Commit Graph

9523 Commits

Author SHA1 Message Date
Gilles Peskine
f70a3144a0 TAGS: Fix lookup in test/suites/!(test_suite_*).function
tests/suites/helpers.function and tests/suites/*_test.function contain
"#line" directives. This causes the TAGS file to contain references
pointing to the file path named in the "#line" directives, which is
relative to the "tests" directory rather than to the toplevel. Fix
this by telling etags to ignore "#line" directives, which is ok since
we aren't actually running it on any generated code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-30 17:34:02 +02:00
Gilles Peskine
09d33092cb
Merge pull request #4230 from rrlapointe/dtls_demo_use_read_timeout_2.16
2.16: Actually use the READ_TIMEOUT_MS in the example DTLS client and server
2021-03-17 14:39:47 +01:00
Ryan LaPointe
d80763761f Fix inaccurate comment in sample DTLS server
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
2021-03-15 16:55:10 -04:00
Ryan LaPointe
a7e586bc2f Actually use the READ_TIMEOUT_MS in the sample DTLS client and server
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
2021-03-15 16:55:03 -04:00
Dave Rodgman
d61fa61bef
Merge pull request #814 from ARMmbed/mbedtls-2.16.10-rc0-pr
Mbedtls 2.16.10 rc0 pr
2021-03-09 18:02:13 +00:00
Dave Rodgman
7bee63a310 Bump version to Mbed TLS 2.16.10
Executed ./scripts/bump_version.sh --version 2.16.10

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-09 16:03:29 +00:00
Dave Rodgman
c776582dc3 Update Changelog for 2.16.10
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-08 18:31:02 +00:00
Dave Rodgman
18a8698e76 Add missing changelog entry
Add missing changelog entry for 4044: Mark basic constraints critical
as appropriate.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-08 18:29:22 +00:00
Dave Rodgman
2ed6fe0b30 Merge branch 'mbedtls-2.16-restricted' into mbedtls-2.16.10-rc 2021-03-08 16:46:51 +00:00
Manuel Pégourié-Gonnard
c785394ba6
Merge pull request #810 from paul-elliott-arm/cf_base64_work_2_16
Backport 2.16: Constant Flow Base64 Table Access
2021-03-04 17:25:43 +01:00
Paul Elliott
cd65b62f21 Code style fixups
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:43:17 +00:00
Paul Elliott
0c0f9adab1 Fixup changelog formatting
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:43:01 +00:00
Paul Elliott
c22d0b9d5b Fix misnamed base64 test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:42:46 +00:00
Paul Elliott
4823624542 Fix carelessly copy pasted comment
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:08:13 +00:00
Paul Elliott
490c5d4628 Fix constant flow mask maths
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:08:13 +00:00
Paul Elliott
6f69d4c7e2 Remove multiplication from conditional assignments
Multiplication is not constant flow on any CPU we are generally
targetting, so replace this with bit twiddling.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:08:13 +00:00
Paul Elliott
4c71707987 Prevent false positive CF Test Failures
Marked dirty memory ends up in the result buffer after encoding (due to
the input having been marked dirty), and then the final comparison
to make sure that we got what we expected was triggering the constant
flow checker.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:08:13 +00:00
Paul Elliott
7dac825a3c Add further more rigorous tests for base64
Original author was gilles.peskine@arm.com

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:08:13 +00:00
Paul Elliott
e8ee0f1a94 Fix Non CF access to table in base64 decrypt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:08:13 +00:00
Paul Elliott
6a66737433 Optimise unneccesary cf table accesses away
Also fix missed bare access of base_64_dec_map

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:08:13 +00:00
Paul Elliott
86cb928e54 Fix incorrect assumptions about the size of size_t
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:08:13 +00:00
Paul Elliott
f13a47bbb2 Fixes for MSVC warnings
Also added a couple of missing comment blocks.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:08:13 +00:00
Paul Elliott
8d265f75a4 Add Changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:08:13 +00:00
Paul Elliott
69b904b679 First pass at constant flow tests for base64
This contains working CF tests for encode, however I have not yet got
decode to pass the tests.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:08:12 +00:00
Janos Follath
1b6a24f759
Merge pull request #4180 from gilles-peskine-arm/net_poll-fd_setsize-2.16
Backport 2.16: Fix stack corruption in mbedtls_net_poll with large file descriptor
2021-03-04 12:15:53 +00:00
Paul Elliott
738d2310a7 Attempt to make Base64 table access constant flow
Add constant flow table access code, and use that exclusively to access
the base64 lookup table

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 10:28:01 +00:00
Gilles Peskine
388a9d3a8b Update error codes listed in the net_sockets documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-03 12:35:46 +01:00
Gilles Peskine
121d7c7c14 Fix sloppy wording around stricly less-than vs less or equal
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 16:38:02 +01:00
Gilles Peskine
58ec378912 Document FD_SETSIZE limitation for mbedtls_net_{poll,recv_timeout}
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 16:37:53 +01:00
Gilles Peskine
f604240b1b Fix stack buffer overflow in net functions with large file descriptor
Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is beyond
FD_SETSIZE. The bug was due to not checking that the file descriptor
is within the range of an fd_set object.

Fix #4169

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 16:37:45 +01:00
Gilles Peskine
b01ce91745
Merge pull request #4154 from chris-jones-arm/test-mutex-usage-2.16
Backport 2.16: test and fix mutex usage
2021-02-23 15:14:48 +01:00
Gilles Peskine
57f8e9116e Make entropy double-free work
Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random in the
development branch).

Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 11:29:25 +01:00
Gilles Peskine
210a0168d5 Add init-free tests for entropy
These tests validate that an entropy object can be reused and that
calling mbedtls_entropy_free() twice is ok.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 11:29:18 +01:00
Chris Jones
6855d1a457 Add MBEDTLS_TEST_HOOKS to query_config.c
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
ed9f7989f2 Fix typo in documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
ce455ddb3e Document mutex usage for RSA
The mutex is now initialized iff ver != 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
3c30a7aeda Changelog entry for RSA mutex usage fix
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
718972e94e Fix mutex leak in RSA
mbedtls_rsa_gen_key() was not freeing the RSA object, and specifically
not freeing the mutex, in some error cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
b9fce3cea1 Fix mutex double-free in RSA
When MBEDTLS_THREADING_C is enabled, RSA code protects the use of the
key with a mutex. mbedtls_rsa_free() frees this mutex by calling
mbedtls_mutex_free(). This does not match the usage of
mbedtls_mutex_free(), which in general can only be done once.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
ab5849527d Add init-free tests for RSA
These tests are trivial except when compiling with MBEDTLS_THREADING_C
and a mutex implementation that are picky about matching each
mbedtls_mutex_init() with exactly one mbedtls_mutex_free().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
468ef4b3c7 Add missing cleanup in a test function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
0c11622504 Changelog entry for DRBG mutex usage fix
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
fb6876a111 Document thread safety for HMAC_DRBG
random(), and only this function, is thread-safe.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
b5e295d5c9 Document mutex invariant for HMAC_DRBG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
05974893e6 Fix mutex leak in HMAC_DRBG
mbedtls_hmac_drbg_free() left a mutex in the initialized state. This
caused a resource leak on platforms where mbedtls_mutex_init()
allocates resources.

To fix this, mbedtls_hmac_drbg_free() no longer reinitializes the
mutex. To preserve the property that mbedtls_hmac_drbg_free() leaves
the object in an initialized state, which is generally true throughout
the library except regarding mutex objects on some platforms, no
longer initialize the mutex in mbedtls_hmac_drbg_init(). Since the
mutex is only used after seeding, and seeding is only permitted once,
call mbedtls_mutex_init() as part of the seeding process.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
831956980c Document thread safety for CTR_DRBG
random(), and only this function, is thread-safe.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
2ecc0b89f3 Document mutex invariant for CTR_DRBG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
89816bc020 Fix mutex leak in CTR_DRBG
mbedtls_ctr_drbg_free() left a mutex in the initialized state. This
caused a resource leak on platforms where mbedtls_mutex_init()
allocates resources.

To fix this, mbedtls_ctr_drbg_free() no longer reinitializes the
mutex. To preserve the property that mbedtls_ctr_drbg_free() leaves
the object in an initialized state, which is generally true throughout
the library except regarding mutex objects on some platforms, no
longer initialize the mutex in mbedtls_ctr_drbg_init(). Since the
mutex is only used after seeding, and seeding is only permitted once,
call mbedtls_mutex_init() as part of the seeding process.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
7ba73e5756 Explain the usage of is_valid in pthread mutexes
Document the usage inside the library, and relate it with how it's
additionally used in the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:40:41 +01:00
Gilles Peskine
7252ec3947 Count and report non-freed mutexes
Subtract the number of calls to mbedtls_mutex_free() from the number
of calls to mbedtls_mutex_init(). A mutex leak will manifest as a
positive result at the end of the test case.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-22 19:40:41 +01:00