TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-11 14:50:48 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,872 Commits 179 Branches 280 Tags
v2.16.12
Commit Graph

9872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Rodgman
cf46671260 Merge pull request #869 from ARMmbed/mbedtls-2.16.12rc0-pr 
Mbedtls 2.16.12rc0 pr
mbedtls-2.16.12 v2.16.12 		2021-12-15 13:47:46 +00:00
Manuel Pégourié-Gonnard
b9f4568ec0 Improve wording of a ChangeLog entry 
Keeps the entry aligned with other branches too.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-12-15 10:22:51 +01:00
Manuel Pégourié-Gonnard
fb4e9be5db Remove some bashisms from all.sh 
Other branches use bash for all.sh, but we're still using plain sh.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-12-14 11:36:28 +01:00
Manuel Pégourié-Gonnard
6fc3aa004c Update version header in ChangeLog 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-12-14 11:13:29 +01:00
Manuel Pégourié-Gonnard
b0bb3c8b7d Bump version to 2.16.12 
scripts/bump_version.sh --version 2.16.12

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-12-14 11:12:26 +01:00
Manuel Pégourié-Gonnard
652e035ea1 Assemble ChangeLog 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-12-14 11:08:55 +01:00
Manuel Pégourié-Gonnard
b0c54a7d46 Fix misleading ChangeLog entry formatting. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-12-14 09:55:10 +01:00
Manuel Pégourié-Gonnard
1f65e31e73 Double-free goes under security, not bugfix. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-12-14 09:49:32 +01:00
Manuel Pégourié-Gonnard
fef64d5de9 Merge branch 'mbedtls-2.16-restricted' into mbedtls-2.16.12rc0-pr 
* mbedtls-2.16-restricted:
  Add changelog entry for session copy bugfix
  [session] fix a session copy bug fix a possible double reference on 'ticket' when peer_cert/peer_cert_digest calloc failed.
 2021-12-14 09:27:48 +01:00
Gilles Peskine
7b9cd91587 Merge pull request #5328 from gilles-peskine-arm/zeroize-tag-2.16 
Backport 2.16: Zeroize expected MAC/tag intermediate variables
 2021-12-13 19:09:34 +01:00
Gilles Peskine
b3f2273aed mbedtls_cipher_check_tag: jump on error for more robustness to refactoring 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 16:57:47 +01:00
Gilles Peskine
e72ab7767f Merge pull request #5311 from paul-elliott-arm/pkcs12_fix_2.16 
Backport 2.16: Fixes for pkcs12 with NULL and/or zero length password
 2021-12-13 14:52:47 +01:00
Gilles Peskine
7cab499af2 Initialize hash_len before using it 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 14:47:17 +01:00
Gilles Peskine
746cfb1e9b Generalize MAC zeroization changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 14:28:26 +01:00
Gilles Peskine
6f8d7f1b8c PKCS#1v1.5 signature: better cleanup of temporary values 
Zeroize temporary buffers used to sanity-check the signature.

If there is an error, overwrite the tentative signature in the output
buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 14:28:26 +01:00
Gilles Peskine
cd9e751f2f mbedtls_ssl_parse_finished: zeroize expected finished value on error 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 14:28:26 +01:00
Gilles Peskine
75b596fc3c mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 14:18:44 +01:00
Gilles Peskine
8dc7b243ae mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 14:15:39 +01:00
Dave Rodgman
1f0f42f1d1 Merge pull request #5315 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac-2.16 
Backport 2.16: Check HMAC return values
 2021-12-13 10:51:32 +00:00
Gilles Peskine
a89bdf03ba Catch failures of md_hmac operations 
Check the return values of mbedtls_md_xx functions in our code. We were
already doing that everywhere for hash calculations, but not for HMAC
calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 17:37:47 +01:00
Gilles Peskine
95f869c9fb Move changelog entry file that was in the wrong directory 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 17:37:47 +01:00
Gilles Peskine
957e383f87 Zeroize local MAC variables 
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 17:37:47 +01:00
Paul Elliott
102cc6df5d Add expected output for tests 
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:

 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <string.h>

int Keygen_Uni( const char * test_name, unsigned char *pass, int
    passlen, unsigned char *salt,
                    int saltlen, int id, int iter, int n,
                                    unsigned char *out, const EVP_MD
                                    *md_type )
{
   size_t index;

   printf( "%s\n", test_name );

   int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
                                        n, out, md_type );

   if( ret != 1 )
   {
         printf( "Key generation returned %d\n", ret );
      }
   else
   {
         for( index = 0; index < n; ++index )
         {
                  printf( "%02x", out[index] );
               }

         printf( "\n" );
      }

   printf( "\n" );

}

int main(void)
{
   unsigned char out_buf[48];
   unsigned char pass[64];
   int pass_len;
   unsigned char salt[64];
   int salt_len;

   /* If ID=1, then the pseudorandom bits being produced are to be used
      as key material for performing encryption or decryption.

            If ID=2, then the pseudorandom bits being produced are to be
            used as an IV (Initial Value) for encryption or decryption.

                  If ID=3, then the pseudorandom bits being produced are
                  to be used as an integrity key for MACing.
                     */

   int id = 1;
   int iter = 3;

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( pass, 0, sizeof( pass ) );
   memset( salt, 0, sizeof( salt ) );

   Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( salt, 0, sizeof( salt ) );

   pass[0] = 0x01;
   pass[1] = 0x23;
   pass[2] = 0x45;
   pass[3] = 0x67;
   pass[4] = 0x89;
   pass[5] = 0xab;
   pass[6] = 0xcd;
   pass[7] = 0xef;

   Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   return 0;
}

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 20:50:59 +00:00
Paul Elliott
987bb386be Remove incorrect hashing 
Incorrect interpretation of 'empty'

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 18:08:31 +00:00
Paul Elliott
b4bfcbbd67 Add explanation for safety in function 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 18:08:31 +00:00
Paul Elliott
2cd6590040 Delete unneccesary changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 18:08:31 +00:00
Paul Elliott
88ba5b5fa5 Simplify Input usage macros 
Also ensure they are used in test data rather than values

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 18:08:31 +00:00
Paul Elliott
fe35e84692 Rename (and relabel) pkcs12 test case 
Remove surplus _test suffix. Change labeling from Pcks12 to PCKS#12 as
it should be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 18:08:31 +00:00
Paul Elliott
2ed0537424 Remove incorrect test dependency 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 18:08:31 +00:00
Paul Elliott
5e75dbee51 Documentation fixes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 18:08:31 +00:00
Paul Elliott
c7b320547f Stop CMake out of source tests running on 16.04 
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 18:08:31 +00:00
Paul Elliott
159c8f8e7e Fix missing test dependancies 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 18:08:31 +00:00
Paul Elliott
faba220672 Add PKCS12 tests 
Only regression tests for the empty password bugs for now. Further tests
will follow later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 18:08:31 +00:00
Paul Elliott
6b5707c90a Better fix for empty password / salt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 17:51:11 +00:00
Paul Elliott
45f1300fdf Further documentation improvements 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 17:49:21 +00:00
Paul Elliott
a87f009e30 Make changelog more specific 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 17:49:21 +00:00
Paul Elliott
4d44341369 Fix for pkcs12 with NULL or zero length password 
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 17:49:21 +00:00
Gilles Peskine
6ec13af413 Merge pull request #5307 from gilles-peskine-arm/test-missing-ret-check-202112-2.16 
Backport 2.16: Missing error checks + test bug on unlikely failure
 2021-12-10 17:41:46 +01:00
Gilles Peskine
a0b0dcea7d Don't fail until everything is initialized 
Can't call mbedtls_cipher_free(&invalid_ctx) in cleanup if
mbedtls_cipher_init(&invalid_ctx) hasn't been called.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 15:21:58 +01:00
Gilles Peskine
4423cd3361 Check return values in more places 
Selective replacement of
```
^\( *\)\(mbedtls_\(md\|cipher\)_[A-Z_a-z0-9]+\)\((.*)\);
```
by
```
\1if( \2\4 != 0 )
\1{
\1    mbedtls_fprintf( stderr, "\2() returned error\\n" );
\1    goto exit;
\1}
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 15:21:58 +01:00
Gilles Peskine
6ce0692d88 Merge pull request #5302 from paul-elliott-arm/test_suite_cipher_returns_2.16 
Backport 2.16: Add checked return to cipher setup in Cipher tests
 2021-12-10 10:40:04 +01:00
Gilles Peskine
dc31a4166b Merge pull request #5300 from paul-elliott-arm/crypt_and_hash_prog_2.16 
Backport 2.16: Add checks for return values to md functions in crypt and hash
 2021-12-09 23:32:46 +01:00
Gilles Peskine
8727985683 Merge pull request #5281 from davidhorstmann-arm/2.16-improve-cmac-docs 
Backport 2.16: Reword documentation of CMAC operations
 2021-12-09 23:28:42 +01:00
Paul Elliott
4eadb02bf9 Add checked return to cipher setup 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 21:38:48 +00:00
Paul Elliott
32c42242ce Add checks for return values to md functions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:55:31 +00:00
Manuel Pégourié-Gonnard
d4a3cbd773 Merge pull request #864 from davidhorstmann-arm/2.16-fix-session-copy-bug 
Backport 2.16: [session] fix a session copy bug
 2021-12-09 09:21:45 +01:00
David Horstmann
18504f4b20 Add changelog entry for session copy bugfix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-12-08 13:28:12 +00:00
吴敬辉
eb490aabf6 [session] fix a session copy bug 
fix a possible double reference on 'ticket'
when peer_cert/peer_cert_digest calloc failed.

Signed-off-by: 吴敬辉 <11137405@vivo.com>
 2021-12-08 12:33:12 +00:00
David Horstmann
f39bd9739d Reword documentation of CMAC operations 
Change the wording of the documentation for some CMAC functions,
as the existing wording, while technically correct, can be
easy to misunderstand. The reworded docs explain the flow of
a CMAC computation a little more fully.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-12-07 12:30:52 +00:00
Gilles Peskine
286bd2427f Merge pull request #5271 from gilles-peskine-arm/fix-builds-with-only-mbedtls_bignum_c-defined-2.16 
Backport 2.16: Fix builds when config.h only defines MBEDTLS_BIGNUM_C
 2021-12-07 12:38:03 +01:00