Commit graph

21055 commits

Author SHA1 Message Date
Gabor Mezei
89e31460db
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:36:56 +02:00
Gabor Mezei
d41f627650
Order the file names
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:20:21 +02:00
Dave Rodgman
7b1be55484
Merge pull request #5993 from eliteraspberries/android-soname
Allow non-versioned library soname.
2022-08-12 13:49:55 +01:00
Gabor Mezei
5f56df44f0
Remove redundant check
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 14:41:54 +02:00
Gabor Mezei
bf9da1dfb1
Do not read if output pointer is NULL
Skip reading if output pointer is NULL even if the length of the input buffer is 0.
The memory sanitizer will mark this as an error.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 14:11:56 +02:00
Dave Rodgman
273efeb0eb Add Changelog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-12 11:02:03 +01:00
Dave Rodgman
fca2bcc733 Update bump_version.sh to recognise Makefile changes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-12 11:02:03 +01:00
Mansour Moufid
6a8673092f Allow non-versioned library soname.
Signed-off-by: Mansour Moufid <mansourmoufid@gmail.com>
2022-08-12 11:02:01 +01:00
Janos Follath
6318468183 Improve bignum documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 17:42:59 +01:00
Janos Follath
a30b4e5692 Bignum: remove duplicate documentation from source
These functions have full documentation in the header. Maintaing two
copies does not worth the effort and having an out of sync reduced
duplicate is not helpful.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 17:15:18 +01:00
Dave Rodgman
8b0799d43f
Merge pull request #6181 from wernerlewis/ecp_set_zero
Add tests for mbedtls_ecp_set_zero
2022-08-11 16:43:19 +01:00
Janos Follath
2ab2d3e3e9 Inline mpi_core_clear()
This used to resize MPIs in the legacy interface, which is not
needed/possible as the new interface has fixed size MPIs.

Inlining this function makes the code easier to read and maintain, while
there is no obvious drawback to it.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 16:16:49 +01:00
Janos Follath
56a10f97ba Bignum: remove unnecessary NULL pointer checks
A null pointer dereference, or null pointer plus small offset, is a
clean runtime error in most environments. So it's not particularly
useful to protect against this.

While at it make a null pointer check that is actually necessary more
robust.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 15:19:00 +01:00
Janos Follath
296ea66442 Bignum: clean up use of enums
- Made use of enums in struct and function declaration
- All enums are handled by switch case now
- If the switch does nothing on default, omit the default case to make
  compiler warnings more powerful
- The two enums are now disjoint and the value 1 is skipped to make
  mistakes easier to detect

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 14:58:29 +01:00
Jerry Yu
5c28e7aa0e remove psk key when ephemeral selected
ephemeral is selected, `handshake->psk` must be removed.
Otherwise the encrypt key will be caculate fail.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
56acc9421c Write key_share base on key_exchange mode.
In ServerHello, write key share should base on key_exchange mode, not
base on configuration.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
f0bad2554a Continue check next psk key when binder mismatch
with matched identity and mismatch binder, should check next psk key.
Exit with error will break multi-psk cases.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
32e1370fbc Add config check for pre_shared_key parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
e95c8af266 Align ciphersuite with psk key
With OpenSSL and GnuTLS client, if the MAC of ciphersuite
does not match selected binder, client will reject connection.
This change is to select ciphersuite base on algo of psk binder.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
ccc68a466e change handshake psk key type for tls13
PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is
decided when create binder

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Ronald Cron
295d93ebe8 Add psk handshake with gnutls
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
40f3771e18 Add handshake psk export function.
Rename `ssl_tls13_get_psk` and export the
function.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Andrzej Kurek
1af61cb75b Introduce a new macro for hash size in ecdsa tests
Previously these tests depended on the definition from
inside the MD module, which in turn could be 32 or 64
bytes depending on whether MBEDTLS_SHA512_C was
defined. This is unnecessary, so a constant is itnroduced
instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-11 09:19:42 -04:00
Janos Follath
9dfb5621ff Test little endian core I/O with odd limbs
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 12:15:55 +01:00
Janos Follath
1cb3b976c3 Test big endian core I/O with odd limbs
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 12:06:14 +01:00
Przemek Stekiel
71bf28bb34 Fix include file path
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
f98b57f231 Initialize status/ret to error value
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
2aae040615 make ret_from_status() global function and move it to has_info.[ch]
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
712bb9c5af Use more suitable function for checking if hash is supported
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
79b99f47a1 Fix definition of MD_OR_PSA macros
The code will make the decision based on availability of MD, not of
MD+this_hash. The later would only be possible at runtime (the hash
isn't known until then, that's the whole point of MD), so we'd need to
have both MD-based and PSA-based code paths in a single build, which
would have a very negative impact on code size. So, instead, we choose
based on the presence of MD, which is know at compile time, so we only
have one of the two code paths in each build.

Adjust the macros so that they match the logic of the code using them.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
7d5271608b Fix undeclared dependencies on SHA-1
Previously the whole .function file had a global dependency on
MBEDTLS_SHA1_C. This hasn't been correct for a long time:
- on principle, dependency declarations in .function files are for
compile-time dependencies;
- in practice, a number of test cases do not depend on SHA-1, as they only
use SHA-256 or SHA-512 - those cases should not be skipped in builds
without SHA-1;
- this was "taken advantage of" to skip dependency declarations for
test cases that only depended on SHA-1.

The previous commit removed the global dependency on SHA1_C; as a result
the test cases that actually depend on SHA-1 were not skipped in builds
without SHA-1. This commit fixes that by adding dependency declarations
where they belong: in the .data file.

All cases compute hashes using MD is available, or PSA otherwise; so
MD_OR_PSA is appropriate here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
e741c61d54 Adjust dependencies in test_suite_pkcs1_v21
sed -i -f md_or_psa_hash.sed \
        tests/suites/test_suite_pkcs1_v21.data
        tests/suites/test_suite_pk.data

with md_or_psa_hash.sed containing:

    s/MBEDTLS_MD5_C/MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA/g
    s/MBEDTLS_RIPEMD160_C/MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA1_C/MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA224_C/MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA256_C/MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA384_C/MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA512_C/MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA/g

(The only lines in pk.data that still had old-style dependencies where
the ones about PKCS1_V21.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
7a27e85f5c Fix failure of RSA accel test
Previously MD_C was auto-enabled based on the fact that ALG_RSA_PSS was
requested, but that's no longer the case since the previous commit.

We can fix this in one of two ways: either enable MD_C, or enable all
the PSA_WANT_ALG_SHA_xxx that are needed for test. Go for MD_C because
it's a single line and avoids having to enumerate a list that might grow
in the future.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
077ba8489d PKCS#1 v2.1 now builds with PSA if no MD_C
Test coverage not there yet, as the entire test_suite_pkcs1_v21 is
skipped so far - dependencies to be adjusted in a future commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
faa3b4e0c3 Get rid of md_info outside helper functions
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
35c09e4824 Introduce compute_hash() function
This allows callers not to worry with md_info and makes it easier to
provide a PSA version for when MD_C is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
f701acc088 Extract common code into hash_mprime()
This will also make it easier to provide a PSA-based version for when MD
is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
f3a6755450 Simplify callers of mgf_mask()
Some of them no longer need md_ctx, some of those no longer need the
exit dance that was used to free it, or need it on a smaller scope.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
259c213545 Tune API of internal function mgf_mask in RSA
This is a first step towards making a version of this function that
uses PSA when MD is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Dave Rodgman
8a9f88899d
Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code
ssl_tls: avoid the appearance of a potential NULL dereferencing
2022-08-11 10:12:34 +01:00
Dave Rodgman
322a7a19e7
Merge pull request #6155 from yuhaoth/pr/add-any-all-configs-enabled
Add ability to check if any/all configs are enabled/disabled for ssl-opt
2022-08-11 09:40:38 +01:00
kXuan
9ac6b28e27
ctr_drbg: remove mbedtls_aes_init call from mbedtls_ctr_drbg_seed
Since 11e9310 add mbedtls_aes_init call in mbedtls_ctr_drbg_init, it
should not init aes_ctx again in mbedtls_ctr_drbg_seed.

Signed-off-by: kXuan <kxuanobj@gmail.com>
2022-08-11 16:38:45 +08:00
Jerry Yu
62c8763de7 Improve macro expansion help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 10:18:36 +08:00
Janos Follath
8d59c86f61 Make pylint happy
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 15:35:35 +01:00
Janos Follath
d0895708e2 Bignum: move internal constants to headers
Now that the check_names script allows it, we can do so.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 13:32:16 +01:00
Janos Follath
9938719a05 Allow internal macros without prefix
Internal macros are not present as symbols, visible or usable outside
the compilation unit and it is safe to allow them to have a name without
namespace prefix.

We also allow them to start with lower case letters as some of our
internal macros already have names like that.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 12:06:31 +01:00
kXuan
11e9310fd1
ctr_drbg: fix free uninitialized aes context
Application may enabled AES_ALT and define mbedtls_aes_context by its own.
The initial state of user-defined mbedtls_aes_context may not all byte zero.

In mbedtls_ctr_drbg_init, the code set all byte to zero, including the AES
context nested in the ctr_drbg context.

And in mbedtls_ctr_drbg_free, the code calls mbedtls_aes_free on an AES
context without calling mbedtls_aes_init.

If user-defined AES context requires an non-zero init, the mbedtls_aes_free
call in mbedtls_ctr_drbg_free is illegal.

This patch fix this issue by add mbedtls_aes_init in mbedtls_ctr_drbg_init.

So aes context will always be initialized to correct state.

Signed-off-by: kXuan <kxuanobj@gmail.com>
2022-08-10 16:43:28 +08:00
Jerry Yu
08dccc1f75 Improve help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-10 10:02:04 +08:00
Leonid Rozenboim
e9d8dcdbf5 ssl_tls: avoid the appearance of a potential NULL dereferencing
Looking at the bigger picture it is clear that if `ssl->session` is NULL,
there will be a failure much earlier, and that is well protected from,
however, the practice of dereferencing a pointer which has not been
verified in prior for validity goes against secure coding practices.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-08-09 12:34:30 -07:00
Janos Follath
c47c0569d4 Remove VALIDATE macros from bignum_core.c
They are deprecated and are declared to be empty anyway.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 13:54:43 +01:00