Gilles Peskine
cd74298c83
mbedtls_cipher_check_tag: jump on error for more robustness to refactoring
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 17:01:25 +01:00
Gilles Peskine
a4174312da
Initialize hash_len before using it
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 14:38:40 +01:00
Gilles Peskine
14d5fef6b7
PKCS#1v1.5 signature: better cleanup of temporary values
...
Zeroize temporary buffers used to sanity-check the signature.
If there is an error, overwrite the tentative signature in the output
buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:37:55 +01:00
Gilles Peskine
f0fd4c3aee
mbedtls_ssl_parse_finished: zeroize expected finished value on error
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:36:15 +01:00
Gilles Peskine
c2f7b75a71
mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:35:08 +01:00
Gilles Peskine
60aebec47e
PSA hash verification: zeroize expected hash on hash mismatch
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:33:18 +01:00
Gilles Peskine
e7835d92c1
mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:32:43 +01:00
Dave Rodgman
050ad4bb50
Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac
...
Check HMAC return values
2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c
Catch failures of md_hmac operations
...
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.
Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 15:00:57 +01:00
Gilles Peskine
d5ba50e239
Zeroize local MAC variables
...
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 14:59:45 +01:00
Ronald Cron
db6adc5aad
ssl: Fix some compilation guards for TLS 1.3 signature algorithms
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 14:25:35 +01:00
Ronald Cron
6f135e1148
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
...
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Dave Rodgman
76a2b306ac
Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated
...
Add debug helpers generated
2021-12-10 11:56:55 +00:00
Manuel Pégourié-Gonnard
4525cce691
Merge pull request #5256 from yuhaoth/pr/clean-up-secrets-after-done
...
TLS1.3 MVP: Erase secrets when they are not necessary anymore.
2021-12-10 12:48:25 +01:00
Ronald Cron
6b07916e40
Merge pull request #5230 from ronald-cron-arm/tls13_ccs_client
...
Add initial support for "Middlebox Compatibility Mode"
2021-12-10 11:58:05 +01:00
Jerry Yu
a5563f6115
move position of base_key init
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 18:14:36 +08:00
Jerry Yu
b737f6a9be
move base_key init
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 17:55:59 +08:00
Ronald Cron
574ace48d8
Remove unnecessary blank line
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 10:27:25 +01:00
Jerry Yu
9c07473ebc
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 17:12:43 +08:00
Jerry Yu
889b3b76da
fix clang build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:57:45 +08:00
Jerry Yu
d05e1cec4b
fix build fail on check_*
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
e6369b0061
fix test_cmake_as_package fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
eb96fb508e
Add cmake generator
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
e3b3412bc4
Add tests for enum helper
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:45:52 +08:00
Jerry Yu
e78ee99624
add enum value to string helpers
...
Only add helpers for enum in `ssl.h`.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:43:30 +08:00
Jerry Yu
4a2fa5d0aa
Move erase handshake secrets
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:37:14 +08:00
Jerry Yu
27224f58be
fix coding style issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
5132771f5f
Revert "fix possible security leak for counter"
...
This reverts commit 8aab77e11e2aebec09dc9d682b16373771471fe0.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
7ca3054795
move zerioize tls13_hs_secrets
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
23ab7a46a3
move zeroize master secrets
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
2c70a39d97
move zeroize randbytes
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
bdfd01835a
fix compile break after merge
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
a986e9faac
Clean handshake secrets
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
d103bdb01d
Clean randbytes
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
745db226db
fix possible security leak for counter
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm
...
PSA Multipart AEAD CCM Internal implementation and tests.
2021-12-09 14:49:42 +01:00
Ronald Cron
d4c64027a5
tls13: Move state transition after sending CCS to ssl_tls13_client.c
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Ronald Cron
49ad6197ca
Add injection of dummy's ChangeCipherSpec for middlebox compatibility
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Ronald Cron
7e38cba993
Add incoming ChangeCipherSpec filtering in TLS 1.3
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard
c38c1f2411
Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0
...
Reorder structure fields to maximize usage of immediate offset access
2021-12-09 12:54:09 +01:00
Manuel Pégourié-Gonnard
d7d740eb6e
Merge pull request #5236 from gabor-mezei-arm/4926_base64_move_constant-time_functions
...
Move base64 constant-time functions to the new module
2021-12-09 12:40:18 +01:00
Manuel Pégourié-Gonnard
b873577fc3
Merge pull request #5240 from duckpowermb/development
...
[session] fix a session copy bug
2021-12-09 09:23:23 +01:00
Gilles Peskine
cfe74a37b9
mbedtls_ssl_handshake_params: move ecrs_ctx back further
...
"mbedtls_ssl_handshake_params: reorder fields to save code size" moved this
filed earlier along with byte-sized fields that should be in the 128-element
access window on Arm Thumb. This took away precious room in the 128-byte
window. Move it back further out.
Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2860 -> 2816 (diff: 44)
library/ssl_msg.o: 3080 -> 3076 (diff: 4)
library/ssl_srv.o: 3340 -> 3300 (diff: 40)
library/ssl_tls.o: 6546 -> 6478 (diff: 68)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-08 18:38:51 +01:00
Gilles Peskine
41139a2541
mbedtls_ssl_handshake_params: move group_list earlier to save code size
...
Placing group_list earlier seems to help significantly, not just as a matter
of placing it in the 128-element (512-byte) access window.
Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19559 -> 19551 (diff: 8)
library/ssl_msg.o: 24690 -> 24674 (diff: 16)
library/ssl_srv.o: 20418 -> 20406 (diff: 12)
library/ssl_tls.o: 20555 -> 20519 (diff: 36)
library/ssl_tls13_client.o: 7244 -> 7240 (diff: 4)
library/ssl_tls13_generic.o: 4693 -> 4697 (diff: -4)
Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2864 -> 2860 (diff: 4)
library/ssl_tls.o: 6566 -> 6546 (diff: 20)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-08 18:26:55 +01:00
Ronald Cron
1865585eab
Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases
...
TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests
2021-12-08 14:56:39 +01:00
Gilles Peskine
392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x
...
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
2021-12-07 12:52:20 +01:00
Dave Rodgman
351c71b7f2
Fix builds when config.h only defines MBEDTLS_BIGNUM_C
...
Fixes #4929
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-06 17:50:53 +00:00
Jerry Yu
6eaa41c15e
Fix overflow error
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Ronald Cron
f467d6306c
psa: Fix obsolete code guard
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
fd25ddbf58
psa: Fix and improve comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00