Commit graph

305 commits

Author SHA1 Message Date
Gilles Peskine
e24fc7b0a1
Merge pull request #2595 from k-stachowiak/unified-exit-in-examples
Unify the example programs' termination
2020-05-12 10:46:47 +02:00
Gilles Peskine
d9f694960f
Merge pull request #3190 from gilles-peskine-arm/config-full-clarify-development
Clarify that the full config enables everything that can be tested together
2020-05-04 12:29:09 +02:00
Kenneth Soerensen
518d435e7b Fix GCC format-signedness warnings
Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2020-04-22 16:01:48 +02:00
Gilles Peskine
a5fc939bdd Strict C99: don't use a signed* when an unsigned* is expected
It works in practice on almost every platform, given that we're only
using the wrong type in cases where the value is guaranteed to stay
within the value bits of a signed int. But even in this case it may or
may not be strictly conforming. Anyway `gcc -std=c99 -pedantic`
rejects it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-20 15:39:36 +02:00
Manuel Pégourié-Gonnard
2353636225
Merge pull request #3013 from eozturk1/development
Fix debug message by using the correct function name called
2020-03-31 09:53:20 +02:00
Gilles Peskine
e123395317 cmake: link programs that only use crypto with libmbedcrypto
When building with CMake, for sample programs that only use
functionality in libmbedcrypto (i.e. crypto and platform), link with
libmbedcrypto, not with libmbedtls.

This doesn't change the result, because the linker skips libraries in
which no symbol is used, but it changes the build dependencies, and it
has the advantage of bringing programs/*/CMakeLists.txt closer to the
corresponding files under crypto/.

The programs concerned are crypto sample and test programs, and
programs that only use (potential) platform functions such as
mbedtls_printf. dh_client and dh_server keep linking with mbedtls
because they use functions from the net_sockets module.
2020-02-11 19:26:27 +01:00
Jaeden Amero
93a0f90dca pkey/rsa_genkey: Remove commented out code
There is some commented out X.509 certificate writing code present in
rsa_genkey. It looks like it has been commented out since the beginning
of time. Let's remove it, since commented out code is not in good style.
2020-02-11 19:26:27 +01:00
Jaeden Amero
ed736992d5 pkey: Remove dependency on X.509 2020-02-11 19:26:27 +01:00
Ercan Ozturk
d437309ae2 Fix debug message by using the correct function name called 2020-01-28 21:51:04 -08:00
Gilles Peskine
96a7cd1759 Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in pkey sample programs
Use the constant that is now provided by the crypto submodule instead
of rolling our own definition which is not correct in all cases.
2019-11-13 15:32:11 +01:00
Krzysztof Stachowiak
5e1b195d1f Unify the example programs' termination
This is done to account for platforms, for which we want custom behavior
upon the program termination, hence we call `mbedtls_exit()` instead of
returning from `main()`.
2019-08-16 06:37:42 +02:00
Jaeden Amero
bd3a7464b7 Merge remote-tracking branch 'restricted/pr/573' into development-restricted
* restricted/pr/573:
  Remove redundant config.pl call
  Add a test for signing content with a long ECDSA key
  Add documentation notes about the required size of the signature buffers
  Add missing MBEDTLS_ECP_C dependencies in check_config.h
  Change size of preallocated buffer for pk_sign() calls
2019-06-24 11:40:33 +01:00
Gilles Peskine
3abbcedc68 Remove mbedtls_param_failed from programs
All sample and test programs had a definition of mbedtls_param_failed.
This was necessary because we wanted to be able to build them in a
configuration with MBEDTLS_CHECK_PARAMS set but without a definition
of MBEDTLS_PARAM_FAILED. Now that we activate the sample definition of
MBEDTLS_PARAM_FAILED in config.h when testing with
MBEDTLS_CHECK_PARAMS set, this boilerplate code is no longer needed.
2019-06-13 16:51:59 +02:00
k-stachowiak
c4638cc640 Change size of preallocated buffer for pk_sign() calls 2019-06-06 13:20:48 +02:00
Jaeden Amero
eb0195d55b Merge remote-tracking branch 'origin/pr/2239' into development
* origin/pr/2239:
  Add ChangeLog entry
  Fix private DER output shifted by one byte.
2019-03-05 16:35:48 +00:00
Masashi Honma
fbda6126d6 Remove duplicate #include
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-03 16:13:11 +09:00
Manuel Pégourié-Gonnard
3ef6a6dc5c Fix const-ness in mbedtls_param_failed()
The previous prototype gave warnings are the strings produced by #cond and
__FILE__ are const, so we shouldn't implicitly cast them to non-const.

While at it modifying most example programs:
- include the header that has the function declaration, so that the definition
  can be checked to match by the compiler
- fix whitespace
- make it work even if PLATFORM_C is not defined:
    - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is
      no reason why it should
    - so, remove the corresponding #if defined in each program...
    - and add missing #defines for mbedtls_exit when needed

The result has been tested (make all test with -Werror) with the following
configurations:

- full with    CHECK_PARAMS with    PLATFORM_C
- full with    CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS with    PLATFORM_C

Additionally, it has been manually tested that adding

    mbedtls_aes_init( NULL );

near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the
expected effect when running the program.
2018-12-11 12:28:56 +01:00
Simon Butcher
63cb97e562 Add handlers for parameter validation in the sample programs
The sample programs require an additional handler function of
mbedtls_param_failed() to handle any failed parameter validation checks enabled
by the MBEDTLS_CHECK_PARAMS config.h option.
2018-12-11 12:28:56 +01:00
Jaeden Amero
52ed0b9030 Merge remote-tracking branch 'upstream-public/pr/2101' into development 2018-12-07 16:15:31 +00:00
Jaeden Amero
9055a7d855 Merge remote-tracking branch 'upstream-public/pr/2175' into development 2018-12-06 16:09:58 +00:00
Janos Follath
52735ef2fe ECDH: Prevent direct access in non-legacy mode
Some sample programs access structure fields directly. Making these work is
desirable in the long term, but these are not essential for the core
functionality in non-legacy mode.
2018-11-30 14:21:35 +00:00
Christian Walther
a92c5455cd Fix private DER output shifted by one byte. 2018-11-28 13:32:27 +01:00
Hanno Becker
e2dae7e1f5 Add explicit integer to enumeration casts to programs/pkey/gen_key.c
Fixes #2170.
2018-11-05 16:54:40 +00:00
Hanno Becker
b14c331eb9 Add dependency of key_app_writer example program on PK parse module 2018-10-16 13:45:22 +01:00
Janos Follath
a0b67c2f3e Bignum: Deprecate mbedtls_mpi_is_prime()
When using a primality testing function the tolerable error rate depends
on the scheme in question, the required security strength and wether it
is used for key generation or parameter validation. To support all use
cases we need more flexibility than what the old API provides.
2018-10-09 16:36:53 +01:00
Hanno Becker
a63c1c3a25 pk_encrypt: Uniformize debugging output 2018-08-23 15:56:03 +01:00
Hanno Becker
ae513a5396 Minor formatting improvements in pk_encrypt and pk_decrypt examples 2018-08-23 14:39:04 +01:00
Hanno Becker
bd336c1fac Correct memory leak in pk_decrypt example program 2018-08-23 14:36:50 +01:00
Hanno Becker
55c11ba283 Correct memory-leak in pk_encrypt example program 2018-08-23 14:36:33 +01:00
Simon Butcher
fb3b0320d0 Merge remote-tracking branch 'public/pr/919' into development 2018-07-24 13:28:51 +01:00
Simon Butcher
fad547072a Merge remote-tracking branch 'public/pr/532' into development 2018-07-19 16:15:51 +01:00
Simon Butcher
19c01efda1 Merge remote-tracking branch 'public/pr/1258' into development 2018-06-28 11:44:59 +01:00
Ron Eldor
bf4709978c Adjust to new RSA infrastructure
Don't access the rsa cotext parameters directly, but use
the local `mbedtls_mpi` variable that were exported.
2018-06-27 11:51:46 +03:00
Ron Eldor
a522147f58 Fix compilation errors after updating
Fix compilation errorsthat happened after new code introduced
by updating the branch. Replaced `exit` label with `cleanup`.
2018-06-27 09:19:38 +03:00
Ron Eldor
7a81426a1a Fix style issue
Add space before and after paranthesis.
2018-06-24 16:34:15 +03:00
Ron Eldor
6a9257bc57 Add check for return code of bignumber code
Add check for return code of `mbedtls_mpi_write_file`
as commented by @sbutcher-arm
2018-06-24 16:33:09 +03:00
Andres Amaya Garcia
6b9bcd6267 Remove redundant ret = 1 in dh_client.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
bce5f7882c Add missing platform macro defines in pk_decrypt.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
7d42965ea8 Fix typo in platform macro defines for examples 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
25b5af58b4 Fix ret code in rsa_encrypt.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
7fe4edf8c0 Fix ret code in rsa_decrypt.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
9f3379d3ca Fix ret code in pk_verify.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
82b2726b4c Fix ret code in pk_sign.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
0a7522c127 Fix ret code in pk_encrypt.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
52898179cf Fix ret code in pk_encrypt.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
f47c9c11d1 Fix ret code in ecdh_curve25519.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
d905db65b7 Fix ret code in mpi_demo.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
a8332637d7 Fix ret code in rsa_verify_pss.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia
0a860f6301 Fix ret code in rsa_verify.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia
3c41e564f8 Fix ret code in rsa_sign_pss.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia
1a66056c77 Fix ret code in rsa_sign.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia
70e1ffdacd Fix ret code in rsa_genkey.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia
ed68488e28 Fix ret code in key_app_writer.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia
0faf1a5c01 Fix ret code in key_app.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia
208c217dfa Fix ret code in gen_key.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia
2602a1fbc5 Fix ret code in ecdsa.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia
03a992c817 Fix ret code in dh_server.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia
d6bfeff289 Fix ret code in dh_genprime.c 2018-06-14 22:59:57 +01:00
Andres Amaya Garcia
898841dc71 Fix ret code in dh_client.c 2018-06-14 22:59:57 +01:00
Gilles Peskine
b9e8696d56 Merge remote-tracking branch 'upstream-public/pr/1142' into development-proposed 2018-04-04 09:20:59 +02:00
Andrzej Kurek
b364053a87 pk_sign: add stdlib include 2018-04-03 06:16:04 -04:00
Kevin Luty
0cbe816bfc
ChangeLog updated and returning proper value 2018-04-02 10:01:16 -05:00
Kevin Luty
d9d5c55438
Assign error return value for failed write 2018-03-22 09:59:16 -05:00
Kevin Luty
1e7059fedd
Adding requested changes 2018-03-21 10:01:38 -05:00
Jaeden Amero
005239e3ed Merge remote-tracking branch 'upstream-public/pr/1294' into development 2018-01-25 14:47:39 +00:00
Gilles Peskine
cb1e5eb326 Merge branch 'pr_1000' into development-proposed 2018-01-23 00:57:34 +01:00
Gilles Peskine
550a2b036b Merge branch 'pr_1163' into development-proposed 2018-01-23 00:57:26 +01:00
Gilles Peskine
9e4f77c606 New MD API: rename functions from _ext to _ret
The _ext suffix suggests "new arguments", but the new functions have
the same arguments. Use _ret instead, to convey that the difference is
that the new functions return a value.
2018-01-22 11:54:42 +01:00
Gilles Peskine
d91f2a26cb Merge branch 'development' into iotssl-1251-2.7
Conflict resolution:

* ChangeLog: put the new entries in their rightful place.
* library/x509write_crt.c: the change in development was whitespace
  only, so use the one from the iotssl-1251 feature branch.
2018-01-19 11:25:10 +01:00
Hanno Becker
d4d60579e4 Address issues found by coverity
1) `mbedtls_rsa_import_raw` used an uninitialized return
   value when it was called without any input parameters.
   While not sensible, this is allowed and should be a
   succeeding no-op.

2) The MPI test for prime generation missed a return value
   check for a call to `mbedtls_mpi_shift_r`. This is neither
   critical nor new but should be fixed.

3) Both the RSA keygeneration example program and the
   RSA test suites contained code initializing an RSA context
   after a potentially failing call to CTR DRBG initialization,
   leaving the corresponding RSA context free call in the
   cleanup section of the respective function orphaned.
   While this defect existed before, Coverity picked up on
   it again because of newly introduced MPI's that were
   also wrongly initialized only after the call to CTR DRBG
   init. The commit fixes both the old and the new issue
   by moving the initializtion of both the RSA context and
   all MPI's prior to the first potentially failing call.
2018-01-10 07:30:47 +00:00
Ron Eldor
bb51cb3e14 remove additional zero byte when writing pub der
Remove `- 1` for setting location of output buffer,
which added a leading zero which cause failure in ASN1 parsing.
Fixes #1257
2018-01-07 18:10:43 +02:00
Chris Xue
9a51c032ee Fix copy paste error in the error message of mbedtls_ecp_gen_key in gen_key.c 2017-11-05 19:10:51 +00:00
Kevin Luty
da44de60b1
Fix for returning correct error code 2017-10-13 13:18:28 -05:00
Hanno Becker
7f25f850ac Adapt uses of mbedtls_rsa_complete to removed PRNG argument 2017-10-10 16:56:22 +01:00
Hanno Becker
c6fc878eda Remove mbedtls_rsa_check_crt
This is no longer needed after the decision to not exhaustively validate private key material.
2017-10-02 13:20:15 +01:00
Hanno Becker
f073de0c25 Adapt rsa_genkey example program to use new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker
0c2639386e Adapt rsa_encrypt example program to new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker
d6ba5e3d8b Adapt rsa_sign example program to new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker
ccef18c2ff Adapt rsa_decrypt example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
40371ec783 Adapt key_app_writer example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
54ebf9971d Adapt key_app example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
83aad1fa86 Adapt gen_key example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
c95fad3566 Adapt dh_server example program to new RSA interface 2017-08-23 16:17:27 +01:00
Ron Eldor
2a47be5012 Minor: Fix typos in program comments
Fix a couple of typos and writer's mistakes,
in some reference program applications
2017-07-27 21:44:33 +01:00
Ron Eldor
ee5a0ca3bb Minor: Fix typos in program comments
Fix a couple of typos and writer's mistakes,
in some reference program applications
2017-07-19 23:33:24 +02:00
Martijn de Milliano
b194a283a9 dh_server: Fixed expected number of bytes received from client when receiving public value. 2017-07-06 23:55:59 +02:00
Andres Amaya Garcia
1ff60f437f Change examples to use the new MD API and check ret code 2017-06-28 13:26:36 +01:00
Janos Follath
0a5154b8a1 Clarify the use of ECDSA API
In the ecdsa.c sample application we don't use hashing, we use ecdsa
directly on a buffer containing plain text. Although the text explains
that it should be the message hash it still can be confusing.

Any misunderstandings here are potentially very dangerous, because ECDSA
truncates the message hash if necessary and this can lead to trivial
signature forgeries if the API is misused and the message is passed
directly to the function without hashing.

This commit adds a hash computation step to the ecdsa.c sample
application and clarification to the doxygen documentation of the
ECDSA functions involved.
2017-03-10 11:31:41 +00:00
Ron Eldor
dbe8316e23 fix for issue 1101: missing rsa context initialization
added mbedtls_rsa_init in rsa_decrypt sample application
2017-03-01 07:56:40 +00:00
Janos Follath
9fe6f92561 Add SHA1 guards in dh_client.c and dh_server.c
The build breaked for configurations not having MBEDTLS_SHA1_C.
2016-10-07 14:17:56 +01:00
Simon Butcher
604d399a5c Add extra compilation conditions to gen_key.c #559
The sample application programs/pkey/gen_key.c uses the library function
mbedtls_pk_write_key_pem() which is dependent on the configuration option
MBEDTLS_PEM_WRITE_C. If the option isn't defined the build breaks.

This change adds the compilation condition MBEDTLS_PEM_WRITE_C to the gen_key.c
sample application.
2016-10-07 08:48:47 +01:00
Andres AG
788aa4a812 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-09-26 23:23:52 +01:00
Simon Butcher
4982e527c6 Adds stdlib.h header to dh_genprime sample app
Use of the atoi() function requires stdlib.h to be included when
MBEDTLS_PLATFORM_C is not defined.
2016-08-24 20:24:21 +03:00
Janos Follath
15ab7ed0f3 Merge branch 'development' into development-restricted
Conflicts:
	programs/pkey/rsa_decrypt.c
	programs/pkey/rsa_encrypt.c
	programs/test/selftest.c
2016-06-14 09:20:46 +01:00
Janos Follath
98e28a74e3 Address user reported coverity issues. 2016-06-09 13:41:28 +01:00
Janos Follath
04b591ee79 Merge branch 'development' for weekly test report. 2016-05-31 10:18:41 +01:00
-~- redtangent ~-~
9fa2e86d93 Add missing mbedtls_time_t definitions (#493)
Add missing mbedtls_time_t definitions to sample applications and the error.c
generation script.

Fixes #490.
2016-05-26 10:07:49 +01:00
Simon Butcher
1ef918ddca Add missing stdlib.h header to rsa sample programs 2016-04-13 11:56:27 +01:00
Simon Butcher
6b46c62d77 Fixes error and exit paths in rsa sample programs 2016-04-12 13:25:08 +01:00
Janos Follath
f713b0a6ce Fix memory leaks in example programs. 2016-04-11 23:32:39 +01:00