From 6b0f911b9aaef49e705c7e744cb3b223eb681df6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 00:21:58 +0200 Subject: [PATCH 01/17] Use Python 3 instead of Python 2 to generate test files Python 2 is no longer officially supported, but we were still using it to generate test suite .c files from .function files when using GNU make. Switch to looking for Python 3. This change was done for CMake a long time ago. Signed-off-by: Gilles Peskine --- tests/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index d250d717a..59ed45a66 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -54,8 +54,7 @@ else DLEXT ?= so EXEXT= SHARED_SUFFIX= -# python2 for POSIX since FreeBSD has only python2 as default. -PYTHON ?= python2 +PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) endif # Zlib shared library extensions: From e0de27729e6afc076f5560c7a408af797465c392 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 May 2021 11:34:07 +0200 Subject: [PATCH 02/17] Changelog entry for no longer explicitly invoking python2 Signed-off-by: Gilles Peskine --- ChangeLog.d/make-generate-tests-python.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/make-generate-tests-python.txt diff --git a/ChangeLog.d/make-generate-tests-python.txt b/ChangeLog.d/make-generate-tests-python.txt new file mode 100644 index 000000000..4b9009d6f --- /dev/null +++ b/ChangeLog.d/make-generate-tests-python.txt @@ -0,0 +1,3 @@ +Changes + * When building the test suites with GNU make, invoke python3 or python, not + python2, which is no longer supported upstream. From 99cce1dd4fe7b18b8c219a52ba49f51e6e48acb6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 May 2021 11:36:50 +0200 Subject: [PATCH 03/17] Remove copy-pasted definition of PYTHON that wasn't used Signed-off-by: Gilles Peskine --- programs/fuzz/Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index fa17918fa..084fc241e 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -20,8 +20,6 @@ endif DLEXT ?= so EXEXT= SHARED_SUFFIX= -# python2 for POSIX since FreeBSD has only python2 as default. -PYTHON ?= python2 # Zlib shared library extensions: ifdef ZLIB From 72f60dfcc1fa985f1c665528ef894eac16bf0828 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Fri, 30 Apr 2021 13:28:22 +0200 Subject: [PATCH 04/17] Remove MBEDTLS_TEST_NULL_ENTROPY config option. Building the library without entropy sources negates any and all security provided by the library. This option was originally requested a relatively long time ago and it does not provide any tangible benefit for users any more. Signed-off-by: Mateusz Starzyk --- CMakeLists.txt | 31 ------------------------- ChangeLog.d/remove_null_entropy.txt | 2 ++ Makefile | 9 ------- include/mbedtls/check_config.h | 9 ------- include/mbedtls/config.h | 17 -------------- library/entropy.c | 17 -------------- library/entropy_poll.c | 17 -------------- library/entropy_poll.h | 8 ------- library/version_features.c | 3 --- programs/test/query_config.c | 8 ------- scripts/config.py | 1 - tests/scripts/all.sh | 15 ------------ tests/suites/helpers.function | 9 ++++--- tests/suites/test_suite_entropy.data | 5 ---- tests/suites/test_suite_random.function | 8 +++---- 15 files changed, 10 insertions(+), 149 deletions(-) create mode 100644 ChangeLog.d/remove_null_entropy.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index fb1ffaf96..f648f2299 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -56,17 +56,6 @@ else() endif() # Warning string - created as a list for compatibility with CMake 2.8 -set(WARNING_BORDER "*******************************************************\n") -set(NULL_ENTROPY_WARN_L1 "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined!\n") -set(NULL_ENTROPY_WARN_L2 "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES\n") -set(NULL_ENTROPY_WARN_L3 "**** AND IS *NOT* SUITABLE FOR PRODUCTION USE\n") - -set(NULL_ENTROPY_WARNING "${WARNING_BORDER}" - "${NULL_ENTROPY_WARN_L1}" - "${NULL_ENTROPY_WARN_L2}" - "${NULL_ENTROPY_WARN_L3}" - "${WARNING_BORDER}") - set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n") set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n") set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n") @@ -99,26 +88,6 @@ if(MBEDTLS_PYTHON_EXECUTABLE) message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING}) endif() - # If NULL Entropy is configured, display an appropriate warning - execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY - RESULT_VARIABLE result) - if(${result} EQUAL 0) - message(WARNING ${NULL_ENTROPY_WARNING}) - - if(NOT UNSAFE_BUILD) - message(FATAL_ERROR "\ -\n\ -Warning! You have enabled MBEDTLS_TEST_NULL_ENTROPY. \ -This option is not safe for production use and negates all security \ -It is intended for development use only. \ -\n\ -To confirm you want to build with this option, re-run cmake with the \ -option: \n\ - cmake -DUNSAFE_BUILD=ON ") - - return() - endif() - endif() endif() # If this is the root project add longer list of available CMAKE_BUILD_TYPE values diff --git a/ChangeLog.d/remove_null_entropy.txt b/ChangeLog.d/remove_null_entropy.txt new file mode 100644 index 000000000..3d9674b45 --- /dev/null +++ b/ChangeLog.d/remove_null_entropy.txt @@ -0,0 +1,2 @@ +API changes + * Remove the MBEDTLS_TEST_NULL_ENTROPY config option. Fixes #4388. diff --git a/Makefile b/Makefile index 6a8b23007..8d1a6ce5b 100644 --- a/Makefile +++ b/Makefile @@ -59,12 +59,6 @@ uninstall: done endif -WARNING_BORDER =*******************************************************\n -NULL_ENTROPY_WARN_L1=**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! ****\n -NULL_ENTROPY_WARN_L2=**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES ****\n -NULL_ENTROPY_WARN_L3=**** AND IS *NOT* SUITABLE FOR PRODUCTION USE ****\n - -NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER) WARNING_BORDER_LONG =**********************************************************************************\n CTR_DRBG_128_BIT_KEY_WARN_L1=**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined! ****\n @@ -81,9 +75,6 @@ ifndef WINDOWS -scripts/config.py get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \ echo '$(CTR_DRBG_128_BIT_KEY_WARNING)' - # If NULL Entropy is configured, display an appropriate warning - -scripts/config.py get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \ - echo '$(NULL_ENTROPY_WARNING)' endif clean: diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 47b5de04d..4a2d70f23 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -201,15 +201,6 @@ #endif #undef MBEDTLS_HAS_MEMSAN -#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \ - ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) ) -#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites" -#endif -#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \ - ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) ) -#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too" -#endif - #if defined(MBEDTLS_GCM_C) && ( \ !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) #error "MBEDTLS_GCM_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 603d985ae..009a25ca9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -527,23 +527,6 @@ //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT -/** - * \def MBEDTLS_TEST_NULL_ENTROPY - * - * Enables testing and use of mbed TLS without any configured entropy sources. - * This permits use of the library on platforms before an entropy source has - * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the - * MBEDTLS_ENTROPY_NV_SEED switches). - * - * WARNING! This switch MUST be disabled in production builds, and is suitable - * only for development. - * Enabling the switch negates any security provided by the library. - * - * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - * - */ -//#define MBEDTLS_TEST_NULL_ENTROPY - /** * \def MBEDTLS_ENTROPY_HARDWARE_ALT * diff --git a/library/entropy.c b/library/entropy.c index c7ae97aa4..cc686282a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -21,12 +21,6 @@ #if defined(MBEDTLS_ENTROPY_C) -#if defined(MBEDTLS_TEST_NULL_ENTROPY) -#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! " -#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES " -#warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE " -#endif - #include "mbedtls/entropy.h" #include "entropy_poll.h" #include "mbedtls/platform_util.h" @@ -73,11 +67,6 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) /* Reminder: Update ENTROPY_HAVE_STRONG in the test files * when adding more strong entropy sources here. */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) - mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL, - 1, MBEDTLS_ENTROPY_SOURCE_STRONG ); -#endif - #if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL, @@ -524,7 +513,6 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * #endif /* MBEDTLS_FS_IO */ #if defined(MBEDTLS_SELF_TEST) -#if !defined(MBEDTLS_TEST_NULL_ENTROPY) /* * Dummy source function */ @@ -538,7 +526,6 @@ static int entropy_dummy_source( void *data, unsigned char *output, return( 0 ); } -#endif /* !MBEDTLS_TEST_NULL_ENTROPY */ #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) @@ -646,17 +633,14 @@ cleanup: int mbedtls_entropy_self_test( int verbose ) { int ret = 1; -#if !defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_context ctx; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; size_t i, j; -#endif /* !MBEDTLS_TEST_NULL_ENTROPY */ if( verbose != 0 ) mbedtls_printf( " ENTROPY test: " ); -#if !defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_init( &ctx ); /* First do a gather to make sure we have default sources */ @@ -704,7 +688,6 @@ int mbedtls_entropy_self_test( int verbose ) cleanup: mbedtls_entropy_free( &ctx ); -#endif /* !MBEDTLS_TEST_NULL_ENTROPY */ if( verbose != 0 ) { diff --git a/library/entropy_poll.c b/library/entropy_poll.c index e4ffe2bde..e5d75c5b3 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -211,23 +211,6 @@ int mbedtls_platform_entropy_poll( void *data, #endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) -int mbedtls_null_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ - ((void) data); - ((void) output); - - *olen = 0; - if( len < sizeof(unsigned char) ) - return( 0 ); - - output[0] = 0; - *olen = sizeof(unsigned char); - return( 0 ); -} -#endif - #if defined(MBEDTLS_TIMING_C) int mbedtls_hardclock_poll( void *data, unsigned char *output, size_t len, size_t *olen ) diff --git a/library/entropy_poll.h b/library/entropy_poll.h index e12a134b5..9120fe5a0 100644 --- a/library/entropy_poll.h +++ b/library/entropy_poll.h @@ -43,14 +43,6 @@ extern "C" { #define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */ #endif -/** - * \brief Entropy poll callback that provides 0 entropy. - */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) - int mbedtls_null_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); -#endif - #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) /** * \brief Platform-specific entropy poll callback diff --git a/library/version_features.c b/library/version_features.c index d2de8957d..50dd5ac75 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -252,9 +252,6 @@ static const char * const features[] = { #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) "MBEDTLS_ECP_NORMALIZE_MXZ_ALT", #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) - "MBEDTLS_TEST_NULL_ENTROPY", -#endif /* MBEDTLS_TEST_NULL_ENTROPY */ #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) "MBEDTLS_ENTROPY_HARDWARE_ALT", #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 450e2fbbf..e4205397e 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -723,14 +723,6 @@ int query_config( const char *config ) } #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) - if( strcmp( "MBEDTLS_TEST_NULL_ENTROPY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_NULL_ENTROPY ); - return( 0 ); - } -#endif /* MBEDTLS_TEST_NULL_ENTROPY */ - #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) if( strcmp( "MBEDTLS_ENTROPY_HARDWARE_ALT", config ) == 0 ) { diff --git a/scripts/config.py b/scripts/config.py index a77ead054..a68b2a94f 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -194,7 +194,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_SHA512_NO_SHA384', # removes a feature 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) - 'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS 'MBEDTLS_X509_REMOVE_INFO', # removes a feature ]) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a4d50c1f6..78487692e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2072,21 +2072,6 @@ component_test_when_no_ciphersuites_have_mac () { if_build_succeeded tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' } -component_test_null_entropy () { - msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" - scripts/config.py set MBEDTLS_TEST_NULL_ENTROPY - scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - scripts/config.py set MBEDTLS_ENTROPY_C - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . - make - - msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" - make test -} - component_test_no_date_time () { msg "build: default config without MBEDTLS_HAVE_TIME_DATE" scripts/config.py unset MBEDTLS_HAVE_TIME_DATE diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 27d92492b..2ef07fa62 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -87,11 +87,10 @@ jmp_buf jmp_tmp; /* Indicates whether we expect mbedtls_entropy_init * to initialize some strong entropy source. */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) || \ - ( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ - ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ - defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ - defined(ENTROPY_NV_SEED) ) ) +#if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ + ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ + defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ + defined(ENTROPY_NV_SEED) ) #define ENTROPY_HAVE_STRONG #endif diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index 95bfe66e1..0b30bb8a5 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -83,9 +83,4 @@ Check NV seed manually #3 entropy_nv_seed:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" Entropy self test -depends_on:!MBEDTLS_TEST_NULL_ENTROPY entropy_selftest:0 - -Entropy self test (MBEDTLS_TEST_NULL_ENTROPY) -depends_on:MBEDTLS_TEST_NULL_ENTROPY -entropy_selftest:1 diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function index 37fa36ecd..c532c8a3b 100644 --- a/tests/suites/test_suite_random.function +++ b/tests/suites/test_suite_random.function @@ -18,7 +18,7 @@ /* END_HEADER */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void random_twice_with_ctr_drbg( ) { mbedtls_entropy_context entropy; @@ -57,7 +57,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_HMAC_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:MBEDTLS_HMAC_DRBG_C */ void random_twice_with_hmac_drbg( int md_type ) { mbedtls_entropy_context entropy; @@ -97,7 +97,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ void random_twice_with_psa_from_classic( ) { unsigned char output1[OUTPUT_SIZE]; @@ -123,7 +123,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ void random_twice_with_psa_from_psa( ) { unsigned char output1[OUTPUT_SIZE]; From 102c89ed65c2ada2b43fb40cd2b6f08b86cc89b7 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 12 May 2021 13:28:59 +0200 Subject: [PATCH 05/17] Remove the MBEDTLS_SSL_RECORD_CHECKING option Signed-off-by: TRodziewicz --- ChangeLog.d/issue4361.txt | 2 ++ include/mbedtls/config.h | 14 -------------- include/mbedtls/ssl.h | 2 -- library/ssl_msg.c | 2 -- library/version_features.c | 3 --- programs/ssl/ssl_test_common_source.c | 6 ------ programs/test/query_config.c | 8 -------- 7 files changed, 2 insertions(+), 35 deletions(-) create mode 100644 ChangeLog.d/issue4361.txt diff --git a/ChangeLog.d/issue4361.txt b/ChangeLog.d/issue4361.txt new file mode 100644 index 000000000..670c8a658 --- /dev/null +++ b/ChangeLog.d/issue4361.txt @@ -0,0 +1,2 @@ +Removals + * Remove the MBEDTLS_SSL_RECORD_CHECKING option. Fixes #4361. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 603d985ae..aa69848c7 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1467,20 +1467,6 @@ */ #define MBEDTLS_SSL_ALL_ALERT_MESSAGES -/** - * \def MBEDTLS_SSL_RECORD_CHECKING - * - * Enable the function mbedtls_ssl_check_record() which can be used to check - * the validity and authenticity of an incoming record, to verify that it has - * not been seen before. These checks are performed without modifying the - * externally visible state of the SSL context. - * - * See mbedtls_ssl_check_record() for more information. - * - * Uncomment to enable support for record checking. - */ -#define MBEDTLS_SSL_RECORD_CHECKING - /** * \def MBEDTLS_SSL_DTLS_CONNECTION_ID * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 40814e660..a47631c94 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1795,7 +1795,6 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, */ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); -#if defined(MBEDTLS_SSL_RECORD_CHECKING) /** * \brief Check whether a buffer contains a valid and authentic record * that has not been seen before. (DTLS only). @@ -1843,7 +1842,6 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, unsigned char *buf, size_t buflen ); -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ /** * \brief Set the timer callbacks (Mandatory for DTLS.) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 3956a67d2..c2fcdcbfd 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -86,7 +86,6 @@ int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ) return( 0 ); } -#if defined(MBEDTLS_SSL_RECORD_CHECKING) static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, unsigned char *buf, size_t len, @@ -150,7 +149,6 @@ exit: MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) ); return( ret ); } -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ #define SSL_DONT_FORCE_FLUSH 0 #define SSL_FORCE_FLUSH 1 diff --git a/library/version_features.c b/library/version_features.c index d2de8957d..b42fb29aa 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -468,9 +468,6 @@ static const char * const features[] = { #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) "MBEDTLS_SSL_ALL_ALERT_MESSAGES", #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ -#if defined(MBEDTLS_SSL_RECORD_CHECKING) - "MBEDTLS_SSL_RECORD_CHECKING", -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) "MBEDTLS_SSL_DTLS_CONNECTION_ID", #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 73457a139..fd7eacf6d 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -159,7 +159,6 @@ int dtls_srtp_key_derivation( void *p_expkey, #endif /* MBEDTLS_SSL_EXPORT_KEYS */ -#if defined(MBEDTLS_SSL_RECORD_CHECKING) int ssl_check_record( mbedtls_ssl_context const *ssl, unsigned char const *buf, size_t len ) { @@ -220,7 +219,6 @@ int ssl_check_record( mbedtls_ssl_context const *ssl, return( 0 ); } -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ int recv_cb( void *ctx, unsigned char *buf, size_t len ) { @@ -241,10 +239,8 @@ int recv_cb( void *ctx, unsigned char *buf, size_t len ) /* Here's the place to do any datagram/record checking * in between receiving the packet from the underlying * transport and passing it on to the TLS stack. */ -#if defined(MBEDTLS_SSL_RECORD_CHECKING) if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 ) return( -1 ); -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ } return( (int) recv_len ); @@ -267,10 +263,8 @@ int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len, /* Here's the place to do any datagram/record checking * in between receiving the packet from the underlying * transport and passing it on to the TLS stack. */ -#if defined(MBEDTLS_SSL_RECORD_CHECKING) if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 ) return( -1 ); -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ } return( (int) recv_len ); diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 450e2fbbf..cf7b3032f 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1299,14 +1299,6 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ -#if defined(MBEDTLS_SSL_RECORD_CHECKING) - if( strcmp( "MBEDTLS_SSL_RECORD_CHECKING", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_RECORD_CHECKING ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( strcmp( "MBEDTLS_SSL_DTLS_CONNECTION_ID", config ) == 0 ) { From e02e02f203e3f71e04b53e95fcd7c535940b48aa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 May 2021 00:22:35 +0200 Subject: [PATCH 06/17] Change sha512 output type from an array to a pointer The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret now has a pointer type rather than array type. This removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer. Signed-off-by: Gilles Peskine --- ChangeLog.d/sha512-output-type.txt | 5 +++++ docs/3.0-migration-guide.d/sha512-output-type.md | 8 ++++++++ include/mbedtls/sha512.h | 10 ++++++---- library/sha512.c | 4 ++-- 4 files changed, 21 insertions(+), 6 deletions(-) create mode 100644 ChangeLog.d/sha512-output-type.txt create mode 100644 docs/3.0-migration-guide.d/sha512-output-type.md diff --git a/ChangeLog.d/sha512-output-type.txt b/ChangeLog.d/sha512-output-type.txt new file mode 100644 index 000000000..e29557c9d --- /dev/null +++ b/ChangeLog.d/sha512-output-type.txt @@ -0,0 +1,5 @@ +API changes + * The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret + now has a pointer type rather than array type. This removes spurious + warnings in some compilers when outputting a SHA-384 hash into a + 48-byte buffer. diff --git a/docs/3.0-migration-guide.d/sha512-output-type.md b/docs/3.0-migration-guide.d/sha512-output-type.md new file mode 100644 index 000000000..5a7d2053c --- /dev/null +++ b/docs/3.0-migration-guide.d/sha512-output-type.md @@ -0,0 +1,8 @@ +SHA-512 output type change +-------------------------- + +The output parameter of `mbedtls_sha512_finish_ret()` and `mbedtls_sha512_ret()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer. + +This makes no difference to a vast majority of applications. If your code takes a pointer to one of these functions, you may need to change the type of the pointer. + +Alternative implementations of the SHA512 module must adjust their functions' prototype accordingly. diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 56cefe1bd..285227314 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -134,13 +134,14 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, * \param ctx The SHA-512 context. This must be initialized * and have a hash operation started. * \param output The SHA-384 or SHA-512 checksum result. - * This must be a writable buffer of length \c 64 Bytes. + * This must be a writable buffer of length \c 64 bytes + * for SHA-512, 48 bytes for SHA-384. * * \return \c 0 on success. * \return A negative error code on failure. */ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, - unsigned char output[64] ); + unsigned char *output ); /** * \brief This function processes a single data block within @@ -171,7 +172,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, * a readable buffer of length \p ilen Bytes. * \param ilen The length of the input data in Bytes. * \param output The SHA-384 or SHA-512 checksum result. - * This must be a writable buffer of length \c 64 Bytes. + * This must be a writable buffer of length \c 64 bytes + * for SHA-512, 48 bytes for SHA-384. * \param is384 Determines which function to use. This must be either * \c 0 for SHA-512, or \c 1 for SHA-384. * @@ -184,7 +186,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, */ int mbedtls_sha512_ret( const unsigned char *input, size_t ilen, - unsigned char output[64], + unsigned char *output, int is384 ); #if defined(MBEDTLS_SELF_TEST) diff --git a/library/sha512.c b/library/sha512.c index 75306298f..7d53731d0 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -380,7 +380,7 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, * SHA-512 final digest */ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, - unsigned char output[64] ) + unsigned char *output ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned used; @@ -453,7 +453,7 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, */ int mbedtls_sha512_ret( const unsigned char *input, size_t ilen, - unsigned char output[64], + unsigned char *output, int is384 ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From 3e3a6789d12571000df91f4e5ef3549a6cd5733c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 May 2021 00:26:17 +0200 Subject: [PATCH 07/17] Remove a kludge for the output size of mbedtls_sha512_finish_ret Remove a kludge to avoid a warning in GCC 11 when calling mbedtls_sha512_finish_ret with a 48-byte output buffer. This is correct since we're calculating SHA-384. When mbedtls_sha512_finish_ret's output parameter was declared as a 64-byte array, GCC 11 -Wstringop-overflow emitted a well-meaning, but inaccurate buffer overflow warning, which we tried to work around (successfully with beta releases but unsuccessfully with GCC 11.1.0 as released). Now that the output parameter is declared as a pointer, no workaround is necessary. Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bc2f269a9..bae9ed70c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2897,8 +2897,6 @@ static void ssl_calc_finished_tls_sha256( #if defined(MBEDTLS_SHA512_C) -typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*); - static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *ssl, unsigned char *buf, int from ) { @@ -2957,13 +2955,7 @@ static void ssl_calc_finished_tls_sha384( MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) sha512.state, sizeof( sha512.state ) ); #endif - /* - * For SHA-384, we can save 16 bytes by keeping padbuf 48 bytes long. - * However, to avoid stringop-overflow warning in gcc, we have to cast - * mbedtls_sha512_finish_ret(). - */ - finish_sha384_t finish = (finish_sha384_t)mbedtls_sha512_finish_ret; - finish( &sha512, padbuf ); + mbedtls_sha512_finish_ret( &sha512, padbuf ); mbedtls_sha512_free( &sha512 ); #endif From d7b3d9247602fe5d5015a759d4f3867f28ac22a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 May 2021 00:45:25 +0200 Subject: [PATCH 08/17] Change sha256 output type from an array to a pointer The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret now has a pointer type rather than array type. This removes spurious warnings in some compilers when outputting a SHA-224 hash into a 28-byte buffer. Signed-off-by: Gilles Peskine --- ChangeLog.d/sha512-output-type.txt | 9 +++++---- docs/3.0-migration-guide.d/sha512-output-type.md | 6 +++--- include/mbedtls/sha256.h | 12 +++++++----- library/sha256.c | 4 ++-- 4 files changed, 17 insertions(+), 14 deletions(-) diff --git a/ChangeLog.d/sha512-output-type.txt b/ChangeLog.d/sha512-output-type.txt index e29557c9d..eabc67df7 100644 --- a/ChangeLog.d/sha512-output-type.txt +++ b/ChangeLog.d/sha512-output-type.txt @@ -1,5 +1,6 @@ API changes - * The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret - now has a pointer type rather than array type. This removes spurious - warnings in some compilers when outputting a SHA-384 hash into a - 48-byte buffer. + * The output parameter of mbedtls_sha512_finish_ret, mbedtls_sha512_ret, + mbedtls_sha256_finish_ret and mbedtls_sha256_ret now has a pointer type + rather than array type. This removes spurious warnings in some compilers + when outputting a SHA-384 or SHA-224 hash into a buffer of exactly + the hash size. diff --git a/docs/3.0-migration-guide.d/sha512-output-type.md b/docs/3.0-migration-guide.d/sha512-output-type.md index 5a7d2053c..c62a88159 100644 --- a/docs/3.0-migration-guide.d/sha512-output-type.md +++ b/docs/3.0-migration-guide.d/sha512-output-type.md @@ -1,8 +1,8 @@ -SHA-512 output type change +SHA-512 and SHA-256 output type change -------------------------- -The output parameter of `mbedtls_sha512_finish_ret()` and `mbedtls_sha512_ret()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer. +The output parameter of `mbedtls_sha256_finish_ret()`, `mbedtls_sha256_ret()`, `mbedtls_sha512_finish_ret()`, `mbedtls_sha512_ret()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer or a SHA-224 hash into a 28-byte buffer. This makes no difference to a vast majority of applications. If your code takes a pointer to one of these functions, you may need to change the type of the pointer. -Alternative implementations of the SHA512 module must adjust their functions' prototype accordingly. +Alternative implementations of the SHA256 and SHA512 modules must adjust their functions' prototype accordingly. diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 9b8d91d1c..110086952 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -127,13 +127,14 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * \param ctx The SHA-256 context. This must be initialized * and have a hash operation started. * \param output The SHA-224 or SHA-256 checksum result. - * This must be a writable buffer of length \c 32 Bytes. + * This must be a writable buffer of length \c 32 bytes + * for SHA-256, 28 bytes for SHA-224. * * \return \c 0 on success. * \return A negative error code on failure. */ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, - unsigned char output[32] ); + unsigned char *output ); /** * \brief This function processes a single data block within @@ -163,14 +164,15 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \param input The buffer holding the data. This must be a readable * buffer of length \p ilen Bytes. * \param ilen The length of the input data in Bytes. - * \param output The SHA-224 or SHA-256 checksum result. This must - * be a writable buffer of length \c 32 Bytes. + * \param output The SHA-224 or SHA-256 checksum result. + * This must be a writable buffer of length \c 32 bytes + * for SHA-256, 28 bytes for SHA-224. * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. */ int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, - unsigned char output[32], + unsigned char *output, int is224 ); #if defined(MBEDTLS_SELF_TEST) diff --git a/library/sha256.c b/library/sha256.c index a94f325e8..36ab0c1aa 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -332,7 +332,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * SHA-256 final digest */ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, - unsigned char output[32] ) + unsigned char *output ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; @@ -401,7 +401,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, */ int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, - unsigned char output[32], + unsigned char *output, int is224 ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From 95f8f22c2701218c1d24ef568c8e1632f19dcd41 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 14 May 2021 14:07:51 +0200 Subject: [PATCH 09/17] Migration guide added and ChangeLog clarified Signed-off-by: TRodziewicz --- ChangeLog.d/issue4361.txt | 3 ++- .../remove_ssl_record_checking.md | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 docs/3.0-migration-guide.d/remove_ssl_record_checking.md diff --git a/ChangeLog.d/issue4361.txt b/ChangeLog.d/issue4361.txt index 670c8a658..f1dbb3f19 100644 --- a/ChangeLog.d/issue4361.txt +++ b/ChangeLog.d/issue4361.txt @@ -1,2 +1,3 @@ Removals - * Remove the MBEDTLS_SSL_RECORD_CHECKING option. Fixes #4361. + * Remove the MBEDTLS_SSL_RECORD_CHECKING option and enable by default its + previous action. Fixes #4361. diff --git a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md new file mode 100644 index 000000000..a1b8a5757 --- /dev/null +++ b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md @@ -0,0 +1,13 @@ +Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default +-------------------------------------------------------------------------- + +This change does not affects users who use the default config.h, as the +option MBEDTLS_SSL_RECORD_CHECKING was already on by default. + +This option was added only to controls compilation of one function +(mbedtls_ssl_check_record()) used in DTLS to check a buffer's validity and +authenticity. Switching it off poses a security risk. + +For users who changed the default setting of the option there is no real path +of migration. + From 1cf33bf94d173343da7e94a4ee56eb08c6e8f936 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 14 May 2021 14:35:26 +0200 Subject: [PATCH 10/17] Corrections o the migration guide Signed-off-by: TRodziewicz --- docs/3.0-migration-guide.d/remove_ssl_record_checking.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md index a1b8a5757..91f6f7e88 100644 --- a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md +++ b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md @@ -1,10 +1,10 @@ Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default -------------------------------------------------------------------------- -This change does not affects users who use the default config.h, as the +This change does not affect users who use the default config.h, as the option MBEDTLS_SSL_RECORD_CHECKING was already on by default. -This option was added only to controls compilation of one function +This option was added only to control compilation of one function (mbedtls_ssl_check_record()) used in DTLS to check a buffer's validity and authenticity. Switching it off poses a security risk. From 57d7ab72fb9952a86bf88c5730ac8ef0534a2e4f Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 17 May 2021 10:43:41 +0200 Subject: [PATCH 11/17] Correction to migration guide entry wording Signed-off-by: TRodziewicz --- .../remove_ssl_record_checking.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md index 91f6f7e88..203e74024 100644 --- a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md +++ b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md @@ -4,10 +4,10 @@ Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default This change does not affect users who use the default config.h, as the option MBEDTLS_SSL_RECORD_CHECKING was already on by default. -This option was added only to control compilation of one function -(mbedtls_ssl_check_record()) used in DTLS to check a buffer's validity and -authenticity. Switching it off poses a security risk. - -For users who changed the default setting of the option there is no real path -of migration. +This option was added only to control compilation of one function, +mbedtls_ssl_check_record(), which is only useful in some specific cases, so it +was made optional to allow users who don't need it to save some code space. +However, the same effect can be achieve by using link-time garbage collection. +Users who changed the default setting of the option need to change the config/ +build system to remove that change. \ No newline at end of file From e13a23b4394454943605ddeaeea892c420178290 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 17 May 2021 11:16:52 +0200 Subject: [PATCH 12/17] New line added at the end of the migration guide entry Signed-off-by: TRodziewicz --- docs/3.0-migration-guide.d/remove_ssl_record_checking.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md index 203e74024..7550f7b5a 100644 --- a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md +++ b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md @@ -10,4 +10,4 @@ was made optional to allow users who don't need it to save some code space. However, the same effect can be achieve by using link-time garbage collection. Users who changed the default setting of the option need to change the config/ -build system to remove that change. \ No newline at end of file +build system to remove that change. From 3eac6126505ad5a62a189961bdbb8fa4f3146c3f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 May 2021 22:16:26 +0200 Subject: [PATCH 13/17] Add changelog entry for #4510 Signed-off-by: Gilles Peskine --- ChangeLog.d/psa_sign_message.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/psa_sign_message.txt diff --git a/ChangeLog.d/psa_sign_message.txt b/ChangeLog.d/psa_sign_message.txt new file mode 100644 index 000000000..2d77ec054 --- /dev/null +++ b/ChangeLog.d/psa_sign_message.txt @@ -0,0 +1,2 @@ +Features + * Implement psa_sign_message() and psa_verify_message(). From ef80a9c5e0750be11155f976638368b7c55753da Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Tue, 18 May 2021 15:19:54 +0200 Subject: [PATCH 14/17] Add migration guide for removed null entropy config option Signed-off-by: Mateusz Starzyk --- docs/3.0-migration-guide.d/remove-null-entropy.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 docs/3.0-migration-guide.d/remove-null-entropy.md diff --git a/docs/3.0-migration-guide.d/remove-null-entropy.md b/docs/3.0-migration-guide.d/remove-null-entropy.md new file mode 100644 index 000000000..d6c39057f --- /dev/null +++ b/docs/3.0-migration-guide.d/remove-null-entropy.md @@ -0,0 +1,9 @@ +Remove the option to build the library without any entropy sources +------------------------------------------------------------------ + +This does not affect users who use the default `config.h`, as this option was +already off by default. + +If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option, you can either use +`MBEDTLS_ENTROPY_NV_SEED` or create a fake entropy function. + From c1ae30a05e124569ce59c2dde60e71b3a8a3ce95 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 18 May 2021 18:59:37 +0100 Subject: [PATCH 15/17] Fix docs for mbedtls_padlock_has_support Fix a slight inaccuracy in the docs for the return value of mbedtls_padlock_has_support. Signed-off-by: Dave Rodgman --- library/padlock.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/padlock.h b/library/padlock.h index 78dbeb60d..4f4e40034 100644 --- a/library/padlock.h +++ b/library/padlock.h @@ -71,7 +71,7 @@ extern "C" { * * \param feature The feature to detect * - * \return 1 if CPU has support for the feature, 0 otherwise + * \return non-zero if CPU has support for the feature, 0 otherwise */ int mbedtls_padlock_has_support( int feature ); From 96d6e087175e650c90e93a2d686fbca1e4ec1194 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 May 2021 20:06:04 +0200 Subject: [PATCH 16/17] Make the formatting of numbers consistent Signed-off-by: Gilles Peskine --- include/mbedtls/sha256.h | 4 ++-- include/mbedtls/sha512.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 110086952..22c2c7d7e 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -128,7 +128,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * and have a hash operation started. * \param output The SHA-224 or SHA-256 checksum result. * This must be a writable buffer of length \c 32 bytes - * for SHA-256, 28 bytes for SHA-224. + * for SHA-256, \c 28 bytes for SHA-224. * * \return \c 0 on success. * \return A negative error code on failure. @@ -166,7 +166,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \param ilen The length of the input data in Bytes. * \param output The SHA-224 or SHA-256 checksum result. * This must be a writable buffer of length \c 32 bytes - * for SHA-256, 28 bytes for SHA-224. + * for SHA-256, \c 28 bytes for SHA-224. * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. */ diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 285227314..ef1fa2223 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -135,7 +135,7 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, * and have a hash operation started. * \param output The SHA-384 or SHA-512 checksum result. * This must be a writable buffer of length \c 64 bytes - * for SHA-512, 48 bytes for SHA-384. + * for SHA-512, \c 48 bytes for SHA-384. * * \return \c 0 on success. * \return A negative error code on failure. @@ -173,7 +173,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, * \param ilen The length of the input data in Bytes. * \param output The SHA-384 or SHA-512 checksum result. * This must be a writable buffer of length \c 64 bytes - * for SHA-512, 48 bytes for SHA-384. + * for SHA-512, \c 48 bytes for SHA-384. * \param is384 Determines which function to use. This must be either * \c 0 for SHA-512, or \c 1 for SHA-384. * From 2396b21f8015e58bfb9ef35f6a5da69eb46ab3bf Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Wed, 19 May 2021 16:35:51 +0200 Subject: [PATCH 17/17] Provide more in-depth migration guide after removal of null entropy. Signed-off-by: Mateusz Starzyk --- docs/3.0-migration-guide.d/remove-null-entropy.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove-null-entropy.md b/docs/3.0-migration-guide.d/remove-null-entropy.md index d6c39057f..50e024a2a 100644 --- a/docs/3.0-migration-guide.d/remove-null-entropy.md +++ b/docs/3.0-migration-guide.d/remove-null-entropy.md @@ -4,6 +4,8 @@ Remove the option to build the library without any entropy sources This does not affect users who use the default `config.h`, as this option was already off by default. -If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option, you can either use -`MBEDTLS_ENTROPY_NV_SEED` or create a fake entropy function. - +If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option and your platform +doesn't have any entropy source, you should use `MBEDTLS_ENTROPY_NV_SEED` +and make sure your device is provisioned with a strong random seed. +Alternatively, for testing purposes only, you can create and register a fake +entropy function.