Commit graph

233 commits

Author SHA1 Message Date
Hanno Becker e6706e62d8 Add tests for missing CA chains and bad curves.
This commit adds four tests to tests/ssl-opt.sh:
(1) & (2): Check behaviour of optional/required verification when the
trusted CA chain is empty.
(3) & (4): Check behaviour of optional/required verification when the
client receives a server certificate with an unsupported curve.
2017-06-07 11:26:59 +01:00
Manuel Pégourié-Gonnard ddc6e52cc1 Merge remote-tracking branch 'gilles/iotssl-1223/development' into development
* gilles/iotssl-1223/development:
  Fix FALLBACK_SCSV parsing
2017-06-06 20:11:36 +02:00
Manuel Pégourié-Gonnard 383a118338 Merge remote-tracking branch 'gilles/IOTSSL-1330/development' into development
* gilles/IOTSSL-1330/development:
  Changelog entry for the bug fixes
  SSLv3: when refusing renegotiation, stop processing
  Ignore failures when sending fatal alerts
  Cleaned up double variable declaration
  Code portability fix
  Added changelog entry
  Send TLS alerts in many more cases
  Skip all non-executables in run-test-suites.pl
  SSL tests: server requires auth, client has no certificate
  Balanced braces across preprocessor conditionals
  Support setting the ports on the command line
2017-06-06 19:22:41 +02:00
Gilles Peskine 5d2511c4d4 SHA-1 deprecation: allow it in key exchange
By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.

SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.
2017-06-06 18:44:14 +02:00
Gilles Peskine 62469d95e2 Allow SHA-1 in test scripts 2017-06-06 18:44:14 +02:00
Gilles Peskine bc70a1836b Test that SHA-1 defaults off
Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.
2017-06-06 18:44:14 +02:00
Gilles Peskine d50177fdf3 Fix FALLBACK_SCSV parsing
Fixed a bug in ssl_srv.c when parsing TLS_FALLBACK_SCSV in the
ciphersuite list that caused it to miss it sometimes. Reported by Hugo
Leisink as issue #810. Fix initially by @andreasag01; this commit
isolates the bug fix and adds a non-regression test.
2017-05-16 17:53:03 +02:00
Janos Follath 89baba2375 Add tests for the CA suppression option 2017-05-16 10:22:37 +01:00
Gilles Peskine 1cc8e3472a Send TLS alerts in many more cases
The TLS client and server code was usually closing the connection in
case of a fatal error without sending an alert. This commit adds
alerts in many cases.

Added one test case to detect that we send the alert, where a server
complains that the client's certificate is from an unknown CA (case
tracked internally as IOTSSL-1330).
2017-05-03 16:28:34 +02:00
Gilles Peskine fd8332e15f SSL tests: server requires auth, client has no certificate
Added explicit test cases where the client has no certificate but the
server requires one.
2017-05-03 16:25:07 +02:00
Gilles Peskine f93c7d3ab0 Support setting the ports on the command line
Added command line arguments --port and --proxy-port to choose the
ports explicitly instead of deriving them from the PID. This
facilitates debugging e.g. with Wireshark.
2017-04-26 16:41:55 +02:00
Andres AG 692ad84e5c Add DTLS test to check 6 byte record ctr is cmp
Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter
is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in
the TLS case. Because currently there are no testing facilities to check
that renegotiation routines are triggered after X number of input/output
messages, the test consists on setting a renegotiation period that
cannot be represented in 6 bytes, but whose least-significant byte is 2.
If the library behaves correctly, the renegotiation routines will be
executed after two exchanged.
2017-01-19 16:30:57 +00:00
Simon Butcher 8e00410402 Merge fix for AEAD Random IVs 2016-10-14 00:48:33 +01:00
Simon Butcher 99000142cb Merge fix for IE Certificate Compatibility 2016-10-13 17:21:01 +01:00
Andres AG f04f54d432 Add seed cmdline arg to test scripts 2016-10-13 13:53:33 +01:00
Janos Follath 74537a69fd ECJPAKE: Fix intermittently failing tests
In some tests in ssl-opt.sh the client finishes sooner and the server
gets killed before it could reach certain errors. Consequently the
the script doesn't find the error it is looking for and the test fails.

To resolve this issue, we introduce a per-test option to wait after the
client finishes.
2016-09-03 18:19:12 +03:00
Simon Butcher 3c0d7b8bdc Adds check for valgrind to ssl-opt.sh (#488)
Provides graceful exit rather than fail silently if valgrind isn't installed.
2016-05-23 14:29:33 +01:00
Simon Butcher 58eddef8b2 Updates copyright and attribution in comment header in ssl-opt.sh 2016-05-23 14:29:32 +01:00
Simon Butcher a410af537a Fixes RC4 config dependencies in tests in ssl-opt.h
Adds dependencies on MBEDTLS_REMOVE_ARC4_CIPHERSUITES for tests that
require RC4 to be disabled (the default config).
2016-05-23 14:29:32 +01:00
Paul Bakker 362689d5a7 Split test into valgrind and no-valgrind version
Running valgrind on: "DTLS client reconnect from same port: reconnect,
nbio" results in timeouts.

New version added that runs only under valgrind. Original only runs when
valgrind is not used
2016-05-23 14:29:32 +01:00
Paul Bakker 1f65092d28 Add fix to ignore valgrind messages related to compressed debug symbols
The glibc package recently enabled compressed debug symbols but valgrind doesn't
support them yet.

Results in messages like:
 --14923-- WARNING: Serious error when reading debug info
 --14923-- When reading debug info from /lib/x86_64-linux-gnu/ld-2.21.so:
 --14923-- Ignoring non-Dwarf2/3/4 block in .debug_info

First line has 'error' in it which triggers some of the ssl-opt tests
2016-05-23 14:29:32 +01:00
Paul Bakker acaac8510e Add option to preserve all logs in ssl-opt.sh
Useful to also allow saving of correct logs in order to compare
differences with failed logs
2016-05-23 14:29:30 +01:00
Paul Bakker e20310a9fc Add option to print test numbers in ssl-opt.sh output
Allows for easy selection of tests based on numbers for use with the
'-n' option
2016-05-23 14:29:30 +01:00
Paul Bakker b7584a5e37 Add ability to only run select numbered tests in ssl-opt.sh
In order to reduce debugging time, allows you to only run interesting
tests (by number) from the commandline.

e.g. the command 'tests/ssl-opt.sh -n 246,258' will only run test 246
and 258 (as per the number in the log file names)
2016-05-23 14:29:30 +01:00
Janos Follath 00efff7469 Add a test for SSLv3 with extensions, server side
This test verifies if the server parses or sends extensions when
the protocol is SSLv3.
2016-05-06 13:57:19 +01:00
Simon Butcher 4b852db299 Merge branch 'iotssl-629-der-trailing-bytes'
Fixes bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer following DER certificates to be included in the raw representation.
2016-03-12 23:28:26 +00:00
Janos Follath e2681a448b Update default configuration
Change the default settings for SSL and modify the tests accordingly.
2016-03-09 19:32:11 +00:00
Janos Follath 0b2423403c x509: trailing bytes in DER: add integration tests 2016-02-17 10:11:21 +00:00
Manuel Pégourié-Gonnard 12ca6f5b9c Update ssl-opt.sh for EC J-PAKE disabled by default 2015-10-20 15:24:51 +02:00
Manuel Pégourié-Gonnard fadacb9d0b Merge branch 'development' into iotssl-461-ecjpake-finalization
* development: (73 commits)
  Bump yotta dependencies version
  Fix typo in documentation
  Corrected misleading fn description in ssl_cache.h
  Corrected URL/reference to MPI library
  Fix yotta dependencies
  Fix minor spelling mistake in programs/pkey/gen_key.c
  Bump version to 2.1.2
  Fix CVE number in ChangeLog
  Add 'inline' workaround where needed
  Fix references to non-standard SIZE_T_MAX
  Fix yotta version dependencies again
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
  Remove inline workaround when not useful
  Fix macroization of inline in C++
  Changed attribution for Guido Vranken
  Merge of IOTSSL-476 - Random malloc in pem_read()
  Fix for IOTSSL-473 Double free error
  Fix potential overflow in CertificateRequest
  ...

Conflicts:
	include/mbedtls/ssl_internal.h
	library/ssl_cli.c
2015-10-20 15:00:29 +02:00
Manuel Pégourié-Gonnard ca700b2371 Add config-thread.h to test-ref-configs.pl 2015-10-20 14:56:04 +02:00
Manuel Pégourié-Gonnard d0d8cb36a4 Cache ClientHello extension
This extension is quite costly to generate, and we don't want to re-do it
again when the server performs a DTLS HelloVerify. So, cache the result the
first time and re-use if/when we build a new ClientHello.

Note: re-send due to timeouts are different, as the whole message is cached
already, so they don't need any special support.
2015-09-17 14:16:30 +02:00
Manuel Pégourié-Gonnard 921f2d02cf Add test cases with DTLS and/or password mismatch 2015-09-16 22:58:30 +02:00
Manuel Pégourié-Gonnard 0f1660ab4f Implement key exchange messages and PMS derivation
This completes the first working version. No interop testing done yet.
2015-09-16 22:58:30 +02:00
Manuel Pégourié-Gonnard 0a1324aaa1 Add client-side extension parsing 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard 55c7f99112 Add server writing of the extension 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard bf57be690e Add server extension parsing
Only accept EC J-PAKE ciphersuite if extension was present and OK (single flag
for both), and ignore extension if we have no password.
2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard e511b4e7cb Ignore ECJPAKE suite if not configured on server 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard 6ad23b9855 Make failing test more robust
Let the client retry longer, to make sure the server will time out before the
client gives up. Make it really longer to get a deterministic client exit
status (make sure it has time to reconnect after the server timeout).
2015-09-15 12:57:46 +02:00
Manuel Pégourié-Gonnard 259db91023 Add test without cookies
Tune existing tests while at it
2015-09-09 11:48:45 +02:00
Manuel Pégourié-Gonnard d745a1a9b7 Add tests for hard reconnect 2015-09-08 12:40:43 +02:00
Manuel Pégourié-Gonnard a2cda6bfaf Add mbedtls_ssl_get_max_frag_len()
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard d68434efba Disable some tests with valgrind
Tends to cause spurious failures on buildbots due to peer timing out.
Anyway, those tests are mainly for interop, any memory error is most likely
catched by some earlier self-op test. (Also, we'll run these tests with ASan
anyway.)
2015-08-31 12:48:22 +02:00
Manuel Pégourié-Gonnard 4b7027a8da Avoid race condition in test
Apparently openssl s_server does not flush stdout, anyway sometimes the client
receives the reply and exits, thus terminating the test, before is request is
visible on the server's stdout. So, just don't check that, checking the
client's output and exit code is already enough.
2015-08-10 13:18:48 +02:00
Manuel Pégourié-Gonnard ab5f7b40e0 Fix indentation 2015-08-04 21:01:37 +02:00
Manuel Pégourié-Gonnard a365addc0a Make ssl-opt.sh more robust against client timeout
Retry one time in case we have a client timeout. These should be fairly rare
but still happen from time to time with udp_proxy tests which is annoying, and
until now has never indicated an actual issue.
2015-08-04 20:59:36 +02:00
Manuel Pégourié-Gonnard 74681fa2e6 Make ssl-opt.sh more tolerant to start timeouts
Rather than flat-out die when we can't see the server started with lsof, just
stop waiting and try to go ahead with the test. Maybe it'll work if there was
a problem with lsof, most probably it will fail, but at least we'll have the
log, and the results of the following tests.

Note: date +%s isn't POSIX, but it works at least on Linux, Darwin/FreeBSD and
OpenBSD, which should be good enough for a test script.
2015-08-04 20:34:39 +02:00
Manuel Pégourié-Gonnard d55bc20e43 Fix missing gnutls guard in ssl-opt.sh 2015-08-04 16:22:30 +02:00
Manuel Pégourié-Gonnard 4268ae046b Fix test for new debug message level
The issue was introduced in cb0d212c when a debug message that was incorrectly
set at level 0 was moved to level 2: now the tests need debug_level=2.
2015-08-04 12:44:10 +02:00
Manuel Pégourié-Gonnard 0a8857435c DTLS: treat bad MAC on Finished as an error
This is not required nor recommended by the protocol, and it's a layering
violation, but it's a know flaw in the protocol that you can't detect a PSK
auth error in any other way, so it is probably the right thing to do.

closes #227
2015-08-04 12:11:17 +02:00