But
just in case run the selftest program itself once in the full
configuration, and once in the default configuration with ASan, in
addition to running it out of box.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:23:11 +02:00
Vikas Katariya
53a77012e7 Update notification e-mail address
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:23:05 +02:00
Vikas Katariya
6c371a4067 Update Coverity secure token
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:22:11 +02:00
Gilles Peskine
a4a872c27a
Merge pull request #3214 from gilles-peskine-arm/changelog-assemble-2.7
Backport 2.7: assemble_changelog.py
2020-04-22 09:16:24 +02:00
Gilles Peskine
96377d397b Copy the changelog entry assembling script from development
This commit is the combined cherry-pick of the following commits:
dba4de0a12
b695d5e30a
7c3f7cdeae
4d977a4f40
e248e83f9f
eebf24f7a8
6e97c43959
c68c7c8864
ac0f0860f1
42f384c186
98a53aa399
13dc634282
7fa3eb7d44
28af958ea4
8f46bbf46f
27a1facd48
afc9db8bb7
a26079613a
da14e8225e
37d670a1e1
974349d40e
d8b6c77388
2b242495e1
6e91009cfe
566407d6f6
8c4a84c5de
5e39c9e94f
974232f045
40b3f411ec

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-21 18:36:17 +02:00
Gilles Peskine
5d32e64ad0
Merge pull request #3170 from gilles-peskine-arm/check-windows-files-2.7
Backport 2.7: Check Windows files for sanity as well
2020-04-20 13:59:22 +02:00
Gilles Peskine
016e4ac11b
Merge pull request #3199 from mpg/fix-overflow-benchmark-2.7
[backport 2.7] Fix arithmetic overflow in benchmark
2020-04-20 12:02:58 +02:00
Gilles Peskine
bc8c513ecb
Merge pull request #3185 from gilles-peskine-arm/pylint-up-to-2.4-2.7
Backport 2.7: Pass Pylint up to 2.4
2020-04-20 09:47:54 +02:00
irwir
2eb0c50986 [backport 2.7] Finalize fixing bugs in .vcxproj files
This is the 2.7 backport of #2853

Signed-off-by: irwir <irwir@users.noreply.github.com>
2020-04-19 17:03:27 +03:00
Jaeden Amero
8aaf2c5861
Merge pull request #3196 from piotr-now/max_pathlen_overflow_mbedtls-2.7
Backport 2.7: Guard from undefined behaviour in case of an INT_MAX max_pathlen
2020-04-17 14:24:45 +01:00
Andrzej Kurek
3fd9297658 Guard from undefined behaviour in case of an INT_MAX max_pathlen
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-17 11:30:21 +02:00
Manuel Pégourié-Gonnard
49e7a951da Get rid of a magic value in benchmark.c
Also update its value while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:19:53 +02:00
Manuel Pégourié-Gonnard
5408f72027 Fix integer overflow in benchmark program
When building with MBEDTLS_MEMORY_DEBUG enabled, and running the ecdh part,
the benchmark program would start writing a very large number of space
characters on stdout, and would have to be killed because it never seemed to
terminate.

This was due to an integer overflow in computing how many space to leave after
the title in order to get memory measurements aligned, which resulted in up
to SIZE_MAX spaces being printed.

This commit just fixes the overflow, the next commit is going to fix the magic
number (12).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:19:49 +02:00
Gilles Peskine
e61988a766
Merge pull request #3165 from ronald-cron-arm/unmet-dependencies-buffer-overflow-fix-2.7
[backport 2.7] Unmet dependencies buffer overflow fix
2020-04-17 10:08:18 +02:00
Gilles Peskine
b5847d20d3 Pylint: abide by useless-object-inheritance warnings
Inheriting from object is a remainder of Python 2 habits and is just
clutter in Python 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 21:08:26 +02:00
Gilles Peskine
558e26dbda Document more methods in Python scripts
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 21:07:43 +02:00
Janos Follath
21522a49aa
Merge pull request #683 from ARMmbed/prepare-rc-2.7.15-updated
Prepare rc 2.7.15 updated
2020-04-09 14:12:49 +01:00
Manuel Pégourié-Gonnard
0a997082fe Merge branch 'mbedtls-2.7-restricted' into prepare-rc-2.7.15-update
* mbedtls-2.7-restricted:
  Parse HelloVerifyRequest buffer overread: add changelog entry
  Parse HelloVerifyRequest: avoid buffer overread at the start
  Parse HelloVerifyRequest: avoid buffer overread on the cookie
2020-04-09 12:31:52 +02:00
Manuel Pégourié-Gonnard
6e0806b338 Merge remote-tracking branch 'restricted/pr/671' into mbedtls-2.7-restricted
* restricted/pr/671:
  Parse HelloVerifyRequest buffer overread: add changelog entry
  Parse HelloVerifyRequest: avoid buffer overread at the start
  Parse HelloVerifyRequest: avoid buffer overread on the cookie
2020-04-09 11:57:18 +02:00
Janos Follath
f1bd55fd16 Add missing ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-09 09:36:33 +01:00
Janos Follath
b4b458fe01 Bump version to Mbed TLS 2.7.15
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-08 17:22:51 +01:00
Janos Follath
e170ee7e18 Merge branch 'mbedtls-2.7-restricted' into mbedtls-2.7.15r0
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-08 15:17:55 +01:00
Gilles Peskine
c8355101c9
Merge pull request #3158 from mpg/improve-make-tags-2.7
[backport 2.7] Improve ctags invocation in Makefile
2020-04-06 17:48:52 +02:00
Gilles Peskine
85e712c668 Systematically use Windows line endings in Windows files
Don't mix Windows and Unix line endings, it's the worst of both worlds.

Update the Visual Studio templates and regenerate the generated files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:41:13 +02:00
Gilles Peskine
70ef5c6c9a In Windows files, detect CR without LF as well as LF without CR
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:06 +02:00
Gilles Peskine
783da6345e Check that Windows files have Windows line endings
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:04 +02:00
Gilles Peskine
227dfd435e Also check Windows files
Check Windows files for some issues, including permissions. Omit the
checks related to special characters (whitespace, line endings,
encoding) as appropriate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:03 +02:00
Gilles Peskine
318f15ef92 Sort the list for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:02 +02:00
Gilles Peskine
c7153226f6 List each item on a separate line for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:00 +02:00
Gilles Peskine
c251e0d75a Clarify confusion between file names and suffixes of file names
To test a file name exactly, prepend a / to the base name.

files_to_check actually checks suffixes, not file names, so rename it
to extensions_to_check.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:38:58 +02:00
Janos Follath
e4ec3f7d1c
Merge pull request #677 from ARMmbed/ecc-projective-2.7-restricted
[backport 2.7] Fix leakage of projective coordinates in ECC
2020-04-06 15:23:49 +01:00
Ronald Cron
75d26b5d17 unit tests: Indicate missing unmet dependencies
The identifiers of the unmet dependencies of a test case are
stored in a buffer of fixed size that can be potentially too
small to store all the unmet dependencies. Indicate in test
report if some unmet dependencies are missing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:26 +02:00
Ronald Cron
1d3eab684c unit tests: Fix potential buffer overflow
Fix potential buffer overflow when tracking the unmet dependencies
of a test case. The identifiers of unmet dependencies are stored
in an array of fixed size. Ensure that we don't overrun the array.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:26 +02:00
Ronald Cron
59f2139df0 Prefer unsigned types for non-negative numbers
Use size_t for some variables that are array indices.
Use unsigned for some variables that are counts of "small" things.

This is a backport of commit 3c1c8ea3e7.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:18 +02:00
Ronald Cron
eb5d0e9f4f unit tests: Backport ARRAY_LENGTH macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 10:34:54 +02:00
Gilles Peskine
29b7b9585b
Merge pull request #3145 from mpg/fix-reconnect-2.7
[backport 2.7] Fix issues in handling of client reconnecting from the same port
2020-04-02 19:21:22 +02:00
Gilles Peskine
a8359398a4
Merge pull request #3144 from gilles-peskine-arm/unmet_dependencies-verbose_only-2.7
[2.7 only] Note that unmet_dependencies is only filled in verbose mode
2020-04-02 15:18:31 +02:00
Manuel Pégourié-Gonnard
aa45abfca6 Allow alternative ctags versions in Makefile
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-02 12:52:59 +02:00
Manuel Pégourié-Gonnard
1313bc9e0e Improve ctags invocation in Makefile
Adding .function was necessary, as otherwise ctags would have no idea what to
do with those files.

Adding .h may not be necessary, as by default ctags considers them C++ which
is probably good enough, but since we're tuning the mapping anyway...

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-02 11:54:12 +02:00
Manuel Pégourié-Gonnard
48abf39a83
Merge pull request #3137 from sbutcher-arm/additional-config-checks-2.7
Backport 2.7: Add additional sanity checks to check_config.h
2020-04-01 12:24:19 +02:00
Manuel Pégourié-Gonnard
54587fcf9b Fix leakage of projective coordinates in ECC
See the comments in the code for how an attack would go, and the ChangeLog
entry for an impact assessment. (For ECDSA, leaking a few bits of the scalar
over several signatures translates to full private key recovery using a
lattice attack.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-01 11:28:08 +02:00
Gilles Peskine
67665509ab Note that unmet_dependencies is only filled in verbose mode
Warn about a gotcha that caused a bug in development.

Ensure that it's at least zeroed out, rather than uninitialized, in
non-verbose mode.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-01 09:59:54 +02:00
Manuel Pégourié-Gonnard
6062b49d29 Fix bug in handling of DTLS client hard reconnect
We keep track of the current epoch and record sequence number in out_ctr,
which was overwritten when writing the record containing the
HelloVerifyRequest starting from out_buf. We can avoid that by only using the
rest of the buffer.

Using MBEDTLS_SSL_MAX_CONTENT_LEN as the buffer size is still correct, as it
was a pretty conservative value when starting from out_buf.

Note: this bug was also fixed unknowingly in 2.13 by introducing a new buffer
that holds the current value of the sequence number (including epoch), while
working on datagram packing: 198594709b

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 13:04:19 +02:00
Manuel Pégourié-Gonnard
4bbbdc36bc Improve debug logging of client hard reconnect
The current logging was sub-standard, in particular there was no trace
whatsoever of the HelloVerifyRequest being sent. Now it's being logged with
the usual levels: 4 for full content, 2 return of f_send, 1 decision about
sending it (or taking other branches in the same function) because that's the
same level as state changes in the handshake, and also same as the "possible
client reconnect" message" to which it's the logical continuation (what are we
doing about it?).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 12:46:23 +02:00
Manuel Pégourié-Gonnard
7ef7bf39c4 Fix some style issues in udp_proxy
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 12:46:13 +02:00