Commit graph

219 commits

Author SHA1 Message Date
Jaeden Amero
74a04cdd59 Remove exporter script
We no longer need an exporter script as we'll use our existing tooling in
the top level directory for builds and releases.
2018-11-21 12:17:29 +00:00
Darryl Green
db2b8db715 psa: Add storage implementation for files
Add new functions, psa_load_persistent_key(),
psa_free_persistent_key_data(), and psa_save_persistent_key(), for
managing persistent keys. These functions load to or save from our
internal representation of key slots. Serialization is a concern of the
storage backend implementation and doesn't abstraction-leak into the
lifetime management code.

An initial implementation for files is provided. Additional storage
backends can implement this interface for other storage types.
2018-11-20 15:21:22 +00:00
Jaeden Amero
818eab2e76 Merge tag 'mbedtls-2.14.0' into feature-psa
Mbed TLS version 2.14.0

Resolved conflicts in include/mbedtls/config.h,
tests/scripts/check-files.py, and yotta/create-module.sh by removing yotta.

Resolved conflicts in tests/.jenkins/Jenkinsfile by continuing to run
mbedtls-psa job.
2018-11-19 19:25:56 +00:00
Simon Butcher
53b45ec881 Merge remote-tracking branch 'public/pr/2079' into development-restricted-proposed 2018-11-07 12:58:44 +00:00
Simon Butcher
3869384ddb Merge remote-tracking branch 'public/pr/2031' into development 2018-10-27 18:34:18 +01:00
Hanno Becker
e5fecec7bf Add test for MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO to all.sh
This commit adds a test to tests/scripts/all.sh exercising an
ASan build of the default configuration with

MBEDTLS_PLATFORM_MEMORY enabled,
MBEDTLS_PLATFORM_CALLOC_MACRO set to std calloc
MBEDTLS_PLATFORM_FREE_MACRO   set to std free

(This should functionally be indistinguishable from a default build)
2018-10-11 11:04:20 +01:00
Gilles Peskine
5c39d7a972 Remove redundant check in all.sh
test -s can't fail if the subsequent grep succeeds.
2018-09-28 14:31:16 +02:00
Gilles Peskine
bd90a8c002 In keep-going mode, don't hard-fail on some tests
Add if_build_succeeded in front of the invocation of some test runs
where it was missing.
2018-09-28 14:31:16 +02:00
Gilles Peskine
2bb56095ec Remove redundant check in all.sh
test -s can't fail if the subsequent grep succeeds.
2018-09-27 13:57:46 +02:00
Gilles Peskine
3e954cf84d In keep-going mode, don't hard-fail on some tests
Add if_build_succeeded in front of the invocation of some test runs
where it was missing.
2018-09-27 13:57:45 +02:00
Gilles Peskine
899c652195 In keep-going mode, don't hard-fail on some auxiliary script
Add record_status in front of the invocation of several scripts where
it was missing.
2018-09-27 13:57:45 +02:00
Simon Butcher
3ad2efdc82 Remove Yotta support from the docs, tests and build scripts
Yotta is no longer supported by Mbed TLS, so has been removed. Specifically, the
following changes have been made:
 * references to yotta have been removed from the main readme and build
   instructions
 * the yotta module directory and build script has been removed
 * yotta has been removed from test scripts such as all.sh and check-names.sh
 * yotta has been removed from other files that that referenced it such as the
   doxyfile and the bn_mul.h header
 * yotta specific configurations and references have been removed from config.h
2018-09-26 17:55:09 +01:00
Gilles Peskine
487cdf5516 In keep-going mode, don't hard-fail on some auxiliary script
Add record_status in front of the invocation of several scripts where
it was missing.
2018-09-26 16:50:38 +02:00
Jaeden Amero
80e317af15 all.sh: Test the Mbed Crypto exporter
Ensure that the exporter creates a "crypto" folder where "make test"
runs and passes. Ensure that cleanup also runs without error.
2018-09-12 16:50:07 +03:00
Simon Butcher
68dbc94720 Merge remote-tracking branch 'public/pr/1951' into development 2018-08-30 00:56:56 +01:00
Hanno Becker
2f5aa4c64e all.sh: Add builds allowing to test dropping buffered messages
This commit adds two builds to all.sh which use a value of
MBEDTLS_SSL_DTLS_MAX_BUFFERING that allows to run the
reordering tests in ssl-opt.sh introduced in the last commit.
2018-08-24 14:48:11 +01:00
Mohammad Azim Khan
ee6529eb83 Add generate_test_code.py unit tests in all.sh 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
21798105f6 Pylint tests in all.sh 2018-08-06 11:42:56 +01:00
Simon Butcher
729d7814c8 Merge remote-tracking branch 'public/pr/779' into development 2018-07-24 17:20:36 +01:00
Simon Butcher
5ca06c763c Merge remote-tracking branch 'public/pr/1724' into development 2018-07-24 13:32:07 +01:00
Simon Butcher
bdf80d0953 Merge remote-tracking branch 'public/pr/1810' into development 2018-07-24 12:12:27 +01:00
Simon Butcher
a7b35434e6 Merge remote-tracking branch 'public/pr/1871' into development 2018-07-24 08:26:13 +01:00
Simon Butcher
8e6a22ac3d Add additional i386 tests to all.sh
Added an additional i386 test to all.sh, to allow one test with -O0 which
compiles out inline assembly, and one to test with -01 which includes the inline
assembly.
2018-07-23 13:31:19 +01:00
Simon Butcher
7a6da6ed5e Expand i386 all.sh tests to full config ASan builds
The i386 test builds were only building the default configuration and had
no address sanitisation. This commit expands the test configuration to the full
configuration in all.sh and builds with ASan for when the test suites are
executed.
2018-07-22 18:01:19 +01:00
Jaeden Amero
7c1258dc78 all.sh: Return error on keep-going failure
When calling all.sh from a script and using "--keep-going", errors were
sometimes missed due to all.sh always returning 0 "success" return code.
Return 1 if there is any failure encountered during a "keep-going" run.
2018-07-20 17:14:21 +01:00
Simon Butcher
7d728bd70e Merge remote-tracking branch 'public/pr/1454' into development 2018-07-20 14:33:44 +01:00
Simon Butcher
922bd1efb2 Merge remote-tracking branch 'public/pr/1752' into development 2018-07-20 14:33:18 +01:00
Simon Butcher
e7aeef09ee Merge remote-tracking branch 'public/pr/536' into development 2018-07-10 15:24:26 +01:00
Andrzej Kurek
991f9fefd9 all_sh: add a check for header inclusion in cpp_dummy_build.cpp
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 09:08:21 -04:00
Andrzej Kurek
05be06cc2d Make the C++ test mandatory by removing the --no-cxx flag from all.sh
Remove the cmake test
2018-06-28 05:10:51 -04:00
Andrzej Kurek
45a6719594 Add a CXX build to all.sh to execute the C++ dummy test by default 2018-06-28 05:10:02 -04:00
Simon Butcher
6665b67ddf Merge remote-tracking branch 'public/pr/1390' into development 2018-06-27 10:51:47 +01:00
Andres Amaya Garcia
7994766581 Fix usage of if_build_succeeded in all.sh zeroize test 2018-06-20 09:34:54 +01:00
Manuel Pégourié-Gonnard
9fece7ee91 Add ChachaPoly ciphersuites to compat.sh
This is disabled by default since it requires OpenSSL >= 1.1.0 and the current
default version on the CI is 1.0.2. However, the CI also has 1.1.1-rc which
can be used for this.
2018-06-19 13:16:30 +02:00
Manuel Pégourié-Gonnard
0dadba2b58 Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (182 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-19 11:13:50 +02:00
Angus Gratton
c4dd07369f test: Add test cases for separately reduced inward/outward buffer sizes 2018-06-18 20:51:51 +10:00
Jaeden Amero
d9c71dad50 Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
This reverts commit 5ffe41c8f9.

Turn off MBEDTLS_SSL_ASYNC_PRIVATE by default because we don't want to
change the ABI yet.
2018-06-15 20:31:26 +01:00
Simon Butcher
5f57f1e3cc Merge remote-tracking branch 'public/pr/1270' into development 2018-06-15 14:17:31 +01:00
Andres Amaya Garcia
9b04e19129 Use grep to detect zeroize test failures on GDB
This patch uses grep to search the GDB output for errors as there is
a bug in the tool that causes it to return 0 to the system even though
there was a problem in the script.

This patch also fixes the zeroize test to work with the --keep-going
option in all.sh.
2018-06-12 20:57:45 +01:00
Manuel Pégourié-Gonnard
39b1904b9f Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (97 commits)
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  Remove useless parameter from function
  Wipe sensitive info from the stack
  ...
2018-06-07 12:02:55 +02:00
Manuel Pégourié-Gonnard
2adb375c50 Add option to avoid 64-bit multiplication
Motivation is similar to NO_UDBL_DIVISION.

The alternative implementation of 64-bit mult is straightforward and aims at
obvious correctness. Also, visual examination of the generate assembly show
that it's quite efficient with clang, armcc5 and arm-clang. However current
GCC generates fairly inefficient code for it.

I tried to rework the code in order to make GCC generate more efficient code.
Unfortunately the only way to do that is to get rid of 64-bit add and handle
the carry manually, but this causes other compilers to generate less efficient
code with branches, which is not acceptable from a side-channel point of view.

So let's keep the obvious code that works for most compilers and hope future
versions of GCC learn to manage registers in a sensible way in that context.

See https://bugs.launchpad.net/gcc-arm-embedded/+bug/1775263
2018-06-07 11:05:33 +02:00
Simon Butcher
246cb05a92 Merge remote-tracking branch 'public/pr/1410' into development 2018-06-01 19:25:56 +01:00
Simon Butcher
b02f7893f6 Merge remote-tracking branch 'public/pr/1470' into development 2018-06-01 19:20:25 +01:00
Manuel Pégourié-Gonnard
a3712beb9b Merge branch 'development' into iotssl-1941-aria-ciphersuites
* development: (504 commits)
  Fix minor code style issues
  Add the uodate to the soversion to the ChangeLog
  Fix the ChangeLog for clarity, english and credit
  Update version to 2.9.0
  ecp: Fix binary compatibility with group ID
  Changelog entry
  Change accepted ciphersuite versions when parsing server hello
  Remove preprocessor directives around platform_util.h include
  Fix style for mbedtls_mpi_zeroize()
  Improve mbedtls_platform_zeroize() docs
  mbedtls_zeroize -> mbedtls_platform_zeroize in docs
  Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT
  Organize CMakeLists targets in alphabetical order
  Organize output objs in alfabetical order in Makefile
  Regenerate errors after ecp.h updates
  Update ecp.h
  Change variable bytes_written to header_bytes in record decompression
  Update ecp.h
  Update ecp.h
  Update ecp.h
  ...
2018-05-22 15:58:50 +02:00
Darryl Green
a07039cfe2 Add check-files.py to all.sh 2018-05-21 11:41:04 +01:00
Jaeden Amero
a331e0f0af Merge remote-tracking branch 'upstream-restricted/pr/421' into development-proposed 2018-05-04 14:39:24 +01:00
Jaeden Amero
09c4e7ef5a Merge remote-tracking branch 'upstream-public/pr/1486' into development-proposed 2018-05-04 11:03:16 +01:00
Gilles Peskine
5ffe41c8f9 Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default
This is an ABI change in libmbedtls.
2018-04-26 11:51:03 +02:00
Gilles Peskine
b44692f126 Merge branch 'mbedtls_ssl_get_key_exchange_md_ssl_tls-return_hashlen' into tls_async_server-2.9
Conflict resolution:
* ChangeLog: put the new entry from my branch in the proper place.
* include/mbedtls/error.h: counted high-level module error codes again.
* include/mbedtls/ssl.h: picked different numeric codes for the
  concurrently added errors; made the new error a full sentence per
  current standards.
* library/error.c: ran scripts/generate_errors.pl.
* library/ssl_srv.c:
    * ssl_prepare_server_key_exchange "DHE key exchanges": the conflict
      was due to style corrections in development
      (4cb1f4d49c) which I merged with
      my refactoring.
    * ssl_prepare_server_key_exchange "For key exchanges involving the
      server signing", first case, variable declarations: merged line
      by line:
        * dig_signed_len: added in async
        * signature_len: removed in async
        * hashlen: type changed to size_t in development
        * hash: size changed to MBEDTLS_MD_MAX_SIZE in async
        * ret: added in async
    * ssl_prepare_server_key_exchange "For key exchanges involving the
      server signing", first cae comment: the conflict was due to style
      corrections in development (4cb1f4d49c)
      which I merged with my comment changes made as part of refactoring
      the function.
    * ssl_prepare_server_key_exchange "Compute the hash to be signed" if
      `md_alg != MBEDTLS_MD_NONE`: conflict between
      ebd652fe2d
      "ssl_write_server_key_exchange: calculate hashlen explicitly" and
      46f5a3e9b4 "Check return codes from
      MD in ssl code". I took the code from commit
      ca1d742904 made on top of development
      which makes mbedtls_ssl_get_key_exchange_md_ssl_tls return the
      hash length.
* programs/ssl/ssl_server2.c: multiple conflicts between the introduction
  of MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and new auxiliary functions and
  definitions for async support, and the introduction of idle().
    * definitions before main: concurrent additions, kept both.
    * main, just after `handshake:`: in the loop around
      mbedtls_ssl_handshake(), merge the addition of support for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and SSL_ASYNC_INJECT_ERROR_CANCEL
      with the addition of the idle() call.
    * main, if `opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM`: take the
      code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS.
    * main, loop around mbedtls_ssl_read() in the datagram case:
      take the code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; revert to a do...while loop.
    * main, loop around mbedtls_ssl_write() in the datagram case:
      take the code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; revert to a do...while loop.
2018-04-26 10:00:27 +02:00
Andres Amaya Garcia
708c5cb6ab mbedtls_zeroize -> mbedtls_platform_zeroize in docs 2018-04-24 08:33:31 -05:00