From 21bfbdd703e82c8836bc4aa52845c0c43a2e1f38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 May 2021 12:28:08 +0200 Subject: [PATCH 1/3] Fix misuse of MD API in SSL constant-flow HMAC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The sequence of calls starts-update-starts-update-finish is not a guaranteed valid way to abort an operation and start a new one. Our software implementation just happens to support it, but alt implementations may very well not support it. Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/fix-ssl-cf-hmac-alt.txt | 5 +++++ library/ssl_msg.c | 3 +++ 2 files changed, 8 insertions(+) create mode 100644 ChangeLog.d/fix-ssl-cf-hmac-alt.txt diff --git a/ChangeLog.d/fix-ssl-cf-hmac-alt.txt b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt new file mode 100644 index 0000000000..57ffa02e2a --- /dev/null +++ b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites + (when the encrypt-then-MAC extension is not in use) with some ALT + implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing + the affected side to wrongly reject valid messages. Fixes #4118. diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 54a7be011a..1352b4943e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1241,6 +1241,9 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac( MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) ); } + /* The context needs to finish() before it starts() again */ + MD_CHK( mbedtls_md_finish( ctx, aux_out ) ); + /* Now compute HASH(okey + inner_hash) */ MD_CHK( mbedtls_md_starts( ctx ) ); MD_CHK( mbedtls_md_update( ctx, okey, block_size ) ); From 128c94dd87320d9bd70a153b700c5085f3ae609a Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 8 Jun 2021 18:31:27 +0100 Subject: [PATCH 2/3] config: Allow Mbed to implement TIMING_C Mbed OS now provides POSIX-like time functions, although not alarm() nor signal(). It is possible to implement MBEDTLS_TIMING_ALT on Mbed OS, so we should not artificially prevent this in check-config. Remove the the check that prevents implementing MBEDTLS_TIMING_ALT on Mbed OS. Note that this limitation originally was added in the following commit, although there isn't much context around why the restriction was imposed: 63e7ebaaa184 ("Add material for generating yotta module"). In 2015, Mbed OS was quite a different thing: no RTOS, no threads, just an asynchronous event loop model. I'd suppose the asynchronous event loop model made it difficult before to implement MBEDTLS_TIMING_C on Mbed OS, but that is no longer the case. Fixes #4633 Signed-off-by: Jaeden Amero --- ChangeLog.d/mbed-can-do-timing.txt | 3 +++ include/mbedtls/check_config.h | 5 ++--- 2 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/mbed-can-do-timing.txt diff --git a/ChangeLog.d/mbed-can-do-timing.txt b/ChangeLog.d/mbed-can-do-timing.txt new file mode 100644 index 0000000000..d83da02432 --- /dev/null +++ b/ChangeLog.d/mbed-can-do-timing.txt @@ -0,0 +1,3 @@ +Bugfix + * Remove outdated check-config.h check that prevented implementing the + timing module on Mbed OS. Fixes #4633. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index a6545ab5bd..ce25bd0f91 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -55,9 +55,8 @@ #endif #endif /* _WIN32 */ -#if defined(TARGET_LIKE_MBED) && \ - ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) ) -#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS" +#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C) +#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS" #endif #if defined(MBEDTLS_DEPRECATED_WARNING) && \ From fcf958afc7325eb293c2656c46b8028831eb218e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 10 Jun 2021 15:47:18 +0100 Subject: [PATCH 3/3] Disable OS X builds on Travis Signed-off-by: Dave Rodgman --- .travis.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9b729ec071..92090fb092 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,12 +28,6 @@ jobs: script: - tests/scripts/all.sh -k test_full_cmake_gcc_asan - - name: macOS - os: osx - compiler: clang - script: - - tests/scripts/all.sh -k test_default_out_of_box - - name: Windows os: windows before_install: