Commit Graph

7176 Commits

Author SHA1 Message Date
Gilles Peskine
f48d468111 Explain the rationale for inclusion in "full" and "baremetal"
Remove the duplicated, and often out-of-date, list in the comments.
Instead explain in a comment, and have a single copy of the list which
is in the code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-29 15:51:28 +02:00
Gilles Peskine
165d1bb379 Enable X509_ALLOW_EXTENSIONS_NON_V3 in config full
Enable MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 in the full config. There's
no reason to keep it out. We weren't testing it at all on the CI.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-29 15:51:28 +02:00
Gilles Peskine
89361c9471 Remove obsolete options from config.pl
These options haven't existed for a long time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-29 15:51:28 +02:00
Gilles Peskine
a4a872c27a
Merge pull request #3214 from gilles-peskine-arm/changelog-assemble-2.7
Backport 2.7: assemble_changelog.py
2020-04-22 09:16:24 +02:00
Gilles Peskine
96377d397b Copy the changelog entry assembling script from development
This commit is the combined cherry-pick of the following commits:
dba4de0a12
b695d5e30a
7c3f7cdeae
4d977a4f40
e248e83f9f
eebf24f7a8
6e97c43959
c68c7c8864
ac0f0860f1
42f384c186
98a53aa399
13dc634282
7fa3eb7d44
28af958ea4
8f46bbf46f
27a1facd48
afc9db8bb7
a26079613a
da14e8225e
37d670a1e1
974349d40e
d8b6c77388
2b242495e1
6e91009cfe
566407d6f6
8c4a84c5de
5e39c9e94f
974232f045
40b3f411ec

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-21 18:36:17 +02:00
Gilles Peskine
5d32e64ad0
Merge pull request #3170 from gilles-peskine-arm/check-windows-files-2.7
Backport 2.7: Check Windows files for sanity as well
2020-04-20 13:59:22 +02:00
Gilles Peskine
016e4ac11b
Merge pull request #3199 from mpg/fix-overflow-benchmark-2.7
[backport 2.7] Fix arithmetic overflow in benchmark
2020-04-20 12:02:58 +02:00
Gilles Peskine
bc8c513ecb
Merge pull request #3185 from gilles-peskine-arm/pylint-up-to-2.4-2.7
Backport 2.7: Pass Pylint up to 2.4
2020-04-20 09:47:54 +02:00
Jaeden Amero
8aaf2c5861
Merge pull request #3196 from piotr-now/max_pathlen_overflow_mbedtls-2.7
Backport 2.7: Guard from undefined behaviour in case of an INT_MAX max_pathlen
2020-04-17 14:24:45 +01:00
Andrzej Kurek
3fd9297658 Guard from undefined behaviour in case of an INT_MAX max_pathlen
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-17 11:30:21 +02:00
Manuel Pégourié-Gonnard
49e7a951da Get rid of a magic value in benchmark.c
Also update its value while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:19:53 +02:00
Manuel Pégourié-Gonnard
5408f72027 Fix integer overflow in benchmark program
When building with MBEDTLS_MEMORY_DEBUG enabled, and running the ecdh part,
the benchmark program would start writing a very large number of space
characters on stdout, and would have to be killed because it never seemed to
terminate.

This was due to an integer overflow in computing how many space to leave after
the title in order to get memory measurements aligned, which resulted in up
to SIZE_MAX spaces being printed.

This commit just fixes the overflow, the next commit is going to fix the magic
number (12).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:19:49 +02:00
Gilles Peskine
e61988a766
Merge pull request #3165 from ronald-cron-arm/unmet-dependencies-buffer-overflow-fix-2.7
[backport 2.7] Unmet dependencies buffer overflow fix
2020-04-17 10:08:18 +02:00
Gilles Peskine
b5847d20d3 Pylint: abide by useless-object-inheritance warnings
Inheriting from object is a remainder of Python 2 habits and is just
clutter in Python 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 21:08:26 +02:00
Gilles Peskine
558e26dbda Document more methods in Python scripts
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 21:07:43 +02:00
Janos Follath
21522a49aa
Merge pull request #683 from ARMmbed/prepare-rc-2.7.15-updated
Prepare rc 2.7.15 updated
2020-04-09 14:12:49 +01:00
Manuel Pégourié-Gonnard
0a997082fe Merge branch 'mbedtls-2.7-restricted' into prepare-rc-2.7.15-update
* mbedtls-2.7-restricted:
  Parse HelloVerifyRequest buffer overread: add changelog entry
  Parse HelloVerifyRequest: avoid buffer overread at the start
  Parse HelloVerifyRequest: avoid buffer overread on the cookie
2020-04-09 12:31:52 +02:00
Manuel Pégourié-Gonnard
6e0806b338 Merge remote-tracking branch 'restricted/pr/671' into mbedtls-2.7-restricted
* restricted/pr/671:
  Parse HelloVerifyRequest buffer overread: add changelog entry
  Parse HelloVerifyRequest: avoid buffer overread at the start
  Parse HelloVerifyRequest: avoid buffer overread on the cookie
2020-04-09 11:57:18 +02:00
Janos Follath
f1bd55fd16 Add missing ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-09 09:36:33 +01:00
Janos Follath
b4b458fe01 Bump version to Mbed TLS 2.7.15
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-08 17:22:51 +01:00
Janos Follath
e170ee7e18 Merge branch 'mbedtls-2.7-restricted' into mbedtls-2.7.15r0
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-08 15:17:55 +01:00
Gilles Peskine
c8355101c9
Merge pull request #3158 from mpg/improve-make-tags-2.7
[backport 2.7] Improve ctags invocation in Makefile
2020-04-06 17:48:52 +02:00
Gilles Peskine
85e712c668 Systematically use Windows line endings in Windows files
Don't mix Windows and Unix line endings, it's the worst of both worlds.

Update the Visual Studio templates and regenerate the generated files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:41:13 +02:00
Gilles Peskine
70ef5c6c9a In Windows files, detect CR without LF as well as LF without CR
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:06 +02:00
Gilles Peskine
783da6345e Check that Windows files have Windows line endings
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:04 +02:00
Gilles Peskine
227dfd435e Also check Windows files
Check Windows files for some issues, including permissions. Omit the
checks related to special characters (whitespace, line endings,
encoding) as appropriate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:03 +02:00
Gilles Peskine
318f15ef92 Sort the list for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:02 +02:00
Gilles Peskine
c7153226f6 List each item on a separate line for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:00 +02:00
Gilles Peskine
c251e0d75a Clarify confusion between file names and suffixes of file names
To test a file name exactly, prepend a / to the base name.

files_to_check actually checks suffixes, not file names, so rename it
to extensions_to_check.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:38:58 +02:00
Janos Follath
e4ec3f7d1c
Merge pull request #677 from ARMmbed/ecc-projective-2.7-restricted
[backport 2.7] Fix leakage of projective coordinates in ECC
2020-04-06 15:23:49 +01:00
Ronald Cron
75d26b5d17 unit tests: Indicate missing unmet dependencies
The identifiers of the unmet dependencies of a test case are
stored in a buffer of fixed size that can be potentially too
small to store all the unmet dependencies. Indicate in test
report if some unmet dependencies are missing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:26 +02:00
Ronald Cron
1d3eab684c unit tests: Fix potential buffer overflow
Fix potential buffer overflow when tracking the unmet dependencies
of a test case. The identifiers of unmet dependencies are stored
in an array of fixed size. Ensure that we don't overrun the array.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:26 +02:00
Ronald Cron
59f2139df0 Prefer unsigned types for non-negative numbers
Use size_t for some variables that are array indices.
Use unsigned for some variables that are counts of "small" things.

This is a backport of commit 3c1c8ea3e7.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:18 +02:00
Ronald Cron
eb5d0e9f4f unit tests: Backport ARRAY_LENGTH macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 10:34:54 +02:00
Gilles Peskine
29b7b9585b
Merge pull request #3145 from mpg/fix-reconnect-2.7
[backport 2.7] Fix issues in handling of client reconnecting from the same port
2020-04-02 19:21:22 +02:00
Gilles Peskine
a8359398a4
Merge pull request #3144 from gilles-peskine-arm/unmet_dependencies-verbose_only-2.7
[2.7 only] Note that unmet_dependencies is only filled in verbose mode
2020-04-02 15:18:31 +02:00
Manuel Pégourié-Gonnard
aa45abfca6 Allow alternative ctags versions in Makefile
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-02 12:52:59 +02:00
Manuel Pégourié-Gonnard
1313bc9e0e Improve ctags invocation in Makefile
Adding .function was necessary, as otherwise ctags would have no idea what to
do with those files.

Adding .h may not be necessary, as by default ctags considers them C++ which
is probably good enough, but since we're tuning the mapping anyway...

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-02 11:54:12 +02:00
Manuel Pégourié-Gonnard
48abf39a83
Merge pull request #3137 from sbutcher-arm/additional-config-checks-2.7
Backport 2.7: Add additional sanity checks to check_config.h
2020-04-01 12:24:19 +02:00
Manuel Pégourié-Gonnard
54587fcf9b Fix leakage of projective coordinates in ECC
See the comments in the code for how an attack would go, and the ChangeLog
entry for an impact assessment. (For ECDSA, leaking a few bits of the scalar
over several signatures translates to full private key recovery using a
lattice attack.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-01 11:28:08 +02:00
Gilles Peskine
67665509ab Note that unmet_dependencies is only filled in verbose mode
Warn about a gotcha that caused a bug in development.

Ensure that it's at least zeroed out, rather than uninitialized, in
non-verbose mode.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-01 09:59:54 +02:00
Manuel Pégourié-Gonnard
6062b49d29 Fix bug in handling of DTLS client hard reconnect
We keep track of the current epoch and record sequence number in out_ctr,
which was overwritten when writing the record containing the
HelloVerifyRequest starting from out_buf. We can avoid that by only using the
rest of the buffer.

Using MBEDTLS_SSL_MAX_CONTENT_LEN as the buffer size is still correct, as it
was a pretty conservative value when starting from out_buf.

Note: this bug was also fixed unknowingly in 2.13 by introducing a new buffer
that holds the current value of the sequence number (including epoch), while
working on datagram packing: 198594709b

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 13:04:19 +02:00
Manuel Pégourié-Gonnard
4bbbdc36bc Improve debug logging of client hard reconnect
The current logging was sub-standard, in particular there was no trace
whatsoever of the HelloVerifyRequest being sent. Now it's being logged with
the usual levels: 4 for full content, 2 return of f_send, 1 decision about
sending it (or taking other branches in the same function) because that's the
same level as state changes in the handshake, and also same as the "possible
client reconnect" message" to which it's the logical continuation (what are we
doing about it?).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 12:46:23 +02:00
Manuel Pégourié-Gonnard
7ef7bf39c4 Fix some style issues in udp_proxy
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 12:46:13 +02:00
Manuel Pégourié-Gonnard
b1ee30bfe9 Adjust timeout of tests with "no resend" assertions
There are currently 4 tests in ssl-opt.sh with either -C "resend" or -S
"resend", that is, asserting that no retransmission will occur. They sometimes
fail on loaded CI machines as one side doesn't send a message fast enough,
causing the other side to retransmit, causing the test to fail.

(For the "reconnect" test there was an other issue causing random failures,
fixed in a previous commit, but even after that fix the test would still
sometimes randomly fail, even if much more rarely.)

While it's a hard problem to fix in a general and perfect way, in practice the
probability of failures can be drastically reduced by making the timeout
values much larger.

For some tests, where retransmissions are actually expected, this would have
the negative effect of increasing the average running time of the test, as
each side would wait for longer before it starts retransmission, so we have a
trade-off between average running time and probability of spurious failures.

But for tests where retransmission is not expected, there is no such trade-off
as the expected running time of the test (assuming the code is correct most of
the time) is not impacted by the timeout value. So the only negative effect of
increasing the timeout value is on the worst-case running time on the test,
which is much less important, as test should only fail quite rarely.

This commit addresses the easy case of tests that don't expect retransmission
by increasing the value of their timeout range to 10s-20s. This value
corresponds to the value used for tests that assert `-S "autoreduction"` which
are in the same case and where the current value seems acceptable so far.

It also represents an increase, compared to the values before this commit, of
a factor 20 for the "reconnect" tests which were frequently observed to fail
in the CI, and of a factor 10 for the first two "DTLS proxy" tests, which were
observed to fail much less frequently, so hopefully the new values are enough
to reduce the probability of spurious failures to an acceptable level.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 09:57:45 +02:00
Manuel Pégourié-Gonnard
a58b04649b Add negative test for hard reconnect cookie check
The server must check client reachability (we chose to do that by checking a
cookie) before destroying the existing association (RFC 6347 section 4.2.8).
Let's make sure we do, by having a proxy-in-the-middle inject a ClientHello -
the server should notice, but not destroy the connection.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 09:57:45 +02:00
Manuel Pégourié-Gonnard
d1bd2ac196
Merge pull request #3107 from mpg/3013-2.7
[backport 2.7] Fix function name in error message
2020-03-31 09:53:37 +02:00
Simon Butcher
2c3351e54e Correct comment on the configuration option in x509.c
In x509.c, the self-test code is dependent on MBEDTLS_CERTS_C and
MBEDTLS_SHA256_C being enabled. At some point in the recent past that dependency
was on MBEDTLS_SHA1_C but changed to SHA256, but the comment wasn't updated.

This commit updates the comment.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-28 00:43:40 +00:00
Simon Butcher
048c8f91c7 Add additional sanity checks to check_config.h
Additional sanity checks in check_config.h to ensure:
    * if test certificates are included (MBEDTLS_CERTS_C) there must be also be
      support for the core X509 feature (MBEDTLS_X509_USE_C). This has a
      secondary dependency on the public key abstraction layer (MBEDTLS_PK_C),
      necessary as the certificates will either be signed by RSA or ECDSA, and
      therefore need to be part of the library.
    * if any of the TLS protocols are defined (MBEDTLS_SSL_PROTO_xxx) then a
      key exchange method must also be defined (MBEDTLS_KEY_EXCHANGE_xxx).

Anyone who knows the library will probably not make these mistakes or will
quickly diagnose and fix them, but it is possible to compile and link both
configurations if you build only the library and not the example programs, and
therefore users may not realise immediately that there's a mistake, only
discovering it at runtime.

These checks may therefore save someone some time.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-28 00:43:29 +00:00
Gilles Peskine
f3037ec2da
Merge pull request #3115 from mpg/ssl-opt-names-2.7
[Backport 2.7] Improve some test names in ssl-opt.sh
2020-03-24 19:48:22 +01:00