Commit graph

22793 commits

Author SHA1 Message Date
Jerry Yu
12c46bd14f fix various issues
- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:02:51 +08:00
Dave Rodgman
80f8c679c5
Merge pull request #6709 from daverodgman/pkcs7-docs
Add warnings & disable PKCS #7 by default
2022-12-05 16:24:29 +00:00
Dave Rodgman
4705f2d8a1
Merge pull request #976 from Mbed-TLS/merge-dev
Merge development into restricted
2022-12-05 16:21:17 +00:00
Tom Cosgrove
f51f972d67 Apply review comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-05 15:47:40 +00:00
Dave Rodgman
e1cda441a0
Merge pull request #6722 from daverodgman/fix_pr_template_link
Fix broken link
2022-12-05 13:23:17 +00:00
Tom Cosgrove
ed4f59eec3 Fix another typo where 'PSK' was 'PKS'
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-05 12:07:50 +00:00
Jerry Yu
e01304f6d8 fix type conversion issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:46 +08:00
Jerry Yu
ac5ca5a0ea Refactor cookie members of handshake struct
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:45 +08:00
Dave Rodgman
dbcbf44d65
Update include/mbedtls/mbedtls_config.h
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-05 11:15:10 +00:00
Dave Rodgman
acbb6dc364 Merge remote-tracking branch 'origin/development' into merge-dev 2022-12-05 10:59:23 +00:00
Dave Rodgman
ca6d6614a6 Fix broken link
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-05 10:48:23 +00:00
Tom Cosgrove
416b48c023 ChangeLog entry is fixed in a different PR
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-05 08:08:28 +00:00
Jerry Yu
54dfcb7794 fix comments and debug info issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 15:43:09 +08:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Issam E. Maghni
760f3a0a48 Install CMake files in MbedTLS dir
Right now, CMake files are installed in <prefix>/cmake. That being said,
it gets easily bloated, and the standard is to use a directory with the
same name as the project.

I discovered this issue with this "bug":
https://github.com/termux/termux-packages/issues/12416
The issue's author claimed that MbedTLS's files were not installed in
the lib directory. But the patch applied by termux team broke CMake's
search of MbedTLS config files. So I wanted to upstream the real fix
here instead.

Here are some examples of projects using directories:
 - https://github.com/xiph/flac/blob/1.4.2/CMakeLists.txt#L239
 - https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.15.2/CMakeLists.txt#L675
 - https://github.com/catchorg/Catch2/blob/v3.2.0/CMakeLists.txt#L62
 - https://github.com/capnproto/capnproto/blob/v0.10.2/c++/CMakeLists.txt#L162

Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
2022-12-04 03:00:38 +00:00
Valerio Setti
70e029006d test: pake: fix mixed testing in test_tls1_2_ecjpake_compatibility
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 16:21:56 +01:00
Valerio Setti
d6feb20869 test: pake: allow opaque password only when USE_PSA is enabled
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 14:28:49 +01:00
Valerio Setti
e7518ba28e test: pake: reshaping the ssl_ecjpake_set_password()
Removed the "error injection" strategy. Now the functions checks
for all the errors in a row.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 12:09:43 +01:00
Valerio Setti
757f359474 tls: pake: do not destroy key on errors while setting opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 11:07:11 +01:00
Gilles Peskine
da9746e8ce Test NOT_ACCEPTABLE cases for MPI get-random
Test some cases where mbedtls_mpi_core_random() or mbedtls_mpi_random()
should return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE. These test cases use a very
small range that makes the NOT_ACCEPTABLE case likely. The test code uses a
deterministic RNG whose implementation is in the test framework, so we know
that the tests will pass reproducibly unless the implementation the test
framework changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:46:31 +01:00
Gilles Peskine
e3a1b81cb9 Switch mpi_random_many test function to testing core
The test function mpi_random_many() is the main function for testing the
get-random-in-range function. It validates that the random generator's
output is within the desired range, and performs some basic statistical
checks including checking that small ranges are covered exhaustively.

Switch this function from testing mbedtls_mpi_random() to testing
mbedtls_mpi_core_random(). This does not reduce the test coverage of
mbedtls_mpi_random() because the same properties are now validated
indirectly via mpi_random_values() which checks that mbedtls_mpi_random()
and mbedtls_mpi_core_random() produce identical values for identical inputs.

As of this commit, mpi_random_many() still uses some legacy mpi functions
internally because the corresponding functions don't exist yet in core.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:46:31 +01:00
Gilles Peskine
34e8a2c287 Test mbedtls_mpi_random differentially from mbedtls_mpi_core_random
For good cases, test that mbedtls_mpi_random() produces the same output as
mbedtls_mpi_core_random().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:46:31 +01:00
Gilles Peskine
70375b2028 Move mbedtls_mpi_core_random to the proper source file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:46:26 +01:00
Gilles Peskine
78cf3bbf22 Bignum core: break mbedtls_mpi_core_random out of mbedtls_mpi_random
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:45:45 +01:00
Gilles Peskine
4a8c5cdfbf Bignum core: random: prototype
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:44:07 +01:00
Gilles Peskine
26be89b3f6 Bignum core: random: prepare to break out the core function
Shuffle things around a bit inside mbedtls_mpi_random() in preparation for
breaking out mbedtls_mpi_core_random().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:06:43 +01:00
Gilles Peskine
8a32a75aa2 mbedtls_mpi_random: avoid local allocation
Rewrite the minimum bound comparison to avoid a local allocation. This costs
a bit of code size, but saves RAM. This is in preparation for moving the
bulk of the function to the bignum_core module where allocation is not
permitted.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:06:43 +01:00
Gilles Peskine
6f949ea67b New constant-flow function mbedtls_mpi_core_uint_le_mpi
Compare a single-limb MPI with a multi-limb MPI. This is rather ad hoc, but
will be useful for mbedtls_mpi_core_random.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:06:43 +01:00
Gilles Peskine
cf0074b2c8 More wording improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
afb15206b5 Wording clarification
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
f3cc9d925f Improve "codegen 1.1" entry
"version 1.1 of #5137" is not meaningful to users, only as an internal
project milestone. Explain what this means from a user's point of view.

Announce the requirement for jsonschema in the proper section, which is
"Requirement changes". Mention jinja2 and basic.requirements.txt which
had not previously been explicitly mentioned in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
723bee67b2 Wrap lines to 79 columns max
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
5ba1697e8a Put behavior change in the correct category
"Changes" is for miscellaneous stuff that doesn't affect backward
compatibility.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
6593c7e1cb Clarify PSS sigalg entry
If my understanding is correct (to be confirmed in review), this is a new
feature which was not particularly desired on its own but was the simplest
way to fix an interoperability issue in TLS 1.2 caused accidentally by
the work on TLS 1.3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
29a56a1251 Clarify ASN.1 entry named data free functions
Mention the name of the new functions in the "Features" entry. Clarify what
they're for (there's no structure called mbedtls_x509_named_data, it's
mbedtls_asn1_named_data, but that name isn't so important here since we've
mentioned the names of the functions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
6d069afe6b Clarify that these two entries are about CMake
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
20c1f03dd5 Improve wording, punctuation, etc.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:47 +01:00
Dave Rodgman
235d1d8519 Improve wording
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 18:45:02 +00:00
Dave Rodgman
6ebaf7a1f8 Whitespace fix
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 18:33:58 +00:00
Dave Rodgman
bc5f03dabc Disable PKCS7 by default; improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 18:32:23 +00:00
Gilles Peskine
2f66115e0e No need for -g or -O in LDFLAGS
Fix a mistake in the previous commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 18:05:31 +01:00
Gilles Peskine
202b1a07ba You need --coverage when linking as well
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 17:41:36 +01:00
Valerio Setti
e98db0b866 tls: pake: fix description for mbedtls_ssl_set_hs_ecjpake_password_opaque
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 16:52:57 +01:00
Valerio Setti
b287ddff7e test: psa_pake: add more tests for opaque password setting
Added mixed cases:
- server using opaque password, while client not
- client using opaque password, while server not

Added a test with mismatched passwords in case both server and
client are using opaque passwords (the same test was already
present for the non-opaque case)

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 16:18:12 +01:00
Jerry Yu
7854a4e019 Add max_early_data_size option for ssl_sever2
- to set max_early_data_set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Jerry Yu
cc4e007ff6 Add max_early_data_size to mbedtls_ssl_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Jerry Yu
16f6853b05 Add max_early_data_size config option
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Jerry Yu
a6934776c9 Add reco_debug_level to reduce debug output
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Tom Cosgrove
62b20488f1 Implement mbedtls_mpi_mod_sub()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-01 14:27:37 +00:00
Valerio Setti
dc40bbc2d7 test: pake: remove redundant test for opaque passwords
This is already covered by other already existing cases such as
"component_test_full_cmake_gcc_asan" which build with
"config.py full" and run all "ssl-opt.sh" test cases.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 15:25:49 +01:00