Commit Graph

351 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
495ef98b24
Merge pull request #3976 from devnexen/fbsd_dfly_upd
Implements getrandom's wrapper for handful of BSD.
2021-02-16 09:41:55 +01:00
Steven Cooreman
863470a5f9 Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 14:26:44 +01:00
David Carlier
4971c3fce7 Changelog entry.
Signed-off-by: David Carlier <devnexen@gmail.com>
2021-02-15 13:13:13 +00:00
Steven Cooreman
7976574f82 Allow tweaking PSA_KEY_SLOT_COUNT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 13:58:27 +01:00
Gilles Peskine
59ad77032f
Merge pull request #4131 from paul-elliott-arm/fix_crypto_leak
Fix memory leak in error case in psa_crypto
2021-02-15 11:38:13 +01:00
Ronald Cron
5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Paul Elliott
d17062e6bf Correct english in changelog.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-12 14:48:16 +00:00
Bence Szépkúti
a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Paul Elliott
da3e7db495 Fix memory leak in error case in psa_crypto
In psa_generate_derived_key_internal() an error case was returning
directly rather than jumping to the exit label, which meant that an
allocated buffer would not be free'd.

Found via coverity.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-09 19:03:47 +00:00
Ronald Cron
07907ae84e Add change log entry
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-09 15:36:14 +01:00
Gilles Peskine
2fa6b5f503 ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.

Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.

After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.

To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Janos Follath
6a32ad83e3
Merge pull request #4094 from d-otte/development
wrong RSA_PRV_DER_MAX_BYTES for odd MBEDTLS_MPI_MAX_SIZE
2021-02-02 16:15:07 +00:00
Daniel Otte
da43d78017 adjusting Changelog entry for PR #4094
Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-02 12:38:26 +01:00
Daniel Otte
21cbe4a494 adding entry file to ChangeLog.d for PR4094
Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-01 18:47:22 +01:00
Gilles Peskine
c8a9177110 mbedtls_mpi_sub_abs: fix buffer overflow in error case
Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE).

Fix #4042

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 17:28:03 +01:00
Gilles Peskine
53943ca434
Merge pull request #3992 from stevew817/feature/ecp_no_fallback
Add a flag for disabling software fallback in ecp.c
2021-01-29 16:08:51 +01:00
Ronald Cron
318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
gabor-mezei-arm
47278ee8f8
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 14:03:57 +01:00
Steven Cooreman
6226a12acc Documentation update for MBEDTLS_ECP_NO_FALLBACK
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-21 13:58:31 +01:00
Cédric Meuter
ff3db6a5cf Removed trailing whitespace
Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2021-01-10 15:40:33 +01:00
Cédric Meuter
ad27fb03b5 Added changelog entry
Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2021-01-10 13:33:14 +01:00
Steven Cooreman
97b4984657 Add a flag for disabling fallback in ecp.c
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-08 16:43:43 +01:00
Gilles Peskine
ae3741e8a4 Fix an incorrect error code if RSA private operation glitched
mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:

* If rsa_prepare_blinding() returned  MBEDTLS_ERR_RSA_RNG_FAILED
  (indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
  a glitch attack).

Make sure not to add two high-level error codes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Manuel Pégourié-Gonnard
75fdd0640f
Merge pull request #3973 from stroebeljc/development
Fixed seed variable concatenation pointer.
2021-01-06 10:07:52 +01:00
stroebeljc
03ee3834a0 Updated change description as suggested by @gilles-peskine-arm.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-05 11:28:30 -06:00
Gilles Peskine
73d783244f
Merge pull request #3969 from frestr/bugfix/psa_close_key_leak
PSA Crypto: Don't skip key data removal when SE driver is not in use
2021-01-05 16:55:52 +01:00
stroebeljc
e67ba98581 Fixed verb tense in change log.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:19:29 -06:00
stroebeljc
2b50d78972 Fixed incorrect change log formatting.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:17:35 -06:00
stroebeljc
d4de1b5d4e Updated per comments from @gilles-peskine-arm.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:14:32 -06:00
ENT\stroej1
6a5f10cdc7 Added ChangeLog entry for related issue.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 12:39:13 -06:00
Fredrik Strupe
462aa575a4 PSA Crypto: Don't skip key data removal when SE driver is not in use
Closing a wrapped key with the new SE driver interface while
MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not
being freed, even though an old SE driver is not in use, leading to a
memory leak. This is because a wrapped key is also considered external.

This commit extends the check for skipping by checking whether an
old-style SE driver is registered with the provided slot, in addition to
checking whether the key is external.

Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-12-17 11:05:36 +01:00
Bence Szépkúti
0bd9d226bc Add Changelog entry
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-16 15:02:50 +01:00
Janos Follath
7ac5fd1861 Assemble ChangeLog
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:03:46 +00:00
Janos Follath
248900d9b9 Fix Changelog format
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:03:03 +00:00
Janos Follath
debe71988f Add missing ChangeLog entries
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:02:45 +00:00
Janos Follath
a946dcf8b2 Merge branch 'development-restricted' into mbedtls-2.25.0r0-pr 2020-12-08 20:59:45 +00:00
Gilles Peskine
6d5c7bc69a
Merge pull request #3898 from paul-elliott-arm/fix_pem_write
Remove Extraneous bytes from buffer post pem write
2020-12-08 12:31:40 +01:00
Gilles Peskine
2b759626a9
Merge pull request #3948 from bensze01/update_psa_values
Update the values of PSA Crypto API macros to version 1.0.0
2020-12-08 11:03:33 +01:00
Bence Szépkúti
6879f42be4 Add changelog
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:24:41 +01:00
Paul Elliott
557b8d663a Remove Extraneous bytes from buffer post pem write
In order to remove large buffers from the stack, the der data is written
into the same buffer that the pem is eventually written into, however
although the pem data is zero terminated, there is now data left in the
buffer after the zero termination, which can cause
mbedtls_x509_crt_parse to fail to parse the same buffer if passed back
in. Patches also applied to mbedtls_pk_write_pubkey_pem, and
mbedtls_pk_write_key_pem, which use similar methods of writing der data
to the same buffer, and tests modified to hopefully catch any future
regression on this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-12-07 17:29:42 +00:00
Ronald Cron
771090659e
Merge pull request #3393 from geecrypt/development
Support set *_drbg reseed interval before seed
2020-12-07 14:29:52 +01:00
Gilles Peskine
22a191199d NIST_KW in cipher: credit the reporter
This issue was found by Guido Vranken's Cryptofuzz running on the
OSS-Fuzz platform.

Fix #3665

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 14:26:07 +01:00
Janos Follath
3aae5d4ed7
Merge pull request #781 from mpg/cipher-auth-crypt-restricted
Fix buffer overflow with NIST-KW in cipher layer
2020-12-07 12:58:36 +00:00
Janos Follath
7973e2b358
Merge pull request #772 from chris-jones-arm/development-restricted
Fix Diffie-Hellman large key size DoS
2020-12-07 09:28:55 +00:00
Gilles Peskine
e410bf7320 Add changelog entry for the memory management fixes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-06 22:32:02 +01:00
gacquroff
1bfeb8a837 Add changelog entry file for bugfix 2927
Signed-off-by: gacquroff <gavina352@gmail.com>
2020-12-03 12:28:25 -08:00
Chris Jones
add9948784 Fix whitespace in changelog entry
Extra whitespace and a missing newline at end of file was causing an error with
`check_files.py`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 15:45:29 +00:00
Manuel Pégourié-Gonnard
6df90523e1 Add ChangeLog entries for auth_crypt changes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 13:00:58 +01:00
Gilles Peskine
227366b4b0 Merge branch 'development' into development-restricted 2020-12-03 12:39:44 +01:00
Gilles Peskine
54a6f23393
Merge pull request #3930 from ccvca/fix_missing_argument
Fix: Add missing arguments to debug message.
2020-12-03 12:29:03 +01:00
Gilles Peskine
a282984c3d
Merge pull request #773 from paul-elliott-arm/discrepancy_cert
Add missing tag check to signature check on certificate load
2020-12-03 12:19:39 +01:00
Manuel Pégourié-Gonnard
489c058b52 Merge branch 'development' into development-restricted
* development: (488 commits)
  Fix removal of deprecated PSA constants
  Use GitHub-compatible table formatting
  Remove psa header files in uninstall part
  Change function casting in `ssl_calc_finished_tls_sha384`
  Fix GCC warning in `ssl_calc_finished_tls_sha384`
  Add changelog entry file to `ChangeLog.d`
  Fix GCC warning in `ssl_calc_finished_tls_sha384`
  Fix GCC warning about `test_snprintf`
  Fix mismatched function parameters (prototype/definition)
  Fix build failure on gcc-11
  Copyediting
  Clarifications around key import
  Fix copypasta
  A variable is unused in some configurations
  Rename test_driver_keygen to test_driver_key_management
  Move "internal use" sentence attached to the wrong function
  Added changelog
  Plug in the entry point for public key export through driver
  tests: psa: Reset key attributes where needed
  Improve/fix documentation
  ...
2020-12-03 09:59:42 +01:00
Chris Jones
16187a21be Add ChangeLog entry for modular exponentiation size limit
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-02 15:25:27 +00:00
Christian von Arnim
883d304785
Fix: Add missing arguments to debug message.
Signed-off-by: Christian von Arnim <christian.von-arnim@isw.uni-stuttgart.de>
2020-12-02 10:13:02 +01:00
Paul Elliott
ca17ebfbc0 Add tag check to cert algorithm check
Add missing tag check for algorithm parameters when comparing the
signature in the description part of the cert against the actual
signature whilst loading a certificate. This was found by a
certificate (created by fuzzing) that openssl would not verify, but
mbedtls would.

Regression test added (one of the client certs modified accordingly)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-11-26 16:34:16 +00:00
Gilles Peskine
436400eec3 Handle random generator failure in mbedtls_mpi_fill_random()
Discuss the impact in a changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-25 17:30:46 +01:00
Rodrigo Dias Correa
683028a2f7 Add changelog entry file to ChangeLog.d
Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-25 01:13:12 -03:00
Gilles Peskine
68cc434c11 PSA support for HMAC_DRBG: changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:42:54 +01:00
Gilles Peskine
9aaa3e164a
Merge pull request #3786 from stevew817/feature/generate_pubkey_in_driver
Add export_public_key entry point for drivers
2020-11-23 11:54:53 +01:00
Gilles Peskine
662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless
Openless PSA crypto APIs implementation
2020-11-20 18:48:33 +01:00
Steven Cooreman
0737c09c7b Added changelog
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-11-20 17:31:24 +01:00
Ronald Cron
a3d9daca92 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Gilles Peskine
c70431451b
Merge pull request #3867 from gilles-peskine-arm/error-include-string
Fix several configuration-related issues
2020-11-17 20:32:59 +01:00
Gilles Peskine
9f4a01c33c
Merge pull request #3571 from gufe44/arc4random_buf-implicit
NetBSD/OpenBSD symbol availability fix
2020-11-12 12:12:49 +01:00
Gilles Peskine
b64e0fe5e3 Fix conditions for including string.h in error.c
<string.h> is actually needed when MBEDTLS_ERROR_C is enabled and not
when only MBEDTLS_ERROR_STRERROR_DUMMY is enabled.

Fix #3866.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:17:07 +01:00
Gilles Peskine
e3994d7269
Merge pull request #3836 from bensze01/ecb_iv_fix
Do not set iv size for ECB mode ciphers
2020-11-06 18:00:50 +01:00
Bence Szépkúti
a8e40ddfc9 Do not set IV size for ECB mode ciphers
ECB mode ciphers do not use IVs

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-11-06 09:40:21 +01:00
Gilles Peskine
6b87993142
Merge pull request #3609 from gilles-peskine-arm/aes-zeroize-less
Remove a useless zeroization
2020-11-04 23:43:35 +01:00
Johan Pascal
44c0a0a60a Stick to ChangeLog rules
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Gilles Peskine
935b4f96f9
Merge pull request #3407 from RcColes/development
Increase compatibility with external cmake
2020-10-28 12:29:14 +01:00
Gilles Peskine
01fc209969
Merge pull request #3748 from torstenes/3740_PSA_key_storage_systematically_store_bits
Changes PSA key storage format to include key bits
2020-10-26 15:33:58 +01:00
Gilles Peskine
db8298ca61
Merge pull request #3802 from peter-toft-greve/minimum_cmake
Update mimimum required cmake version
2020-10-26 14:36:08 +01:00
Torstein Nesse
ce1494b6ee Update ChangeLog.d/systematically_store_bit_size_3740.txt
Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
2020-10-22 12:12:22 +02:00
Peter Toft
70e2062218 Updated minimum cmake requirement down to 2.8.12
* As described in issue #3801 the upcoming cmake 3.19
  will not support cmake 2.6 any more
* This PR updates the mimimum required cmake version
  to 2.8.12, which will not give a warning with cmake 3.19
  but still compatible with MbedTLS support of RHEL/CentOS 7 LTS
* Adding ChangeLog.d/bugfix_PR3802.txt

Signed-off-by: Peter Toft <peter.toft@dirac.com>
2020-10-22 10:43:40 +02:00
Gilles Peskine
1b275cc5d0
Merge pull request #3772 from frestr/bugfix/ccm_add_length
Fix additional data length field check for CCM
2020-10-21 22:31:48 +02:00
Gilles Peskine
ec32a74024
Merge pull request #3799 from d3zd3z/fixchar
Fix ssl_context_info handling of EOF (build failure if char is unsigned)
2020-10-21 22:30:15 +02:00
Gilles Peskine
b7eaa77e2a
Merge pull request #3743 from stevew817/bugfix/use_ecdh_key_in_streamlined_derivation
Fix PSA crypto inconsistencies in agreement+derivation
2020-10-21 13:25:21 +02:00
Torstein Nesse
d9246559ca Update changelog entry, format specification, and correct test vectors
Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
2020-10-21 11:17:09 +02:00
Ronald Cron
60ca77ca75
Merge pull request #3730 from gilles-peskine-arm/psa_generate_key-curve25519
Fix psa_generate_key on Curve25519
2020-10-21 09:03:00 +02:00
Nayna Jain
d696e7d91e programs/ssl: Fix incorrect EOF check in ssl_context_info.c
In `read_next_b64_code()`, the result of fgetc() is stored into a char,
but later compared against EOF, which is generally -1.  On platforms
where char is unsigned, this generates a compiler warning/error that the
comparison will never be true (causing a build failure).  The value will
never match, with the function ultimately bailing with a "Too many bad
symbols are detected" error.

On platforms with signed char, EOF is detected, but a file containing a
0xFF character will causes a premature end of file exit of the loop.

Fix this by changing the result to an int.

Fixes #3794.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
2020-10-20 13:31:32 -06:00
Raef Coles
995c66f702 Build: Add MBEDTLS_TARGET_PREFIX
Allows required targets to have prefixes added to them, so that external
projects can avoid target names clashing.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2020-10-20 13:44:44 +01:00
Steven Cooreman
fa5e631d23 Apply review feedback
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-15 17:07:12 +02:00
Fredrik Strupe
5e940c6068 Fix additional data length field check for CCM
The CCM specification (NIST SP 800-38C) mandates that the formatting of
the additional data length l(a) changes when it is greater _or equal_ to
2^16 - 2^8 (>= 0xFF00). Since such lengths are not supported in mbed TLS,
the operation should fail in such cases.

This commit fixes an off-by-one error which allowed encryption/decryption
to be executed when l(a) was equal to 0xFF00, resulting in an
incorrect/non-standard length format being used.

Fixes #3719.

Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-10-08 12:09:44 +02:00
Torstein Nesse
162a1104be Changes PSA key storage format to include key bits
* Stores bits in psa_persistent_key_storage_format.
* psa_load_persistent_key_into_slot still imports plaintext keys which
  ensures that the bits value gets set.
* Updates key specification to match new implementation.
* Expands persistent store and load tests with to check for bits
  attribute.
* Removes bits storage from psa_se_key_data_storage_t.

Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
2020-10-07 10:54:24 +02:00
Janos Follath
72ca39737f
Merge pull request #3723 from frestr/bugfix/invalid_argument_on_invalid_input
Use PSA_ERROR_INVALID_ARGUMENT for invalid cipher input sizes
2020-10-07 09:21:01 +01:00
Gilles Peskine
0dfcefb8e9
Merge pull request #3734 from gilles-peskine-arm/entropy_poll-_gnu_source-development
Don't redefine _GNU_SOURCE if it's already defined
2020-10-05 17:25:34 +02:00
Steven Cooreman
949cde682e Add changelog entries for #3741 and #3742
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-05 16:24:15 +02:00
Janos Follath
7f007f70e0
Merge pull request #3639 from okhowang/android
Use socklen_t on Android
2020-10-02 13:22:59 +01:00
Fredrik Strupe
dd9ec1c573 Update changelog entry to mention PSA API compliance
Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-10-01 16:03:10 +02:00
Janos Follath
2cb88c9a24
Merge pull request #3726 from gilles-peskine-arm/changelog-user-visible-only-development
Only use ChangeLog to inform users, not for acknowledgement
2020-10-01 11:37:22 +01:00
Gilles Peskine
a1f9ef0615 Fix the build when _GNU_SOURCE is defined to a non-empty value
Fix #3432.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 11:27:17 +02:00
Gilles Peskine
c6468ee247 Revert "Use glibc's getrandom() instead of syscall when glibc > 2.25."
This reverts commit 9c46a60e6c.

When the library is dynamically linked against Glibc (as is usually
the case with Glibc), it now requires a recent Glibc at runtime if it
was compiled with a recent Glibc. This is a loss of functionality for
no demonstrated benefit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 11:22:18 +02:00
Fredrik Strupe
9d3391483c Add changelog entry
Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-10-01 10:44:46 +02:00
Gilles Peskine
e9a1e13d62 2.24.0 is still covered by the old policy
“Prior to Mbed TLS 2.24” suggests that 2.24 itself didn't use the old
policy anymore, but it did. Change to “Until”, and also give the exact
version number “2.24.0”.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:35:49 +02:00
Gilles Peskine
2acbed387d psa_generate_key: remove the bit-size sanity check
In psa_generate_key_internal() for ECC keys, remove the check that the
bit-size according to Mbed TLS is equal to the requested bit-size.
This check was necessary back when the PSA API encoded curves and key
sizes independently, in order to reject combinations such as SECP256R1
with a 512-bit size. Since the curve encoding changed to specifying a
curve family and a size separately, the Mbed TLS curve id (grp_id) and
the curve data (curve_info) are now determined from the size, and
checking that (curve_info->bit_size == bits) is now only a redundant
sanity check.

This check is actually buggy, because PSA Crypto and Mbed TLS don't
have exactly the same notion of key size. PSA thinks Curve25519 is
255-bit and secp224k1 is 225-bit, but Mbed TLS thinks they're 256-bit
and 224-bit respectively. Removing the check allows key generation to
work for these curves.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 22:03:29 +02:00
Janos Follath
e85c0c469d
Merge pull request #3717 from pkolbus/issue-3647
Restore retry in rsa_prepare_blinding()
2020-09-30 16:23:10 +01:00
Gilles Peskine
360e2c41d8 List Montgomery curves in mbedtls_ecp_curve_list()
mbedtls_ecp_curve_list() now lists Curve25519 and Curve448 under the names
"x25519" and "x448". These curves support ECDH but not ECDSA.

This was meant ever since the introduction of mbedtls_ecdsa_can_do()
in 0082f9df6f, but
2c69d10bac had removed the claim
that Montgomery curves support ECDH except through Everest.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 17:02:25 +02:00
okhowang(王沛文)
76158ce9b7 Use socklen_t on Android and other POSIX-compliant system
Fixes #2977

Signed-off-by: okhowang(王沛文) <okhowang@tencent.com>
2020-09-30 16:53:37 +08:00
okhowang(王沛文)
9c46a60e6c Use glibc's getrandom() instead of syscall when glibc > 2.25.
Fixes #3432

Signed-off-by: okhowang(王沛文) <okhowang@tencent.com>
2020-09-30 16:10:49 +08:00
Gilles Peskine
4bcfe9269f When to write a changelog: minor improvements
Mention sample programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 09:55:27 +02:00
Gilles Peskine
ece00a0cd0 Explain when to write a changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 01:16:59 +02:00
Gilles Peskine
3b4edc78df We no longer credit contributors in the changelog
From now on, external contributions are no longer acknowledged in the
changelog file. They of course remain acknowledged in the Git history.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 01:13:05 +02:00
Gilles Peskine
27ed799109 Remove changelog entries without a user-visible impact
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 01:11:39 +02:00
Victor Krasnoshchok
6361ad9bc6
Changelog update #3175
Signed-off-by: Victor Krasnoshchok <ct3da21164@protonmail.ch>
2020-09-27 23:51:21 +03:00
Peter Kolbus
ca8b8e7c31 Restore retry in rsa_prepare_blinding()
Starting with commit 49e94e3, the do/while loop in
`rsa_prepare_blinding()` was changed to a `do...while(0)`, which
prevents retry from being effective and leaves dead code.

Restore the while condition to retry, and lift the calls to finish the
computation out of the while loop by by observing that they are
performed only when `mbedtls_mpi_inv_mod()` returns zero.

Signed-off-by: Peter Kolbus <peter.kolbus@garmin.com>
2020-09-25 08:43:57 -05:00
Cameron Nemo
e18d09de37 fix(programs/psa): commit python3 generated file
Python should not be required for the build when the no_test target is
used. This commit adds the generated file to the source tree and the
check-generated-files script, and removes the generation from (c)make.

Fixes #3524

Signed-off-by: Cameron Nemo <cnemo@tutanota.com>
2020-09-24 20:57:46 -07:00
Gilles Peskine
bbc6032444
Merge pull request #731 from gabor-mezei-arm/692_missing_zeroizations_of_sensitive_data
Missing zeroizations of sensitive data
2020-09-18 16:20:13 +02:00
Steven Cooreman
a32193fae8 Add changelog entry
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Gilles Peskine
b1d3f2779b
Merge pull request #3480 from stevew817/feature/aes-ecb
Added support for AES-ECB to the PSA Crypto implementation
2020-09-14 14:45:14 +02:00
Gilles Peskine
2a739c41bd
Merge pull request #3569 from cm6n/fix_mbedtlssslsetbio_description
Fix typo in mbedtls_ssl_set_bio description.
2020-09-11 21:17:37 +02:00
Gilles Peskine
6bf4f5fb65
Merge pull request #3585 from jdurkop/fix/undefined-reference-3294
Fix the build with MBEDTLS_USE_PSA_CRYPTO without ECDSA
2020-09-10 21:59:49 +02:00
Dave Rodgman
e5874e1903
Merge pull request #3525 from HowJMay/typo
Fix typo in comment
2020-09-10 12:39:25 +01:00
Dave Rodgman
0e9afb8bd1 Minor fixes to changelog
Change section from "Bugfix" to "Changes". Minor grammar tidy-up.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2020-09-10 08:26:39 +08:00
HowJMay
ccbd622ed7 Fix typo in comment
Fix typo in program/pkey/ecdh_curve25519.c

Signed-off-by: HowJMay <vulxj0j8j8@gmail.com>
2020-09-10 08:25:36 +08:00
gufe44
c54888eb60 Make arc4random_buf declaration available on NetBSD
Signed-off-by: gufe44 <gu981@protonmail.com>
2020-09-09 12:03:09 +02:00
Manuel Pégourié-Gonnard
628ed4e54f
Merge pull request #3592 from d-otte/development
adjusting size of sliding window array to correct size.
2020-09-09 10:00:26 +02:00
Daniel Otte
b9da1dd335 adding entry file to ChangeLog.d for PR3592
Signed-off-by: Daniel Otte <d.otte@wut.de>
2020-09-07 13:08:10 +02:00
Steven Cooreman
7922396c25 Added changelog
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-04 14:22:27 +02:00
Janos Follath
c18a7b8466 Assemble ChangeLog
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 14:49:16 +01:00
Janos Follath
d2ce916b58 Merge branch 'development-restricted' 2020-08-26 14:15:34 +01:00
Gilles Peskine
9e4d4387f0
Merge pull request #3433 from raoulstrackx/raoul/verify_crl_without_time
Always revoke certificate on CRL
2020-08-26 12:56:11 +02:00
Manuel Pégourié-Gonnard
376712217e
Merge pull request #737 from mpg/changelog-for-local-lucky13-dev-restricted
Add a ChangeLog entry for local Lucky13 variant
2020-08-26 11:52:15 +02:00
Manuel Pégourié-Gonnard
8f18d08fae Clarify that the Lucky 13 fix is quite general
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-26 10:10:11 +02:00
Gilles Peskine
ee4d4eb625 Remove a useless zeroization
Remove the zeroization of a pointer variable in the AES block
functions. The code was valid but spurious and misleading since it
looked like a mistaken attempt to zeroize the pointed-to buffer.
Reported by Antonio de la Piedra, CEA Leti, France.

Note that we do not zeroize the buffer here because these are the
round keys, and they need to stay until all the blocks are processed.
They will be zeroized in mbedtls_aes_free().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 19:28:13 +02:00
gabor-mezei-arm
d1c98fcf5e
Zeroize internal buffers and variables in MD hashes
Zeroising of local buffers and variables which are used for calculations in
mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process()
functions to erase sensitive data from memory.
Checked all function for possible missing zeroisation in MD.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-08-25 19:13:59 +02:00
gabor-mezei-arm
76749aea78
Zeroize internal buffers and variables in PKCS and SHA
Zeroising of local buffers and variables which are used for calculations in
mbedtls_pkcs5_pbkdf2_hmac() and mbedtls_internal_sha*_process() functions
to erase sensitive data from memory.
Checked all function for possible missing zeroisation in PKCS and SHA.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-08-25 19:13:58 +02:00
Steven Cooreman
a6033e92af Style and language fixes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-08-25 12:32:22 +02:00
Gilles Peskine
ed19762a22
Merge pull request #3574 from makise-homura/e2k_support
Support building on e2k (Elbrus) architecture
2020-08-25 09:46:36 +02:00
John Durkop
af5363c24e Updates to cleanup fixes for #3294
Minor updates to changelog for more concise wording and fixed styling
in other files as needed.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-08-24 08:29:39 -07:00
John Durkop
bc5a754f28 Add change log description for Fix #3294
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-08-24 08:23:21 -07:00
Gilles Peskine
0f343ac87f
Merge pull request #3528 from gufe44/helpers-redirect-restore-output
Fix bug in redirection of unit test outputs
2020-08-24 10:45:08 +02:00
Manuel Pégourié-Gonnard
6edfe60e0d
Merge pull request #2182 from hanno-arm/key_pwd
Add support for password protected key files to ssl_server2 and ssl_client2
2020-08-24 09:42:38 +02:00
Manuel Pégourié-Gonnard
1a6af8489e
Merge pull request #3578 from gilles-peskine-arm/md_setup-leak-development
Fix memory leak in mbedtls_md_setup with HMAC
2020-08-21 09:19:12 +02:00
gufe44
067f6e01f1 Fix bug in redirection of unit test outputs
Avoid replacing handle. stdout is defined as a macro on several platforms.

Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-21 08:32:26 +02:00
Christopher
8043eb0b5d Update ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt
Co-authored-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Christopher Moynihan <christophm@gmail.com>
2020-08-20 14:31:00 -07:00
Manuel Pégourié-Gonnard
53d216081c Add a ChangeLog entry for local Lucky13 variant
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 12:17:05 +02:00
Dan Handley
abccfc1684 Merge development into development-restricted
* development:
  Update copyright notices to use Linux Foundation guidance
  Undef ASSERT before defining it to ensure that no previous definition has sneaked in through included files.
  Add ChangeLog entry for X.509 CN-type vulnerability
  Improve documentation of cn in x509_crt_verify()
  Fix comparison between different name types
  Add test: DNS names should not match IP addresses
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ssl-opt.sh: remove old buildbot-specific condition
  ssl-opt.sh: add proxy to all DTLS tests

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-08-20 11:07:12 +01:00
Gilles Peskine
c57497e655
Merge pull request #3584 from mpg/fix-changelog-file-location
Fix location of a ChangeLog entry file
2020-08-20 11:50:05 +02:00
Manuel Pégourié-Gonnard
eb528eef57 Fix location of a ChangeLog entry file
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 10:35:26 +02:00
Gilles Peskine
d15c740df6 Fix memory leak in mbedtls_md_setup with HMAC
mbedtls_md_setup() allocates a hash-specific context and then, if
requested, an extra HMAC context. If the second allocation failed, the
hash context was not freed.

Fix this by ensuring that the mbedtls_md_context_t object is always in
a consistent state, in particular, that the md_info field is always
set. For robustness, ensure that the object is in a consistent state
even on errors (other than BAD_INPUT_DATA if the object was not in a
consistent state on entry).

Fix #3486

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-19 12:04:56 +02:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
makise-homura
e5595501ce Fix e2k support changelog snippet
Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-19 01:33:15 +03:00
makise-homura
ac2fd6524a Support building on e2k (Elbrus) architecture
Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-18 21:59:46 +03:00
Raoul Strackx
a4e86141f1 Always revoke certificate on CRL
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-08-17 09:05:03 +02:00
Gilles Peskine
71f4fa13bb
Merge pull request #721 from gilles-peskine-arm/x509parse_crl-empty_entry-development
Fix buffer overflow in x509_get_entries (oss-fuzz 24123)
2020-08-14 23:22:31 +02:00
Christopher Moynihan
74e2534a10 Fix typo in mbedtls_ssl_set_bio description.
Description referred to mbedtls_ssl_sent_t callback,
but the callback is named mbedtls_ssl_send_t.

Signed-off-by: Christopher Moynihan <christophm@gmail.com>
2020-08-14 12:43:10 -07:00
Manuel Pégourié-Gonnard
8ca03a7b68
Merge pull request #3554 from mpg/x509-verify-non-dns-san-dev
X509 verify non-DNS SANs
2020-08-14 11:32:22 +02:00
Hanno Becker
063f3bba90 Add ChangeLog entry
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-08-14 10:02:36 +01:00
Manuel Pégourié-Gonnard
c4af324a4b Merge branch 'development' into development-restricted
* development: (55 commits)
  Log change as bugfix
  Add changelog entry
  Clarify updates to the persistent state in storage
  With multiple applicable transparent drivers, the order is unspecified
  Minor clarifications
  Give some examples of purpsoses of pure-software transparent driver
  Fix typos
  Add a link to the PSA API specification
  Explain locations vs lifetimes
  Initialize key pointer in ecdh to NULL
  Add buffer zeroization when ecp_write_key fails
  Simplified key slot deletion
  Style fixes
  Use arc4random_buf instead of rand on NetBSD
  Apply review feedback
  Update open question section about public key storage
  Remove the paragraph about declaring application needs
  Change driver persistent data to a callback interface
  Rework and expand key management in opaque drivers
  Fix typos and copypasta
  ...
2020-08-14 10:11:21 +02:00