Commit graph

2110 commits

Author SHA1 Message Date
Gilles Peskine f1709bb4ad Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix
This is supposed to be for GCC (or a compiler with a compatible
command line interface) targeting arm-none-eabi, so name it
accordingly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:31:03 +02:00
Gilles Peskine adaaddbe3b all.sh: reorganize testing around deprecated features
build_deprecated combined the testing of deprecated features, and
testing of the build without deprecated features. Also, it violated the
component naming convention by being called build_xxx but running tests.

Replace it by:
* test_default_no_deprecated: check that you can remove deprecated
  features from the default build.
* test_full_deprecated_warning: check that enabling DEPRECATED_WARNING
  doesn't cause any warning from our own code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:47:37 +02:00
Gilles Peskine 2717eaf1e0 Fix build failure with MBEDTLS_PLATFORM_NV_SEED_ALT
An earlier botched backport (d56ca658ab)
had the wrong name for a variable and a missing header inclusion.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 13:21:27 +02:00
Gilles Peskine a21c5e9988 Document and fix the MBEDTLS_xxx_ALT logic for the full config
The intended logic around MBEDTLS_xxx_ALT is to exclude them from full
because they require the alternative implementation of one or more
library functions, except that MBEDTLS_PLATFORM_xxx_ALT are different:
they're alternative implementations of a platform function and they
have a built-in default, so they should be included in full. Document
this.

Fix a bug whereby MBEDTLS_PLATFORM_xxx_ALT didn't catch symbols where
xxx contains an underscore. As a consequence, MBEDTLS_PLATFORM_NV_SEED_ALT
is now enabled in the full config. Explicitly exclude
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT because it behaves like the
non-platform ones, requiring an extra build-time dependency.
Explicitly exclude MBEDTLS_PLATFORM_NV_SEED_ALT from baremetal
because it requires MBEDTLS_ENTROPY_NV_SEED, and likewise explicitly
unset it from builds that unset MBEDTLS_ENTROPY_NV_SEED.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 09:16:36 +02:00
Gilles Peskine 86e5816dda check-files: support Windows .bat files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:27:39 +02:00
Gilles Peskine cd7b0422ef all.sh: make the arm-gcc cross-compiler prefix configurable
Make it possible to use a compiler that isn't in $PATH, or that's
installed with a different name, or even a compiler for a different
target such as arm-linux-gnueabi.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:24:40 +02:00
Gilles Peskine bfda033f3d all.sh: run selftest in the full config and with ASan
Almost everything the selftest program does is in the test suites. But
just in case run the selftest program itself once in the full
configuration, and once in the default configuration with ASan, in
addition to running it out of box.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:23:11 +02:00
Gilles Peskine 5d32e64ad0
Merge pull request #3170 from gilles-peskine-arm/check-windows-files-2.7
Backport 2.7: Check Windows files for sanity as well
2020-04-20 13:59:22 +02:00
Gilles Peskine bc8c513ecb
Merge pull request #3185 from gilles-peskine-arm/pylint-up-to-2.4-2.7
Backport 2.7: Pass Pylint up to 2.4
2020-04-20 09:47:54 +02:00
Jaeden Amero 8aaf2c5861
Merge pull request #3196 from piotr-now/max_pathlen_overflow_mbedtls-2.7
Backport 2.7: Guard from undefined behaviour in case of an INT_MAX max_pathlen
2020-04-17 14:24:45 +01:00
Andrzej Kurek 3fd9297658 Guard from undefined behaviour in case of an INT_MAX max_pathlen
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-17 11:30:21 +02:00
Gilles Peskine e61988a766
Merge pull request #3165 from ronald-cron-arm/unmet-dependencies-buffer-overflow-fix-2.7
[backport 2.7] Unmet dependencies buffer overflow fix
2020-04-17 10:08:18 +02:00
Gilles Peskine b5847d20d3 Pylint: abide by useless-object-inheritance warnings
Inheriting from object is a remainder of Python 2 habits and is just
clutter in Python 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 21:08:26 +02:00
Gilles Peskine 558e26dbda Document more methods in Python scripts
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 21:07:43 +02:00
Janos Follath b4b458fe01 Bump version to Mbed TLS 2.7.15
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-08 17:22:51 +01:00
Gilles Peskine 70ef5c6c9a In Windows files, detect CR without LF as well as LF without CR
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:06 +02:00
Gilles Peskine 783da6345e Check that Windows files have Windows line endings
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:04 +02:00
Gilles Peskine 227dfd435e Also check Windows files
Check Windows files for some issues, including permissions. Omit the
checks related to special characters (whitespace, line endings,
encoding) as appropriate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:03 +02:00
Gilles Peskine 318f15ef92 Sort the list for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:02 +02:00
Gilles Peskine c7153226f6 List each item on a separate line for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:00 +02:00
Gilles Peskine c251e0d75a Clarify confusion between file names and suffixes of file names
To test a file name exactly, prepend a / to the base name.

files_to_check actually checks suffixes, not file names, so rename it
to extensions_to_check.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:38:58 +02:00
Ronald Cron 75d26b5d17 unit tests: Indicate missing unmet dependencies
The identifiers of the unmet dependencies of a test case are
stored in a buffer of fixed size that can be potentially too
small to store all the unmet dependencies. Indicate in test
report if some unmet dependencies are missing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:26 +02:00
Ronald Cron 1d3eab684c unit tests: Fix potential buffer overflow
Fix potential buffer overflow when tracking the unmet dependencies
of a test case. The identifiers of unmet dependencies are stored
in an array of fixed size. Ensure that we don't overrun the array.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:26 +02:00
Ronald Cron 59f2139df0 Prefer unsigned types for non-negative numbers
Use size_t for some variables that are array indices.
Use unsigned for some variables that are counts of "small" things.

This is a backport of commit 3c1c8ea3e7.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:18 +02:00
Ronald Cron eb5d0e9f4f unit tests: Backport ARRAY_LENGTH macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 10:34:54 +02:00
Gilles Peskine 29b7b9585b
Merge pull request #3145 from mpg/fix-reconnect-2.7
[backport 2.7] Fix issues in handling of client reconnecting from the same port
2020-04-02 19:21:22 +02:00
Gilles Peskine 67665509ab Note that unmet_dependencies is only filled in verbose mode
Warn about a gotcha that caused a bug in development.

Ensure that it's at least zeroed out, rather than uninitialized, in
non-verbose mode.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-01 09:59:54 +02:00
Manuel Pégourié-Gonnard b1ee30bfe9 Adjust timeout of tests with "no resend" assertions
There are currently 4 tests in ssl-opt.sh with either -C "resend" or -S
"resend", that is, asserting that no retransmission will occur. They sometimes
fail on loaded CI machines as one side doesn't send a message fast enough,
causing the other side to retransmit, causing the test to fail.

(For the "reconnect" test there was an other issue causing random failures,
fixed in a previous commit, but even after that fix the test would still
sometimes randomly fail, even if much more rarely.)

While it's a hard problem to fix in a general and perfect way, in practice the
probability of failures can be drastically reduced by making the timeout
values much larger.

For some tests, where retransmissions are actually expected, this would have
the negative effect of increasing the average running time of the test, as
each side would wait for longer before it starts retransmission, so we have a
trade-off between average running time and probability of spurious failures.

But for tests where retransmission is not expected, there is no such trade-off
as the expected running time of the test (assuming the code is correct most of
the time) is not impacted by the timeout value. So the only negative effect of
increasing the timeout value is on the worst-case running time on the test,
which is much less important, as test should only fail quite rarely.

This commit addresses the easy case of tests that don't expect retransmission
by increasing the value of their timeout range to 10s-20s. This value
corresponds to the value used for tests that assert `-S "autoreduction"` which
are in the same case and where the current value seems acceptable so far.

It also represents an increase, compared to the values before this commit, of
a factor 20 for the "reconnect" tests which were frequently observed to fail
in the CI, and of a factor 10 for the first two "DTLS proxy" tests, which were
observed to fail much less frequently, so hopefully the new values are enough
to reduce the probability of spurious failures to an acceptable level.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 09:57:45 +02:00
Manuel Pégourié-Gonnard a58b04649b Add negative test for hard reconnect cookie check
The server must check client reachability (we chose to do that by checking a
cookie) before destroying the existing association (RFC 6347 section 4.2.8).
Let's make sure we do, by having a proxy-in-the-middle inject a ClientHello -
the server should notice, but not destroy the connection.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 09:57:45 +02:00
Manuel Pégourié-Gonnard d6e4454de8 Improve some test names in ssl-opt.sh
- "Default" should only be used for tests that actually use the defaults (ie,
  not passing options on the command line, except maybe debug/dtls)
- All tests in the "Encrypt then MAC" group should start with that string as a
  common prefix

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-24 10:58:20 +01:00
Manuel Pégourié-Gonnard eb22ad2ddc
Merge pull request #2440 from andresag01/mbedtls-2.7-iotssl-2544-deprecate-record-accel
Backport 2.7: Fix compilation failure when MBEDTLS_SSL_HW_RECORD_ACCEL is enabled
2020-03-16 10:37:32 +01:00
Manuel Pégourié-Gonnard aa719e78ce Align some timeouts with the 2.16 branch in ssl-opt.sh
This commit only addresses the timeouts in the "DTLS proxy: 3d, ..." tests.
The discrepancy with the 2.16 branch became apparent for some of these tests
when backporting the previous commit (skip_close_nofity), so let's align the
whole series for consistency and to make future backporting easier.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-03 10:15:50 +01:00
Manuel Pégourié-Gonnard 5e261e958c Fix possible close_notify/ClientHello confusion
The ssl-opt.sh test cases using session resumption tend to fail occasionally
on the CI due to a race condition in how ssl_server2 and ssl_client2 handle
the reconnection cycle.

The server does the following in order:
- S1 send application data
- S2 send a close_notify alert
- S3 close the client socket
- S4 wait for a "new connection" (actually a new datagram)
- S5 start a handshake

The client does the following in order:
- C1 wait for and read application data from the server
- C2 send a close_notify alert
- C3 close the server socket
- C4 reset session data and re-open a server socket
- C5 start a handshake

If the client has been able to send the close_notify (C2) and if has been
delivered to the server before if closes the client socket (S3), when the
server reaches S4, the datagram that we start the new connection will be the
ClientHello and everything will be fine.

However if S3 wins the race and happens before the close_notify is delivered,
in S4 the close_notify is what will be seen as the first datagram in a new
connection, and then in S5 this will rightfully be rejected as not being a
valid ClientHello and the server will close the connection (and go wait for
another one). The client will then fail to read from the socket and exit
non-zero and the ssl-opt.sh harness will correctly report this as a failure.

In order to avoid this race condition in test using ssl_client2 and
ssl_server2, this commits introduces a new command-line option
skip_close_notify to ssl_client2 and uses it in all ssl-opt.sh tests that use
session resumption with DTLS and ssl_server2.

This works because ssl_server2 knows how many messages it expects in each
direction and in what order, and closes the connection after that rather than
relying on close_notify (which is also why there was a race in the first
place).

Tests that use another server (in practice there are two of them, using
OpenSSL as a server) wouldn't work with skip_close_notify, as the server won't
close the connection until the client sends a close_notify, but for the same
reason they don't need it (there is no race between receiving close_notify and
closing as the former is the cause of the later).

An alternative approach would be to make ssl_server2 keep the connection open
until it receives a close_notify. Unfortunately it creates problems for tests
where we simulate a lossy network, as the close_notify could be lost (and the
client can't retransmit it). We could modify udp_proxy with an option to never
drop alert messages, but when TLS 1.3 comes that would no longer work as the
type of messages will be encrypted.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-03 10:15:26 +01:00
Andres Amaya Garcia bb13e3b8e4 Add test for MBEDTLS_SSL_HW_RECORD_ACCEL in all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 10:26:02 +01:00
Janos Follath 0f22670243 Bump version to Mbed TLS 2.7.14 2020-02-19 12:08:10 +00:00
Manuel Pégourié-Gonnard 9c16ede466 Check for buffer overflow in test function 2020-02-19 09:45:02 +01:00
Manuel Pégourié-Gonnard 355bbc0e70 Test each failure mode of pk_parse_key_pkcs1_der()
(Only the top-level ones, ie, for each call to eg asn1_get_mpi(), ensure
there's at least one test case that makes this call fail in one way, but don't
test the various ways to make asn1_get_mpi fail - that should be covered
elsewhere.)

- the new checks added by the previous commits needed exercising
- existing tests sometimes had wrong descriptions or where passing for the
  wrong reason (eg with the "length mismatch" test, the function actually
failed before reaching the length check)
- while at it, add tests for the rest as well

The valid minimal-size key was generated with:

openssl genrsa 128 2>/dev/null | openssl rsa -outform der 2>/dev/null | xxd -p
2020-02-18 11:27:08 +01:00
Manuel Pégourié-Gonnard bfd0259d26 Clean up test function pk_parse_key
- remove incorrect compile-time dependency (the individual cases already have
  correct run-time dependency information)
- remove unused argument
- remove unused stack buffer
- remove useless code block
2020-02-18 11:27:08 +01:00
Manuel Pégourié-Gonnard 37d0dfc0c5
Merge pull request #3030 from gilles-peskine-arm/test-opt-all-2.7
Backport 2.7: Fix and test the full config with gcc and clang
2020-02-11 09:17:14 +01:00
Manuel Pégourié-Gonnard 6cf5931f1d
Merge pull request #3028 from gilles-peskine-arm/mpi_copy_shrink-2.7
Backport 2.7: Improve robustness and testing of mbedtls_mpi_copy
2020-02-06 09:52:18 +01:00
Janos Follath 5d1171268c
Merge pull request #3020 from mpg/fix-ssl-opt-gnutls-no-sha1-2.7
[backport 2.7] Fix ssl-opt.sh for GnuTLS versions rejecting SHA-1
2020-02-04 11:19:18 +00:00
Gilles Peskine fa0e8b51c4 Test GCC and Clang with common build options
Goals:
* Build with common compilers with common options, so that we don't
  miss a (potentially useful) warning only triggered with certain
  build options.
* A previous commit removed -O0 test jobs, leaving only the one with
  -m32. We have inline assembly that is disabled with -O0, falling
  back to generic C code. This commit restores a test that runs the
  generic C code on a 64-bit platform.
2020-02-03 20:06:31 +01:00
Gilles Peskine c9247122e3 Replace -O0 by -O1 or -Os in most components
Gcc skips some analyses when compiling with -O0, so we may miss
warnings about things like uninitialized variables.
2020-02-03 20:06:31 +01:00
Gilles Peskine 261aea1956 shrink tests: clearer description 2020-02-03 16:35:01 +01:00
Gilles Peskine 84b8e25426 Better coverage for copy and swap
Cover more cases: different signs, different zeronesses, repeated
argument.
2020-02-03 16:34:51 +01:00
Gilles Peskine 6f43c6038e Bignum copy/shrink: More precise test case descriptions 2020-02-03 16:27:56 +01:00
Manuel Pégourié-Gonnard 179c227203 Fix CA encoding issue with gnutls-cli
In the 2.7 branch, test-ca.crt has all the components of its Subject name
encoded as PrintableString, because it's generated with our cert_write
program, and our code writes all components that way until Mbed TLS 2.14.

But the default RSA SHA-256 certificate, server2-sha256.crt, has the O and CN
components of its Issuer name encoded as UTF8String, because it was generated
with OpenSSL and that's what OpenSSL does, regardless of how those components
were encoded in the CA's Subject name.

This triggers some overly strict behaviour in some libraries, most notably NSS
and GnuTLS (of interest to us in ssl-opt.sh) which won't recognize the trusted
root as a possible parent for the presented certificate, see for example:
https://github.com/ARMmbed/mbedtls/issues/1033

Fortunately, we have at our disposal a version of test-ca.crt with encodings
matching the ones in server2-sha256.crt, in the file test-ca_utf8.crt. So
let's append that to gnutls-cli's list of trusted roots, so that it recognizes
certs signed by this CA but with the O and CN components as UTF8String.

Note: Since https://github.com/ARMmbed/mbedtls/pull/1641 was merged (in Mbed
TLS 2.14), we changed how we encode those components, so in the 2.16 branch,
cert_write generates test-ca.crt with encodings that matches the ones used by
openssl when generating server2-sha256.crt, so the issue of gnutls-cli
rejecting server2-sha256.crt is specific to the 2.7 branch.
2020-02-03 15:55:43 +01:00
Manuel Pégourié-Gonnard 350823d0da
Merge pull request #2976 from mpg/add-zlib-tests-2.7
[2.7] Add zlib tests
2020-01-31 09:22:36 +01:00
Manuel Pégourié-Gonnard 37abf12631 De-duplicate SHA1-independent test in ssl-opt.sh
The splitting of this test into two versions depending on whether SHA-1 was
allowed by the server was a mistake in
5d2511c4d4 - the test has nothing to do with
SHA-1 in the first place, as the server doesn't request a certificate from
the client so it doesn't matter if the server accepts SHA-1 or not.
2020-01-30 12:49:43 +01:00
Manuel Pégourié-Gonnard a92990a082 Fix ssl-opt.sh for GnuTLS versions rejecting SHA-1
While the whole script makes (often implicit) assumptions about the version of
GnuTLS used, generally speaking it should work out of the box with the version
packaged on our reference testing platform, which is Ubuntu 16.04 so far.

With the update from Jan 8 2020 (3.4.10-4ubuntu1.6), the patches for rejecting
SHA-1 in certificate signatures were backported, so we should avoid presenting
SHA-1 signed certificates to a GnuTLS peer in ssl-opt.sh.
2020-01-30 11:19:45 +01:00
Janos Follath a67508e066 Merge pull request #3002 from gilles-peskine-arm/coverity-20200115-2.7 into mbedtls-2.7 2020-01-29 14:53:48 +00:00
Manuel Pégourié-Gonnard 2150fb22c8 Add detection for zlib headers to all.sh 2020-01-29 09:51:56 +01:00
Gilles Peskine 16ba09c621 Check that mbedtls_mpi_grow succeeds 2020-01-22 19:09:05 +01:00
Janos Follath ee88f8145d Bump version to Mbed TLS 2.7.13 2020-01-20 14:28:41 +00:00
Jaeden Amero d8180f8d84 Merge remote-tracking branch 'origin/mbedtls-2.7' into mbedtls-2.7-restricted
* origin/mbedtls-2.7:
  Enable more test cases without MBEDTLS_MEMORY_DEBUG
  More accurate test case description
  Clarify that the "FATAL" message is expected
  Note that mbedtls_ctr_drbg_seed() must not be called twice
  Fix CTR_DRBG benchmark
  Changelog entry for xxx_drbg_set_entropy_len before xxx_drbg_seed
  CTR_DRBG: support set_entropy_len() before seed()
  CTR_DRBG: Don't use functions before they're defined
  HMAC_DRBG: support set_entropy_len() before seed()
2020-01-15 16:59:10 +00:00
Manuel Pégourié-Gonnard 455755177e Add test for record compression in ssl-opt.sh
Deprecated but still needs to be tested.
2020-01-06 09:52:27 +01:00
Manuel Pégourié-Gonnard 51e24946d5 Add all.sh components with ZLIB enabled
ZLIB support is deprecated, but until it's removed it should still be tested.
2020-01-06 09:52:27 +01:00
Jaeden Amero db649896e6
Merge pull request #2895 from gilles-peskine-arm/drbg-set_entropy_len-2.7
Backport 2.7: Allow xxx_drbg_set_entropy_len before xxx_drbg_seed
2019-11-29 16:17:08 +00:00
Gilles Peskine 02fbc08d2e Enable more test cases without MBEDTLS_MEMORY_DEBUG
None of the test cases in tests_suite_memory_buffer_alloc actually
need MBEDTLS_MEMORY_DEBUG. Some have additional checks when
MBEDTLS_MEMORY_DEBUG but all are useful even without it. So enable
them all and #ifdef out the parts that require DEBUG.
2019-11-26 18:48:08 +01:00
Gilles Peskine 786f068ec0 More accurate test case description 2019-11-26 18:47:14 +01:00
Gilles Peskine 04d45c98e8 Clarify that the "FATAL" message is expected
The test case "Memory buffer small buffer" emits a message
"FATAL: verification of first header failed". In this test case, it's
actually expected, but it looks weird to see this message from a
passing test. Add a comment that states this explicitly, and modify
the test description to indicate that the failure is expected, and
change the test function name to be more accurate.

Fix #309
2019-11-26 18:47:14 +01:00
Janos Follath f4482aaccc mpi_lt_mpi_ct: Add further tests
The existing tests did not catch a failure that came up at integration
testing. Adding the missing test cases to trigger the bug.
2019-11-11 12:27:36 +00:00
Janos Follath a776aea91a mpi_lt_mpi_ct: Fix test numbering 2019-11-11 12:27:36 +00:00
Janos Follath 1b86eeb06b mpi_lt_mpi_ct perform tests for both limb size
The corner case tests were designed for 32 and 64 bit limbs
independently and performed only on the target platform. On the other
platform they are not corner cases anymore, but we can still exercise
them.
2019-11-11 12:27:36 +00:00
Janos Follath 6adff06e50 mbedtls_mpi_lt_mpi_ct: add tests for 32 bit limbs
The corner case tests were designed for 64 bit limbs and failed on 32
bit platforms because the numbers in the test ended up being stored in a
different number of limbs and the function (correctly) returnd an error
upon receiving them.
2019-11-11 12:27:36 +00:00
Janos Follath 9332ecefc8 Add more tests for mbedtls_mpi_lt_mpi_ct 2019-11-11 12:27:36 +00:00
Janos Follath aaa3f22b76 mpi_lt_mpi_ct test: hardcode base 16 2019-11-11 12:27:36 +00:00
Janos Follath c3b376e2f2 Change mbedtls_mpi_cmp_mpi_ct to check less than
The signature of mbedtls_mpi_cmp_mpi_ct() meant to support using it in
place of mbedtls_mpi_cmp_mpi(). This meant full comparison functionality
and a signed result.

To make the function more universal and friendly to constant time
coding, we change the result type to unsigned. Theoretically, we could
encode the comparison result in an unsigned value, but it would be less
intuitive.

Therefore we won't be able to represent the result as unsigned anymore
and the functionality will be constrained to checking if the first
operand is less than the second. This is sufficient to support the
current use case and to check any relationship between MPIs.

The only drawback is that we need to call the function twice when
checking for equality, but this can be optimised later if an when it is
needed.
2019-11-11 12:27:36 +00:00
Janos Follath 883801d3ec Add tests to constant time mpi comparison 2019-11-11 12:27:36 +00:00
Gilles Peskine b729e1b9ba CTR_DRBG: support set_entropy_len() before seed()
mbedtls_ctr_drbg_seed() always set the entropy length to the default,
so a call to mbedtls_ctr_drbg_set_entropy_len() before seed() had no
effect. Change this to the more intuitive behavior that
set_entropy_len() sets the entropy length and seed() respects that and
only uses the default entropy length if there was no call to
set_entropy_len().

The former test-only function mbedtls_ctr_drbg_seed_entropy_len() is
no longer used, but keep it for strict ABI compatibility.
2019-10-23 18:01:25 +02:00
Jaeden Amero c87a54683b
Merge pull request #2900 from gilles-peskine-arm/asan-test-fail-2.7
Backport 2.7: Make sure Asan failures are detected in 'make test'
2019-10-22 16:30:37 +01:00
Jaeden Amero cc656ac96b
Merge pull request #2872 from gilles-peskine-arm/test_malloc_0_null-2.7
Backport 2.7: Test the library when malloc(0) returns NULL
2019-10-22 13:41:37 +01:00
Gilles Peskine 5ee14d70d2 'make test' must fail if Asan fails
When running 'make test' with GNU make, if a test suite program
displays "PASSED", this was automatically counted as a pass. This
would in particular count as passing:
* A test suite with the substring "PASSED" in a test description.
* A test suite where all the test cases succeeded, but the final
  cleanup failed, in particular if a sanitizer reported a memory leak.

Use the test executable's return status instead to determine whether
the test suite passed. It's always 0 on PASSED unless the executable's
cleanup code fails, and it's never 0 on any failure.

Fix ARMmbed/mbed-crypto#303
2019-10-21 20:48:51 +02:00
Gilles Peskine 4c2697f43f Asan make builds: avoid sanitizer recovery
Some sanitizers default to displaying an error message and recovering.
This could result in a test being recorded as passing despite a
complaint from the sanitizer. Turn off sanitizer recovery to avoid
this risk.
2019-10-21 20:48:51 +02:00
Gilles Peskine 260921d3f2 Use UBsan in addition to Asan with 'make test'
When building with make with the address sanitizer enabled, also
enable the undefined behavior sanitizer.
2019-10-21 20:48:51 +02:00
Gilles Peskine c20a4053c3 Unify ASan options in make builds
Use a common set of options when building with Asan without CMake.
2019-10-21 20:48:51 +02:00
Jaeden Amero 5cc748e58f Merge remote-tracking branch 'origin/pr/2866' into mbedtls-2.7
* origin/pr/2866:
  Reduce stack usage of test_suite_pkcs1_v15
  Reduce stack usage of test_suite_pkcs1_v21
  Reduce stack usage of test_suite_rsa
  Reduce stack usage of test_suite_pk
2019-10-02 18:00:13 +01:00
Jaeden Amero 2fc6cf5da7 Merge remote-tracking branch 'origin/pr/2704' into mbedtls-2.7
* origin/pr/2704:
  Adapt auth_crypt_tv usage to 2.7
  Add missing dependencies in test_suite_cipher.gcm
  Adapt ChangeLog
  Add NIST AES GCM test vectors to single-step cipher API test suite
2019-10-02 17:56:38 +01:00
Ron Eldor 0ab4092e2d Reduce stack usage of test_suite_pkcs1_v15
Reduce the stack usage of the `test_suite_pkcs1_v15` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-10-02 14:34:24 +03:00
Ron Eldor dd4277f70d Reduce stack usage of test_suite_pkcs1_v21
Reduce the stack usage of the `test_suite_pkcs1_v21` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the size sent to the API to sizeof output.
2019-10-02 14:34:24 +03:00
Ron Eldor b3d3973264 Reduce stack usage of test_suite_rsa
Reduce the stack usage of the `test_suite_rsa` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the data size to decrypt in the data file.
2019-10-02 14:34:24 +03:00
Ron Eldor 6827d1c588 Reduce stack usage of test_suite_pk
Reduce the stack usage of the `test_suite_pk` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-10-02 14:34:17 +03:00
Gilles Peskine 0981a5d7ab Add a test component with malloc(0) returning NULL
Exercise the library functions with calloc returning NULL for a size
of 0. Make this a separate job with UBSan (and ASan) to detect
places where we try to dereference the result of calloc(0) or to do
things like

    buf = calloc(size, 1);
    if (buf == NULL && size != 0) return INSUFFICIENT_MEMORY;
    memcpy(buf, source, size);

which has undefined behavior when buf is NULL at the memcpy call even
if size is 0.

This is needed because other test components jobs either use the system
malloc which returns non-NULL on Linux and FreeBSD, or the
memory_buffer_alloc malloc which returns NULL but does not give as
useful feedback with ASan (because the whole heap is a single C
object).
2019-09-30 14:01:37 +02:00
Andrzej Kurek 9b1c248209 Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh 2019-09-10 02:58:34 -04:00
Andrzej Kurek 7eb7f8db8b Remove unnecessary memory buffer alloc unsets
This define is turned off by default
2019-09-09 07:32:48 -04:00
Andrzej Kurek 6addfdd190 Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test 2019-09-09 07:22:13 -04:00
Andrzej Kurek 9a461a1cd7 all.sh: restructure memory allocator tests
Run basic tests and ssl-opt with memory backtrace disabled, then
run basic tests only with it enabled.
2019-09-09 07:22:03 -04:00
Hanno Becker 7aad93c9da Add missing dependency in memory buffer alloc set in all.sh 2019-09-09 07:21:52 -04:00
Hanno Becker 167ae43852 Add all.sh run with full config and ASan enabled 2019-09-09 07:15:19 -04:00
Hanno Becker f5baaaaf89 Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
With the removal of MBEDTLS_MEMORY_BUFFER_ALLOC_C from the
full config, there are no tests for it remaining in all.sh.
This commit adds a build as well as runs of `make test` and
`ssl-opt.sh` with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled to all.sh.
2019-09-09 07:15:00 -04:00
Andrzej Kurek c7f97f1c8d Adapt all.sh to removal of buffer allocator from full config
Previously, numerous all.sh tests manually disabled the buffer allocator
or memory backtracting after setting a full config as the starting point.

With the removal of MBEDTLS_MEMORY_BACKTRACE and MBEDTLS_MEMORY_BUFFER_ALLOC_C
from full configs, this is no longer necessary.
2019-09-09 07:10:39 -04:00
Jaeden Amero d7bd10dc89 Bump version to Mbed TLS 2.7.12 2019-09-06 13:28:28 +01:00
Jaeden Amero e1d93e5552 Merge remote-tracking branch 'origin/mbedtls-2.7' into mbedtls-2.7-restricted
* origin/mbedtls-2.7:
  ssl-opt.sh: wait for proxy to start before running the script further
2019-09-05 18:14:28 +01:00
Unknown b86bcb4f71 ssl-opt.sh: wait for proxy to start before running the script further 2019-09-04 06:09:26 -04:00
Gilles Peskine ad72522fad Merge remote-tracking branch 'upstream-restricted/mbedtls-2.7-proposed' into mbedtls-2.7-restricted 2019-08-14 16:30:13 +02:00
Gilles Peskine 3b8cf47004 Merge remote-tracking branch 'upstream-restricted/pr/508' into mbedtls-2.7-restricted 2019-08-14 16:25:10 +02:00
Gilles Peskine 298a43a77e Merge remote-tracking branch 'upstream-restricted/pr/549' into mbedtls-2.7-restricted 2019-08-14 16:24:51 +02:00
Gilles Peskine ab327dfec7 Merge remote-tracking branch 'upstream-restricted/pr/614' into mbedtls-2.7-restricted 2019-08-14 16:24:08 +02:00
Gilles Peskine 0e08fff32f Merge remote-tracking branch 'upstream-public/pr/2737' into mbedtls-2.7 2019-08-14 16:00:47 +02:00
Gilles Peskine c7ad7ed185 Merge remote-tracking branch 'upstream-public/pr/2755' into mbedtls-2.7 2019-08-14 15:59:21 +02:00