Commit graph

13712 commits

Author SHA1 Message Date
Janos Follath
f8f5026a3b Add ChangeLog entry for #3147: MSVC flags
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-06-25 13:27:06 +01:00
Gilles Peskine
fb4f933f8e Rename Python scripts to use '_' and not '-'
You can't import a Python script whose name includes '-'.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-25 14:22:06 +02:00
Gilles Peskine
68a98516f6 basic-in-docker: call all.sh for sanity checks
Call all.sh for sanity checks, rather than maintain an explicit list.
This was done in .travis.yml in 3c7ffd7a40

Travis has diverged from basic-in-docker. This commit updates the
description of basic-in-docker to no longer refer to Travis. Alignment
with Travis may be desirable but that is beyond the scope of this commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-25 14:22:06 +02:00
Manuel Pégourié-Gonnard
af72167f40 DHM: blind call to mpi_inv_mod() on secret value
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-25 12:47:22 +02:00
Manuel Pégourié-Gonnard
9f58c4b6e5 DHM: make drawing of blinding value a function
In the next commit, we'll need to draw a second random value, in order to
blind modular inversion. Having a function for that will avoid repetition.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-25 12:34:58 +02:00
Manuel Pégourié-Gonnard
db61c3503b Merge branch 'development' into development-restricted
* development: (87 commits)
  entropy: Adjust parameter type of internal function to avoid a cast
  entropy: Avoid arithmetic on void pointer
  add comment about potential future extension
  Adjust comments about SEED synchronisation
  entropy: Rename sysctl_wrapper to sysctl_arnd_wrapper
  test_suite_x509parse.function improvement
  Pass "certificate policies" extension to callback
  Update iv and len context pointers manually when reallocating buffers
  Add Apache-2.0 headers to all source files
  Remove Dangerous Parameter Passing
  Add Apache-2.0 headers to all scripts
  Add missing copyright dates to scripts and sources
  Show failure in ssl-opts.sh  when key export fails
  Add changelog entry
  tests: Reformating due to rnd_* renaming
  tests: Add mbedtls_test_ prefix to rnd_* symbols
  tests: Reformating due to hexcmp() renaming
  tests: Add mbedtls_test_ prefix to hexcmp()
  tests: Reformating due to unhexify_alloc() renaming
  tests: Add mbedtls_test_ prefix to unhexify_alloc()
  ...
2020-06-25 11:53:43 +02:00
Janos Follath
4d1884916b Merge branch 'development-restricted' into mbedtls-2.23.0r0 2020-06-25 09:17:25 +01:00
Manuel Pégourié-Gonnard
70fce9831e Simplify test syntax
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-25 09:54:46 +02:00
Manuel Pégourié-Gonnard
69b01f7694 Fix logic error in setting client port
We need to do this after we possibly added the proxy.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-25 09:52:54 +02:00
Manuel Pégourié-Gonnard
1cb2beb905
Merge pull request #3423 from niacat/sysctl-arnd
entropy: Add support for BSD sysctl(KERN_ARND)
2020-06-25 09:34:20 +02:00
nia
8373c86628 entropy: Adjust parameter type of internal function to avoid a cast
Signed-off-by: nia <nia@netbsd.org>
2020-06-24 17:16:33 +01:00
nia
e3fdcfa45c entropy: Avoid arithmetic on void pointer
Signed-off-by: nia <nia@netbsd.org>
2020-06-23 21:03:31 +01:00
Gilles Peskine
04c6b61f43
Merge pull request #2639 from mpg/use-all-sh-checks-for-pre-push
Use all.sh and its component list in pre-push hook
2020-06-23 14:37:16 +02:00
Manuel Pégourié-Gonnard
1c7d54a209
Merge pull request #700 from mpg/l13-hw-starts-finish-restricted
Lucky 13: just use starts/finish around calls to process()
2020-06-23 10:43:13 +02:00
Gilles Peskine
dda104558b
Merge pull request #3419 from ndilieto/development
Pass "certificate policies" extension to callback
2020-06-23 09:35:45 +02:00
Nicola Di Lieto
511bc8c57b add comment about potential future extension
as requested, see
https://github.com/ARMmbed/mbedtls/pull/3419#discussion_r443836568

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-23 00:15:28 +02:00
Gilles Peskine
e81dc00df4
Merge pull request #3422 from niacat/net-sockets-fixes
NetBSD 9.0 build fixes
2020-06-22 23:33:53 +02:00
Ronald Cron
b1790af648 cmake: Add include directory policy documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-22 16:33:29 +02:00
Ronald Cron
855274113a cmake: Remove global include directories
Remove the declaration of ./include and ./library
as include directories for all targets.

Prefer being more local and declare include directories
at the target level using target_include_directories().

Note that there is no need to declare explicitely
./include as an include directory for tests as they
inherit it from the "mbed librairies".

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-22 16:33:22 +02:00
Janos Follath
3b46f9e864
Merge pull request #693 from mpg/ecp-mul-null-rng-dev-restricted
Use internal RNG in ecp_mul when none was provided
2020-06-22 15:07:57 +01:00
Ronald Cron
67d4b555b8 cmake: Limit scope of 3rd party definitions
Don't define anymore globally third party include
directories and compile definitions. Declare them within the
scope of the crypto library target as per the third party
source files.

Note that targets linking to the crypto library inherit from
the third party public include directories.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-22 13:44:03 +02:00
Ronald Cron
f19f312aa6 cmake: Add 3rd party public include directories
Add the possibility to distinguish between public and
non-public include directories. Public directories are
the one to use to access definitions of 3rd party code
interfaces.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-22 13:44:03 +02:00
Ronald Cron
00f5b8cd63 cmake: Compile everest code only if necessary
Compile everest code only if
MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED is defined
in config.h

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-22 13:44:03 +02:00
Ronald Cron
72d849d4b6 cmake: Align declaration of include directory
Align declaration of ./include include directory
among libraries, static and shared.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-22 13:42:21 +02:00
Gilles Peskine
c96d4e2739
Merge pull request #3410 from mpg/make-coverage-script-deterministic
Make basic-build-test.sh more deterministic
2020-06-22 12:30:48 +02:00
Manuel Pégourié-Gonnard
5430447a6e Adjust comments about SEED synchronisation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-22 10:31:35 +02:00
Manuel Pégourié-Gonnard
25c7dbe342
Merge pull request #3435 from paul-elliott-arm/fix_dangerous_parameters
Remove Dangerous Parameter Passing
2020-06-22 09:37:00 +02:00
nia
f4d9f21b9b entropy: Rename sysctl_wrapper to sysctl_arnd_wrapper
Signed-off-by: nia <nia@netbsd.org>
2020-06-19 16:17:06 +01:00
Manuel Pégourié-Gonnard
1215c54754 Add length check in ecp_drbg_seed()
While this is a static function, so right now we know we don't need the check,
things may change in the future, so better be on the safe side.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-19 11:59:49 +02:00
Janos Follath
0c00407432
Merge pull request #3430 from bensze01/license
[Forward-port] Add Apache-2.0 headers to all source files
2020-06-18 15:54:26 +01:00
Steven Cooreman
fa6860933d Declare unused parameter
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-18 14:37:31 +02:00
Manuel Pégourié-Gonnard
d335f2b6cb
Merge pull request #3421 from niacat/posix_c_source
Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99.
2020-06-18 13:01:38 +02:00
Manuel Pégourié-Gonnard
4539a45cbf Use fixed-length encoding for internal RNG seed
CTR-DRBG and HMAC-DRBG may used the seed differently depending on its length.
To avoid leaks, pass them a constant-length seed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-18 12:27:56 +02:00
Nicola Di Lieto
b77fad8ebe test_suite_x509parse.function improvement
as suggested in
https://github.com/ARMmbed/mbedtls/pull/3419#discussion_r441433697

also removed two no longer necessary void casts

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-17 17:59:49 +02:00
Nicola Di Lieto
c84b1e6aa0 Pass "certificate policies" extension to callback
Pass the "certificate policies" extension to the callback supplied to
mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported
policies. This allows the callback to fully replicate the behaviour
of the deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
configuration.

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-17 17:55:29 +02:00
Steven Cooreman
8c1e759e1d Documentation and new function signature update
Inline with review comments.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 14:52:05 +02:00
Steven Cooreman
14b8184db1 Added missing newline in changelog entry
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:54:18 +02:00
Steven Cooreman
74161ceaca Clarify behaviour of psa_validate_key_location
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:54:18 +02:00
Steven Cooreman
00106a12c9 Minor edit to comply with pointer naming standard
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:54:18 +02:00
Steven Cooreman
f5a5e45ed1 Refactor equality-testing asserts in SE driver tests to TEST_EQUAL
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:54:18 +02:00
Steven Cooreman
de18338865 Add changelog entry for #3382
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:54:18 +02:00
Steven Cooreman
81fe7c311a Split 'validate persistent key parameters' into independent validation
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:53:18 +02:00
Steven Cooreman
a50f28338b Add test to check key ID's from the vendor range are accepted
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:52:42 +02:00
danh-arm
c4b6656a91
Merge pull request #3405 from AndrzejKurek/variable-buffers-cid-serialization
Update iv and len context pointers manually when reallocating buffers
2020-06-17 12:26:24 +01:00
Gilles Peskine
392faa2e41
Merge pull request #2669 from RonEld/iotssl_2864
Show failure in ssl-opt.sh  when key export fails
2020-06-16 21:38:13 +02:00
Andrzej Kurek
b657783269
Update iv and len context pointers manually when reallocating buffers
These fields might be shifted accordingly in `ssl_parse_record_header()`
when receiving a connection with CID, so they require a manual update
after calling the generic `mbedtls_ssl_reset_in_out_pointers()`.

This commit also adds a regression test which is run by all.sh.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-06-16 11:54:51 -04:00
Bence Szépkúti
869746577a Add Apache-2.0 headers to all source files
Also normalize the first line of the copyright headers.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find scripts
find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i '

# Normalize the first line of the copyright headers (no text on the first line of a block comment)
/^\/\*.*Copyright.*Arm/I {
  i\
/*
  s/^\// /
}

/Copyright.*Arm/I {

  # Print copyright declaration
  p

  # Read the two lines immediately following the copyright declaration
  N
  N

  # Insert Apache header if it is missing
  /SPDX/! i\
 *  SPDX-License-Identifier: Apache-2.0\
 *\
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\
 *  not use this file except in compliance with the License.\
 *  You may obtain a copy of the License at\
 *\
 *  http://www.apache.org/licenses/LICENSE-2.0\
 *\
 *  Unless required by applicable law or agreed to in writing, software\
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
 *  See the License for the specific language governing permissions and\
 *  limitations under the License.

  # Clear copyright declaration from buffer
  D
}
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-16 17:38:44 +02:00
Paul Elliott
6a81eb6106 Remove Dangerous Parameter Passing
Another coverity bug - #350039

When this test discovers a key of the wrong type, it still throws it
through the export function in order to check that it too will detect
this as a not permitted action. For the buffer and buffer length
arguments it passes in a local pointer (which will most likely be NULL),
and the sizeof that pointer, as it knows that they will never be used.
Coverity rightly (imho) flagged this as suspicious - if we are going to
pass in incorrect parameters, at least make them obviously incorrect, and
ones that will not potentially cause errors if the code later changes.
There is, for example safety checks for zero length buffer, but less
protection for an insufficiently sized one.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-16 14:34:55 +01:00
Manuel Pégourié-Gonnard
9dfcae8b94
Merge pull request #3426 from paul-elliott-arm/resource_leak
Fix for resource leak in test_suite_ssl
2020-06-16 10:00:18 +02:00
Bence Szépkúti
c7da1fe381 Add Apache-2.0 headers to all scripts
This commit was generated using the following script:

# ========================
#!/bin/sh

# Find scripts
find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i '

# Remove Mbed TLS declaration if it occurs before the copyright line
1,/Copyright.*Arm/I {
  /This file is part of/,$ {
    /Copyright.*Arm/I! d
  }
}

# Convert non-standard header in scripts/abi_check.py to the format used in the other scripts
/"""/,/"""/ {

  # Cut copyright declaration
  /Copyright.*Arm/I {
    h
    N
    d
  }

  # Paste copyright declaration
  /"""/ {
    x
    /./ {
      s/^/# /    # Add #
      x          # Replace orignal buffer with Copyright declaration
      p          # Print original buffer, insert newline
      i\

      s/.*//     # Clear original buffer
    }
    x
  }
}

/Copyright.*Arm/I {

  # Print copyright declaration
  p

  # Read the two lines immediately following the copyright declaration
  N
  N

  # Insert Apache header if it is missing
  /SPDX/! {
    i\
# SPDX-License-Identifier: Apache-2.0\
#\
# Licensed under the Apache License, Version 2.0 (the "License"); you may\
# not use this file except in compliance with the License.\
# You may obtain a copy of the License at\
#\
# http://www.apache.org/licenses/LICENSE-2.0\
#\
# Unless required by applicable law or agreed to in writing, software\
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
# See the License for the specific language governing permissions and\
# limitations under the License.

    # Insert Mbed TLS declaration if it is missing
    /This file is part of/! i\
#\
# This file is part of Mbed TLS (https://tls.mbed.org)
  }

  # Clear copyright declaration from buffer
  D
}
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:05:47 +02:00