Commit Graph

7482 Commits

Author SHA1 Message Date
Ronald Cron
8e556f8f9a
Merge pull request #3937 from geecrypt/mbedtls-2.7
Backport to Mbedtls 2.7: Support set *_drbg reseed interval before seed
2020-12-07 14:30:04 +01:00
Gilles Peskine
5b1cb8873d
Merge pull request #3725 from gilles-peskine-arm/ecp-bignum-error-checks-2.7
Backport 2.7: add missing some error checks in ECP and bignum
2020-12-07 13:06:36 +01:00
gacquroff
57f1f9b963 Add changelog entry file for bugfix 2927
Signed-off-by: gacquroff <gavina352@gmail.com>
2020-12-03 13:10:24 -08:00
Gavin Acquroff
ceb9990a69 Support set *_drbg reseed interval before seed
mbedtls_ctr_drbg_set_reseed_interval() and
mbedtls_hmac_drbg_set_reseed_interval() can now be called before
their seed functions and the reseed_interval value will persist.
Previously it would be overwritten with the default value.

*_drbg_reseed_interval is now set in init() and free().

mbedtls_ctr_drbg_free() and mbedtls_hmac_drbg_free() now
reset the drbg context to the state immediately after init().

Tests:
- Added test to check that DRBG reseeds when reseed_counter
reaches reseed_interval, if reseed_interval set before seed
and reseed_interval is less than MBEDTLS_*_DRBG_RESEED_INTERVAL.

Signed-off-by: gacquroff <gavina352@gmail.com>
2020-12-03 13:08:37 -08:00
Gilles Peskine
6f714e54f6
Merge pull request #3926 from rodrigo-dc/mbedtls-2.7
Backport 2.7: Fix build failure on gcc-11
2020-12-01 13:26:20 +01:00
Rodrigo Dias Correa
9c7e92b5db Move declaration to fix C90 warning
"declaration-after-statement" was generated because that code was
backported from the development branch, which currently uses C99.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-29 14:45:10 -03:00
Rodrigo Dias Correa
f75fbab19f Change function casting in ssl_calc_finished_tls_sha384
`finish_sha384_t` was made more generic by using `unsigned char*`
instead of `unsigned char[48]` as the second parameter.
This change tries to make the function casting more robust against
future improvements of gcc analysis.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-29 14:44:41 -03:00
Rodrigo Dias Correa
d7853a847d Fix GCC warning in ssl_calc_finished_tls_sha384
This commit fixes the same warning fixed by baeedbf9, but without
wasting RAM. By casting `mbedtls_sha512_finish_ret()`, `padbuf`
could be kept 48 bytes long without triggering any warnings.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-29 14:44:27 -03:00
Rodrigo Dias Correa
ddcc0b7982 Add changelog entry file to ChangeLog.d
Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-29 14:44:06 -03:00
Rodrigo Dias Correa
34018bef3d Fix GCC warning in ssl_calc_finished_tls_sha384
GCC 11 generated a warning because `padbuf` was too small to be
used as an argument for `mbedtls_sha512_finish_ret`. The `output`
parameter of `mbedtls_sha512_finish_ret` has the type
`unsigned char[64]`, but `padbuf` was only 48 bytes long.

Even though `ssl_calc_finished_tls_sha384` uses only 48 bytes for
the hash output, the size of `padbuf` was increased to 64 bytes.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-29 14:43:45 -03:00
Rodrigo Dias Correa
5fb1bd487d Fix GCC warning about test_snprintf
GCC 11 generated the warnings because the parameter `ret_buf`
was declared as `const char[10]`, but some of the arguments
provided in `run_test_snprintf` are shorter literals, like "".

Now the type of `ret_buf` is `const char *`.
Both implementations of `test_snprintf` were fixed.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-29 14:42:58 -03:00
Rodrigo Dias Correa
375366a197 Fix mismatched function parameters (prototype/definition)
In GCC 11, parameters declared as arrays in function prototypes
cannot be declared as pointers in the function definition. The
same is true for the other way around.

The definition of `mbedtls_aes_cmac_prf_128` was changed to match
its public prototype in `cmac.h`. The type `output` was
`unsigned char *`, now is `unsigned char [16]`.

In `ssl_tls.c`, all the `ssl_calc_verify_*` variants now use pointers
for the output `hash` parameter. The array parameters were removed
because those functions must be compatible with the function pointer
`calc_verify` (defined in `ssl_internal.h`).

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-29 08:09:58 -03:00
Rodrigo Dias Correa
d103823ba2 Fix build failure on gcc-11
Function prototypes changed to use array parameters instead of
pointers.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-29 08:09:28 -03:00
Ronald Cron
6dd49753e4
Merge pull request #3920 from gilles-peskine-arm/sha512-doc-internal-fix-2.7
Backport 2.7: Move "internal use" sentence attached to the wrong function
2020-11-27 08:52:58 +01:00
Gilles Peskine
785af305fe Move "internal use" sentence attached to the wrong function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-26 19:33:51 +01:00
Ronald Cron
06e838b44d
Merge pull request #3870 from gilles-peskine-arm/cscope-make-2.7
Backport 2.7: Add makefile target for cscope.out + .gitignore
2020-11-20 16:50:31 +01:00
Gilles Peskine
015356f8b7 Add abstract target names for index generation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-20 12:05:08 +01:00
Gilles Peskine
1562d9c297
Merge pull request #3894 from maroneze/mbedtls-2.7
Backport 2.7: Fix use of uinitialized memory in ssl_parse_encrypted_pms
2020-11-18 18:40:56 +01:00
André Maroneze
9fc67f0e14 Backport 2.7: Fix use of uinitialized memory in ssl_parse_encrypted_pms
Signed-off-by: André Maroneze <maroneze@users.noreply.github.com>
2020-11-18 14:27:02 +01:00
Gilles Peskine
a337176b42
Merge pull request #3888 from gilles-peskine-arm/error-include-string-2.7
Backport 2.7: Fix several configuration-related issues
2020-11-17 20:32:57 +01:00
Gilles Peskine
d754c8bad6 Add a build with MBEDTLS_ERROR_STRERROR_DUMMY
Add a build with MBEDTLS_ERROR_STRERROR_DUMMY but not MBEDTLS_ERROR_C.
Previously, both options were enabled by default, but
MBEDTLS_ERROR_STRERROR_DUMMY only matters when MBEDTLS_ERROR_C is
enabled, so its effect was not tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 16:13:13 +01:00
Gilles Peskine
1eb2a9582d Add missing config from test-ref-configs.pl
The sample configuration file config-no-entropy.h was not being tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 16:13:13 +01:00
Gilles Peskine
8305b5e936 Sort entries to make it easier to eyeball the list
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 16:12:47 +01:00
Gilles Peskine
4159c7154c Simplify conditional guards in error.c
Simplify the guards on MBEDTLS_ERROR_C and MBEDTLS_ERROR_STRERROR_DUMMY.

No longer include superfluous headers and definition: string.h and
platform.h are only needed for MBEDTLS_ERROR_C; time_t is not needed
at all.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 16:09:41 +01:00
Gilles Peskine
3335e9f718 Ignore cscope index
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 21:28:56 +01:00
Gilles Peskine
53f74d0f86 Add a target for the cscope index
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 21:28:51 +01:00
Gilles Peskine
2d847a5e07
Merge pull request #3862 from bensze01/ecb_iv_fix-2.7
Backport 2.7: Do not set IV size for ECB mode ciphers
2020-11-06 18:00:40 +01:00
Bence Szépkúti
b4756c2e20 Do not set IV size for ECB mode ciphers
ECB mode ciphers do not use IVs

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-11-06 15:40:25 +01:00
Gilles Peskine
a9fd4fc550
Merge pull request #3813 from ronald-cron-arm/aes-zeroize-less-2.7
Backport 2.7: Remove a useless zeroization
2020-11-04 23:43:30 +01:00
Ronald Cron
c9e20a05a5
Merge pull request #3829 from gilles-peskine-arm/ssl-opt-gnutls-printf-2.7
Backport 2.7: Fix printf escape errors in shell scripts
2020-11-04 17:51:49 +01:00
Gilles Peskine
352a7cf3ca Fix printf escape errors in shell scripts
Fix `printf "$foo"` which treats the value of `foo` as a printf format
rather than a string.

I used the following command to find potentially problematic lines:
```
git ls-files '*.sh' | xargs egrep 'printf +("?[^"]*|[^ ]*)\$'
```
The remaining ones are false positives for this regexp.

The errors only had minor consequences: the output of `ssl-opt.sh`
contained lines like
```
Renegotiation: gnutls server strict, client-initiated .................. ./tests/ssl-opt.sh: 741: printf: %S: invalid directive
PASS
```
and in case of failure the GnuTLS command containing a substring like
`--priority=NORMAL:%SAFE_RENEGOTIATION` was not included in the log
file. With the current tests, there was no risk of a test failure
going undetected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-27 23:48:40 +01:00
Gilles Peskine
e7a9c3aeca ssl-opt.sh --help: don't show regexps for -f and -e
Showing a regexp to say that by default all tests are executed is not
particularly helpful.

If we ever add a default exclusion list or a default filter, we can
edit the documentation again.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-27 23:44:43 +01:00
Gilles Peskine
acbf9eccb5 Put local variables in a struct
This way we can have a single call to mbedtls_zeroize, which
saves a few bytes of code size.

Additionally, on my PC, I notice a significant speed improvement
(x86_64 build with MBEDTLS_AESNI_C disabled, gcc 5.4.0 -O3). I don't
have an explanation for that (I expected no measurable difference).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-10-22 10:34:20 +02:00
Gilles Peskine
5706e920a4 Remove a useless zeroization
Remove the zeroization of a pointer variable in the AES block
functions. The code was valid but spurious and misleading since it
looked like a mistaken attempt to zeroize the pointed-to buffer.
Reported by Antonio de la Piedra, CEA Leti, France.

Note that we do not zeroize the buffer here because these are the
round keys, and they need to stay until all the blocks are processed.
They will be zeroized in mbedtls_aes_free().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-22 09:43:53 +02:00
Ronald Cron
dac5edc01f
Merge pull request #3747 from gilles-peskine-arm/verbosify-cmake-tests-2.7
Backport 2.7: all.sh: Enable verbose failure messages for CMake
2020-10-21 10:41:07 +02:00
Ronald Cron
c10e6022ee
Merge pull request #3597 from gilles-peskine-arm/cert-gen-cleanup-202008-2.7
Backport 2.7: Minor cleanups in certificate generation
2020-10-15 13:33:49 +02:00
Gilles Peskine
85e05d87b5 Fix "make -C tests/data_files -f ..."
The toplevel directory is actually just ../..: the makefile commands
are executed in the subdirectory. $(PWD) earlier was wrong because it
comes from the shell, not from make. Looking up $(MAKEFILE_LIST) is
wrong because it indicates where the makefile is (make -f), not which
directory to work in (make -C).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-07 11:22:35 +02:00
Gilles Peskine
b8d0c2a7b6 Fix "make -C tests/data_files"
It wasn't working when invoking programs/x509/cert_write or
programs/x509/cert_req due to relying on the current directory rather
than the location of the makefile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-07 11:16:56 +02:00
Gilles Peskine
7399b8abd6 Commit the intermediate files cert_md*.csr
They are used to generate cert_md*.crt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-07 11:16:56 +02:00
Gilles Peskine
8a1face5a5 Remove duplicate rule to generate cert_md5.crt
There were two rules that generated similar files, but with different
dates. Keep the one that's similar to md2 and md4.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-07 11:16:56 +02:00
Gilles Peskine
b72d131ff0 cert_req: discover hash algorithms automatically
Discover hash algorithms automatically rather than hard-coding a list,
as was previously done in cert_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-07 11:16:56 +02:00
Jaeden Amero
de97d1f2f8 all.sh: Enable verbose failure messages for CMake
Set the CMake-observed variable `CTEST_OUTPUT_ON_FAILURE`, so that when
a "make test" run by CMake fails, verbose test output about the detail
of failure is available.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-06 12:39:54 +02:00
Janos Follath
7e7c815aa0
Merge pull request #3733 from gilles-peskine-arm/changelog-user-visible-only-2.7
Backport 2.7: Only use ChangeLog to inform users, not for acknowledgement
2020-10-01 11:36:59 +01:00
Gilles Peskine
8c79c3f985 When to write a changelog: minor improvements
Mention sample programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:35:25 +02:00
Gilles Peskine
1ffd967411 Explain when to write a changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:35:25 +02:00
Gilles Peskine
57205b2297 We no longer credit contributors in the changelog
From now on, external contributions are no longer acknowledged in the
changelog file. They of course remain acknowledged in the Git history.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:35:05 +02:00
Gilles Peskine
a89b650314 Remove changelog entries without a user-visible impact
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:35:05 +02:00
Janos Follath
b016d8d524
Merge pull request #3729 from pkolbus/issue-3647-2.7
Backport 2.7: Restore retry in rsa_prepare_blinding()
2020-09-30 16:22:56 +01:00
Peter Kolbus
e634564381 Restore retry in rsa_prepare_blinding()
Starting with commit 49e94e3, the do/while loop in
`rsa_prepare_blinding()` was changed to a `do...while(0)`, which
prevents retry from being effective and leaves dead code.

Restore the while condition to retry, and lift the calls to finish the
computation out of the while loop by by observing that they are
performed only when `mbedtls_mpi_inv_mod()` returns zero.

Signed-off-by: Peter Kolbus <peter.kolbus@garmin.com>
2020-09-30 07:39:15 -05:00
Gilles Peskine
9dd91ecf53 Add changelog entry for the memory management fixes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 00:46:57 +02:00