Commit graph

2823 commits

Author SHA1 Message Date
Gilles Peskine e6e812a712 Commit the intermediate files cert_md*.csr
They are used to generate cert_md*.crt.

Regenerate cert_md5.crt which had previously been generated for a
different key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 20:35:55 +02:00
Gilles Peskine 6b739bb138 Fix "make -C tests/data_files"
It wasn't working when invoking programs/x509/cert_write or
programs/x509/cert_req due to relying on the current directory rather
than the location of the makefile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 19:54:18 +02:00
Manuel Pégourié-Gonnard 300e1b3a6f compat.sh: stop using allow_sha1
After the changes of certificates, it's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:17 +02:00
Manuel Pégourié-Gonnard 91615cf7ff compat.sh: quit using SHA-1 certificates
Replace server2.crt with server2-sha256.crt which, as the name implies, is
just the SHA-256 version of the same certificate.

Replace server1.crt with cert_sha256.crt which, as the name doesn't imply, is
associated with the same key and just have a slightly different Subject Name,
which doesn't matter in this instance.

The other certificates used in this script (server5.crt and server6.crt) are
already signed with SHA-256.

This change is motivated by the fact that recent versions of GnuTLS (or older
versions with the Debian patches) reject SHA-1 in certificates by default, as
they should. There are options to still accept it (%VERIFY_ALLOW_BROKEN and
%VERIFY_ALLOW_SIGN_WITH_SHA1) but:

- they're not available in all versions that reject SHA-1-signed certs;
- moving to SHA-2 just seems cleaner anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:17 +02:00
Manuel Pégourié-Gonnard 0e7bdd1340 compat.sh: enable CBC-SHA-2 suites for GnuTLS
Recent GnuTLS packages on Ubuntu 16.04 have them disabled.

From /usr/share/doc/libgnutls30/changelog.Debian.gz:

gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Lucky-13 issues
    [...]
    - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
      ciphersuites were removed from defaults in lib/gnutls_priority.c,
      tests/priorities.c.

Since we do want to test the ciphersuites, explicitly re-enable them in the
server's priority string. (This is a no-op with versions of GnuTLS where those
are already enabled by default.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:16 +02:00
Bence Szépkúti 2645bcc709 Fix license header in pre-commit hook
The file was not updated to include the GPL 2.0+ header as well when it
was backported.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 17:54:47 +02:00
Bence Szépkúti a2947ac7bb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 16:37:36 +02:00
Manuel Pégourié-Gonnard daba4f67cc
Merge pull request #3555 from mpg/x509-verify-non-dns-san-2.16
[Backport 2.16]  X509 verify non-DNS SANs
2020-08-18 10:02:08 +02:00
Gilles Peskine 4ca60502d8
Merge pull request #734 from gilles-peskine-arm/x509parse_crl-empty_entry-2.16
Backport 2.16: Fix buffer overflow in x509_get_entries (oss-fuzz 24123)
2020-08-14 23:22:23 +02:00
Manuel Pégourié-Gonnard 62870c9a7e Remove obsolete buildbot reference in compat.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard a1919ad6e0 Fix misuse of printf in shell script
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard 7442f843d5 Fix added proxy command when IPv6 is used
For explicit proxy commands (included with `-p "$P_PXY <args>` in the test
case), it's the test's writer responsibility to handle IPv6; only fix the
proxy command when we're auto-adding it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard 581af9f720 Simplify test syntax
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard bedcb3eb24 Fix logic error in setting client port
We need to do this after we possibly added the proxy.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard cbd5c03343 ssl-opt.sh: include test name in log files
This is a convenience for when we get log files from failed CI runs, or attach
them to bug reports, etc.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard e63fc6d52b ssl-opt.sh: remove old buildbot-specific condition
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard fcf6c16470 ssl-opt.sh: add proxy to all DTLS tests
A lot of DTLS test are timing-sensitive, especially those that contain
assertions about retransmission. Sometimes some DTLS test fails intermittently
on the CI with no clear apparent reason; we need more information in the log
to understand the cause of those failures.

Adding a proxy means we'll get timing information from the proxy logs.

An alternative would be to add timing information to the debug output of
ssl_server2 and ssl_client2. But that's more complex because getting
sub-second timing info is outside the scope of the C standard, and our current
timing module only provides a APi for sub-second intervals, not absolute time.
Using the proxy is easier as it's a single point that sees all messages, so
elapsed time is fine here, and it's already implemented in the proxy output.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Gilles Peskine 9acf943b98
Merge pull request #3560 from gufe44/netbsd-rand-arc4random_buf-2.16
[Backport 2.16] Use arc4random_buf instead of rand on NetBSD
2020-08-13 15:27:53 +02:00
gufe44 3fa7c64edf Use arc4random_buf instead of rand on NetBSD
Avoid old implementation of rand returning numbers with cyclical lower bits. Allow tests to pass.

Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-13 06:45:27 +02:00
Gilles Peskine 4ddfdbf76a Add the decomposition of the base case as a comment
Put the base good case first, then the bad cases derived from it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-12 12:50:42 +02:00
Gilles Peskine d8dc8e29c1 x509parse_crl: more negative test cases
Add a few more negative test cases for mbedtls_x509_crl_parse.
The test data is manually adapted from the existing positive test case
"X509 CRL ASN1 (TBSCertList, sig present)" which decomposes as

305c
 3047                                   tbsCertList TBSCertList
  020100                                version INTEGER OPTIONAL
  300d                                  signatureAlgorithm AlgorithmIdentifier
   06092a864886f70d01010e
   0500
  300f                                  issuer Name
   310d300b0603550403130441424344
  170c303930313031303030303030          thisUpdate Time
  3014                                  revokedCertificates
   3012                                 entry 1
    8202abcd                            userCertificate CertificateSerialNumber
    170c303831323331323335393539        revocationDate Time
 300d                                   signatureAlgorithm AlgorithmIdentifier
  06092a864886f70d01010e
  0500
 03020001                               signatureValue BIT STRING

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-12 12:50:42 +02:00
Manuel Pégourié-Gonnard 58c8da2d7e Add test: DNS names should not match IP addresses
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-11 12:51:21 +02:00
Manuel Pégourié-Gonnard c703cf1aec Add a pre-commit hook that checks generated files
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-10 12:56:08 +02:00
Manuel Pégourié-Gonnard 9ad5128324 Add -u option to check-generated-files.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-10 12:56:08 +02:00
Manuel Pégourié-Gonnard 681615a276 Remove obsolete comment about test dependency
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-31 10:00:17 +02:00
Ronald Cron 8e8898d40f tests: Replace "TEST_ASSERT(!memcmp ...)" by ASSERT_COMPARE
The usage of "!memcmp()" is at least not recommended
and better to use the macro dedicated for buffer
comparisons.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 16:08:50 +02:00
Ronald Cron 4bdc13ff09 tests: Remove usage of mbedtls_test_hexify for comparison
Do not hexify binary data to compare them, do compare
them directly. That simplifies the check code and save
memory.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 16:01:41 +02:00
Ronald Cron aea41df254 tests: suites: Remove hex in name of variables of type data_t
Remove `hex` in name of variables of type data_t to reserve it
for variables of type char* that are the hexadecimal
representation of a data buffer.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 15:59:46 +02:00
Ronald Cron 9fde353f68 tests: Reformating due to hexcmp() renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep hexcmp

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 15:51:41 +02:00
Ronald Cron d239794deb tests: Add mbedtls_test_ prefix to hexcmp()
Add mbedtls_test_ prefix to hexcmp() test helper
function.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/hexcmp\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 15:41:32 +02:00
Manuel Pégourié-Gonnard 2b80249c04 Add comment on memsan + constant-flow testing 2020-07-28 11:52:01 +02:00
Manuel Pégourié-Gonnard 1e94128f30 Factor repeated condition to its own macro
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-28 11:35:39 +02:00
Manuel Pégourié-Gonnard 0dab12ec2c Start testing cf_hmac() for constant flow
Currently this breaks all.sh component test_memsan_constant_flow, just as
expected, as the current implementation is not constant flow.

This will be fixed in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-28 11:21:24 +02:00
Manuel Pégourié-Gonnard a237722118 Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
This option allows to test the constant-flow nature of selected code, using
MemSan and the fundamental observation behind ctgrind that the set of
operations allowed on undefined memory by dynamic analysers is the same as the
set of operations allowed on secret data to avoid leaking it to a local
attacker via side channels, namely, any operation except branching and
dereferencing.

(This isn't the full story, as on some CPUs some instructions have variable
execution depending on the inputs, most notably division and on some cores
multiplication. However, testing that no branch or memory access depends on
secret data is already a good start.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-28 11:21:24 +02:00
Manuel Pégourié-Gonnard fde750550d Add dummy constant-flow HMAC function with tests
The dummy implementation is not constant-flow at all for now, it's just
here as a starting point and a support for developing the tests and putting
the infrastructure in place.

Depending on the implementation strategy, there might be various corner cases
depending on where the lengths fall relative to block boundaries. So it seems
safer to just test all possible lengths in a given range than to use only a
few randomly-chosen values.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-28 10:19:45 +02:00
Gilles Peskine 2845fcc8ab Always test in-place addition and subtraction
Run all the addition and subtraction tests with the result aliased to
the first operand and with the result aliased to the second operand.
Before, only some of the aliasing possibilities were tested, for only
some of the functions, with only some inputs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-23 01:18:42 +02:00
Gilles Peskine a586099fd3
Merge pull request #3475 from gilles-peskine-arm/rename-check_files-2.16
Backport 2.16: Rename Python scripts to use '_' and not '-'
2020-07-03 15:12:52 +02:00
Gilles Peskine ee69477890 Rename Python scripts to use '_' and not '-'
You can't import a Python script whose name includes '-'.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 12:06:46 +02:00
Janos Follath 15a7cd1052 Merge tag 'mbedtls-2.16.7' into merge-2.16.7-release-to-mbedtls-2.16
Mbed TLS 2.16.7
2020-07-01 11:34:02 +01:00
Janos Follath ef5f8fc52a Bump version to Mbed TLS 2.16.7
Executed "./scripts/bump_version.sh --version 2.16.7"

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-06-26 12:35:53 +01:00
Ronald Cron 14a5645cbf tests: Get rid of mbedtls_test_unhexify() in unit test code
In test functions calling mbedtls_test_unhexify(), change the
type of the associated parameters from `char*` to `data_t`.

That way the `unhexify` operation is done by the test
framework and not by the unit test code.

Use for the new parameters of type data_t the name of the
local variable that used to store the `unhexify` version of
the `char*` parameter.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:19:21 +02:00
Ronald Cron 1d5ef2919b tests: ccm: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of mbedtls_ccm_star_encrypt_and_tag/auth_decrypt from
`char *` to `data_t` to get rid of the calls to
mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

- Use two different buffers to store the plain and cipher
  text as expected by the library functions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:15:06 +02:00
Ronald Cron b2eb38d391 tests: aes.ofb: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of aes_encrypt_ofb() from `char *` to `data_t` to get rid
of the calls to mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

- Add assertion on fragment_size parameter

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 09:48:55 +02:00
Ronald Cron afbe3ee87c tests: nist_kw: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of mbedtls_nist_kw_wrap/unwrap() from `char *` to `data_t`
to get rid of the calls to mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 09:48:11 +02:00
Ronald Cron 7e8f1af0a6 tests: chacha20: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters of
test_chacha20() from `char *` to `data_t` to get rid of the
calls to mbedtls_test_unhexify():

- Reduce the size of output[] buffer to 375 as its content
  is "ASCII expended" into a buffer of 751 bytes.
- Align naming of variables to store and check the
  output of mbedtls_chacha20_crypt(). No *dst* variables
  anynore, only *output* variables.
- Use two different buffers to store the expected output
  of mbedtls_chacha20_crypt() (expected_output_str[]) and
  the ASCII string representation of the output of
  mbedtls_chacha20_crypt() (output_string[]). Both were
  stored in dst_str[] before.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 09:47:54 +02:00
Ronald Cron d7a4df8341 tests: hkdf: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of test_hkdf() from `char *` to `data_t` to get rid of the
calls to mbedtls_test_unhexify():

- Align naming of variables related to the expected okm
- Rename `okm_hex[]` to `okm_string[]`
- Added TEST_ASSERT( expected_okm_len <= sizeof( okm ) ) to check
  that the okm[] buffer is large enough for the okm output.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 09:47:25 +02:00
Ronald Cron 6d1f0ad7b6 tests: aria: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of some test functions from `char *` to `data_t` to get
rid of the calls to mbedtls_test_unhexify():

- Align the name of source data length local variable
  with the name of the local variable containing the
  source data, respectively src_str and src_str_len.
- Change the type of length, index local variables
  from int to size_t.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 09:46:50 +02:00
Ronald Cron 5b13a86e11 tests: Reformating due to *hexify functions renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep hexify

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 09:38:21 +02:00
Ronald Cron a0c9ff3e52 tests: Add mbedtls_test_ prefix to *hexify functions
Add mbedtls_test_ prefix to hexify() and unhexify()
test helper functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/(un|)hexify\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 09:15:43 +02:00
Janos Follath f69b919844 Merge branch 'mbedtls-2.16-restricted' into mbedtls-2.16.7r0 2020-06-25 09:19:21 +01:00
Manuel Pégourié-Gonnard 805b1461b8 all.sh: clean up some uses of "local" variables
While pure sh doesn't have a concept of local variables, we can partially
emulate them by unsetting variables before we exit the function, and use the
convention of giving them lowercase names to distinguish from global
variables.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-23 11:42:59 +02:00
Manuel Pégourié-Gonnard d2b5ad871d Use all.sh in pre-push hook
The list in the pre-push hook was redundant with the list of `check_*`
components in all.sh, and unsurprisingly it was outdated.

Missing components were:

- check_recursion
- check_changelog
- check_test_cases
- check_python_files
- check_generate_test_code

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-23 11:37:04 +02:00
Manuel Pégourié-Gonnard 1ee685018a Make check_generate_test_code more -q friendly
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-23 11:36:32 +02:00
Manuel Pégourié-Gonnard de4ad2da38 Add a --quiet option to all.sh
The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but
this can be useful in any circumstance where you're not interested in the full
output from each component and just want a short summary of which components
were run (and if any failed).

Note that only stdout from components is suppressed, stderr is preserved so
that errors are reported. This means components should avoid printing to
stderr in normal usage (ie in the absence of errors).

Currently all the `check_*` components obey this convention except:
- check_generate_test_code: unittest prints progress to stderr
- check_test_cases: lots of non-fatal warnings printed to stderr

These components will be fixed in follow-up commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-23 11:36:30 +02:00
Manuel Pégourié-Gonnard 1bff6847fb Adjust comments about SEED synchronisation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-22 10:53:44 +02:00
Manuel Pégourié-Gonnard c2400d38fe Make basic-build-test.sh deterministic
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-22 10:53:42 +02:00
Manuel Pégourié-Gonnard 2df5857dbe Remove SHA-1 as a fallback option
- it's 2020, there shouldn't be too many systems out there where SHA-1 is the
  only available hash option, so its usefulness is limited
- OTOH testing configurations without SHA-2 reveal bugs that are not easy to
  fix in a fully compatible way

So overall, the benefit/cost ratio is not good enough to justify keeping SHA-1
as a fallback option here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-18 12:17:59 +02:00
Manuel Pégourié-Gonnard 72177e362b Add fall-back to hash-based KDF for internal ECP DRBG
The dependency on a DRBG module was perhaps a bit strict for LTS branches, so
let's have an option that works with no DRBG when at least one SHA module is
present.

This changes the internal API of ecp_drbg_seed() by adding the size of the
MPI as a parameter. Re-computing the size from the number of limbs doesn't
work too well here as we're writing out to a fixed-size buffer and for some
curves (P-521) that would round up too much. Using mbedtls_mpi_get_len() is
not entirely satisfactory either as it would mean using a variable-length
encoding, with could open side channels.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-16 12:51:42 +02:00
Manuel Pégourié-Gonnard 047986c2f8 Add support for RESTARTABLE with internal RNG
Currently we draw pseudo-random numbers at the beginning and end of the main
loop. With ECP_RESTARTABLE, it's possible that between those two occasions we
returned from the multiplication function, hence lost our internal DRBG
context that lives in this function's stack frame. This would result in the
same pseudo-random numbers being used for blinding in multiple places. While
it's not immediately clear that this would give rise to an attack, it's also
absolutely not clear that it doesn't. So let's avoid that by using a DRBG
context that lives inside the restart context and persists across
return/resume cycles. That way the RESTARTABLE case uses exactly the
same pseudo-random numbers as the non-restartable case.

Testing and compile-time options:

- The case ECP_RESTARTABLE && !ECP_NO_INTERNAL_RNG is already tested by
  component_test_no_use_psa_crypto_full_cmake_asan.
- The case ECP_RESTARTABLE && ECP_NO_INTERNAL_RNG didn't have a pre-existing
  test so a component is added.

Testing and runtime options: when ECP_RESTARTABLE is enabled, the test suites
already contain cases where restart happens and cases where it doesn't
(because the operation is short enough or because restart is disabled (NULL
restart context)).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-16 10:52:32 +02:00
Manuel Pégourié-Gonnard 23983f30de Add config.h option MBEDTLS_ECP_NO_INTERNAL_RNG
No effect so far, except on dependency checking, as the feature it's meant to
disable isn't implemented yet (so the descriptions in config.h and the
ChangeLog entry are anticipation for now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-16 10:51:42 +02:00
Bence Szépkúti f744bd72ee Update license headers to Apache-2.0 OR GPL-2.0-or-later
This will allow us to ship the LTS branches in a single archive

This commit was generated using the following script:

# ========================
#!/bin/sh

header1='\ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later\
 *\
 *  This file is provided under the Apache License 2.0, or the\
 *  GNU General Public License v2.0 or later.\
 *\
 *  **********\
 *  Apache License 2.0:\
 *\
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\
 *  not use this file except in compliance with the License.\
 *  You may obtain a copy of the License at\
 *\
 *  http://www.apache.org/licenses/LICENSE-2.0\
 *\
 *  Unless required by applicable law or agreed to in writing, software\
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
 *  See the License for the specific language governing permissions and\
 *  limitations under the License.\
 *\
 *  **********\
 *\
 *  **********\
 *  GNU General Public License v2.0 or later:\
 *\
 *  This program is free software; you can redistribute it and/or modify\
 *  it under the terms of the GNU General Public License as published by\
 *  the Free Software Foundation; either version 2 of the License, or\
 *  (at your option) any later version.\
 *\
 *  This program is distributed in the hope that it will be useful,\
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of\
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\
 *  GNU General Public License for more details.\
 *\
 *  You should have received a copy of the GNU General Public License along\
 *  with this program; if not, write to the Free Software Foundation, Inc.,\
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.\
 *\
 *  **********'

find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i "
# Normalize the first line of the copyright headers (no text on the first line of a block comment)
/^\/\*.*Copyright.*Arm/I s/\/\*/&\n */

# Insert new copyright header
/SPDX-License-Identifier/ i\
$header1

# Delete old copyright header
/SPDX-License-Identifier/,$ {
  # Delete lines until the one preceding the mbedtls declaration
  N
  1,/This file is part of/ {
    /This file is part of/! D
  }
}
"

# Format copyright header for inclusion into scripts
header2=$(echo "$header1" | sed 's/^\\\? \* \?/#/')

find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i "
# Insert new copyright header
/SPDX-License-Identifier/ i\
$header2

# Delete old copyright header
/SPDX-License-Identifier/,$ {
  # Delete lines until the one preceding the mbedtls declaration
  N
  1,/This file is part of/ {
    /This file is part of/! D
  }
}
"
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:48:48 +02:00
Bence Szépkúti 51b41d5422 Add Apache-2.0 headers to all scripts
This commit was generated using the following script:

# ========================
#!/bin/sh

# Find scripts
find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i '

# Remove Mbed TLS declaration if it occurs before the copyright line
1,/Copyright.*Arm/I {
  /This file is part of/,$ {
    /Copyright.*Arm/I! d
  }
}

# Convert non-standard header in scripts/abi_check.py to the format used in the other scripts
/"""/,/"""/ {

  # Cut copyright declaration
  /Copyright.*Arm/I {
    h
    N
    d
  }

  # Paste copyright declaration
  /"""/ {
    x
    /./ {
      s/^/# /    # Add #
      x          # Replace orignal buffer with Copyright declaration
      p          # Print original buffer, insert newline
      i\

      s/.*//     # Clear original buffer
    }
    x
  }
}

/Copyright.*Arm/I {

  # Print copyright declaration
  p

  # Read the two lines immediately following the copyright declaration
  N
  N

  # Insert Apache header if it is missing
  /SPDX/! {
    i\
# SPDX-License-Identifier: Apache-2.0\
#\
# Licensed under the Apache License, Version 2.0 (the "License"); you may\
# not use this file except in compliance with the License.\
# You may obtain a copy of the License at\
#\
# http://www.apache.org/licenses/LICENSE-2.0\
#\
# Unless required by applicable law or agreed to in writing, software\
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
# See the License for the specific language governing permissions and\
# limitations under the License.

    # Insert Mbed TLS declaration if it is missing
    /This file is part of/! i\
#\
# This file is part of Mbed TLS (https://tls.mbed.org)
  }

  # Clear copyright declaration from buffer
  D
}
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:18:56 +02:00
Bence Szépkúti 468a76f88a Add copyright dates to all scripts
To find any files with a missing copyright declaration, use the following script:

# ========================
#!/bin/sh

# Find files with copyright declarations, and list their file extensions
exts=$(grep -Ril --exclude-dir .git 'Copyright.*Arm' | sed '
  s/.*\./-name "*./
  s/$/"/
' | sort -u | sed -n '
  :l
    N
    $!bl
  s/\n/ -o /gp
')

# Find files with file extensions that ususally include copyright extensions, but don't include a copyright declaration themselves.
eval "find -path './.git' -prune -o ! -path './tests/data_files/format_pkcs12.fmt' '(' $exts ')' -print" | xargs grep -Li 'Copyright.*Arm'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:18:56 +02:00
Bence Szépkúti cd6fd060ec Remove hardcoded line number from the zeroize test
Instead, we insert a comment containing GDB_BREAK_HERE in the line we
want to break at, and let the gdb script search for it.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-10 11:13:41 +02:00
Bence Szépkúti 74fc3be396 Remove superfluous include from zeroize.c
This brings zeroize.c and test_zeroize.gdb in sync with development.

The include was introduced in 3b0c43063 (#2710).
Reverts ff8ae1115 from the same pull request.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-10 11:13:13 +02:00
Manuel Pégourié-Gonnard 471ae59783
Merge pull request #3396 from danh-arm/dh/branch-cov-2.16
Backport 2.16: Enable branch coverage in basic_build_test.sh
2020-06-08 10:15:17 +02:00
Manuel Pégourié-Gonnard 3a562d75fb
Merge pull request #3401 from mpg/fix-hmac-drbg-deps-2.16
[Backport 2.16] Fix undeclared dependencies on HMAC_DRBG
2020-06-05 11:50:11 +02:00
Manuel Pégourié-Gonnard 62b293df5b
Merge pull request #3352 from gilles-peskine-arm/fix-ecp-mul-memory-leak-2.16
Backport 2.16: Fix potential memory leak in EC multiplication
2020-06-05 11:44:02 +02:00
Manuel Pégourié-Gonnard c5243c198c Add test for dependencies on HMAC_DRBG in all.sh
Similarly to the recently-added tests for dependencies on CTR_DRBG:
constrained environments will probably want only one DRBG module, and we
should make sure that tests pass in such a configuration.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:47:28 +02:00
Dan Handley 8cb1981acd Enable branch coverage in basic_build_test.sh
Enable branch coverage output in basic_build_test.sh. This
includes enabling branch coverage output to the lcov make target,
which is disabled by default.

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-06-04 16:31:59 +01:00
Manuel Pégourié-Gonnard 49d3dd0afc
Merge pull request #3384 from mpg/fix-ctr-drbg-deps-2.16
[Backport 2.16] Fix undeclared dependencies on CTR_DRBG (and add test)
2020-06-03 10:56:03 +02:00
Manuel Pégourié-Gonnard 014ff5b0d6 Add test for building without CTR_DRBG
People who prefer to rely on HMAC_DRBG (for example because they use it for
deterministic ECDSA and don't want a second DRBG for code size reasons) should
be able to build and run the tests suites without CTR_DRBG.

Ideally we should make sure the level of testing (SSL) is the same regardless
of which DRBG modules is enabled, but that's a more significant piece of work.
For now, just ensure everything builds and `make test` passes.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-03 09:54:19 +02:00
Manuel Pégourié-Gonnard 503b79e866
Merge pull request #3375 from gilles-peskine-arm/basic-build-test-status-2.16
Backport 2.16: Fix failure detection in basic-build-test.sh
2020-06-03 09:41:29 +02:00
Manuel Pégourié-Gonnard f2c6e340de Fix undeclared deps on MBEDTLS_CTR_DRBG in tests
While at it, declare deps on ENTROPY as well.

A non-regression test will be added in a follow-up commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 12:16:07 +02:00
Gilles Peskine f25cd6ba5f MBEDTLS_MEMORY_BACKTRACE is no longer included in the full config
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 19:06:33 +02:00
Gilles Peskine d9701ae21e Create a seedfile explicitly
Running the entropy unit test creates a suitable seedfile, but this
only works due to the happy accident that no prior unit test needs one
(specifically, test_suite_entropy runs before test_suite_rsa). So
create one explicitly, both for robustness and to keep the script
closer to the version in development where the explicit seedfile
creation is required.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 19:02:52 +02:00
Gilles Peskine ed1f673525 If 'make lcov' failed, exit immediately
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 19:01:02 +02:00
Gilles Peskine 8bfe12b1ff Note that we keep going even if some tests fail
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 19:00:55 +02:00
Gilles Peskine f54a5de66a Exit with a failure status if some tests failed
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 19:00:45 +02:00
Gilles Peskine b6484875cc Finish the documentation of normalize_path
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:31:39 +02:00
Gilles Peskine 3c23c82dac Run assemble_changelog.py in all.sh
Avoid nasty surprises where it would fail when we want to make a release.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:31:39 +02:00
Gilles Peskine 43c74d20de Some .pem files are openssl output and have tabs and that's ok
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:31:24 +02:00
Gilles Peskine 401825148f .dsw files are Visual Studio stuff
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:31:24 +02:00
Gilles Peskine 66de311e0b Permit empty files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:31:24 +02:00
Gilles Peskine cd29f862f6 Normalize line endings
Convert all text files to Unix line endings unless they're Windows
stuff.

Make sure that all text files have a trailing newline.

Remove whitespace at the end of lines.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:31:24 +02:00
Gilles Peskine ce5d854dca Check only files checked into Git
We're only interested in files that are committed and pushed to be
included in Mbed TLS, not in any other files that may be lying around.
So ask git for the list of file names.

This script is primarily intended to run on the CI, and there it runs
on a fresh Git checkout plus potentially some other checkouts or
leftovers from a previous part of the CI job. It should also run
reasonably well on developer machines, where there may be various
additional files. In both cases, git is available.

Ad hoc directory exclusions are no longer needed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:26:45 +02:00
Gilles Peskine ffaef81586 Exclude binary files from text checks
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:26:45 +02:00
Gilles Peskine e6f1f245f5 Regex mechanism for check-specific exemptions
Suffixes are convenient but not always sufficient.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:26:45 +02:00
Gilles Peskine 125f89b893 Check all files by default
Have an explicit list of exemptions for specific checks rather than
whitelisting files to check. Some checks, such as permissions, should
apply to all files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:26:45 +02:00
Gilles Peskine e856ba11a1 More accurate variable name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:25:35 +02:00
Jonas c98ca37cb9 Add test cases to check rng failure
Signed-off-by: Jonas <jonas.lejeune4420@gmail.com>
2020-05-25 13:55:09 +02:00
Gilles Peskine 8b34fef0a8
Merge pull request #2710 from k-stachowiak/unified-exit-in-examples-2.16
Backport 2.16: Unify the example programs' termination
2020-05-12 10:46:36 +02:00
k-stachowiak ff8ae11159 Adjust the zeroization test to the new length of zeroize.c 2020-05-11 22:16:42 +02:00
Gilles Peskine 0f593416e0
Merge pull request #3247 from gilles-peskine-arm/travis-rationalize-2.16
Backport 2.16: Rationalize Travis builds
2020-05-04 12:10:55 +02:00
Gilles Peskine e6c0c7d369 all.sh: on arm builds (GCC or Arm Compiler), show the code size
Just show the code size in the logs, for human consumption.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:19:44 +02:00
Gilles Peskine dac156b631 all.sh: add a Cortex-M0+ build
It's pretty fast and adds a little variety.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:19:44 +02:00
Gilles Peskine fcccfbc64a all.sh: build_arm_none_eabi_gcc: do optimize
Otherwise the bignum assembly code is not used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:18:24 +02:00
Gilles Peskine a3c6c8a945 Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix
This is supposed to be for GCC (or a compiler with a compatible
command line interface) targeting arm-none-eabi, so name it
accordingly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:43:21 +02:00
Gilles Peskine 77b1f3051a all.sh: reorganize testing around deprecated features
build_deprecated combined the testing of deprecated features, and
testing of the build without deprecated features. Also, it violated the
component naming convention by being called build_xxx but running tests.

Replace it by:
* test_default_no_deprecated: check that you can remove deprecated
  features from the default build.
* test_full_deprecated_warning: check that enabling DEPRECATED_WARNING
  doesn't cause any warning from our own code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:24:08 +02:00
Gilles Peskine 313bb50db3 Strict C99: check it in the full config
Ensure that there is a build with -pedantic in the full config, not
just in "exotic" configurations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 15:02:51 +02:00