Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.
A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.
This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:
* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
was not properly checking the result of an AES operation:
* In library code: on failure, goto exit and return ret.
* In pkey programs: goto exit.
* In the benchmark program: exit (not ideal since there's no error
message, but it's what the code currently does for failures).
* In test code: TEST_ASSERT.
* Changelog entry.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If socket setup fail, ssl structure setup won't be called.
And the order of them do not affect final result, but it
will break ssl setup negative tests.
Change the order can fix that.
issue: #4844
Change-Id: I2488ed5f74773421eb1eac0cfd7f1ce4fbb0b32d
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
To support tls1.3 relative tests, add `tls1_3`
parameter for `{min,max}_version` and `force_version`
issues: #4844
Change-Id: I1b22a076582374b8aabc733086562e9d03a94a2a
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
The makefiles look for python3 on Unix-like systems where python is often
Python 2. This uses sh code so it doesn't work on Windows. On Windows, the
makefiles just assume that python is Python 3.
The code was incorrectly deciding not to try python3 based on WINDOWS_BUILD,
which indicates that the build is *for* Windows. Switch to checking WINDOWS,
which indicates that the build is *on* Windows.
Fix#4774
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Generate programs/test/cpp_dummy_build.cpp dynamically instead of
maintaining it manually. This removes the need to update it when the list of
headers changes.
Include all the headers unconditionally except for the ones that cannot be
included directly.
Support this dynamic generation both with make and with cmake.
Adapt all.sh accordingly. Remove the redundant C build from
component_build_default_make_gcc_and_cxx (it was also done in
component_test_default_out_of_box), leaving a component_test_make_cxx. Also
run the C++ program, because why not. Do this in the full configuration
which may catch a bit more problems in headers.
Fixes#2570 for good.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We previously introduced a safety check ensuring that if a datagram had
already been dropped twice, it would no longer be dropped or delayed
after that.
This missed an edge case: if a datagram is dropped once, it can be
delayed any number of times. Since "delay" is not defined in terms of
time (x seconds) but in terms of ordering with respect to other messages
(will be forwarded after the next message is forwarded), depending on
the RNG results this could result in an endless loop where all messages
are delayed until the next, which is itself delayed, etc. and no message
is ever forwarded.
The probability of this happening n times in a row is (1/d)^n, where d
is the value passed as delay=d, so for delay=5 and n=5 it's around 0.03%
which seems small but we still happened on such an occurrence in real
life:
tests/ssl-opt.sh --seed 1625061502 -f 'DTLS proxy: 3d, min handshake, resumption$'
results (according to debug statements added for the investigation) in
the ClientHello of the second handshake being dropped once then delayed
5 times, after which the client stops re-trying and the test fails for
no interesting reason.
Make sure this doesn't happen again by putting a cap on the number of
times we fail to forward a given datagram immediately.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since
build_info.h alreadyy handles it.
This commit was generated using the following script:
# ========================
#!/bin/sh
git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i '
/^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h"
//,/^#endif/d
'
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.
No change to RSA because for RSA, the output size is trivial to calculate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Where hashlen was previously ignored when the hash length could be
inferred from an md_alg parameter, the two must now match.
Adapt the existing tests accordingly. Adapt the sample programs accordingly.
This commit does not add any negative testing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Also make sure to initialize the DRBG before using it in fuzz_server
(dummy_random uses ctr_drbg internally).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).
This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().
Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- mbedtls_ecp_check_pub_priv() because it calls ecp_mul()
- mbedtls_pk_check_pair() because it calls the former
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Commit removes conditional compilation block
which depends on MBEDTLS_SSL_TRUNCATED_HMAC
config option.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes code dependent on
MBEDTLS_SSL_TRUNCATED_HMAC from SSL
client and sever example programs.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>