Commit Graph

9526 Commits

Author SHA1 Message Date
Jaeden Amero
bd1b89a354 all.sh: Enable verbose failure messages for CMake
Set the CMake-observed variable `CTEST_OUTPUT_ON_FAILURE`, so that when
a "make test" run by CMake fails, verbose test output about the detail
of failure is available.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-06 12:39:34 +02:00
Gilles Peskine
2f26bf7e88
Merge pull request #3735 from gilles-peskine-arm/entropy_poll-_gnu_source-2.16
Backport 2.16: Don't redefine _GNU_SOURCE if it's already defined
2020-10-05 17:25:29 +02:00
Gilles Peskine
90b545881c Fix the build when _GNU_SOURCE is defined to a non-empty value
Fix #3432.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 17:17:37 +02:00
Janos Follath
188e192eeb
Merge pull request #3732 from gilles-peskine-arm/changelog-user-visible-only-2.16
Backport 2.16: Only use ChangeLog to inform users, not for acknowledgement
2020-10-01 11:37:09 +01:00
Gilles Peskine
e1a7cad3c6 When to write a changelog: minor improvements
Mention sample programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:34:22 +02:00
Gilles Peskine
27db5e4405 Explain when to write a changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:34:22 +02:00
Gilles Peskine
36c2ea5376 We no longer credit contributors in the changelog
From now on, external contributions are no longer acknowledged in the
changelog file. They of course remain acknowledged in the Git history.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:32:29 +02:00
Gilles Peskine
4785ec1dbc Remove changelog entries without a user-visible impact
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:31:55 +02:00
Janos Follath
319eee5fdd
Merge pull request #3728 from pkolbus/issue-3647-2.16
Backport 2.16: Restore retry in rsa_prepare_blinding()
2020-09-30 16:23:04 +01:00
Peter Kolbus
b2aeb75509 Restore retry in rsa_prepare_blinding()
Starting with commit 49e94e3, the do/while loop in
`rsa_prepare_blinding()` was changed to a `do...while(0)`, which
prevents retry from being effective and leaves dead code.

Restore the while condition to retry, and lift the calls to finish the
computation out of the while loop by by observing that they are
performed only when `mbedtls_mpi_inv_mod()` returns zero.

Signed-off-by: Peter Kolbus <peter.kolbus@garmin.com>
2020-09-30 07:22:42 -05:00
Gilles Peskine
3ce9480c38 Add changelog entry for the memory management fixes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 00:47:48 +02:00
Victor Krasnoshchok
12b89cbc0b
Fix premature fopen() call in mbedtls_entropy_write_seed_file #3175
Signed-off-by: Victor Krasnoshchok <ct3da21164@protonmail.ch>
2020-09-28 00:28:25 +03:00
Gilles Peskine
e39d14b142 Fix "make -C tests/data_files -f ..."
The toplevel directory is actually just ../..: the makefile commands
are executed in the subdirectory. $(PWD) earlier was wrong because it
comes from the shell, not from make. Looking up $(MAKEFILE_LIST) is
wrong because it indicates where the makefile is (make -f), not which
directory to work in (make -C).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-24 16:45:45 +02:00
Gilles Peskine
506498eaa3
Merge pull request #3708 from ronald-cron-arm/feature/fix_return_code_1-2.16
Backport 2.16: Fix return code expression in pkparse
2020-09-22 18:52:03 +02:00
Jens Reimann
84d4f022e2 fix return code
Signed-off-by: Jens Reimann <jreimann@redhat.com>
2020-09-22 16:22:27 +02:00
Gilles Peskine
401ba5e9b7
Merge pull request #755 from gabor-mezei-arm/692_bp216_missing_zeroizations_of_sensitive_data
[Backport 2.16] Missing zeroizations of sensitive data
2020-09-18 16:20:21 +02:00
Gilles Peskine
e72c8d28f1
Merge pull request #3687 from Jongy/fix-docs-mbedtls-2.16
Backport 2.16: Fix docs to desribe written-into buffer parameter as writable
2020-09-17 00:02:36 +02:00
Yonatan Goldschmidt
f9604bbdc1 Fix docs to desribe written-into buffer parameter as writable
Signed-off-by: Yonatan Goldschmidt <yon.goldschmidt@gmail.com>
2020-09-16 21:56:11 +03:00
Gilles Peskine
30b242de50
Merge pull request #3660 from bensze01/typo-2.16
Backport 2.16: Fix typo in mbedtls_ssl_set_bio description.
2020-09-11 21:17:44 +02:00
gabor-mezei-arm
70f7f67133
Put local variables and buffers in a struct
This reduces the impact of the code size increase due to the addition
of calls to mbedtls_platform_zeroize.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-09-09 15:18:05 +02:00
gabor-mezei-arm
f21639fc2f
Zeroize internal buffers and variables in MD hashes
Zeroising of local buffers and variables which are used for calculations in
mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process()
functions to erase sensitive data from memory.
Checked all function for possible missing zeroisation in MD.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-09-09 15:17:11 +02:00
gabor-mezei-arm
5feba8dae1
Force cleanup before return
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-09-09 15:17:11 +02:00
gabor-mezei-arm
d5253bba32
Zeroize internal buffers and variables in PKCS and SHA
Zeroising of local buffers and variables which are used for calculations in
mbedtls_pkcs5_pbkdf2_hmac() and mbedtls_internal_sha*_process() functions
to erase sensitive data from memory.
Checked all function for possible missing zeroisation in PKCS and SHA.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-09-09 15:16:01 +02:00
Christopher
2681e99a41 Update ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt
Co-authored-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Christopher Moynihan <christophm@gmail.com>
2020-09-09 14:05:02 +02:00
Christopher Moynihan
0c633dab7f Fix typo in mbedtls_ssl_set_bio description.
Description referred to mbedtls_ssl_sent_t callback,
but the callback is named mbedtls_ssl_send_t.

Signed-off-by: Christopher Moynihan <christophm@gmail.com>
2020-09-09 14:05:01 +02:00
gufe44
87d7936d40 Make arc4random_buf declaration available on NetBSD
Signed-off-by: gufe44 <gu981@protonmail.com>
2020-09-09 12:04:18 +02:00
Manuel Pégourié-Gonnard
99693aab21
Merge pull request #3651 from d-otte/mbedtls-2.16
Backport 2.16: adjusting size of sliding window array to correct size
2020-09-09 10:00:11 +02:00
Daniel Otte
1bfb45cb93 adding entry file to ChangeLog.d for backport of PR3592
Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:09:34 +02:00
Daniel Otte
e4dbb99f9f adjusting comment on sliding window memory usage.
The comment now uses '**' as exponentiation operator.

Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:08:15 +02:00
Daniel Otte
639c5e5713 fixing spelling mistakes (window <-- windows)
Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:08:00 +02:00
Daniel Otte
359d049f1b adjusting size of sliding window array to correct size.
Probably the `W[2 << MBEDTLS_MPI_WINDOW_SIZE]` notation is based on a transcription of 2**MBEDTLS_MPI_WINDOW_SIZE.

Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-08 12:07:19 +02:00
Gilles Peskine
ad5c5a2763
Merge pull request #3626 from gilles-peskine-arm/test-fail-report-first-2.16
Backport 2.16: Report the first unit test failure, not the last one
2020-09-05 11:16:02 +02:00
Gilles Peskine
319ecf3192 Initialize ret from test code
The test function mbedtls_mpi_lt_mpi_ct did not initialize ret in test
code. If there was a bug in library code whereby the library function
mbedtls_mpi_lt_mpi_ct() did not set ret when it should, we might have
missed it if ret happened to contain the expected value. So initialize
ret to a value that we never expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 15:33:11 +02:00
Gilles Peskine
dfb5cff2f5 Report the first failure, not the last one
If test_fail is called multiple times in the same test case, report
the location of the first failure, not the last one.

With this change, you no longer need to take care in tests that use
auxiliary functions not to fail in the main function if the auxiliary
function has failed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-31 10:11:47 +02:00
Janos Follath
848a4e06b3
Merge pull request #749 from ARMmbed/mbedtls-2.16.8r0-pr
Prepare Release Candidate for Mbed TLS 2.16.8
2020-08-27 11:32:13 +01:00
Janos Follath
627aeef6ae Update ChangeLog header
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 15:34:41 +01:00
Janos Follath
1bfb580f8c Bump version to Mbed TLS 2.16.8
Executed "./scripts/bump_version.sh --version 2.16.8"

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 15:26:49 +01:00
Janos Follath
4ac5a7be5a Assemble ChangeLog
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 14:49:52 +01:00
Janos Follath
36169d479f Merge branch 'mbedtls-2.16-restricted' 2020-08-26 14:16:04 +01:00
Gilles Peskine
de4bcf22c1
Merge pull request #3562 from raoulstrackx/raoul/verify_crl_without_time_bp2.16
Backport 2.16: Always revoke certificate on CRL
2020-08-26 12:56:15 +02:00
Manuel Pégourié-Gonnard
fa3b3e0d88
Merge pull request #745 from mpg/changelog-for-local-lucky13-2.16-restricted
[Backport 2.16] Add a ChangeLog entry for local Lucky13 variant
2020-08-26 11:52:25 +02:00
Raoul Strackx
75475d8465 Always revoke certificate on CRL
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-08-26 11:42:52 +02:00
Manuel Pégourié-Gonnard
f0a3cddefe Clarify that the Lucky 13 fix is quite general
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-26 10:58:02 +02:00
Manuel Pégourié-Gonnard
c9ebbd5843 Add a ChangeLog entry for local Lucky13 variant
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-26 10:58:02 +02:00
Janos Follath
5b2e60dc36
Merge pull request #741 from mpg/cf-varpos-copy-2.16-restricted
[backport 2.16] Constant-flow copy of HMAC from variable position
2020-08-25 14:35:45 +01:00
Manuel Pégourié-Gonnard
ab9ec32879 Fix a typo in a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:43:10 +02:00
Manuel Pégourié-Gonnard
46f49a8bbc Improve comments on constant-flow testing in config.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:42:21 +02:00
Manuel Pégourié-Gonnard
f08284769d Add an option to test constant-flow with valgrind
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:26:37 +02:00
Manuel Pégourié-Gonnard
590b2d9614 Add mbedtls_ssl_cf_memcpy_offset() with tests
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296

The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:18:11 +02:00
Manuel Pégourié-Gonnard
ce45d1a759 Use temporary buffer to hold the peer's HMAC
This paves the way for a constant-flow implementation of HMAC checking, by
making sure that the comparison happens at a constant address. The missing
step is obviously to copy the HMAC from the secret offset to this temporary
buffer with constant flow, which will be done in the next few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:07:25 +02:00