Commit graph

9244 commits

Author SHA1 Message Date
Gilles Peskine e915d532a6 Silence pylint
Silence pylint in specific places where we're doing slightly unusual
or dodgy, but correct.
2019-02-27 11:03:25 +01:00
Gilles Peskine 23e64f226b check-files.py: readability improvement in permission check 2019-02-27 11:03:25 +01:00
Gilles Peskine 1e9698af4b check-files.py: use class fields for class-wide constants
In an issue tracker, heading and files_exemptions are class-wide
constants, so make them so instead of being per-instance fields.
2019-02-27 11:03:25 +01:00
Gilles Peskine 6ee576e0b5 check-files.py: clean up class structure
Line issue trackers are conceptually a subclass of file issue
trackers: they're file issue trackers where issues arise from checking
each line independently. So make it an actual subclass.

Pylint pointed out the design smell: there was an abstract method that
wasn't always overridden in concrete child classes.
2019-02-27 11:03:25 +01:00
Gilles Peskine 712afa74f4 abi_check.py: Document more methods 2019-02-27 11:03:25 +01:00
Gilles Peskine 0d060ef328 check-files.py: document some classes and methods
Document all classes and longer methods.

Declare a static method as such. Pointed out by pylint.
2019-02-27 11:03:25 +01:00
Gilles Peskine aad2ebdf30 Fix pylint errors going uncaught
Make check-python-files.sh run pylint on all *.py files (in
directories where they are known to be present), rather than list
files explicitly.

Fix a bug whereby the return status of check-python-files.sh was only
based on the last file passing, i.e. errors in other files were
effectively ignored.

Make check-python-files.sh run pylint unconditionally. Since pylint3
is not critical, make all.sh to skip running check-python-files.sh if
pylint3 is not available.
2019-02-27 11:03:25 +01:00
Gilles Peskine b2c269eeee Call pylint3, not pylint
We use Python 3, so call Pylint for Python 3, not for Python 2.
2019-02-27 11:03:24 +01:00
Gilles Peskine 7f61575cba New, documented pylint configuration
The pylint configuration in .pylint was a modified version of the
output of `pylint --generate-rcfile` from an unknown version of
pylint. Replace it with a file that only contains settings that are
modified from the default, with an explanation of why each setting is
modified.

The new .pylintrc was written from scratch, based on the output of
pylint on the current version of the files and on a judgement of what
to silence generically, what to silence on a case-by-case basis and
what to fix.
2019-02-27 11:03:24 +01:00
Manuel Pégourié-Gonnard c8530dfd7e Fix the proxy seed in Travis runs
This is what we do in Jenkins, so it only makes sense to do it here as well.
This will avoid random failures for no other reason than the proxy was
dropping all the messages due to an unlucky PRNG seed.

See https://docs.travis-ci.com/user/environment-variables/ for syntax
2019-02-27 10:46:56 +01:00
Hanno Becker bdf75eb243 Add missing compile time guard in ssl_client2 2019-02-27 08:34:31 +00:00
Janos Follath f607813f53 ECP: remove extra whitespaces 2019-02-26 17:02:37 +00:00
Janos Follath 52ff8e9387 Fix ECDH secret export for Mongomery curves
We only switched to little endian for Curve25519, but all Montgomery
curves require little endian byte order.
2019-02-26 16:49:52 +00:00
Janos Follath bf42408528 Improve ECP test names 2019-02-26 16:49:52 +00:00
Janos Follath df9295b7ec Make ecp_get_type public
The ecp_get_type function comes handy in higher level modules and tests
as well. It is not inline anymore, to enable alternative implementations
to implement it for themselves.
2019-02-26 16:49:42 +00:00
Janos Follath 4ffdbe0979 Add more tests for ecp_read_key 2019-02-26 16:48:40 +00:00
Janos Follath 28eb06df16 ECP: Catch unsupported import/export
mbedtls_ecp_read_key() module returned without an error even when
importing keys corresponding to the requested group was not
implemented.

We change this and return an error when the requested group is not
supported and make the remaining import/export functions more robust.
2019-02-26 16:48:40 +00:00
Janos Follath b65853c6b6 Improve documentation of mbedtls_ecp_read_key 2019-02-26 16:48:40 +00:00
Janos Follath 7780096f3b Fix typo in ECP module 2019-02-26 16:48:40 +00:00
Janos Follath e5670f2663 Remove unnecessary cast from ECP test 2019-02-26 16:48:40 +00:00
Hanno Becker 775655eead Update programs/ssl/query_config.c 2019-02-26 14:38:40 +00:00
Hanno Becker 23699efe78 ssl_client2: Reset peer CRT info string on reconnect 2019-02-26 14:38:09 +00:00
Hanno Becker bd5580abb1 Add further debug statements on assertion failures 2019-02-26 14:38:09 +00:00
Hanno Becker 353a6f0d50 Fix typo in documentation of ssl_parse_certificate_chain() 2019-02-26 14:38:09 +00:00
Hanno Becker 62d58ed975 Add debug output in case of assertion failure 2019-02-26 14:38:09 +00:00
Hanno Becker 6883874013 Fix typo in SSL ticket documentation 2019-02-26 14:38:09 +00:00
Hanno Becker fe4ef0c1ae Add config sanity check for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 2019-02-26 14:38:09 +00:00
Hanno Becker a1051b4e9a ssl_client2: Zeroize peer CRT info buffer when reconnecting 2019-02-26 14:38:09 +00:00
Hanno Becker fe9aec4cb1 Reintroduce numerous ssl-opt.sh tests if !MBEDTLS_SSL_KEEP_PEER_CERT 2019-02-26 14:38:09 +00:00
Hanno Becker a9766c2c23 ssl_client2: Extract peer CRT info from verification callback
So far, `ssl_client2` printed the CRT info for the peer's CRT
by requesting the latter through `mbedtls_ssl_get_peer_cert()`
at the end of the handshake, and printing it via
`mbedtls_x509_crt_info()`. When `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE`
is disabled, this does no longer work because the peer's CRT
isn't stored beyond the handshake.

This makes some tests in `ssl-opt.sh` fail which rely on the CRT
info output for the peer certificate.

This commit modifies `ssl_client2` to extract the peer CRT info
from the verification callback, which is always called at a time
when the peer's CRT is available. This way, the peer's CRT info
is still printed if `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` is disabled.
2019-02-26 14:38:09 +00:00
Hanno Becker 958efeb481 Improve documentation of mbedtls_ssl_get_peer_cert() 2019-02-26 14:38:09 +00:00
Hanno Becker fd7f298c6a Improve documentation of MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 2019-02-26 14:38:09 +00:00
Hanno Becker 3fd3f5ebe4 Fix indentation of Doxygen comment in ssl_internal.h 2019-02-26 14:38:09 +00:00
Hanno Becker accc5998ae Set peer CRT length only after successful allocation 2019-02-26 14:38:09 +00:00
Hanno Becker 3acc9b9042 Remove question in comment about verify flags on cli vs. server 2019-02-26 14:38:09 +00:00
Hanno Becker 1aed7779ec Remove misleading and redundant guard around restartable ECC field
`MBEDTLS_SSL__ECP_RESTARTABLE` is only defined if
`MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED` is set, which
requires `MBEDTLS_X509_PARSE_C` to be set (this is checked
in `check_config.`). The additional `MBEDTLS_X509_PARSE_C`
guard around the `ecrs_peer_cert` field is therefore not
necessary; moreover, it's misleading, because it hasn't
been used consistently throughout the code.
2019-02-26 14:38:09 +00:00
Hanno Becker 545ced45f7 Add test for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to all.sh 2019-02-26 14:38:09 +00:00
Hanno Becker 6b8fbab290 Free peer CRT chain immediately after verifying it
If we don't need to store the peer's CRT chain permanently, we may
free it immediately after verifying it. Moreover, since we parse the
CRT chain in-place from the input buffer in this case, pointers from
the CRT structure remain valid after freeing the structure, and we
use that to extract the digest and pubkey from the CRT after freeing
the structure.
2019-02-26 14:38:09 +00:00
Hanno Becker 0056eab3cd Parse peer's CRT chain in-place from the input buffer 2019-02-26 14:38:09 +00:00
Hanno Becker ae553dde3a Free peer's public key as soon as it's no longer needed
On constrained devices, this saves a significant amount of RAM that
might be needed for subsequent expensive operations like ECDHE.
2019-02-26 14:38:09 +00:00
Hanno Becker b9d4479080 Correct compile-time guards for ssl_clear_peer_cert()
It is used in `mbedtls_ssl_session_free()` under
`MBEDTLS_X509_CRT_PARSE_C`, but defined only if
`MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED`.

Issue #2422 tracks the use of
`MBEDTLS_KEY_EXCHANGE__WITH_CERT_ENABLED` instead of
`MBEDTLS_X509_CRT_PARSE_C` for code and fields
related to CRT-based ciphersuites.
2019-02-26 14:38:09 +00:00
Hanno Becker e31505d64e Adapt ChangeLog 2019-02-26 14:38:09 +00:00
Hanno Becker e68245750a Guard mbedtls_ssl_get_peer_cert() by new compile-time option 2019-02-26 14:38:09 +00:00
Hanno Becker d0aac14303 Add dependency to ssl-opt.sh tests which need peer CRT debug info 2019-02-26 14:38:09 +00:00
Hanno Becker b6c5eca2d5 Adapt mbedtls_ssl_parse_certificate() to removal of peer_cert field 2019-02-26 14:38:09 +00:00
Hanno Becker 13c327d500 Adapt ssl_clear_peer_cert() to removal of peer_cert field 2019-02-26 14:38:09 +00:00
Hanno Becker 6d1986e6f5 Adapt mbedtls_ssl_session_copy() to removal of peer_cert field 2019-02-26 14:38:09 +00:00
Hanno Becker 94cc26dfa6 Adapt session ticket implementation to removal of peer_cert field 2019-02-26 14:38:09 +00:00
Hanno Becker abe6f66c00 Remove peer CRT from mbedtls_ssl_session if new option is disabled 2019-02-26 14:38:09 +00:00
Hanno Becker 2a831a4ba7 Adapt client auth detection in ssl_parse_certificate_verify()
The server expects a CertificateVerify message only if it has
previously received a Certificate from the client.

So far, this was detected by looking at the `peer_cert` field
in the current session. Preparing to remove the latter, this
commit changes this to instead determine the presence of a peer
certificate by checking the new `peer_cert_digest` pointer.
2019-02-26 14:38:09 +00:00