Commit Graph

56 Commits

Author SHA1 Message Date
Gilles Peskine
bab7ef4f0d Disable debugging features in baremetal
The baremetal configuration is, among other things, our default
reference point for code size measurements. So disable debugging
features that would not be enabled in production where code size is
limited. In particular, this shrinks the core SSL modules by about
half. Keep debugging features that are solely in their own
modules (MBEDTLS_ERROR_C, MBEDTLS_VERSION_FEATURES) since it's easy to
filter them out.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-16 16:06:32 +02:00
Manuel Pégourié-Gonnard
f08284769d Add an option to test constant-flow with valgrind
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:26:37 +02:00
Manuel Pégourié-Gonnard
f0b469e42b Merge branch 'mbedtls-2.16' into mbedtls-2.16-restricted
* mbedtls-2.16: (32 commits)
  A different approach of signed-to-unsigned comparison
  Fix bug in redirection of unit test outputs
  Don't forget to free G, P, Q, ctr_drbg, and entropy
  Backport e2k support to mbedtls-2.7
  compat.sh: stop using allow_sha1
  compat.sh: quit using SHA-1 certificates
  compat.sh: enable CBC-SHA-2 suites for GnuTLS
  Fix license header in pre-commit hook
  Update copyright notices to use Linux Foundation guidance
  Fix building on NetBSD 9.0
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ssl-opt.sh: remove old buildbot-specific condition
  ssl-opt.sh: add proxy to all DTLS tests
  Log change as bugfix
  Add changelog entry
  ...
2020-08-25 10:58:15 +02:00
Bence Szépkúti
a2947ac7bb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 16:37:36 +02:00
Manuel Pégourié-Gonnard
a237722118 Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
This option allows to test the constant-flow nature of selected code, using
MemSan and the fundamental observation behind ctgrind that the set of
operations allowed on undefined memory by dynamic analysers is the same as the
set of operations allowed on secret data to avoid leaking it to a local
attacker via side channels, namely, any operation except branching and
dereferencing.

(This isn't the full story, as on some CPUs some instructions have variable
execution depending on the inputs, most notably division and on some cores
multiplication. However, testing that no branch or memory access depends on
secret data is already a good start.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-28 11:21:24 +02:00
Janos Follath
f69b919844 Merge branch 'mbedtls-2.16-restricted' into mbedtls-2.16.7r0 2020-06-25 09:19:21 +01:00
Manuel Pégourié-Gonnard
23983f30de Add config.h option MBEDTLS_ECP_NO_INTERNAL_RNG
No effect so far, except on dependency checking, as the feature it's meant to
disable isn't implemented yet (so the descriptions in config.h and the
ChangeLog entry are anticipation for now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-16 10:51:42 +02:00
Bence Szépkúti
f744bd72ee Update license headers to Apache-2.0 OR GPL-2.0-or-later
This will allow us to ship the LTS branches in a single archive

This commit was generated using the following script:

# ========================
#!/bin/sh

header1='\ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later\
 *\
 *  This file is provided under the Apache License 2.0, or the\
 *  GNU General Public License v2.0 or later.\
 *\
 *  **********\
 *  Apache License 2.0:\
 *\
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\
 *  not use this file except in compliance with the License.\
 *  You may obtain a copy of the License at\
 *\
 *  http://www.apache.org/licenses/LICENSE-2.0\
 *\
 *  Unless required by applicable law or agreed to in writing, software\
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
 *  See the License for the specific language governing permissions and\
 *  limitations under the License.\
 *\
 *  **********\
 *\
 *  **********\
 *  GNU General Public License v2.0 or later:\
 *\
 *  This program is free software; you can redistribute it and/or modify\
 *  it under the terms of the GNU General Public License as published by\
 *  the Free Software Foundation; either version 2 of the License, or\
 *  (at your option) any later version.\
 *\
 *  This program is distributed in the hope that it will be useful,\
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of\
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\
 *  GNU General Public License for more details.\
 *\
 *  You should have received a copy of the GNU General Public License along\
 *  with this program; if not, write to the Free Software Foundation, Inc.,\
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.\
 *\
 *  **********'

find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i "
# Normalize the first line of the copyright headers (no text on the first line of a block comment)
/^\/\*.*Copyright.*Arm/I s/\/\*/&\n */

# Insert new copyright header
/SPDX-License-Identifier/ i\
$header1

# Delete old copyright header
/SPDX-License-Identifier/,$ {
  # Delete lines until the one preceding the mbedtls declaration
  N
  1,/This file is part of/ {
    /This file is part of/! D
  }
}
"

# Format copyright header for inclusion into scripts
header2=$(echo "$header1" | sed 's/^\\\? \* \?/#/')

find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i "
# Insert new copyright header
/SPDX-License-Identifier/ i\
$header2

# Delete old copyright header
/SPDX-License-Identifier/,$ {
  # Delete lines until the one preceding the mbedtls declaration
  N
  1,/This file is part of/ {
    /This file is part of/! D
  }
}
"
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:48:48 +02:00
Bence Szépkúti
51b41d5422 Add Apache-2.0 headers to all scripts
This commit was generated using the following script:

# ========================
#!/bin/sh

# Find scripts
find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i '

# Remove Mbed TLS declaration if it occurs before the copyright line
1,/Copyright.*Arm/I {
  /This file is part of/,$ {
    /Copyright.*Arm/I! d
  }
}

# Convert non-standard header in scripts/abi_check.py to the format used in the other scripts
/"""/,/"""/ {

  # Cut copyright declaration
  /Copyright.*Arm/I {
    h
    N
    d
  }

  # Paste copyright declaration
  /"""/ {
    x
    /./ {
      s/^/# /    # Add #
      x          # Replace orignal buffer with Copyright declaration
      p          # Print original buffer, insert newline
      i\

      s/.*//     # Clear original buffer
    }
    x
  }
}

/Copyright.*Arm/I {

  # Print copyright declaration
  p

  # Read the two lines immediately following the copyright declaration
  N
  N

  # Insert Apache header if it is missing
  /SPDX/! {
    i\
# SPDX-License-Identifier: Apache-2.0\
#\
# Licensed under the Apache License, Version 2.0 (the "License"); you may\
# not use this file except in compliance with the License.\
# You may obtain a copy of the License at\
#\
# http://www.apache.org/licenses/LICENSE-2.0\
#\
# Unless required by applicable law or agreed to in writing, software\
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
# See the License for the specific language governing permissions and\
# limitations under the License.

    # Insert Mbed TLS declaration if it is missing
    /This file is part of/! i\
#\
# This file is part of Mbed TLS (https://tls.mbed.org)
  }

  # Clear copyright declaration from buffer
  D
}
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:18:56 +02:00
Gilles Peskine
1e8cafcd3d Exclude DEPRECATED_WARNING in config full
In the full config, don't set MBEDTLS_DEPRECATED_WARNING. This is debatable:
the full config does not enable deprecated features in this branch, so
MBEDTLS_DEPRECATED_WARNING is compatible with the other features.
Exclude it to keep LTS branches closer to development.

In any case, baremetal and full should have the same settings regarding
deprecated features, so don't do anything about DEPRECATED_xxx in baremetal.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 09:04:40 +02:00
Gilles Peskine
df4f7c1274 Document and fix the MBEDTLS_xxx_ALT logic for the full config
The intended logic around MBEDTLS_xxx_ALT is to exclude them from full
because they require the alternative implementation of one or more
library functions, except that MBEDTLS_PLATFORM_xxx_ALT are different:
they're alternative implementations of a platform function and they
have a built-in default, so they should be included in full. Document
this.

Fix a bug whereby MBEDTLS_PLATFORM_xxx_ALT didn't catch symbols where
xxx contains an underscore. As a consequence,
MBEDTLS_PLATFORM_GMTIME_R_ALT and MBEDTLS_PLATFORM_NV_SEED_ALT are now
enabled in the full config. Explicitly exclude
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT because it behaves like the
non-platform ones, requiring an extra build-time dependency.
Explicitly exclude MBEDTLS_PLATFORM_NV_SEED_ALT from baremetal
because it requires MBEDTLS_ENTROPY_NV_SEED, and likewise explicitly
unset it from builds that unset MBEDTLS_ENTROPY_NV_SEED.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 15:02:50 +02:00
Gilles Peskine
d6189e115d Sort lists for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 11:50:06 +02:00
Gilles Peskine
108ebf2b26 Explain the rationale for inclusion in "full" and "baremetal"
Remove the duplicated, and often out-of-date, list in the comments.
Instead explain in a comment, and have a single copy of the list which
is in the code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 11:50:06 +02:00
Gilles Peskine
df5614ef1d Enable X509_ALLOW_EXTENSIONS_NON_V3 in config full
Enable MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 in the full config. There's
no reason to keep it out. We weren't testing it at all on the CI.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 10:23:59 +02:00
Gilles Peskine
989d05ffd8 Remove obsolete options from config.pl
These options haven't existed for a long time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 10:23:59 +02:00
Gilles Peskine
16ee3c15a3 config.pl full: exclude MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
This is a variant toggle, not an extra feature, so it should be tested
separately.
2019-10-08 15:19:25 +02:00
Hanno Becker
dfc974412c Don't set MBEDTLS_MEMORY_DEBUG through scripts/config.pl full 2019-09-09 05:28:25 -04:00
Andrzej Kurek
8762101c01 Update documentation of exceptions for config.pl full 2019-09-09 05:25:05 -04:00
Hanno Becker
307dfcd439 Disable memory buffer allocator in full config
This commit modifies `config.pl` to not set MBEDTLS_MEMORY_BUFFER_ALLOC
with the `full` option.
2019-09-09 05:17:37 -04:00
Andres Amaya Garcia
5d8aade01d Reduce priority of 3DES ciphersuites 2019-03-01 10:29:13 +01:00
Simon Butcher
9fa21bffe6 Merge remote-tracking branch 'public/pr/1533' into development 2018-06-27 10:50:58 +01:00
Manuel Pégourié-Gonnard
2adb375c50 Add option to avoid 64-bit multiplication
Motivation is similar to NO_UDBL_DIVISION.

The alternative implementation of 64-bit mult is straightforward and aims at
obvious correctness. Also, visual examination of the generate assembly show
that it's quite efficient with clang, armcc5 and arm-clang. However current
GCC generates fairly inefficient code for it.

I tried to rework the code in order to make GCC generate more efficient code.
Unfortunately the only way to do that is to get rid of 64-bit add and handle
the carry manually, but this causes other compilers to generate less efficient
code with branches, which is not acceptable from a side-channel point of view.

So let's keep the obvious code that works for most compilers and hope future
versions of GCC learn to manage registers in a sensible way in that context.

See https://bugs.launchpad.net/gcc-arm-embedded/+bug/1775263
2018-06-07 11:05:33 +02:00
fbrosson
533407a266 Use "#!/usr/bin/env perl" as shebang line. 2018-04-04 21:44:29 +00:00
Hanno Becker
a3389ebb09 Merge branch 'development-restricted' into iotssl-1306-rsa-is-vulnerable-to-bellcore-glitch-attack 2018-03-06 11:55:21 +00:00
Azim Khan
c4e9694d43 Add MBEDTLS_NO_UDBL_DIVISION to excludes of full config 2017-12-21 15:22:37 +00:00
Azim Khan
c3c3a68e74 Update usage description 2017-12-21 15:19:53 +00:00
Azim Khan
0d44573e8b Add option to do baremetal configuration. 2017-12-21 10:41:38 +00:00
Gilles Peskine
8ca0e8fdff Minor style fix 2017-10-12 23:21:37 +01:00
Gilles Peskine
d98e9e8577 config.pl get: be better behaved
When printing an option's value, print a newline at the end.

When the requested option is missing, fail with status 1 (the usual
convention for "not found") rather than -1 (which has a
system-dependent effect).
2017-10-12 23:21:37 +01:00
Gilles Peskine
01f57e351c config.pl get: don't rewrite config.h; detect write errors
scripts/config.pl would always rewrite config.h if it was reading it.
This commit changes it to not modify the file when only reading is
required, i.e. for the get command.

Also, die if writing config.h fails (e.g. disk full).
2017-10-12 23:21:37 +01:00
Gilles Peskine
f0f55ccb72 Fixed "config.pl get" for options with no value
Between 2.5.0 and 2.6.0, "scripts/config.pl get MBEDTLS_XXX" was fixed
for config.h lines with a comment at the end, but that broke the case
of macros with an empty expansion. Support all cases.
2017-10-12 23:21:37 +01:00
Hanno Becker
7c0f17d115 Add MBEDTLS_RSA_NO_CRT to options unaffected by config.pl full
The effect of `config.pl full` on 'negative' options such as
`NO_PLATFORM_ENTROPY` is usually inverted, but `MBEDTLS_RSA_NO_CRT` was not
included in the list of such options. This commit adds it.
2017-09-28 12:53:34 +01:00
Hanno Becker
c6f346b60c Fix get option in config.pl script 2017-07-28 16:45:55 +01:00
Brian J Murray
2adecba01f Clarify Comments and Fix Typos (#651)
Fixes many typos, and errors in comments.

* Clarifies many comments
* Grammar correction in config.pl help text
* Removed comment about MBEDTLS_X509_EXT_NS_CERT_TYPE.
* Comment typo fix (Dont => Don't)
* Comment typo fix (assure => ensure)
* Comment typo fix (byes => bytes)
* Added citation for quoted standard
* Comment typo fix (one complement => 1's complement)

The is some debate about whether to prefer "one's complement",  "ones'
complement", or "1's complement".  The more recent RFCs related to TLS
(RFC 6347,  RFC 4347, etc) use " 1's complement", so I followed that
convention.

* Added missing ")" in comment
* Comment alignment
* Incorrect comment after #endif
2016-11-06 12:45:15 +00:00
Simon Butcher
3d26513650 Fix for config.pl if no arguments are passed 2016-06-26 15:44:20 +01:00
Simon Butcher
dd9895d810 Fix config.pl to return successful exitcode for full and realfull 2016-06-21 15:12:00 +01:00
Simon Butcher
4ae869139a Adds 'get' command to scripts/config.pl to retrieve config state
Adds 'get' command to indicate if the option is enabled in the given
configuration file, and to returns it's value if one has been set.
2016-06-21 10:09:25 +01:00
Simon Butcher
ab5df40054 Rename the 'no entropy' feature to MBEDTLS_TEST_NULL_ENTROPY
Following review and for clarity, changed the name of the feature to 'null
entropy'.
2016-06-11 02:31:21 +01:00
Janos Follath
53de78444c Add entropy safety switch.
Add a switch that turns entropy collecting off entirely, but enables
mbed TLS to run in an entirely unsafe mode. Enables to test mbed TLS
on platforms that don't have their entropy sources integrated yet.
2016-06-09 11:54:54 +01:00
SimonB
73883c12bc Fixes formatting of spacing in config.pl 2016-04-04 13:49:10 +01:00
SimonB
60f2cf93f5 Adds option to config.pl to force config changes
The script config.pl fails when setting a #define symbol if the symbol isn't
already in the configuration header. This adds an option '--force' to append
the symbol to the end of the file if it isn't already present.

Also clarified usage, and added copyright to the config.pl.
2016-04-03 14:16:08 +01:00
Manuel Pégourié-Gonnard
1989caf71c Use a full config.h with doxygen
Otherwise we get warnings that some documentation items don't have
corresponding #define, and more importantly the corresponding snippets are not
included in the output.

For that we need a modified version of the "full" argument for config.pl.

Also, the new CMakeLists.txt target only works on Unix (which was already the
case of the Makefile target). Hopefully this is not an issue as people are
unlikely to need that target on Windows.
2016-01-04 12:57:32 +01:00
Manuel Pégourié-Gonnard
7f9049baf4 Make config.pl more resistant to misuse 2015-06-23 23:30:16 +02:00
Manuel Pégourié-Gonnard
a14cbb6141 Have config.pl return non-zero rather than warn 2015-06-03 10:49:38 +01:00
Manuel Pégourié-Gonnard
7ee5ddd798 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix compile errors with NO_STD_FUNCTIONS
  Expand config.pl's notion of "full"
  Ack external bugfix in Changelog
  FIx misplaced Changelog entry (oops)
  Fix compile bug: incompatible declaration of polarssl_exit in platform.c
  Fix contributor's name in Changelog
2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard
b752715893 Expand config.pl's notion of "full"
Make sure bugs in PLATFORM_xxx_ALT are catched
2015-06-03 10:00:02 +01:00
Manuel Pégourié-Gonnard
7b53889f05 Remove support for HAVE_INT8 and HAVE_INT16 2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard
b20a70fcc7 Move rename.pl to scripts & add data file 2015-04-08 20:13:33 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
8a89fcd13f Rm references to removed config options
POLARSSL_MEMORY_C POLARSSL_PBKDF2_C DISABLE_RENEGO
2015-04-03 18:46:55 +02:00