Commit Graph

5954 Commits

Author SHA1 Message Date
Hanno Becker
70d7fb0c2d Don't hardcode TLS 1.3 labels in test cases
ssl_tls1_3_keys.c exports a structure containing all labels used
in the TLS 1.3 key schedule, but the TLS 1.3 key scheduling unit
tests so far replicated those labels in the test file. In particular,
wrong label values in ssl_tls1_3_keys.c wouldn't have been caught
by the unit tests.

This commit modifies the TLS 1.3 key schedule unit tests to use
the TLS 1.3 labels as exported by ssl_tls1_3_keys.c. This not only
makes sure that those labels are correct, but also avoids hardcoding
their hex-encoding in the test file.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-09 10:17:37 +01:00
Hanno Becker
90551c7a26 Use uniform naming scheme for TLS 1.3 label structure
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-09 09:25:23 +01:00
Hanno Becker
a3a5a4e1f9 Please check-names.sh
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:33:48 +01:00
Hanno Becker
815869ac9c Improve documentation of ssl_tls1_3_hkdf_encode_label()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:16:16 +01:00
Hanno Becker
00debc734b Minor improvement in ssl_tls13_keys.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:12:24 +01:00
Hanno Becker
493ea7f4ae Remove instances of camelCase in TLS 1.3 key schedule
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:08:06 +01:00
Hanno Becker
939bb4d8f6 Initialize TLS 1.3 label prefix with string literal
This is in line with how the entries of the TLS 1.3 label
structure `mbedtls_ssl_tls1_3_labels` are initialized.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:48:55 +01:00
Hanno Becker
9cb0a146f1 Remove duplicated computation of TLS 1.3 HKDF label length
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:48:14 +01:00
Hanno Becker
e4435ea777 Introduce TLS 1.3 labels in a single place
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:43:52 +01:00
Hanno Becker
1981cb2972 Use uniform naming for TLS 1.3 label fields
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:36:29 +01:00
Hanno Becker
58c5cea73b Include common.h from ssl_tls13_keys.c
`common.h` takes care of the logic of chosing the correct
configuration file, so we don't need to replicate it in
each source file.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:31:33 +01:00
Hanno Becker
e9cccb440c Implement TLS 1.3 key evolution function
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Hanno Becker
b35d52240b Implement TLS 1.3 key derivation function Derive-Secret
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Hanno Becker
3385a4d5cf Implement TLS 1.3 traffic key generation
See the documentation in library/ssl_tls13_keys.h.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Hanno Becker
be9d6648f8 Implement TLS 1.3 key derivation function HKDF-Expand-Label
This commit introduces a new file library/ssl_tls13_key.c
which will subsequently be populated with functionality relating
to the TLS 1.3 key schedule.

Those functions are expected to be internal and are documented
in the internal header library/ssl_tls13_keys.h.

The first function to be implemented is the key expansion
function `HKDF-Expand-Label`. See the documentation in
library/ssl_tls13_keys.h for more information.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:06 +01:00
Janos Follath
17ffc5da8d Bump version to Mbed TLS 2.24.0
Executed "./scripts/bump_version.sh --version 2.24.0"

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 16:22:57 +01:00
Janos Follath
d2ce916b58 Merge branch 'development-restricted' 2020-08-26 14:15:34 +01:00
Gilles Peskine
d4b9133850
Merge pull request #3611 from gilles-peskine-arm/psa-coverity-cleanups-202008
Minor fixes in PSA code and tests
2020-08-26 13:18:27 +02:00
Gilles Peskine
9e4d4387f0
Merge pull request #3433 from raoulstrackx/raoul/verify_crl_without_time
Always revoke certificate on CRL
2020-08-26 12:56:11 +02:00
Gilles Peskine
169ca7f06d psa_crypto_storage: Annotate file removal after a failed creation
Let static analyzers know that it's ok if psa_its_remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:50:06 +02:00
Gilles Peskine
bab1b52048 psa_its: Annotate file removal after a failed creation
Let static analyzers know that it's ok if remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:49:19 +02:00
Janos Follath
d4ac4e037b
Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted
Constant-flow copy of HMAC from variable position
2020-08-25 14:35:55 +01:00
Gilles Peskine
ed19762a22
Merge pull request #3574 from makise-homura/e2k_support
Support building on e2k (Elbrus) architecture
2020-08-25 09:46:36 +02:00
makise-homura
af9513bb48 A different approach of signed-to-unsigned comparison
Suggsted by @hanno-arm

Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-24 23:42:49 +03:00
Manuel Pégourié-Gonnard
ba6fc9796a Fix a typo in a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-24 12:59:55 +02:00
Manuel Pégourié-Gonnard
6edfe60e0d
Merge pull request #2182 from hanno-arm/key_pwd
Add support for password protected key files to ssl_server2 and ssl_client2
2020-08-24 09:42:38 +02:00
Manuel Pégourié-Gonnard
1a6af8489e
Merge pull request #3578 from gilles-peskine-arm/md_setup-leak-development
Fix memory leak in mbedtls_md_setup with HMAC
2020-08-21 09:19:12 +02:00
Dan Handley
50118144c6 Update remaining copyright notices to use Linux Foundation guidance
Update copyright notices to newly added files since merge of original
PR #3546 "Update copyright notices to use Linux Foundation guidance".
Generated using the same script.

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-08-20 11:20:12 +01:00
Dan Handley
abccfc1684 Merge development into development-restricted
* development:
  Update copyright notices to use Linux Foundation guidance
  Undef ASSERT before defining it to ensure that no previous definition has sneaked in through included files.
  Add ChangeLog entry for X.509 CN-type vulnerability
  Improve documentation of cn in x509_crt_verify()
  Fix comparison between different name types
  Add test: DNS names should not match IP addresses
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ssl-opt.sh: remove old buildbot-specific condition
  ssl-opt.sh: add proxy to all DTLS tests

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-08-20 11:07:12 +01:00
Manuel Pégourié-Gonnard
de1cf2c5e1 Make mbedtls_ssl_cf_memcpy_offset() constant-flow
all.sh component test_valgrind_constant_flow is now passing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 10:22:41 +02:00
Manuel Pégourié-Gonnard
73afa37507 Add option to test constant-flow with valgrind
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 10:22:41 +02:00
Gilles Peskine
d15c740df6 Fix memory leak in mbedtls_md_setup with HMAC
mbedtls_md_setup() allocates a hash-specific context and then, if
requested, an extra HMAC context. If the second allocation failed, the
hash context was not freed.

Fix this by ensuring that the mbedtls_md_context_t object is always in
a consistent state, in particular, that the md_info field is always
set. For robustness, ensure that the object is in a consistent state
even on errors (other than BAD_INPUT_DATA if the object was not in a
consistent state on entry).

Fix #3486

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-19 12:04:56 +02:00
Manuel Pégourié-Gonnard
7fe2c5f086 Add mbedtls_ssl_cf_memcpy_offset() with tests
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296

The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-19 11:56:02 +02:00
Manuel Pégourié-Gonnard
3c31afaca6 Use temporary buffer to hold the peer's HMAC
This paves the way for a constant-flow implementation of HMAC checking, by
making sure that the comparison happens at a constant address. The missing
step is obviously to copy the HMAC from the secret offset to this temporary
buffer with constant flow, which will be done in the next few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-19 11:56:01 +02:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
makise-homura
0be6aa9957 Get back -Wsign-compare and fix sources according to it
Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-18 23:52:53 +03:00
Raoul Strackx
a4e86141f1 Always revoke certificate on CRL
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-08-17 09:05:03 +02:00
Gilles Peskine
c60c30eb68
Merge pull request #3557 from Ouss4/assert
Ensure that only one definition of ASSERT is present
2020-08-14 23:24:04 +02:00
Gilles Peskine
71f4fa13bb
Merge pull request #721 from gilles-peskine-arm/x509parse_crl-empty_entry-development
Fix buffer overflow in x509_get_entries (oss-fuzz 24123)
2020-08-14 23:22:31 +02:00
Manuel Pégourié-Gonnard
8ca03a7b68
Merge pull request #3554 from mpg/x509-verify-non-dns-san-dev
X509 verify non-DNS SANs
2020-08-14 11:32:22 +02:00
Hanno Becker
5c5efdfcf9 Fix format specifier in ssl_ciphersuite_match() 2020-08-14 09:59:26 +01:00
Hanno Becker
3c88c65426 Fix debug format specifier in ClientHello ciphersuite log 2020-08-14 09:59:26 +01:00
Hanno Becker
ecea07d6c3 Unify ciphersuite related debug output on client and server
The client previously reproted the offered ciphersuites through
their numerical identifier only, while the server reported them
through their name.

This commit modifies the debug output on client and server to
both use the format `ID (NAME)` for the ciphersuites.
2020-08-14 09:58:51 +01:00
Manuel Pégourié-Gonnard
c4af324a4b Merge branch 'development' into development-restricted
* development: (55 commits)
  Log change as bugfix
  Add changelog entry
  Clarify updates to the persistent state in storage
  With multiple applicable transparent drivers, the order is unspecified
  Minor clarifications
  Give some examples of purpsoses of pure-software transparent driver
  Fix typos
  Add a link to the PSA API specification
  Explain locations vs lifetimes
  Initialize key pointer in ecdh to NULL
  Add buffer zeroization when ecp_write_key fails
  Simplified key slot deletion
  Style fixes
  Use arc4random_buf instead of rand on NetBSD
  Apply review feedback
  Update open question section about public key storage
  Remove the paragraph about declaring application needs
  Change driver persistent data to a callback interface
  Rework and expand key management in opaque drivers
  Fix typos and copypasta
  ...
2020-08-14 10:11:21 +02:00
Gilles Peskine
3890f7cd3d
Merge pull request #3540 from gufe44/netbsd-rand-arc4random_buf
Use arc4random_buf instead of rand on NetBSD
2020-08-13 15:27:45 +02:00
Ouss4
e0b2687a2d Undef ASSERT before defining it to ensure that no previous definition
has sneaked in through included files.

Signed-off-by: Ouss4 <abdelatif.guettouche@gmail.com>
2020-08-12 20:02:25 +01:00
Gilles Peskine
e900b59703
Merge pull request #719 from gabor-mezei-arm/689_zeroising_of_plaintext_buffers
Zeroising of plaintext buffers in mbedtls_ssl_read()
2020-08-12 18:51:42 +02:00
Manuel Pégourié-Gonnard
f3e4bd8632 Fix comparison between different name types
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-11 10:24:21 +02:00
Manuel Pégourié-Gonnard
eaa0739143
Merge pull request #716 from mpg/ct-varlen-hmac
Add constant-flow variable-length HMAC function
2020-08-10 12:40:33 +02:00
Gilles Peskine
67a85d1d3b
Merge pull request #3492 from stevew817/rework/key_slot_contains_key_buffer
Rework PSA Crypto core to store keys in export representation
2020-08-05 21:16:11 +02:00