Commit graph

2907 commits

Author SHA1 Message Date
Hanno Becker 7b8330a9c7 X.509: Move negative tests for CertificatePolicy parsing
This commit moves the X.509 negative parsing tests for the
CertificatePolicy extension to the place where negative
testing of other extensions happens.
2019-09-17 13:10:42 +01:00
Hanno Becker 82a1fe5fcc X.509: Remove CRT policy parsing test 'bool len missing'
Judging from its name, the purpose of the test

   TBSCertificate v3, ext CertificatePolicies tag, bool len missing

in test_suite_x509parse.data is to exercise the X.509 parsing stack's
behaviour when parsing a CertificatePolicy extension which lacks the
length field of the boolean 'Criticality' value.

However, the test fails at an earlier stage due to a mismatch of inner
and outer length of the explicit ASN.1 extensions structure.

Since we already have tests exercising

- mismatch of inner and outer length in the extensions structure, namely
  'X509 CRT ASN1 (TBS, inv v3Ext, inner tag invalid)'
- missing length of the 'Criticality' field in an extension, namely
  'X509 CRT ASN1 (TBS, inv v3Ext, critical length missing)'

and since for both tests there's no relevance to the use of the
policy extension OID, the test

  'TBSCertificate v3, ext CertificatePolicies tag, bool len missing'

can be dropped.
2019-09-17 13:10:42 +01:00
Jaeden Amero 62be28b525 Merge remote-tracking branch 'origin/pr/2469' into development
* origin/pr/2469:
  Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh
  Remove unnecessary memory buffer alloc unsets
  Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test
  all.sh: restructure memory allocator tests
  Add missing dependency in memory buffer alloc set in all.sh
  Don't set MBEDTLS_MEMORY_DEBUG through `scripts/config.pl full`
  Add cfg dep MBEDTLS_MEMORY_DEBUG->MBEDTLS_MEMORY_BUFFER_ALLOC_C
  Fix memory leak in CSR test suite on failure
  Fix a memory leak in x509write test suite
  Add all.sh run with full config and ASan enabled
  Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
  Update documentation of exceptions for `config.pl full`
  Adapt all.sh to removal of buffer allocator from full config
  Disable memory buffer allocator in full config
  Check dependencies of MBEDTLS_MEMORY_BACKTRACE in check_config.h
2019-09-12 16:45:55 +01:00
Andrzej Kurek 9f409f6aec Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh 2019-09-10 04:28:55 -04:00
Andrzej Kurek 4b3a45e190 Remove unnecessary memory buffer alloc unsets
This define is turned off by default
2019-09-06 07:47:56 -04:00
Andrzej Kurek 1e56d2c3de Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test 2019-09-06 07:44:37 -04:00
Andrzej Kurek 69f20aae77 all.sh: restructure memory allocator tests
Run basic tests and ssl-opt with memory backtrace disabled, then
run basic tests only with it enabled.
2019-09-06 07:44:37 -04:00
Hanno Becker d7064202ea Add missing dependency in memory buffer alloc set in all.sh 2019-09-06 07:44:37 -04:00
Hanno Becker bf2dacb8fe Fix memory leak in CSR test suite on failure 2019-09-06 07:44:37 -04:00
Hanno Becker 2fcdd7446e Fix a memory leak in x509write test suite
This leak wasn't discovered by the CI because the only test in
all.sh exercising the respective path enabled the custom memory
buffer allocator implementations of calloc() and free(), hence
bypassing ASan.
2019-09-06 07:44:37 -04:00
Hanno Becker 0163551aa0 Add all.sh run with full config and ASan enabled 2019-09-06 07:44:37 -04:00
Hanno Becker 0fb9ba2760 Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
With the removal of MBEDTLS_MEMORY_BUFFER_ALLOC_C from the
full config, there are no tests for it remaining in all.sh.
This commit adds a build as well as runs of `make test` and
`ssl-opt.sh` with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled to all.sh.
2019-09-06 07:44:37 -04:00
Unknown 790c281f51 Adapt all.sh to removal of buffer allocator from full config
Previously, numerous all.sh tests manually disabled the buffer allocator
or memory backtracting after setting a full config as the starting point.

With the removal of MBEDTLS_MEMORY_BACKTRACE and MBEDTLS_MEMORY_BUFFER_ALLOC_C
from full configs, this is no longer necessary.
2019-09-06 07:44:37 -04:00
Jaeden Amero c9c4ca3f40 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Fix copypasta in msg
  When not using PSA crypto, disable it
  Disable MEMORY_BUFFER_ALLOC with ASan
  Remove config.pl calls with no effect
  ssl-opt.sh: wait for proxy to start before running the script further
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 18:14:14 +01:00
Jaeden Amero 4714fd8998 Merge remote-tracking branch 'origin/pr/2815' into development
* origin/pr/2815:
  ssl-opt.sh: wait for proxy to start before running the script further
2019-09-05 14:24:07 +01:00
Jaeden Amero ba7f4d1484 Merge remote-tracking branch 'origin/pr/2771' into development
* origin/pr/2771:
  Fix copypasta in msg
  When not using PSA crypto, disable it
  Disable MEMORY_BUFFER_ALLOC with ASan
  Remove config.pl calls with no effect
2019-09-05 14:23:55 +01:00
Gilles Peskine dc3a179995 Fix copypasta in msg 2019-09-03 14:11:36 +02:00
Gilles Peskine 6ce30722d0 When not using PSA crypto, disable it
In the test with the full config without MBEDTLS_USE_PSA_CRYPTO, don't
build MBEDTLS_PSA_CRYPTO_C, since it isn't supposed to be used.
2019-09-03 14:11:36 +02:00
Gilles Peskine 751bb4c0e1 Disable MEMORY_BUFFER_ALLOC with ASan
MBEDTLS_MEMORY_BUFFER_ALLOC_C makes ASan mostly ineffective since it
hides allocations. So disable it when testing with ASan.
2019-09-03 14:11:36 +02:00
Gilles Peskine c6f1c84663 Remove config.pl calls with no effect
When MBEDTLS_MEMORY_BUFFER_ALLOC_C is disabled, other
MBEDTLS_MEMORY_xxx options have no effect, so don't bother unsetting
them explicitly.
2019-09-03 14:11:36 +02:00
Unknown d364f4c7dd ssl-opt.sh: wait for proxy to start before running the script further 2019-09-02 10:42:57 -04:00
Jaeden Amero 4cf0e7e4d2 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (42 commits)
  Handle deleting non-existant files on Windows
  Update submodule
  Use 3rdparty headers from the submodule
  Add Everest components to all.sh
  3rdparty: Add config checks for Everest
  Fix macros in benchmark.c
  Update generated files
  3rdparty: Fix inclusion order of CMakeLists.txt
  Fix trailing whitespace
  ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
  ECDH: Fix use of ECDH API in full handshake benchmark
  ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark
  ECDH: Fix Everest x25519 make_public
  Fix file permissions
  3rdparty: Rename THIRDPARTY_OBJECTS
  3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
  3rdparty: Fix Makefile coding conventions
  ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
  Add a changelog entry for Everest ECDH (X25519)
  Document that curve lists can include partially-supported curves
  ...
2019-08-30 16:24:18 +01:00
Jaeden Amero 49fcbeab14 Merge remote-tracking branch 'origin/pr/2799' into development
Manually edit ChangeLog to ensure correct placement of ChangeLog notes.

* origin/pr/2799: (42 commits)
  Handle deleting non-existant files on Windows
  Update submodule
  Use 3rdparty headers from the submodule
  Add Everest components to all.sh
  3rdparty: Add config checks for Everest
  Fix macros in benchmark.c
  Update generated files
  3rdparty: Fix inclusion order of CMakeLists.txt
  Fix trailing whitespace
  ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
  ECDH: Fix use of ECDH API in full handshake benchmark
  ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark
  ECDH: Fix Everest x25519 make_public
  Fix file permissions
  3rdparty: Rename THIRDPARTY_OBJECTS
  3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
  3rdparty: Fix Makefile coding conventions
  ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
  Add a changelog entry for Everest ECDH (X25519)
  Document that curve lists can include partially-supported curves
  ...
2019-08-30 15:50:45 +01:00
Darryl Green 9b9a790be6 Handle deleting non-existant files on Windows
If we try to delete a non-existant file using del on Windows, as
can happen when running make clean, del will throw an error. Make
the Makefiles more robust by only deleting files if they exist.
2019-08-30 15:45:46 +01:00
Jaeden Amero d031378ff5 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Update library version to 2.19.0
  ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
  ssl-opt.sh: Duplicate context serialization tests for CID
  Fix SSL context deserialization
2019-08-30 15:30:58 +01:00
Jaeden Amero 379964a7b6 Merge remote-tracking branch 'origin/pr/2814' into development
* origin/pr/2814:
  Update library version to 2.19.0
2019-08-30 14:40:57 +01:00
Darryl Green fe997c646b Update library version to 2.19.0 2019-08-30 13:02:16 +01:00
Hanno Becker e0b90ece55 ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
This commit splits each test in ssl-opt.sh related to context serialization
in three tests, exercising the use of CCM, GCM and ChaChaPoly separately.

The reason is that the choice of primitive affects the presence and size
of an explicit IV, and we should test that space for those IVs is correctly
restored during context deserialization; in fact, this was not the case
previously, as fixed in the last commit, and was not caught by the tests
because only ChaChaPoly was tested.
2019-08-30 12:14:38 +01:00
Hanno Becker 1b18fd3afe ssl-opt.sh: Duplicate context serialization tests for CID
This commit introduces a variant of each existing test for
context serialization in ssl-opt.sh that also uses the DTLS
Connection ID feature.
2019-08-30 12:14:38 +01:00
Janos Follath 4f055f4ca2 Use 3rdparty headers from the submodule 2019-08-29 16:12:38 +01:00
Gilles Peskine 0c6b79979c Add Everest components to all.sh
Test a native build and a 32-bit build. For variety, the native build
is with CMake and clang, and the 32-bit build is with GNU make and
gcc.
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 37eb90617a 3rdparty: Fix Makefile coding conventions 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 655ddababa 3rdparty: Add additional build facilities for 3rd-party code 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 9b33e7d7d7 ECDH: Exclude FStar and Hacl* from exported symbol checks 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 346932a099 Fix preprocessor directive recognition in list-enum-consts.pl 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger e0e8eb3114 ECDH: Add #ifdef filter to tests/scripts/list-enum-consts.pl
This allows the use of #ifdef ... #endif in enum definitions (e.g.,
mbedtls_ecdh_variant in ecdh.h).
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 977d89ab29 ECDH: Include Everest Curve25519 in build scripts 2019-08-29 16:12:38 +01:00
Jaeden Amero 64f264332f Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Update the crypto submodule
  Use multipart PSA key derivation API
  platform: Include stdarg.h where needed
  Update Mbed Crypto to contain mbed-crypto#152
  CMake: Add a subdirectory build regression test
  README: Enable builds as a CMake subproject
  ChangeLog: Enable builds as a CMake subproject
  Remove use of CMAKE_SOURCE_DIR
  Update library version to 2.18.0
2019-08-29 14:14:05 +01:00
Jaeden Amero 4e0db5642a Merge branch 'mbedtls-2.18' into development
Bring Mbed TLS 2.18.0 and 2.18.1 release changes back into the
development branch. We had branched to release 2.18.0 and 2.18.1 in
order to allow those releases to go out without having to block work on
the `development` branch.

Manually resolve conflicts in the Changelog by moving all freshly addded
changes to a new, unreleased version entry.

Reject changes to include/mbedtls/platform.h made in the mbedtls-2.18
branch, as that file is now sourced from Mbed Crypto.

* mbedtls-2.18:
  platform: Include stdarg.h where needed
  Update Mbed Crypto to contain mbed-crypto#152
  CMake: Add a subdirectory build regression test
  README: Enable builds as a CMake subproject
  ChangeLog: Enable builds as a CMake subproject
  Remove use of CMAKE_SOURCE_DIR
  Update library version to 2.18.0
2019-08-27 11:18:28 +01:00
Jaeden Amero f1cdceae0d Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (114 commits)
  Don't redefine calloc and free
  Add changelog entry to record checking
  Fix compiler warning
  Add debug messages
  Remove duplicate entries from ChangeLog
  Fix parameter name in doxygen
  Add missing guards for mac usage
  Improve reability and debugability of large if
  Fix a typo in a comment
  Fix MSVC warning
  Fix compile error in reduced configurations
  Avoid duplication of session format header
  Implement config-checking header to context s11n
  Provide serialisation API only if it's enabled
  Fix compiler warning: comparing signed to unsigned
  Actually reset the context on save as advertised
  Re-use buffer allocated by handshake_init()
  Enable serialisation tests in ssl-opt.sh
  Change requirements for setting timer callback
  Add setting of forced fields when deserializing
  ...
2019-08-27 10:09:10 +01:00
Manuel Pégourié-Gonnard 862b3196d6 Enable serialisation tests in ssl-opt.sh
They currently pass in a default build.
2019-08-23 13:11:31 +03:00
Jarno Lamsa c2376f049a Add tests for re-init flow for context serialization 2019-08-23 13:05:42 +03:00
Jarno Lamsa a0b2cd6f82 ssl-opt.sh tests for serialization are currently using stub implementation 2019-08-23 12:53:40 +03:00
Jarno Lamsa cbee1b3bda Add missing slashes to tests 2019-08-23 12:53:40 +03:00
Jarno Lamsa 2937d81eb8 Add serialization tests to ssl-opt.sh 2019-08-23 12:53:40 +03:00
Hanno Becker f9b3303eb9 Introduce specific error for ver/cfg mismatch on deserialization
This commit introduces a new SSL error code

  `MBEDTLS_ERR_SSL_VERSION_MISMATCH`

which can be used to indicate operation failure due to a
mismatch of version or configuration.

It is put to use in the implementation of `mbedtls_ssl_session_load()`
to signal the attempt to de-serialize a session which has been serialized
in a build of Mbed TLS using a different version or configuration.
2019-08-23 12:51:21 +03:00
Hanno Becker fe1275e3fe Improve test for detection of ver/cfg corruption in serialized data
This commit improves the test exercising the behaviour of
session deserialization when facing an unexpected version
or config, by testing ver/cfg corruption at any bit in the
ver/cfg header of the serialized data; previously, it had
only tested the first bit of each byte.
2019-08-23 12:51:21 +03:00
Hanno Becker 363b646dd8 Use US spelling 'serialize' instead of UK spelling 'serialise' 2019-08-23 12:51:21 +03:00
Hanno Becker bb54d5a3b1 Use consistent spelling of 'serialise/serialize' in SSL test suite 2019-08-23 12:51:21 +03:00
Hanno Becker 861d0bbbf2 Add negative tests for unexpected ver/cfg in session deserialization 2019-08-23 12:51:21 +03:00