Commit Graph

2541 Commits

Author SHA1 Message Date
palaviv
5730320225 Removing in compile time unused entries from oid_md_alg list 2016-09-04 15:14:38 +01:00
Andres AG
e7723ec284 Make entropy bias self test poll multiple times
Instead of polling the hardware entropy source a single time and
comparing the output with itself, the source is polled at least twice
and make sure that the separate outputs are different.
2016-08-30 16:50:48 +01:00
Andres AG
b34e42e69e Add a new self test to entropy module
The self test is a quick way to check at startup whether the entropy
sources are functioning correctly. The self test only polls 8 bytes
from the default entropy source and performs the following checks:

- The bytes are not all 0x00 or 0xFF.
- The hardware does not return an error when polled.
- The entropy does not provide data in a patter. Only check pattern
  at byte, word and long word sizes.
2016-08-30 16:50:48 +01:00
Paul Bakker
4400ecc9fb Fix output of PKCS#5 and RIPEMD-160 self tests 2016-08-25 16:36:35 +01:00
Paul Bakker
217efbcb4b Allow compilation without MBEDTLS_SELF_TEST enabled 2016-08-25 15:42:28 +01:00
Paul Bakker
c7d6bd4b5f Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths
As a consequence also adds coverage for reading 3 and 4 byte lengths
(which were not covered before)
2016-08-25 15:42:27 +01:00
Paul Bakker
7eb1243fb4 Add check for lengths over 65535 in mbedtls_asn1_write_len() 2016-08-25 15:42:27 +01:00
Simon Butcher
23e9778684 Adds missing conditions for platform time
In platform.c, made the time functions dependent on the configuration
MBEDTLS_HAVE_TIME to fix a build break where the functions could be
built but the mbedtls_time_t was not defined.
2016-07-13 14:47:07 +01:00
Simon Butcher
b5b6af2663 Puts platform time abstraction into its own header
Separates platform time abstraction into it's own header from the
general platform abstraction as both depend on different build options.
(MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME)
2016-07-13 14:46:18 +01:00
Simon Butcher
905cef6c2c Changed library version number to 2.3.0 2016-06-27 19:36:45 +01:00
Simon Butcher
ab069c6b46 Merge branch 'development' into development-restricted 2016-06-23 21:42:26 +01:00
Brian J Murray
e7be5bdb96 Fixed unchecked calls to mbedtls_md_setup in rsa.c (#502)
* Fixed unchecked calls to mbedtls_md_setup in rsa.c:

* style fixes
2016-06-23 20:57:03 +01:00
Jussi Kivilinna
4b541bec0f Fix unused variable in AES selftest when CBC and CFB disabled (#393)
This commit fixes following warning:

> CC:  aes.c
> aes.c: In function 'mbedtls_aes_self_test':
> aes.c:1225:19: error: unused variable 'iv' [-Werror=unused-variable]
>      unsigned char iv[16];
>                    ^
> cc1: all warnings being treated as errors
2016-06-22 16:48:16 +01:00
Janos Follath
1b8571cd25 Merge branch 'development' into development-restricted 2016-06-21 13:51:17 +01:00
Simon Butcher
1ceab6e43a Adds a check and warning for the null entropy option
If the option MBEDTLS_TEST_NULL_ENTROPY is enabled, the cmake generated
makefile will generate an error unless a UNSAFE_BUILD switch is also enabled.

Equally, a similar warning will always be generated if the Makefile is built,
and another warning is generated on every compilation of entropy.c.

This is to ensure the user is aware of what they're doing when they enable the
null entropy option.
2016-06-21 10:14:00 +01:00
Janos Follath
15ab7ed0f3 Merge branch 'development' into development-restricted
Conflicts:
	programs/pkey/rsa_decrypt.c
	programs/pkey/rsa_encrypt.c
	programs/test/selftest.c
2016-06-14 09:20:46 +01:00
Simon Butcher
124646e4b5 Updates version feature list for NV Seed 2016-06-12 11:56:03 +01:00
Simon Butcher
4157b6004d Renames null entropy source function for clarity 2016-06-12 00:31:33 +01:00
Simon Butcher
ab5df40054 Rename the 'no entropy' feature to MBEDTLS_TEST_NULL_ENTROPY
Following review and for clarity, changed the name of the feature to 'null
entropy'.
2016-06-11 02:31:21 +01:00
Paul Bakker
bddf9ab8ff Update features file 2016-06-10 19:42:15 +01:00
Paul Bakker
fc9c7c8bf4 Initial entropy run should be context specific
Otherwise test influence each other.
Is a change to the context but only if the NV seed feature is enabled
2016-06-10 19:42:15 +01:00
Paul Bakker
d5c9f6d226 Automatically update NV seed on initial entropy run
Update the NV entropy seed before generating any entropy for outside
use. The reason this is triggered here and not in mbedtls_entropy_init(),
is that not all entropy sources mights have been added at that time.
2016-06-10 19:42:14 +01:00
Paul Bakker
9988d6bbd9 Introduce mbedtls_nv_seed_poll() entropy polling function 2016-06-10 19:42:14 +01:00
Paul Bakker
cf0a9f96c5 Introduce platform-layer functions for reading/writing seed from NV
Introduces mbedtls_nv_seed_read() and mbedtls_nv_seed_write().

The platform-layer functions are only available when
MBEDTLS_ENTROPY_NV_SEED is enabled.
2016-06-10 19:42:14 +01:00
Janos Follath
51bcd9355b Update version features. 2016-06-09 13:55:37 +01:00
Janos Follath
53de78444c Add entropy safety switch.
Add a switch that turns entropy collecting off entirely, but enables
mbed TLS to run in an entirely unsafe mode. Enables to test mbed TLS
on platforms that don't have their entropy sources integrated yet.
2016-06-09 11:54:54 +01:00
Janos Follath
ce52d7823c Address user reported coverity issues. 2016-06-07 14:52:35 +01:00
Simon Butcher
78da223f68 Revert accidental changes to file mode of rsa.c 2016-06-07 14:52:34 +01:00
Janos Follath
a338691b46 Merge branch 'development' into development-restricted 2016-06-07 09:24:41 +01:00
Simon Butcher
50cdede726 Revert accidental changes to file mode of rsa.c 2016-06-06 20:15:33 +01:00
Janos Follath
0febc80396 Address issues find by manual coverity scan. 2016-06-03 15:40:57 +01:00
Janos Follath
04b591ee79 Merge branch 'development' for weekly test report. 2016-05-31 10:18:41 +01:00
-~- redtangent ~-~
9fa2e86d93 Add missing mbedtls_time_t definitions (#493)
Add missing mbedtls_time_t definitions to sample applications and the error.c
generation script.

Fixes #490.
2016-05-26 10:07:49 +01:00
Simon Butcher
9c22e7311c Merge branch 'development' 2016-05-24 13:25:46 +01:00
Simon Butcher
65b1fa6b07 Fixes warnings found by Clang static analyser
Also removes annotations in the code to avoid warnings which don't appear to
be needed.
2016-05-23 23:18:26 +01:00
Simon Butcher
584a547873 Fix whitespace and formatting in ssl_srv.c 2016-05-23 16:24:52 +01:00
Simon Butcher
29176897a1 Adds additional casts to calloc calls
Casts added to allow compilation of the library as C++
2016-05-23 14:29:33 +01:00
Simon Butcher
88ffc089bc Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
Simon Butcher
97e829038a Fixes whitespace errors in x509_crl.c 2016-05-23 14:29:32 +01:00
Brian Murray
930a3701e7 fix indentation in output of selftest.c 2016-05-23 14:29:32 +01:00
Paul Bakker
38d188896c Cleanup ifdef statements 2016-05-23 14:29:31 +01:00
Simon Butcher
cc4eabd22a Reverts change in commit daf534d
Commit daf534d from PR #457 breaks the build. This may reintroduce a
clang-analyse warning, but this is the wrong fix for that.

The fix removed a call to mbedtls_ecp_curve_info_from_grp_id() to find
the curve info. This fix adds that back in.
2016-05-23 14:29:31 +01:00
Simon Butcher
da01266599 Corrects incorrectly named function in ctr_drbg.c comment 2016-05-23 14:29:31 +01:00
Simon Butcher
80119c5d28 Fixes minor typos in comments in pk.h and ctr_drbg.c
Fixes typos in PRs #475 and #437
2016-05-23 14:29:30 +01:00
SimonB
99cff58958 Fixes memory leak in memory_buffer_alloc.c debug
Debug symbols were being leaked in memory_buffer_alloc.c
2016-05-23 14:29:29 +01:00
Nicholas Wilson
1b666554c9 Silence a clang-analyze warning
The check is already effectively performed later in the function, but
implicitly, so Clang's analysis fail to notice the functions are in
fact safe.  Pulling the check up to the top helps Clang to verify the
behaviour.
2016-05-23 14:29:29 +01:00
Nicholas Wilson
f0021645b0 Refactor slightly to silence a clang-analyze warning
Since the buffer is used in a few places, it seems Clang isn't clever
enough to realise that the first byte is never touched.  So, even though
the function has a correct null check for ssl->handshake, Clang
complains.  Pulling the handshake type out into its own variable is
enough for Clang's analysis to kick in though.
2016-05-23 14:29:28 +01:00
Nicholas Wilson
b47fd5e8c9 Remove a dead store to silence clang-analyze 2016-05-23 14:29:28 +01:00
Nicholas Wilson
e735303026 Shut up a few clang-analyze warnings about use of uninitialized variables
The functions are all safe, Clang just isn't clever enough to realise
it.
2016-05-23 14:29:28 +01:00
Nicholas Wilson
91c68a5e15 Shut up a clang-analyzer warning
The function appears to be safe, since grow() is called with sensible
arguments in previous functions.  Ideally Clang would be clever enough to
realise this.  Even if N has size MBEDTLS_MPI_MAX_LIMBS, which will
cause the grow to fail, the affected lines in montmul won't be reached.
Having this sanity check can hardly hurt though.
2016-05-23 14:29:28 +01:00
Attila Molnar
2791ba1429 Fix handle leak in mbedtls_platform_entropy_poll() on Windows on error 2016-05-23 14:29:28 +01:00
Alexey Skalozub
c8404607ea Move K inside MBEDTLS_SHA512_PROCESS_ALT block
It is used only by `mbedtls_sha512_process()`, and in case `MBEDTLS_SHA512_PROCESS_ALT` is defined, it still cannot be reused because of `static` declaration.
2016-05-23 14:29:28 +01:00
James Cowgill
5c1e24ca05 Fix build errors on x32 by using the generic 'add' instruction
On x32 systems, pointers are 4-bytes wide and are therefore stored in %e?x
registers (instead of %r?x registers). These registers must be accessed using
"addl" instead of "addq", however the GNU assembler will acccept the generic
"add" instruction and determine the correct opcode based on the registers
passed to it.
2016-05-23 14:29:28 +01:00
Janos Follath
c6dab2b029 Fix non compliance SSLv3 in server extension handling.
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 14:27:02 +01:00
Simon Butcher
94bafdf834 Merge branch 'development' 2016-05-18 18:40:46 +01:00
Simon Butcher
db0feca55c Fixes platform time_t abstraction
Fixes platform abstraction in error.c and the file that it's generated
from as well as DTLS samples.
2016-05-17 00:03:14 +01:00
Simon Butcher
c21bec8af4 Merge branch 'development' 2016-05-16 16:15:20 +01:00
Paul Bakker
21cc5741cf Cleanup ifdef statements 2016-05-12 12:46:28 +01:00
Simon Butcher
2dd49d1e47 Reverts change in commit daf534d
Commit daf534d from PR #457 breaks the build. This may reintroduce a
clang-analyse warning, but this is the wrong fix for that.

The fix removed a call to mbedtls_ecp_curve_info_from_grp_id() to find
the curve info. This fix adds that back in.
2016-05-11 23:15:58 +01:00
Paul Bakker
9edf1eb062 Merge pull request #376 from jcowgill/x32
Support for x32
2016-05-11 20:40:08 +02:00
Paul Bakker
f4743a6f5e Merge pull request #457 from NWilson/clang-analyze-fixes
Clang analyze fixes
2016-05-11 20:20:42 +02:00
Paul Bakker
e1fbac4ac4 Merge pull request #409 from attilamolnar/fix-handle-leak
Fix handle leak in mbedtls_platform_entropy_poll() on Windows on error
2016-05-11 20:14:16 +02:00
Paul Bakker
aaee547547 Merge pull request #402 from pieceofsummer/sha512-process-alt-k
Move K inside MBEDTLS_SHA512_PROCESS_ALT block
2016-05-11 20:12:45 +02:00
Simon Butcher
71c7ac5597 Corrects incorrectly named function in ctr_drbg.c comment 2016-05-10 23:47:30 +01:00
Simon Butcher
938f65c452 Merge 'development' into development 2016-05-10 20:58:54 +01:00
Simon Butcher
295639bfa1 Fixes minor typos in comments in pk.h and ctr_drbg.c
Fixes typos in PRs #475 and #437
2016-05-10 19:39:36 +01:00
SimonB
4225611887 Fixes memory leak in memory_buffer_alloc.c debug
Debug symbols were being leaked in memory_buffer_alloc.c
2016-05-05 14:24:17 +01:00
Simon Butcher
e4a46f696f Merge branch 'development' 2016-04-27 18:44:37 +01:00
Simon Butcher
3fe6cd3a2d Fixes time() abstraction for custom configs
Added platform abstraction of time() to ChangeLog, version features, and fixed the build for dynamic configuration.
2016-04-26 19:51:29 +01:00
SimonB
d5800b7761 Abstracts away time()/stdlib.h into platform
Substitutes time() into a configurable platform interface to allow it to be
easily substituted.
2016-04-26 14:49:59 +01:00
Alexey Skalozub
e17a8da17e Rename MPI zeroize function to mbedtls_mpi_zeroize
Avoid naming confusion
2016-04-25 16:01:07 +01:00
Alexey Skalozub
3d53f41638 Faster mbedtls_zeroize for MPI
Writes in `sizeof(mbedtls_mpi_uint)` units perform faster than plain chars, also eliminates multiplication by `ciL`
2016-04-25 16:00:50 +01:00
Janos Follath
8a3170571e Fix bug in ssl_write_supported_elliptic_curves_ext
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 00:41:54 +01:00
Simon Butcher
2300776816 Merge branch 'development' 2016-04-19 10:39:36 +01:00
Janos Follath
1ed9f99ef3 Fix null pointer dereference in the RSA module.
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:16:31 +01:00
Simon Butcher
3f5c875654 Adds test for odd bit length RSA key size
Also tidy up ChangeLog following review.
2016-04-15 19:06:59 +01:00
Janos Follath
10c575be3e Fix odd bitlength RSA key generation
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-15 18:49:13 +01:00
Nicholas Wilson
42d47f0fb5 Silence a clang-analyze warning
The check is already effectively performed later in the function, but
implicitly, so Clang's analysis fail to notice the functions are in
fact safe.  Pulling the check up to the top helps Clang to verify the
behaviour.
2016-04-13 11:57:36 +01:00
Nicholas Wilson
5d5e421d08 Refactor slightly to silence a clang-analyze warning
Since the buffer is used in a few places, it seems Clang isn't clever
enough to realise that the first byte is never touched.  So, even though
the function has a correct null check for ssl->handshake, Clang
complains.  Pulling the handshake type out into its own variable is
enough for Clang's analysis to kick in though.
2016-04-13 11:57:36 +01:00
Nicholas Wilson
daf534dcf9 Remove a dead store to silence clang-analyze 2016-04-13 11:57:36 +01:00
Nicholas Wilson
409401c044 Shut up a few clang-analyze warnings about use of uninitialized variables
The functions are all safe, Clang just isn't clever enough to realise
it.
2016-04-13 11:56:22 +01:00
Nicholas Wilson
2cc69fffcf Shut up a clang-analyzer warning
The function appears to be safe, since grow() is called with sensible
arguments in previous functions.  Ideally Clang would be clever enough to
realise this.  Even if N has size MBEDTLS_MPI_MAX_LIMBS, which will
cause the grow to fail, the affected lines in montmul won't be reached.
Having this sanity check can hardly hurt though.
2016-04-13 11:56:22 +01:00
Simon Butcher
078bcdd6f6 Merge branch 'IOTSSL-628-BufferOverread' 2016-03-16 22:53:11 +00:00
Simon Butcher
184990c1d4 Merge development into development-restricted 2016-03-16 13:56:00 +00:00
Simon Butcher
4b852db299 Merge branch 'iotssl-629-der-trailing-bytes'
Fixes bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer following DER certificates to be included in the raw representation.
2016-03-12 23:28:26 +00:00
Simon Butcher
0203745e23 Swap C++ comments to C for style consistency in rsa.c 2016-03-09 21:06:20 +00:00
Janos Follath
c69fa50d4c Removing 'if' branch from the fix.
This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch.
2016-03-09 21:06:19 +00:00
Janos Follath
b6eb1ca01c Length check added 2016-03-09 21:06:19 +00:00
Manuel Pégourié-Gonnard
370717b571 Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-03-09 21:06:19 +00:00
Janos Follath
eddfe8f6f3 Included tests for the overflow 2016-03-09 21:06:19 +00:00
Janos Follath
b437b4b125 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-03-09 19:32:10 +00:00
Simon Butcher
e846b5128f Use the SSL IO and time callback typedefs consistently
The callback typedefs defined for mbedtls_ssl_set_bio() and
mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were
referenced in structures or in code.
2016-03-09 19:32:09 +00:00
Simon Butcher
c0957bdc13 Fix some minor typos in comments
Fix spelling mistakes and typos.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
0c6aad90f2 x509: remove obsolete TODO comment
- basicContraints checks are done during verification
- there is no need to set extensions that are not present to default values,
  as the code using the extension will check if it was present using
ext_types. (And default values would not make sense anyway.)
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
986bbf24ce x509:
-
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
d1b7f2b8cf ssl: ignore CertificateRequest's content for real
- document why we made that choice
- remove the two TODOs about checking hash and CA
- remove the code that parsed certificate_type: it did nothing except store
  the selected type in handshake->cert_type, but that field was never accessed
afterwards. Since handshake_params is now an internal type, we can remove that
field without breaking the ABI.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
56e9ae2bf2 Remove unnecessary TODO comment
We don't implement anonymous key exchanges, and we don't intend to, so it can
never happen that an unauthenticated server requests a certificate from us.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
eeef947040 Clarify documentation about missing CRLs
Also tune up some working while at it.
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard
214a84889c Update note about hardcoded verify_data_length 2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard
967994a05e Remove unused code.
After the record contents are decompressed, in_len is no longer
accessed directly, only in_msglen is accessed. in_len is only read by
ssl_parse_record_header() which happens before ssl_prepare_record_contents().

This is also made clear by the fact that in_len is not touched after
decrypting anyway, so if it was accessed after that it would be wrong unless
decryption is used - as this is not the case, it show in_len is not accessed.
2016-03-09 19:32:08 +00:00