Commit graph

2818 commits

Author SHA1 Message Date
Janos Follath 15e860c639 Merge branch 'mbedtls-2.16-restricted' into mbedtls-2.16.9r0-pr 2020-12-08 21:00:17 +00:00
Paul Elliott 319b5939dd Remove Extraneous bytes from buffer post pem write
In order to remove large buffers from the stack, the der data is written
into the same buffer that the pem is eventually written into, however
although the pem data is zero terminated, there is now data left in the
buffer after the zero termination, which can cause
mbedtls_x509_crt_parse to fail to parse the same buffer if passed back
in. Patches also applied to mbedtls_pk_write_pubkey_pem, and
mbedtls_pk_write_key_pem, which use similar methods of writing der data
to the same buffer, and tests modified to hopefully catch any future
regression on this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-12-07 16:47:02 +00:00
Ronald Cron 3f35b87db9
Merge pull request #3938 from geecrypt/mbedtls-2.16
Backport to Mbedtls 2.16:  Support set *_drbg reseed interval before seed
2020-12-07 14:30:13 +01:00
Gilles Peskine 8ed9ac85e5
Merge pull request #3513 from gilles-peskine-arm/ecp-bignum-error-checks-2.16
Backport 2.16: add missing some error checks in ECP and bignum
2020-12-07 13:06:42 +01:00
Janos Follath bcfa41753d
Merge pull request #782 from chris-jones-arm/mbedtls-2.16-restricted
[Backport 2.16] Fix Diffie-Hellman large key size DoS
2020-12-07 09:27:55 +00:00
Gavin Acquroff 77cb30c3cb Support set *_drbg reseed interval before seed
mbedtls_ctr_drbg_set_reseed_interval() and
mbedtls_hmac_drbg_set_reseed_interval() can now be called before
their seed functions and the reseed_interval value will persist.
Previously it would be overwritten with the default value.

*_drbg_reseed_interval is now set in init() and free().

mbedtls_ctr_drbg_free() and mbedtls_hmac_drbg_free() now
reset the drbg context to the state immediately after init().

Tests:
- Added test to check that DRBG reseeds when reseed_counter
reaches reseed_interval, if reseed_interval set before seed
and reseed_interval is less than MBEDTLS_*_DRBG_RESEED_INTERVAL.

Signed-off-by: gacquroff <gavina352@gmail.com>
2020-12-03 13:30:36 -08:00
Chris Jones 5dd1e266e1 Fix exponentiation tests with MBEDTLS_MPI_MAX_BITS larger than 256
Fixes an issue where configs that had `MBEDTLS_MPI_MAX_BITS` greater than 256
but smaller than the test that was running (792 bits) the test would fail
incorrectly.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 17:56:21 +00:00
Chris Jones 74b7ee4f12 Fix test_suite_dhm build
Fix build as the name of the random function changed from development to 2.7.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 17:55:59 +00:00
Chris Jones 49e6e9d410 Move dependancy to specific test cases
Move dependancy on `MBEDTLS_MPI_MAX_BITS` to apply to the specific test cases
which will break when `MBEDTLS_MPI_MAX_BITS` is too small. This re-enables
previous tests that were turned off accidentally.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:11:20 +00:00
Chris Jones ce6fa8f411 Fix broken testing on numbers that may be greater than MPI_MAX_SIZE
Previously `mbedtls_mpi_exp_mod` was tested with values that were over
`MBEDTLS_MPI_MAX_SIZE` in size. This is useful to do as some paths are only
taken when the exponent is large enough however, on builds where
`MBEDTLS_MPI_MAX_SIZE` is under the size of these test values.

This fix turns off these tests when `MBEDTLS_MPI_MAX_SIZE` is too small to
safely test (notably this is the case in config-thread.h).

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones 877329af75 Fix cases where exponentiation was not fully tested
In two test cases, the exponentiation computation was not being fully tested
as when A_bytes (the base) == N_bytes (the modulus) -> A = N. When this is the
case A is reduced to 0 and therefore the result of the computation will always
be 0.

This fixes that issue and therefore increases the test coverage to ensure
different computations are actually being run.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones a18813ea1c Reword test cases
Reword test cases to be easier to read and understand.
Adds comments to better explain what the test is doing.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones 4a0ccb6862 Extend exponentiation test coverage
Add two further boundary tests for cases where both the exponent and modulus to
`mbedtls_mpi_exp_mod()` are `MBEDTLS_MPI_MAX_SIZE`, or longer, bytes long.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones 415c7be0aa Test that overly large Diffie-Hellman keys are rejected
Adds test cases to ensure that `mbedtls_mpi_exp_mod` will return an error with
an exponent or modulus that is greater than `MBEDTLS_MPI_MAX_SIZE` in size.

Adds test cases to ensure that Diffie-Hellman will fail to make a key pair
(using `mbedtls_dhm_make_public`) when the prime modulus is greater than
`MBEDTLS_MPI_MAX_SIZE` in size.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones 63d19c0586 Test that overly large Diffie-Hellman keys are rejected
Add a test case to ensure `mbedtls_mpi_exp_mod` fails when using a key size
larger than MBEDTLS_MPI_MAX_SIZE.
Add a test case to ensure that Diffie-Hellman operations fail when using a key
size larger than MBEDTLS_MPI_MAX_SIZE.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:33 +00:00
Paul Elliott 027b601690 Add tag check to cert algorithm check
Add missing tag check for algorithm parameters when comparing the
signature in the description part of the cert against the actual
signature whilst loading a certificate. This was found by a
certificate (created by fuzzing) that openssl would not verify, but
mbedtls would.

Regression test added (one of the client certs modified accordingly)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-12-02 11:03:58 +00:00
Gilles Peskine e98bbbeb06
Merge pull request #3925 from rodrigo-dc/mbedtls-2.16
Backport 2.16: Fix build failure on gcc-11
2020-12-01 13:26:23 +01:00
Rodrigo Dias Correa d552630f33 Fix GCC warning about test_snprintf
GCC 11 generated the warnings because the parameter `ret_buf`
was declared as `const char[10]`, but some of the arguments
provided in `run_test_snprintf` are shorter literals, like "".

Now the type of `ret_buf` is `const char *`.
Both implementations of `test_snprintf` were fixed.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-28 14:04:49 -03:00
Gilles Peskine 2f78062e75 Test mbedtls_mpi_fill_random
Positive tests: test that the RNG has the expected size, given that we
know how many leading zeros it has because we know how the function
consumes bytes and when the test RNG produces null bytes.

Negative tests: test that if the RNG is willing to emit less than the
number of wanted bytes, the function fails.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-25 16:18:39 +01:00
Gilles Peskine 8ffc158c36 Add a build with MBEDTLS_ERROR_STRERROR_DUMMY
Add a build with MBEDTLS_ERROR_STRERROR_DUMMY but not MBEDTLS_ERROR_C.
Previously, both options were enabled by default, but
MBEDTLS_ERROR_STRERROR_DUMMY only matters when MBEDTLS_ERROR_C is
enabled, so its effect was not tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 13:09:41 +01:00
Gilles Peskine 43f2f4eeed Add missing config from test-ref-configs.pl
The sample configuration file config-no-entropy.h was not being tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 13:07:58 +01:00
Gilles Peskine 0ac6e0a8dc Sort entries to make it easier to eyeball the list
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 13:07:58 +01:00
Gilles Peskine a3e57531d1
Merge pull request #3602 from gufe44/arc4random_buf-implicit-2.16
[Backport 2.16] NetBSD/OpenBSD symbol availability fix
2020-11-12 12:12:45 +01:00
Ronald Cron 0df9c529a9
Merge pull request #3828 from gilles-peskine-arm/ssl-opt-gnutls-printf-2.16
Backport 2.16: Fix printf escape errors in shell scripts
2020-11-04 17:52:08 +01:00
Gilles Peskine ffdcadf084 Fix printf escape errors in shell scripts
Fix `printf "$foo"` which treats the value of `foo` as a printf format
rather than a string.

I used the following command to find potentially problematic lines:
```
git ls-files '*.sh' | xargs egrep 'printf +("?[^"]*|[^ ]*)\$'
```
The remaining ones are false positives for this regexp.

The errors only had minor consequences: the output of `ssl-opt.sh`
contained lines like
```
Renegotiation: gnutls server strict, client-initiated .................. ./tests/ssl-opt.sh: 741: printf: %S: invalid directive
PASS
```
and in case of failure the GnuTLS command containing a substring like
`--priority=NORMAL:%SAFE_RENEGOTIATION` was not included in the log
file. With the current tests, there was no risk of a test failure
going undetected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-27 23:41:28 +01:00
Gilles Peskine 663d0993ec ssl-opt.sh --help: don't show regexps for -f and -e
Showing a regexp to say that by default all tests are executed is not
particularly helpful.

If we ever add a default exclusion list or a default filter, we can
edit the documentation again.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-27 23:41:02 +01:00
Ronald Cron fbd0110dbd
Merge pull request #3746 from gilles-peskine-arm/verbosify-cmake-tests-2.16
Backport 2.16: all.sh: Enable verbose failure messages for CMake
2020-10-22 08:48:17 +02:00
Ronald Cron b74e0d0bc5
Merge pull request #3596 from gilles-peskine-arm/cert-gen-cleanup-202008-2.16
Backport 2.16: Minor cleanups in certificate generation
2020-10-15 13:33:12 +02:00
Gilles Peskine e944cac87a
Merge pull request #3529 from ronald-cron-arm/common-mbedtls_param_failed-2.16
[Backport 2.16] Backport clean-up in tests done in #3474
2020-10-06 22:15:47 +02:00
Jaeden Amero bd1b89a354 all.sh: Enable verbose failure messages for CMake
Set the CMake-observed variable `CTEST_OUTPUT_ON_FAILURE`, so that when
a "make test" run by CMake fails, verbose test output about the detail
of failure is available.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-06 12:39:34 +02:00
Gilles Peskine e39d14b142 Fix "make -C tests/data_files -f ..."
The toplevel directory is actually just ../..: the makefile commands
are executed in the subdirectory. $(PWD) earlier was wrong because it
comes from the shell, not from make. Looking up $(MAKEFILE_LIST) is
wrong because it indicates where the makefile is (make -f), not which
directory to work in (make -C).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-24 16:45:45 +02:00
gufe44 87d7936d40 Make arc4random_buf declaration available on NetBSD
Signed-off-by: gufe44 <gu981@protonmail.com>
2020-09-09 12:04:18 +02:00
Gilles Peskine ad5c5a2763
Merge pull request #3626 from gilles-peskine-arm/test-fail-report-first-2.16
Backport 2.16: Report the first unit test failure, not the last one
2020-09-05 11:16:02 +02:00
Gilles Peskine 319ecf3192 Initialize ret from test code
The test function mbedtls_mpi_lt_mpi_ct did not initialize ret in test
code. If there was a bug in library code whereby the library function
mbedtls_mpi_lt_mpi_ct() did not set ret when it should, we might have
missed it if ret happened to contain the expected value. So initialize
ret to a value that we never expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 15:33:11 +02:00
Gilles Peskine dfb5cff2f5 Report the first failure, not the last one
If test_fail is called multiple times in the same test case, report
the location of the first failure, not the last one.

With this change, you no longer need to take care in tests that use
auxiliary functions not to fail in the main function if the auxiliary
function has failed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-31 10:11:47 +02:00
Janos Follath 1bfb580f8c Bump version to Mbed TLS 2.16.8
Executed "./scripts/bump_version.sh --version 2.16.8"

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 15:26:49 +01:00
Janos Follath 36169d479f Merge branch 'mbedtls-2.16-restricted' 2020-08-26 14:16:04 +01:00
Raoul Strackx 75475d8465 Always revoke certificate on CRL
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-08-26 11:42:52 +02:00
Manuel Pégourié-Gonnard f08284769d Add an option to test constant-flow with valgrind
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:26:37 +02:00
Manuel Pégourié-Gonnard 590b2d9614 Add mbedtls_ssl_cf_memcpy_offset() with tests
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296

The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 11:18:11 +02:00
Manuel Pégourié-Gonnard f0b469e42b Merge branch 'mbedtls-2.16' into mbedtls-2.16-restricted
* mbedtls-2.16: (32 commits)
  A different approach of signed-to-unsigned comparison
  Fix bug in redirection of unit test outputs
  Don't forget to free G, P, Q, ctr_drbg, and entropy
  Backport e2k support to mbedtls-2.7
  compat.sh: stop using allow_sha1
  compat.sh: quit using SHA-1 certificates
  compat.sh: enable CBC-SHA-2 suites for GnuTLS
  Fix license header in pre-commit hook
  Update copyright notices to use Linux Foundation guidance
  Fix building on NetBSD 9.0
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ssl-opt.sh: remove old buildbot-specific condition
  ssl-opt.sh: add proxy to all DTLS tests
  Log change as bugfix
  Add changelog entry
  ...
2020-08-25 10:58:15 +02:00
Gilles Peskine 14cb46de24
Merge pull request #3598 from makise-homura/mbedtls-2.16
Backport 2.16: Support building on e2k (Elbrus) architecture
2020-08-25 09:46:39 +02:00
Gilles Peskine d69edda8de
Merge pull request #3601 from gufe44/helpers-redirect-restore-output-2.16
[Backport 2.16] Fix bug in redirection of unit test outputs
2020-08-24 10:45:11 +02:00
gufe44 650ce76544 Fix bug in redirection of unit test outputs
Avoid replacing handle. stdout is defined as a macro on several platforms.

Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-23 22:38:51 +02:00
makise-homura 50f6a192b5 Backport e2k support to mbedtls-2.7
Covers commits ac2fd65, 0be6aa9, e74f372, e559550
from `development` branch

Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-23 00:39:15 +03:00
Gilles Peskine e6e812a712 Commit the intermediate files cert_md*.csr
They are used to generate cert_md*.crt.

Regenerate cert_md5.crt which had previously been generated for a
different key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 20:35:55 +02:00
Gilles Peskine 6b739bb138 Fix "make -C tests/data_files"
It wasn't working when invoking programs/x509/cert_write or
programs/x509/cert_req due to relying on the current directory rather
than the location of the makefile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 19:54:18 +02:00
Manuel Pégourié-Gonnard 300e1b3a6f compat.sh: stop using allow_sha1
After the changes of certificates, it's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:17 +02:00
Manuel Pégourié-Gonnard 91615cf7ff compat.sh: quit using SHA-1 certificates
Replace server2.crt with server2-sha256.crt which, as the name implies, is
just the SHA-256 version of the same certificate.

Replace server1.crt with cert_sha256.crt which, as the name doesn't imply, is
associated with the same key and just have a slightly different Subject Name,
which doesn't matter in this instance.

The other certificates used in this script (server5.crt and server6.crt) are
already signed with SHA-256.

This change is motivated by the fact that recent versions of GnuTLS (or older
versions with the Debian patches) reject SHA-1 in certificates by default, as
they should. There are options to still accept it (%VERIFY_ALLOW_BROKEN and
%VERIFY_ALLOW_SIGN_WITH_SHA1) but:

- they're not available in all versions that reject SHA-1-signed certs;
- moving to SHA-2 just seems cleaner anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:17 +02:00
Manuel Pégourié-Gonnard 0e7bdd1340 compat.sh: enable CBC-SHA-2 suites for GnuTLS
Recent GnuTLS packages on Ubuntu 16.04 have them disabled.

From /usr/share/doc/libgnutls30/changelog.Debian.gz:

gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Lucky-13 issues
    [...]
    - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
      ciphersuites were removed from defaults in lib/gnutls_priority.c,
      tests/priorities.c.

Since we do want to test the ciphersuites, explicitly re-enable them in the
server's priority string. (This is a no-op with versions of GnuTLS where those
are already enabled by default.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:16 +02:00