Commit graph

2607 commits

Author SHA1 Message Date
Hanno Becker 2e6d34761f Remove peer CRT from mbedtls_ssl_session if !KEEP_PEER_CERT 2019-06-19 10:25:01 +01:00
Hanno Becker 4a2f8e584f Add peer CRT digest to session tickets
This commit changes the format of session tickets to include
the digest of the peer's CRT if MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
is disabled.

This commit does not yet remove the peer CRT itself.
2019-06-19 10:25:01 +01:00
Simon Butcher 7400e8fb36 Merge remote-tracking branch 'origin/pr/591' into baremetal 2019-06-18 17:36:45 +01:00
Simon Butcher f2ef573f2b Merge remote-tracking branch 'origin/pr/598' into baremetal 2019-06-18 15:00:02 +01:00
Simon Butcher f1ff74574d Merge remote-tracking branch 'origin/pr/597' into baremetal 2019-06-18 14:58:37 +01:00
Hanno Becker b2c6383b7b Add missing !MBEDTLS_X509_REMOVE_INFO guards to ssl-opt.sh 2019-06-18 11:05:44 +01:00
Peter Kolbus b1cb0bde72 all.sh: Add test for MBEDTLS_X509_REMOVE_INFO
Add a test scenario that runs make/make test with
MBEDTLS_X509_REMOVE_INFO enabled.
2019-06-18 11:05:44 +01:00
Hanno Becker 4a156fc854 Apply guards to make ssl-opt.sh work with MBEDTLS_X509_REMOVE_INFO
Multiple tests in ssl-opt.sh grep for debug output that's omitted
if MBEDTLS_X509_REMOVE_INFO is defined. This commit modifies ssl-opt.sh
to skip those tests in this case.
2019-06-18 11:05:44 +01:00
Hanno Becker 98f85c8c25 Add missing dependencies on !MBEDTLS_X509_REMOVE_INFO 2019-06-18 11:05:44 +01:00
Hanno Becker 02a2193f60 Rename MBEDTLS_X509_INFO to !MBEDTLS_X509_REMOVE_INFO 2019-06-18 11:05:44 +01:00
Peter Kolbus dc470ae8af Reduce code size when mbedtls_x509_*_info() unused
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.

Change-Id: I056312613379890e0d70e1d08c34171287c0aa17
2019-06-18 11:05:37 +01:00
Manuel Pégourié-Gonnard 31ae7facb3 Add test for build warnings with baremetal.h 2019-06-18 12:03:51 +02:00
Jarno Lamsa 8a91c0650a Add tests for re-init flow for context serialization 2019-06-18 11:50:11 +03:00
Jarno Lamsa cc281b8a54 ssl-opt.sh tests for serialization are currently using stub implementation 2019-06-18 11:50:11 +03:00
Jarno Lamsa dcfc2a7364 Add missing slashes to tests 2019-06-18 11:50:11 +03:00
Jarno Lamsa fa45e6005e Add serialization tests to ssl-opt.sh 2019-06-18 11:50:11 +03:00
Hanno Becker 1abb159e90 Merge branch 'mbedtls-2.16' into baremetal 2019-06-18 09:00:37 +01:00
Simon Butcher c725e4b34e Merge remote-tracking branch 'origin/pr/590' into baremetal 2019-06-17 17:57:26 +01:00
Jaeden Amero 418e7611f6 Merge remote-tracking branch 'origin/pr/2484' into mbedtls-2.16
* origin/pr/2484:
  Correct placement of ChangeLog entry
  Improve documentation of mbedtls_x509_get_ext()
  Adapt ChangeLog
  Always return a high-level error code from X.509 module
  Obey bounds of ASN.1 substructures
2019-06-14 15:28:42 +01:00
Jaeden Amero 7aed01c0dc Merge remote-tracking branch 'origin/pr/2481' into mbedtls-2.16
* origin/pr/2481:
  Document support for MD2 and MD4 in programs/x509/cert_write
  Correct name of X.509 parsing test for well-formed, ill-signed CRT
  Add test cases exercising successful verification of MD2/MD4/MD5 CRT
  Add test case exercising verification of valid MD2 CRT
  Add MD[245] test CRTs to tree
  Add instructions for MD[245] test CRTs to tests/data_files/Makefile
  Add suppport for MD2 to CSR and CRT writing example programs
  Convert further x509parse tests to use lower-case hex data
  Correct placement of ChangeLog entry
  Adapt ChangeLog
  Use SHA-256 instead of MD2 in X.509 CRT parsing tests
  Consistently use lower case hex data in X.509 parsing tests
2019-06-14 08:50:47 +01:00
Jaeden Amero 1adf212a1b Merge remote-tracking branch 'origin/pr/2497' into mbedtls-2.16
* origin/pr/2497:
  Re-generate library/certs.c from script
  Add new line at the end of test-ca2.key.enc
  Use strict syntax to annotate origin of test data in certs.c
  Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO
  Allow DHM self test to run without MBEDTLS_PEM_PARSE_C
  ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
  Document origin of hardcoded certificates in library/certs.c
  Adapt ChangeLog
  Rename server1.der to server1.crt.der
  Add DER encoded files to git tree
  Add build instructions to generate DER versions of CRTs and keys
  Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2
  ssl_server2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  ssl_client2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  Correct white spaces in ssl_server2 and ssl_client2
  Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled
  Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled
2019-06-14 08:48:54 +01:00
Jarno Lamsa 31d940ba5e Change test name 2019-06-12 10:21:33 +03:00
Jarno Lamsa 20095afc58 Changes according to review comments 2019-06-11 17:16:58 +03:00
Jarno Lamsa 41b359114d Add tests for enforced extended master secret flag 2019-06-10 15:51:11 +03:00
Jaeden Amero adffe39fdb test: Remove redundant 0-byte decryption test
Remove the "Decrypt empty buffer" test, as ChaCha20 is a stream cipher
and 0 bytes encrypted is identical to a 0 length buffer. The "ChaCha20
Encrypt and decrypt 0 bytes" test will test decryption of a 0 length
buffer.
2019-06-06 12:04:13 +01:00
Jaeden Amero 4e47aa0120 test: Check empty buffer decryption for chachapoly
Previously, even in the Chacha20 and Chacha20-Poly1305 tests, we would
test that decryption of an empty buffer would work with
MBEDTLS_CIPHER_AES_128_CBC.

Make the cipher used with the dec_empty_buf() test configurable, so that
Chacha20 and Chacha20-Poly1305 empty buffer tests can use ciphers other
than AES CBC. Then, make the Chacha20 and Chacha20-Poly1305 empty buffer
tests use the MBEDTLS_CIPHER_CHACHA20 and
MBEDTLS_CIPHER_CHACHA20_POLY1305 cipher suites.
2019-06-06 12:04:13 +01:00
Hanno Becker 2fa5e73d8d Modify existing X.509 test for also test new copyless API
The existing test `x509parse_crt()` for X.509 CRT parsing
so far used the generic parsing API `mbedtls_x509_crt_parse()`
capable of parsing both PEM encoded and DER encoded certficates,
but was actually only used with DER encoded input data. Moreover,
as the purpose of the test is the testing of the core DER X.509 parsing
functionality, not the PEM vs. DER dispatch (which is now already tested
in the various `x509_crt_info()` tests), the call can be replaced with a
direct call to `mbedtls_x509_parse_crt_der()`.

This commit does that, and further adds to the test an analogous
call to the new API `mbedtls_x509_parse_crt_der_nocopy()` to test
copyless parsing of X.509 certificates.
2019-06-05 13:16:55 +01:00
Hanno Becker d58b133276 Add test for mbedtls_x509_parse_file() with DER encoded CRT 2019-06-05 13:16:55 +01:00
Simon Butcher 21d1c32b2b Merge remote-tracking branch 'origin/pr/574' into baremetal 2019-06-04 15:08:32 +01:00
Hanno Becker 2f472140f9 Always return a high-level error code from X.509 module
Some functions within the X.509 module return an ASN.1 low level
error code where instead this error code should be wrapped by a
high-level X.509 error code as in the bulk of the module.

Specifically, the following functions are affected:
- mbedtls_x509_get_ext()
- x509_get_version()
- x509_get_uid()

This commit modifies these functions to always return an
X.509 high level error code.

Care has to be taken when adapting `mbetls_x509_get_ext()`:
Currently, the callers `mbedtls_x509_crt_ext()` treat the
return code `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG` specially to
gracefully detect and continue if the extension structure is not
present. Wrapping the ASN.1 error with
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and adapting the check
accordingly would mean that an unexpected tag somewhere
down the extension parsing would be ignored by the caller.

The way out of this is the following: Luckily, the extension
structure is always the last field in the surrounding structure,
so if there is some data remaining, it must be an Extension
structure, so we don't need to deal with a tag mismatch gracefully
in the first place.

We may therefore wrap the return code from the initial call to
`mbedtls_asn1_get_tag()` in `mbedtls_x509_get_ext()` by
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and simply remove
the special treatment of `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG`
in the callers `x509_crl_get_ext()` and `x509_crt_get_ext()`.

This renders `mbedtls_x509_get_ext()` unsuitable if it ever
happened that an Extension structure is optional and does not
occur at the end of its surrounding structure, but for CRTs
and CRLs, it's fine.

The following tests need to be adapted:
- "TBSCertificate v3, issuerID wrong tag"
  The issuerID is optional, so if we look for its presence
  but find a different tag, we silently continue and try
  parsing the subjectID, and then the extensions. The tag '00'
  used in this test doesn't match either of these, and the
  previous code would hence return LENGTH_MISMATCH after
  unsucessfully trying issuerID, subjectID and Extensions.
  With the new code, any data remaining after issuerID and
  subjectID _must_ be Extension data, so we fail with
  UNEXPECTED_TAG when trying to parse the Extension data.
- "TBSCertificate v3, UIDs, invalid length"
  The test hardcodes the expectation of
  MBEDTLS_ERR_ASN1_INVALID_LENGTH, which needs to be
  wrapped in MBEDTLS_ERR_X509_INVALID_FORMAT now.

Fixes #2431.
2019-06-04 14:01:10 +01:00
Hanno Becker 4e1bfc19cc Obey bounds of ASN.1 substructures
When parsing a substructure of an ASN.1 structure, no field within
the substructure must exceed the bounds of the substructure.
Concretely, the `end` pointer passed to the ASN.1 parsing routines
must be updated to point to the end of the substructure while parsing
the latter.

This was previously not the case for the routines
- x509_get_attr_type_and_value(),
- mbedtls_x509_get_crt_ext(),
- mbedtls_x509_get_crl_ext().
These functions kept using the end of the parent structure as the
`end` pointer and would hence allow substructure fields to cross
the substructure boundary. This could lead to successful parsing
of ill-formed X.509 CRTs.

This commit fixes this.

Care has to be taken when adapting `mbedtls_x509_get_crt_ext()`
and `mbedtls_x509_get_crl_ext()`, as the underlying function
`mbedtls_x509_get_ext()` returns `0` if no extensions are present
but doesn't set the variable which holds the bounds of the Extensions
structure in case the latter is present. This commit addresses
this by returning early from `mbedtls_x509_get_crt_ext()` and
`mbedtls_x509_get_crl_ext()` if parsing has reached the end of
the input buffer.

The following X.509 parsing tests need to be adapted:
- "TBSCertificate, issuer two inner set datas"
  This test exercises the X.509 CRT parser with a Subject name
  which has two empty `AttributeTypeAndValue` structures.
  This is supposed to fail with `MBEDTLS_ERR_ASN1_OUT_OF_DATA`
  because the parser should attempt to parse the first structure
  and fail because of a lack of data. Previously, it failed to
  obey the (0-length) bounds of the first AttributeTypeAndValue
  structure and would try to interpret the beginning of the second
  AttributeTypeAndValue structure as the first field of the first
  AttributeTypeAndValue structure, returning an UNEXPECTED_TAG error.
- "TBSCertificate, issuer, no full following string"
  This test exercises the parser's behaviour on an AttributeTypeAndValue
  structure which contains more data than expected; it should therefore
  fail with MBEDTLS_ERR_ASN1_LENGTH_MISMATCH. Because of the missing bounds
  check, it previously failed with UNEXPECTED_TAG because it interpreted
  the remaining byte in the first AttributeTypeAndValue structure as the
  first byte in the second AttributeTypeAndValue structure.
- "SubjectAltName repeated"
  This test should exercise two SubjectAltNames extensions in succession,
  but a wrong length values makes the second SubjectAltNames extension appear
  outside of the Extensions structure. With the new bounds in place, this
  therefore fails with a LENGTH_MISMATCH error. This commit adapts the test
  data to put the 2nd SubjectAltNames extension inside the Extensions
  structure, too.
2019-06-04 14:01:10 +01:00
Manuel Pégourié-Gonnard f3c43dde54 Merge branch 'mbedtls-2.16' into baremetal
* mbedtls-2.16:
  test: Always use `make clean` by itself
  list-symbols.sh: if the build fails, print the build transcript
  Document "check-names.sh -v"
  all.sh: invoke check-names.sh in print-trace-on-exit mode
  Print a command trace if the check-names.sh exits unexpectedly
  Only use submodule if present
  Update change log
  Reword ssl_conf_max_frag_len documentation for clarity
  Ignore more generated files: seedfile, apidoc
  Improve .gitignore grouping and documentation
  Generate tags for Vi, for Emacs and with Global
2019-06-04 09:39:51 +02:00
Hanno Becker bdf2035710 Correct name of X.509 parsing test for well-formed, ill-signed CRT 2019-06-03 16:20:05 +01:00
Hanno Becker cfa341844f Add test cases exercising successful verification of MD2/MD4/MD5 CRT 2019-06-03 16:20:02 +01:00
Hanno Becker 4d7210c23c Add test case exercising verification of valid MD2 CRT
The X.509 parsing test suite test_suite_x509parse contains a test
exercising X.509 verification for a valid MD4/MD5 certificate in a
profile which doesn't allow MD4/MD5. This commit adds an analogous
test for MD2.
2019-06-03 16:19:59 +01:00
Hanno Becker 8d59f250bc Add MD[245] test CRTs to tree 2019-06-03 16:19:46 +01:00
Hanno Becker 928f617747 Add instructions for MD[245] test CRTs to tests/data_files/Makefile 2019-06-03 16:19:39 +01:00
Hanno Becker 8b3bcbab79 Convert further x509parse tests to use lower-case hex data
With emacs: `replace-regexp "\([a-fA-F0-9]*\)" "\,(downcase \1)"`
2019-06-03 16:17:58 +01:00
Hanno Becker 5dbcc9f441 Introduce specific error for ver/cfg mismatch on deserialization
This commit introduces a new SSL error code

  `MBEDTLS_ERR_SSL_VERSION_MISMATCH`

which can be used to indicate operation failure due to a
mismatch of version or configuration.

It is put to use in the implementation of `mbedtls_ssl_session_load()`
to signal the attempt to de-serialize a session which has been serialized
in a build of Mbed TLS using a different version or configuration.
2019-06-03 13:01:21 +01:00
Hanno Becker f78af3779a Improve test for detection of ver/cfg corruption in serialized data
This commit improves the test exercising the behaviour of
session deserialization when facing an unexpected version
or config, by testing ver/cfg corruption at any bit in the
ver/cfg header of the serialized data; previously, it had
only tested the first bit of each byte.
2019-06-03 12:49:36 +01:00
Hanno Becker 08ec129dd8 Use US spelling 'serialize' instead of UK spelling 'serialise' 2019-06-03 12:49:36 +01:00
Hanno Becker cb9ba0f43c Use consistent spelling of 'serialise/serialize' in SSL test suite 2019-06-03 12:48:16 +01:00
Hanno Becker f99ec2618d Add negative tests for unexpected ver/cfg in session deserialization 2019-06-03 12:48:16 +01:00
Manuel Pégourié-Gonnard c4f5080b34 Re-enable test that now works with new format
Previously the test didn't work because of embedded pointer values that
are not predictable. Now it works as we no longer serialize such values.
2019-06-03 10:53:47 +02:00
Manuel Pégourié-Gonnard f8c355a012 Adapt buffering test to new ticket size
The size of the ticket used in this test dropped from 192 to 143 bytes, so
move all sizes used in this test down 50 bytes. Also, we now need to adapt the
server response size as the default size would otherwise collide with the new
mtu value.
2019-06-03 10:15:07 +02:00
Manuel Pégourié-Gonnard 35ccdbb636 Normalize spelling to serialiZation
We have explicit recommendations to use US spelling for technical writing, so
let's apply this to code as well for uniformity. (My fingers tend to prefer UK
spelling, so this needs to be fixed in many places.)

sed -i 's/\([Ss]eriali\)s/\1z/g' **/*.[ch] **/*.function **/*.data ChangeLog
2019-06-03 09:55:16 +02:00
Manuel Pégourié-Gonnard 749312fb8a Fix undeclared dependency on FS_IO in test code
Found by 'all.sh test_no_platform' and by 'tests/scripts/test-ref-configs.pl'.
2019-06-03 09:51:08 +02:00
Manuel Pégourié-Gonnard d1a5451fb5 Fix style issues and typos in test code 2019-06-03 09:51:08 +02:00
Manuel Pégourié-Gonnard 081b15231f Fix another wrong check for errors in test code 2019-06-03 09:51:08 +02:00
Manuel Pégourié-Gonnard 2a62a05688 Add test that save-load is the identity
This test works regardless of the serialisation format and embedded pointers
in it, contrary to the load-save test, though it requires more maintenance of
the test code (sync the member list with the struct definition).
2019-06-03 09:51:08 +02:00