Commit graph

6508 commits

Author SHA1 Message Date
Sanne Wouda 7b2e85dd7c Use both applicable error codes and a proper coding style 2018-03-06 23:28:46 +01:00
Sanne Wouda b2b29d5259 Add end-of-buffer check to prevent heap-buffer-overflow
Dereference of *p should not happen when it points past the end of the
buffer.

Internal reference: IOTSSL-1663
2018-03-06 23:28:46 +01:00
Andres Amaya Garcia 5e85c612fc Define ASN1 bitmask macros in more direct way 2018-03-06 19:26:26 +00:00
Andres Amaya Garcia 19f33a800b Add regression test for parsing subjectAltNames 2018-03-06 19:26:20 +00:00
Andres Amaya Garcia 32ec6d4e78 Add ChangeLog entry 2018-03-06 19:26:02 +00:00
Andres Amaya Garcia 6451909160 Fix x509_get_subject_alt_name to drop invalid tag
Fix the x509_get_subject_alt_name() function to not accept invalid
tags. The problem was that the ASN.1 class for tags consists of two
bits. Simply doing bit-wise and of the CONTEXT_SPECIFIC macro with the
input tag has the potential of accepting tag values 0x10 (private)
which would indicate that the certificate has an incorrect format.
2018-03-06 19:24:19 +00:00
Andres Amaya Garcia d5101aa27a Add macros to ASN.1 module to parse ASN.1 tags
The macros simply extract the component bits of an ASN.1 tag value
2018-03-06 19:24:15 +00:00
Manuel Pégourié-Gonnard 35eb39a924 Fix some issues in comments 2018-03-06 10:34:11 +01:00
Hanno Becker 9a37e0f3be Add ChangeLog entry for previous security fix
Fixes #825
2018-03-05 13:26:28 +01:00
Hanno Becker 2e7fee09da Fix bug in X.509 CRT verification code 2018-03-05 13:25:45 +01:00
Manuel Pégourié-Gonnard fa973e022a Document choice of script exit code 2018-03-05 13:23:27 +01:00
Manuel Pégourié-Gonnard 75d35600de Fix some comment typos 2018-03-05 13:22:59 +01:00
Gert van Dijk ab41f04554 Tests: depends-pkalgs.pl - disable less options
Rather than disabling SSL & Key exchanges as a whole, only disable those
options required by reverse dependencies.

GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
See also discussion in PR #1074.
https://github.com/ARMmbed/mbedtls/pull/1074#issuecomment-327096303
2018-03-05 13:20:36 +01:00
Gert van Dijk b8e40efee3 Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug
GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
2018-03-05 13:20:31 +01:00
Manuel Pégourié-Gonnard 7c28b56f65 Fix test that didn't check full value of flags 2018-03-05 13:20:26 +01:00
Manuel Pégourié-Gonnard fcc4348ee2 Improve some comments 2018-03-05 13:20:21 +01:00
Manuel Pégourié-Gonnard aefd2dcd5b Unify name of default profile in X.509 tests 2018-03-05 13:20:14 +01:00
Manuel Pégourié-Gonnard d9184f2f08 Add missing dependency in test-certs Makefile 2018-03-05 13:20:08 +01:00
Manuel Pégourié-Gonnard 2f1633e002 Improve some comments, fix some typos 2018-03-05 13:19:41 +01:00
Manuel Pégourié-Gonnard 650780c462 Fix some whitespace 2018-03-05 13:16:28 +01:00
Manuel Pégourié-Gonnard b26b28a7e4 Make some perl scripts usable with git bisect run
For that they need to return between 0 and 124 on error, while die returns
255, causing bisect-run to abort.
2018-03-05 13:16:15 +01:00
Manuel Pégourié-Gonnard c08e906f3a Add comments on chain verification cases
This is the beginning of a series of commits refactoring the chain
building/verification functions in order to:
- make it simpler to understand and work with
- prepare integration of restartable ECC
2018-03-05 13:05:25 +01:00
Manuel Pégourié-Gonnard b0add2e2ad Add test for callback and bad signatures
Our current behaviour is a bit inconsistent here:
- when the bad signature is made by a trusted CA, we stop here and don't
  include the trusted CA in the chain (don't call vrfy on it)
- otherwise, we just add NOT_TRUSTED to the flags but keep building the chain
  and call vrfy on the upper certs
2018-03-05 13:05:17 +01:00
Manuel Pégourié-Gonnard 50fc51a9f7 Add test for bad name and callback
This ensures that the callback can actually clear that flag, and that it is
seen by the callback at the right level. This flag is not set at the same
place than others, and this difference will get bigger in the upcoming
refactor, so let's ensure we don't break anything here.
2018-03-05 13:05:03 +01:00
Manuel Pégourié-Gonnard 166b1e0b60 Add test for same CA with different keys
When a trusted CA is rolling its root keys, it could happen that for some
users the list of trusted roots contains two versions of the same CA with the
same name but different keys. Currently this is supported but wasn't tested.

Note: the intermediate file test-ca-alt.csr is commited on purpose, as not
commiting intermediate files causes make to regenerate files that we don't
want it to touch.
2018-03-05 13:03:40 +01:00
Manuel Pégourié-Gonnard 37a560cc6d Add test for CA forgery attempt
As we accept EE certs that are explicitly trusted (in the list of trusted
roots) and usually look for parent by subject, and in the future we might want
to avoid checking the self-signature on trusted certs, there could a risk that we
incorrectly accept a cert that looks like a trusted root except it doesn't
have the same key. This test ensures this will never happen.
2018-03-05 13:02:27 +01:00
Manuel Pégourié-Gonnard 5bc9738139 Add test for profile on trusted EE cert 2018-03-05 13:01:11 +01:00
Manuel Pégourié-Gonnard cd2118f67b Add tests for flags passed to f_vrfy
The tests cover chains of length 0, 1 and 2, with one error, located at any of
the available levels in the chain. This exercises all three call sites of
f_vrfy (two in verify_top, one in verify_child). Chains of greater length
would not cover any new code path or behaviour that I can see.
2018-03-05 13:01:02 +01:00
Manuel Pégourié-Gonnard ae6d7103cc Add ability to test flags value in vrfy callback
So far there was no test ensuring that the flags passed to the vrfy callback
are correct (ie the flags for the current certificate, not including those of
the parent).

Actual tests case making use of that test function will be added in the next
commit.
2018-03-05 13:00:43 +01:00
Manuel Pégourié-Gonnard b9c72eb733 Improve handling of md errors in X.509
md() already checks for md_info == NULL. Also, in the future it might also
return other errors (eg hardware errors if acceleration is used), so it make
more sense to check its return value than to check for NULL ourselves and then
assume no other error can occur.

Also, currently, md_info == NULL can never happen except if the MD and OID modules
get out of sync, or if the user messes with members of the x509_crt structure
directly.

This commit does not change the current behaviour, which is to treat MD errors
the same way as a bad signature or no trusted root.
2018-03-05 13:00:31 +01:00
Manuel Pégourié-Gonnard 3a130848fd Clarify documentation for directly-trusted certs
The fact that self-signed end-entity certs can be explicitly trusted by
putting them in the CA list even if they don't have the CA bit was not
documented though it's intentional, and tested by "Certificate verification #73
(selfsigned trusted without CA bit)" in test_suite_x509parse.data

It is unclear to me whether the restriction that explicitly trusted end-entity
certs must be self-signed is a good one. However, it seems intentional as it is
tested in tests #42 and #43, so I'm not touching it for now.
2018-03-05 13:00:20 +01:00
Manuel Pégourié-Gonnard 4d9e7cb66b Fix usage of CFLAGS with cmake in all.sh
With cmake, CFLAGS has to be set when invoking cmake, not make (which totally
ignores the value of CFLAGS when it runs and only keeps the one from cmake).

Also, in that case the flags were either redundant (-Werror etc) or wrong
(-std=c99 -pedantic) as some parts of the library will not build with
-pedantic (see the other -pedantic tests, which are correct, for what needs to
be disabled).
2018-03-05 13:00:03 +01:00
Manuel Pégourié-Gonnard 1ddd682843 Fix depends_on:pk_alg in test suites 2018-03-05 12:58:51 +01:00
Manuel Pégourié-Gonnard 153b5ef696 Add new test script depends-pkalgs.pl 2018-03-05 12:58:42 +01:00
Manuel Pégourié-Gonnard 0ce53f5d13 Fix depends_on:curve in x509 tests 2018-03-05 12:58:35 +01:00
Manuel Pégourié-Gonnard 056eab5ff0 Fix usage of {curves,key-exchanges}.pl in all.sh 2018-03-05 12:58:22 +01:00
Manuel Pégourié-Gonnard 483a776019 Fix missing depends_on:SHA/MD in x509 tests 2018-03-05 12:57:36 +01:00
Manuel Pégourié-Gonnard 73fc679293 Add new test script depends-hashes.pl
This is step 1 of a plan to get rid once and for all of missing depends_on in
the X509 test suite (step 2 will be RSA/ECDSA, and step 0 was curves.pl).
2018-03-05 12:57:16 +01:00
Manuel Pégourié-Gonnard 9c1b20c7df Add tests for spurious certs in the chain
We have code to skip them but didn't have explicit tests ensuring they are
(the corresponding branch was never taken).

While at it, remove extra copy of the chain in server10*.crt, which was
duplicated for no reason.
2018-03-05 12:56:49 +01:00
Manuel Pégourié-Gonnard fe65bf7658 Add test for bad signature with longer chain
This is one line that wasn't covered in verify_child()
2018-03-05 12:53:39 +01:00
Manuel Pégourié-Gonnard 3bdcda79e5 Add test for expired cert in longer chain
That's two lines that were not covered in verify_child()
2018-03-05 12:53:23 +01:00
Manuel Pégourié-Gonnard b0ef3e2c51 Add tests for fatal error in vrfy callback
This shows inconsistencies in how flags are handled when callback fails:
- sometimes the flags set by the callback are transmitted, sometimes not
- when the cert if not trusted, sometimes BADCERT_NOT_TRUSTED is set,
  sometimes not

This adds coverage for 9 lines and 9 branches. Now all lines related to
callback failure are covered.
2018-03-05 12:52:46 +01:00
Manuel Pégourié-Gonnard 9cca267ef3 Add ability to test failing vrfy callback 2018-03-05 12:52:37 +01:00
Manuel Pégourié-Gonnard 189bb40e60 Add tests for profile enforcement
Now all checks related to profile are covered in:
- verify_with_profile()
- verify_child()
- verify_top()
(that's 10 lines that were previously not covered)

Leaving aside profile enforcement in CRLs for now, as the focus is on
preparing to refactor cert verification.
2018-03-05 12:52:30 +01:00
Manuel Pégourié-Gonnard 94f2aa344d Set deterministic flags for NULL profile
Previously flags was left to whatever value it had before. It's cleaner to
make sure it has a definite value, and all bits set looks like the safest way
for when it went very wrong.
2018-03-05 12:52:22 +01:00
Manuel Pégourié-Gonnard 7e9709a281 Add "profile" arg to X.509 test function
Unused yet, tests using it will be added in the next commit
2018-03-05 12:52:08 +01:00
itayzafrir 33d8e3335f Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
2018-03-05 09:46:21 +02:00
Gilles Peskine b4ef45b4f5 all.sh: build with -O -Werror in the full config
Build with MBEDTLS_DEPRECATED_REMOVED and MBEDTLS_DEPRECATED_WARNING
separately.

Do these builds with `-O -Werror -Wall -Wextra` to catch a maximum of
issues while we're at it. Do one with gcc and one with clang for
variety. This caught an uninitialized variable warning in cmac.c that
builds without -O didn't catch.
2018-03-01 22:23:50 +01:00
Gilles Peskine df761d5a6b Fix build with gcc -O -Wall
Fix warnings from gcc -O -Wall about `ret` used uninitialized in
CMAC selftest auxiliary functions. The variable was indeed
uninitialized if the function was called with num_tests=0 (which
never happens).
2018-03-01 22:18:14 +01:00
Gilles Peskine f936cb1c1b Add attribution for #1351 report 2018-02-27 10:21:45 +01:00