Commit Graph

12863 Commits

Author SHA1 Message Date
Janos Follath
84d2fd4ee2 Bump version to Mbed TLS 2.21.0 2020-02-19 14:35:16 +00:00
Janos Follath
d1692ee07a Update ChangeLog for crypto changes from a591985c62
Add ChangeLog entries for changes brought by the submodule update in
the previous commit.
2020-02-19 14:30:44 +00:00
Janos Follath
a591985c62 Update submodule
* #365 Change PSA compatibility API to inline functions
* #367 Fix pk_parse_key()'s use of rsa_complete()
* #370 Bump version to Mbed TLS 2.21.0
2020-02-19 14:29:38 +00:00
Janos Follath
cf4a40ba0a
Merge pull request #370 from yanesca/update-version-2.21.0
Bump version to Mbed TLS 2.21.0
2020-02-19 14:21:11 +00:00
Janos Follath
bc7c2424c9 Bump version to Mbed TLS 2.21.0 2020-02-19 11:51:13 +00:00
Gilles Peskine
f841eab48f
Merge pull request #367 from mpg/fix-rsa-complete
Fix pk_parse_key()'s use of rsa_complete()
2020-02-19 10:23:03 +01:00
Manuel Pégourié-Gonnard
f8b9329125
Merge pull request #365 from soby-mathew/sm/static_fns_compat
Change the compatibility API to inline functions
2020-02-18 12:59:50 +01:00
Manuel Pégourié-Gonnard
bbb5a0a94a Fix pkparse bug wrt MBEDTLS_RSA_ALT
Some code paths want to access members of the mbedtls_rsa_context structure.
We can only do that when using our own implementation, as otherwise we don't
know anything about that structure.
2020-02-18 10:31:29 +01:00
Manuel Pégourié-Gonnard
9bbe328752 Test each failure mode of pk_parse_key_pkcs1_der()
(Only the top-level ones, ie, for each call to eg asn1_get_mpi(), ensure
there's at least one test case that makes this call fail in one way, but don't
test the various ways to make asn1_get_mpi fail - that should be covered
elsewhere.)

- the new checks added by the previous commits needed exercising
- existing tests sometimes had wrong descriptions or where passing for the
  wrong reason (eg with the "length mismatch" test, the function actually
failed before reaching the length check)
- while at it, add tests for the rest as well

The valid minimal-size key was generated with:

openssl genrsa 128 2>/dev/null | openssl rsa -outform der 2>/dev/null | xxd -p
2020-02-18 10:31:29 +01:00
Gilles Peskine
8d073c7330
Merge pull request #3037 from gilles-peskine-arm/update-submodule-20200206
Update crypto submodule 2020-02-06
2020-02-18 10:29:18 +01:00
Manuel Pégourié-Gonnard
b65370f97d Clean up test function pk_parse_key
- remove incorrect compile-time dependency (the individual cases already have
  correct run-time dependency information)
- remove unused argument
- remove unused stack buffer
- remove useless code block
2020-02-18 10:18:43 +01:00
Manuel Pégourié-Gonnard
c42267920c Check public part when parsing private RSA key 2020-02-18 10:18:43 +01:00
Manuel Pégourié-Gonnard
a04a2c3ef1 Don't pass zero to rsa_complete() as a param
When parsing a PKCS#1 RSAPrivateKey structure, all parameters are always
present. After importing them, we need to call rsa_complete() for the sake of
alternative implementations. That function interprets zero as a signal for
"this parameter was not provided". As that's never the case, we mustn't pass
any zero value to that function, so we need to explicitly check for it.
2020-02-18 10:18:43 +01:00
Gilles Peskine
25a5c09fbb Update ChangeLog for crypto changes from 799ae77f90
Add ChangeLog entries for changes brought by the submodule update in
the previous commit.
2020-02-17 11:49:33 +01:00
Gilles Peskine
799ae77f90 Update crypto submodule
* #352: Parse RSA parameters DP, DQ and QP from PKCS1 private keys
* #263: Introduce ASN.1 SEQUENCE traversal API
* #345: Fix possible error code mangling in psa_mac_verify_finish
* #357: Update Mbed Crypto with latest Mbed TLS changes as of 2020-02-03
* #350: test_suite_asn1parse: improve testing of trailing garbage in parse_prefixes
* #346: Improve robustness and testing of mbedtls_mpi_copy
2020-02-17 11:46:12 +01:00
Gilles Peskine
f142d4ccab Update ChangeLog for crypto changes since Mbed Crypto 3.0.1
Add ChangeLog entries for changes brought by the submodule update in
81d3100250.
2020-02-17 11:46:12 +01:00
Andrzej Kurek
941962eb91 Add DTLS handshake tests for the mocked ssl test suite
Starting with TLS 1.1
2020-02-12 09:18:19 -05:00
Andrzej Kurek
15daf50b05 Parametrize the endpoint init and free to prepare for DTLS tests 2020-02-12 09:17:52 -05:00
Manuel Pégourié-Gonnard
a0c164a2d4
Merge pull request #3010 from hanno-arm/tls_msg_split
Introduce separate source file for SSL messaging layer
2020-02-12 09:59:12 +01:00
Manuel Pégourié-Gonnard
657daba81c
Merge pull request #2873 from gilles-peskine-arm/bk-warning-fixes-x509
Fix some possibly-undefined variable warnings
2020-02-12 09:16:23 +01:00
Gilles Peskine
765d240ca6 Test component with malloc(0) returning NULL: run some ssl tests 2020-02-11 19:26:28 +01:00
Gilles Peskine
c4ef7a9de3 Add a test component with malloc(0) returning NULL
Exercise the library functions with calloc returning NULL for a size
of 0. Make this a separate job with UBSan (and ASan) to detect
places where we try to dereference the result of calloc(0) or to do
things like

    buf = calloc(size, 1);
    if (buf == NULL && size != 0) return INSUFFICIENT_MEMORY;
    memcpy(buf, source, size);

which has undefined behavior when buf is NULL at the memcpy call even
if size is 0.

This is needed because other test components jobs either use the system
malloc which returns non-NULL on Linux and FreeBSD, or the
memory_buffer_alloc malloc which returns NULL but does not give as
useful feedback with ASan (because the whole heap is a single C
object).
2020-02-11 19:26:28 +01:00
Gilles Peskine
6fc21f630c Add a calloc self-test
Add a very basic test of calloc to the selftest program. The selftest
program acts in its capacity as a platform compatibility checker rather
than in its capacity as a test of the library.

The main objective is to report whether calloc returns NULL for a size
of 0. Also observe whether a free/alloc sequence returns the address
that was just freed and whether a size overflow is properly detected.
2020-02-11 19:26:27 +01:00
Gilles Peskine
db0cb2578c Fix CTR_DRBG benchmark
You can't reuse a CTR_DRBG context without free()ing it and
re-init()ing. This generally happened to work, but was never
guaranteed. It could have failed with alternative implementations of
the AES module because mbedtls_ctr_drbg_seed() calls
mbedtls_aes_init() on a context which is already initialized if
mbedtls_ctr_drbg_seed() hasn't been called before, plausibly causing a
memory leak. Calling free() and seed() with no intervening init fails
when MBEDTLS_THREADING_C is enabled and all-bits-zero is not a valid
mutex representation. So add the missing free() and init().
2020-02-11 19:26:27 +01:00
Gilles Peskine
e732f04443 cmake: link programs that only use x509 with libmbedx509
When building with CMake, for sample programs that only use
functionality in libmbedcrypto and libmbedx509, link with
libmbedx509, not with libmbedtls.

cert_app makes a TLS connection, so do link it with libmbedtls.
2020-02-11 19:26:27 +01:00
Gilles Peskine
e123395317 cmake: link programs that only use crypto with libmbedcrypto
When building with CMake, for sample programs that only use
functionality in libmbedcrypto (i.e. crypto and platform), link with
libmbedcrypto, not with libmbedtls.

This doesn't change the result, because the linker skips libraries in
which no symbol is used, but it changes the build dependencies, and it
has the advantage of bringing programs/*/CMakeLists.txt closer to the
corresponding files under crypto/.

The programs concerned are crypto sample and test programs, and
programs that only use (potential) platform functions such as
mbedtls_printf. dh_client and dh_server keep linking with mbedtls
because they use functions from the net_sockets module.
2020-02-11 19:26:27 +01:00
Jaeden Amero
7cb47de12a query_config: Move to programs/test
As the SSL programs, like ssl_client2 and ssl_server2, are dependent on
SSL and therefore about to be removed, the only consumer of query_config
is the query_compile_time_config test. As such, it makes sense to move
query_config to be next to what uses it.
2020-02-11 19:26:27 +01:00
Jaeden Amero
93a0f90dca pkey/rsa_genkey: Remove commented out code
There is some commented out X.509 certificate writing code present in
rsa_genkey. It looks like it has been commented out since the beginning
of time. Let's remove it, since commented out code is not in good style.
2020-02-11 19:26:27 +01:00
Jaeden Amero
ed736992d5 pkey: Remove dependency on X.509 2020-02-11 19:26:27 +01:00
Gilles Peskine
8de196a590 programs/Makefile: List all programs one by one
This makes it easier to add or remove programs as well as see which
programs were added or removed in diffs.

Side port of 30fae8ee7d in mbed-crypto.
2020-02-11 19:26:27 +01:00
Hanno Becker
08f091397c Add compile-time guards around declarations in ssl_internal.h 2020-02-11 15:40:07 +00:00
Gilles Peskine
393defe7ed Clarify two identical changelog entries
The contribution from #2663 was split in two: the crypto part was
mereged in 2.19.1 and the x509 part was merged after 2.20.0. Tweak the
wording of the changelog entries to specify which is which.
2020-02-11 15:31:18 +01:00
Manuel Pégourié-Gonnard
4c08dd4e71
Merge pull request #2852 from gilles-peskine-arm/2.19-fix-full-Os
Fix and test the full config with gcc and clang
2020-02-11 09:17:02 +01:00
Gilles Peskine
3ca1bcc7e5 Add ChangeLog entry for #2663 2020-02-10 19:50:22 +01:00
Benjamin Kier
36050730c7 Fixed possibly undefined variable warnings by initializing variables to 0. 2020-02-10 19:49:16 +01:00
Soby Mathew
0a4270d732 Change the compatibility API to inline functions
This patch changes the compatibility API defined in crypto_compat.h
to static inline functions as the previous macro definitions were
causing issues for the C pre-processor when included in projects
which need to redefine the PSA function names. Making it static
inline function solves this problem neatly and also modern compilers
do a good job at inlining the function which makes the need for making
it a macro redundant.

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2020-02-10 17:26:22 +00:00
Andrzej Kurek
1a44a159ef Change the order of endpoint initialization steps
Wrong order caused the `protected_record_size` to be of wrong size, hence
causing the server to receive a malformed message in case of a DTLS test.
2020-02-10 03:53:49 -05:00
Andrzej Kurek
f46b9128b6 Change test queue errors to SSL_WANT_WRITE and SSL_WANT_READ
Simulate real behavior better, so that higher abstraction layers know when
the buffers are empty and full.
2020-02-10 03:53:49 -05:00
Hanno Becker
9d062f9cd7 Move ssl_mac() from ssl_tls.c to ssl_msg.c 2020-02-07 11:38:03 +00:00
Jaeden Amero
00c858cfee
Merge pull request #3022 from piotr-now/test-suite-sending-app-data
Add tests for data transfer to test suites
2020-02-07 09:52:27 +00:00
Piotr Nowicki
c3fca5e876 Add tests with sending application data to test_suite_ssl 2020-02-07 09:14:04 +01:00
Manuel Pégourié-Gonnard
4d8c836cdc
Merge pull request #346 from gilles-peskine-arm/mpi_copy_shrink
Improve robustness and testing of mbedtls_mpi_copy
2020-02-06 09:52:01 +01:00
Hanno Becker
f1a3828ad8 Adapt preamble for newly created ssl_msg.c 2020-02-05 16:14:29 +00:00
Hanno Becker
af752d4bd6 Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality
This commit is the final step in separating the functionality of
what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c.

So far, ssl_msg.c has been created as an identical copy of ssl_tls.c.
For each block of code in these files, this commit removes it from
precisely one of the two files, depending on where the respective
functionality belongs.

The splitting separates the following functionalities:

1) An implementation of the TLS and DTLS messaging layer, that is,
   the record layer as well as the DTLS retransmission state machine.

   This is now contained in ssl_msg.c

2) Handshake parsing and writing functions shared between client and
   server (functions specific to either client or server are implemented
   in ssl_cli.c and ssl_srv.c, respectively).

   This is remains in ssl_tls.c.
2020-02-05 16:12:24 +00:00
Hanno Becker
6e7051af13 Add guarded ssl_msg.c to Makefiles
This commit adds the newly created copy ssl_msg.c of ssl_tls.c
to the build system but guards its content by an `#if 0 ... #endif`
preprocessor guard in order to avoid compilation failures resulting
from code duplication. This guard will be removed once the contents
of ssl_tls.c and ssl_msg.c have been made disjoint.
2020-02-05 16:10:40 +00:00
Hanno Becker
471c0c98f6 Rename temporary copy ssl_tls_old.c back to ssl_tls.c 2020-02-05 16:10:22 +00:00
Hanno Becker
abd9cef520 Duplicate ssl_tls.c as ssl_tls_old.c and ssl_msg.c
This commit is the first in a series of commits aiming to split
the content of ssl_tls.c in two files ssl_tls.c and ssl_msg.c.

As a first step, this commit replaces ssl_tls.c by two identical
copies ssl_tls_old.c and ssl_msg.c. Even though the file
ssl_tls_old.c will subsequently be renamed back into ssl_tls.c,
this approach retains the git history in both files.
2020-02-05 16:08:41 +00:00
Janos Follath
f317dc4918
Merge pull request #350 from gilles-peskine-arm/asn1-tests-parse_prefixes-trailing_garbage
test_suite_asn1parse: improve testing of trailing garbage in parse_prefixes
2020-02-05 15:40:22 +00:00
Janos Follath
755548538e
Merge pull request #3033 from yanesca/revert_pr_3008
Revert "Merge pull request #3008 from jp-bennett/development"
2020-02-05 15:12:46 +00:00
Jaeden Amero
c64eb63aaa
Merge pull request #3021 from AndrzejKurek/handshake-tests
Handshake tests with mocked I/O callbacks
2020-02-05 13:50:20 +00:00