Commit graph

20964 commits

Author SHA1 Message Date
kXuan
9ac6b28e27
ctr_drbg: remove mbedtls_aes_init call from mbedtls_ctr_drbg_seed
Since 11e9310 add mbedtls_aes_init call in mbedtls_ctr_drbg_init, it
should not init aes_ctx again in mbedtls_ctr_drbg_seed.

Signed-off-by: kXuan <kxuanobj@gmail.com>
2022-08-11 16:38:45 +08:00
Jerry Yu
62c8763de7 Improve macro expansion help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 10:18:36 +08:00
Janos Follath
8d59c86f61 Make pylint happy
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 15:35:35 +01:00
Janos Follath
d0895708e2 Bignum: move internal constants to headers
Now that the check_names script allows it, we can do so.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 13:32:16 +01:00
Janos Follath
9938719a05 Allow internal macros without prefix
Internal macros are not present as symbols, visible or usable outside
the compilation unit and it is safe to allow them to have a name without
namespace prefix.

We also allow them to start with lower case letters as some of our
internal macros already have names like that.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 12:06:31 +01:00
kXuan
11e9310fd1
ctr_drbg: fix free uninitialized aes context
Application may enabled AES_ALT and define mbedtls_aes_context by its own.
The initial state of user-defined mbedtls_aes_context may not all byte zero.

In mbedtls_ctr_drbg_init, the code set all byte to zero, including the AES
context nested in the ctr_drbg context.

And in mbedtls_ctr_drbg_free, the code calls mbedtls_aes_free on an AES
context without calling mbedtls_aes_init.

If user-defined AES context requires an non-zero init, the mbedtls_aes_free
call in mbedtls_ctr_drbg_free is illegal.

This patch fix this issue by add mbedtls_aes_init in mbedtls_ctr_drbg_init.

So aes context will always be initialized to correct state.

Signed-off-by: kXuan <kxuanobj@gmail.com>
2022-08-10 16:43:28 +08:00
Jerry Yu
08dccc1f75 Improve help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-10 10:02:04 +08:00
Leonid Rozenboim
e9d8dcdbf5 ssl_tls: avoid the appearance of a potential NULL dereferencing
Looking at the bigger picture it is clear that if `ssl->session` is NULL,
there will be a failure much earlier, and that is well protected from,
however, the practice of dereferencing a pointer which has not been
verified in prior for validity goes against secure coding practices.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-08-09 12:34:30 -07:00
Janos Follath
c47c0569d4 Remove VALIDATE macros from bignum_core.c
They are deprecated and are declared to be empty anyway.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 13:54:43 +01:00
Janos Follath
d1baedb786 Bignum: extract bignum_mod.h functions
Extract functions declared in bignum_mod.h into a source file with a
matching name.

We are doing this because:

- This is a general best practice/convention
- We hope that this will make resolving merge conflicts in the future
  easier
- Having them in a unified source file is a premature optimisation at
  this point

This makes library/bignum_new.c empty and therefore it is deleted.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 13:44:53 +01:00
Janos Follath
0ded631879 Bignum: extract bignum_mod_raw.h functions
Extract functions declared in bignum_mod_raw.h into a source file with a
matching name.

We are doing this because:

- This is a general best practice/convention
- We hope that this will make resolving merge conflicts in the future
  easier
- Having them in a unified source file is a premature optimisation at
  this point

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 13:34:54 +01:00
Janos Follath
3ca0775e59 Bignum: extract bignum_core.h functions
Extract functions declared in bignum_core.h into a source file with a
matching name.

We are doing this because:

- This is a general best practice/convention
- We hope that this will make resolving merge conflicts in the future
  easier
- Having them in a unified source file is a premature optimisation at
  this point

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 11:45:47 +01:00
Dave Rodgman
f421d45869
Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype
Fix build error due to  missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
2022-08-09 11:27:42 +01:00
Dave Rodgman
384f1e61f7
Merge pull request #5950 from savent404/development
cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)
2022-08-09 10:52:31 +01:00
Dave Rodgman
953ce3962f
Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12
Add rsa pss rsae for tls12
2022-08-09 10:21:45 +01:00
Werner Lewis
3b09739c1b Add test case for mbedtls_ecp_set_zero
Tests function with various ECP point conditions, covering freshly
initialized, zeroed, non-zero, and freed points.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 17:22:55 +01:00
Janos Follath
1694969a0a Bignum: Add tests for modulus setup and free
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-08 13:37:20 +01:00
Neil Armstrong
d86b8ac111 Fix test_psa_crypto_config_accel_hash_use_psa build when including libtestdriver1 PSA headers from programs
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-08 13:56:13 +02:00
Neil Armstrong
9bb8e0d3c5 Fix fuzz_privkey build without MBEDTLS_ENTROPY_C defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-08 13:56:13 +02:00
Neil Armstrong
a97f1ac5f9 Initialize mbedtls_x509write_csr struct before USE_PSA_INIT(), mbedtls_x509write_csr_free() will crash if uninitialized
When USE_PSA_INIT() failed because lack of seedfile, mbedtls_x509write_csr_free()
crashed when called on an unitialized mbedtls_x509write_csr struct.

This moves mbedtls_x509write_csr_init before calling USE_PSA_INIT(),
which could probably fail, and uses the same flow in x509_csr_check()
and x509_csr_check_opaque().

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-08 13:54:47 +02:00
Andrzej Kurek
9f42c0683c Adjust hash dependencies in test_suite_ecdsa
Only deterministic tests require SHA256 now.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-08 07:31:48 -04:00
Janos Follath
dae1147596 Improve Bignum documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-08 11:50:02 +01:00
Janos Follath
8ff0729dd7 Fix typos in Bignum documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-08 08:39:52 +01:00
Gabor Mezei
a200f6f855 Add macro definitions to the tests
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:10:51 +01:00
Gabor Mezei
6666914b76 Revert "Move Bignum macros to common header"
This reverts commit 62c5901f0a5061a8825e19c77f88c91fea235078.

Reverting commit due the macros are meant to be local and not following the
naming convention.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:10:51 +01:00
Gabor Mezei
37b06360b3 Add documentation for new bignum functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:10:51 +01:00
Gabor Mezei
23a1ce90ec Add tests for mbedtls_mpi_mod_raw read/write functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:10:47 +01:00
Gabor Mezei
c0b9304f92 Use value as numerical value instead of bitfield value
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:53 +01:00
Gabor Mezei
d8f5bc2d3d Free the correct struct element
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:53 +01:00
Gabor Mezei
535f36d203 Unify parameter naming
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:53 +01:00
Gabor Mezei
e66b1d47ed Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
8b718b5a66 Add bounds check to residue input
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
23bdeca64d Add core constant time comparison
Unfortunately reusing the new function from the signed constant time
comparison is not trivial.

One option would be to do temporary conditional swaps which would prevent
qualifying input to const. Another way would be to add an additional
flag for the sign and make it an integral part of the computation, which
would defeat the purpose of having an unsigned core comparison.

Going with two separate function for now and the signed version can be
retired/compiled out with the legacy API eventually.

The new function in theory could be placed into either
`library/constant_time.c` or `library/bignum_new.c`. Going with the
first as the other functions in the second are not constant time yet and
this distinction seems more valuable for new (as opposed to belonging to
the `_core` functions.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
5f016650d7 Reuse Bignum core I/O functions
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
91dc67d31c Allow (NULL, 0) as a representation of 0
- We don't check for NULL pointers this deep in the library
- Accessing a NULL pointer when the limb number is 0 as a mistake is the
  very similar to any other out of bounds access
- We could potentially mandate at least 1 limb representation for 0 but
  we either would need to enforce it or the implementation would be less
  robust.
- Allowing zero limb representation - (NULL, 0) in particular - for zero
  is present in the legacy interface, if we disallow it, the
  compatibility code will need to deal with this (more code size and
  opportunities for mistakes)

In summary, interpreting (NULL, 0) as the number zero in the core
interface is the least of the two evils.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
4670f88991 Reuse Bignum helper functions
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
4614b9ad1b Move Bignum macros to common header
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
6ff3536de5 Add tests for little endian core I/O
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:49 +01:00
Janos Follath
f1d617deb8 Add tests for big endian core I/O
The test case where there were extra limbs in the MPI failed and this
commit contains the corresponding fix as well. (We used to use the
minimum required limbs instead of the actual limbs present.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:06:31 +01:00
Janos Follath
ba5c139e4c Add more validation to modulus life cycle
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:03:56 +01:00
Janos Follath
281ccda8a5 Clean up mpi_mod_init/free
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:03:56 +01:00
Janos Follath
5005edb36c Fix typos
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
c5328cf9a6 Add a set of I/O functions for the modulus structure
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
b903070cec Add a set of I/O functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
0c655572dc Build the new bignum_new.c file
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
f049dbfe94 Add the new modulus and the residue structures
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gilles Peskine
5740ff5f1f
Merge pull request #5949 from Summer-ARM/mbedtls-psa-crypto-config
MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed when PSA_WANT_ALG_CHACHA20_POLY1305 is defined
2022-08-05 11:03:45 +02:00
Gilles Peskine
b4983d4556
Merge pull request #6164 from mprse/md_ssl_test
Avoid use of MD in SSL test suite
2022-08-05 11:02:44 +02:00
Gilles Peskine
f860f3742b
Merge pull request #6070 from wernerlewis/bignum_test_radix
Remove radix argument from bignum test functions
2022-08-05 11:01:07 +02:00
Gilles Peskine
57d4c11c44
Merge pull request #6165 from mprse/md_x509_test
Avoid use of MD in X.509 write test suite
2022-08-04 10:11:03 +02:00