Commit graph

10222 commits

Author SHA1 Message Date
Andrzej Kurek 69f20aae77 all.sh: restructure memory allocator tests
Run basic tests and ssl-opt with memory backtrace disabled, then
run basic tests only with it enabled.
2019-09-06 07:44:37 -04:00
Hanno Becker d7064202ea Add missing dependency in memory buffer alloc set in all.sh 2019-09-06 07:44:37 -04:00
Hanno Becker dc54953229 Don't set MBEDTLS_MEMORY_DEBUG through scripts/config.pl full 2019-09-06 07:44:37 -04:00
Hanno Becker bfaa718e90 Add cfg dep MBEDTLS_MEMORY_DEBUG->MBEDTLS_MEMORY_BUFFER_ALLOC_C 2019-09-06 07:44:37 -04:00
Hanno Becker bf2dacb8fe Fix memory leak in CSR test suite on failure 2019-09-06 07:44:37 -04:00
Hanno Becker 2fcdd7446e Fix a memory leak in x509write test suite
This leak wasn't discovered by the CI because the only test in
all.sh exercising the respective path enabled the custom memory
buffer allocator implementations of calloc() and free(), hence
bypassing ASan.
2019-09-06 07:44:37 -04:00
Hanno Becker 0163551aa0 Add all.sh run with full config and ASan enabled 2019-09-06 07:44:37 -04:00
Hanno Becker 0fb9ba2760 Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
With the removal of MBEDTLS_MEMORY_BUFFER_ALLOC_C from the
full config, there are no tests for it remaining in all.sh.
This commit adds a build as well as runs of `make test` and
`ssl-opt.sh` with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled to all.sh.
2019-09-06 07:44:37 -04:00
Hanno Becker 2ea2f053c5 Update documentation of exceptions for config.pl full 2019-09-06 07:44:37 -04:00
Unknown 790c281f51 Adapt all.sh to removal of buffer allocator from full config
Previously, numerous all.sh tests manually disabled the buffer allocator
or memory backtracting after setting a full config as the starting point.

With the removal of MBEDTLS_MEMORY_BACKTRACE and MBEDTLS_MEMORY_BUFFER_ALLOC_C
from full configs, this is no longer necessary.
2019-09-06 07:44:37 -04:00
Hanno Becker 909e68d45a Disable memory buffer allocator in full config
This commit modifies `config.pl` to not set MBEDTLS_MEMORY_BUFFER_ALLOC
with the `full` option.
2019-09-06 07:40:26 -04:00
Hanno Becker af46c5f9eb Check dependencies of MBEDTLS_MEMORY_BACKTRACE in check_config.h 2019-09-06 07:40:26 -04:00
Jaeden Amero 7ecae6f158 Update to Mbed Crypto 2.0.0d2 2019-09-06 12:12:04 +01:00
Jaeden Amero 4799df79a0 Merge remote-tracking branch 'restricted/pr/547' into development-restricted
* restricted/pr/547:
  Add ChangeLog entries
  Update crypto submodule to include deterministic ECDSA RNG fix
2019-09-06 11:40:34 +01:00
Jaeden Amero c9c4ca3f40 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Fix copypasta in msg
  When not using PSA crypto, disable it
  Disable MEMORY_BUFFER_ALLOC with ASan
  Remove config.pl calls with no effect
  ssl-opt.sh: wait for proxy to start before running the script further
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 18:14:14 +01:00
Janos Follath 12fff1520d Add ChangeLog entries 2019-09-05 15:26:20 +01:00
Darryl Green 2f18490900 Update crypto submodule to include deterministic ECDSA RNG fix 2019-09-05 15:26:20 +01:00
Jaeden Amero aeb5a4af46 Merge remote-tracking branch 'origin/pr/2623' into development
* origin/pr/2623:
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 14:43:14 +01:00
Jaeden Amero 4714fd8998 Merge remote-tracking branch 'origin/pr/2815' into development
* origin/pr/2815:
  ssl-opt.sh: wait for proxy to start before running the script further
2019-09-05 14:24:07 +01:00
Jaeden Amero ba7f4d1484 Merge remote-tracking branch 'origin/pr/2771' into development
* origin/pr/2771:
  Fix copypasta in msg
  When not using PSA crypto, disable it
  Disable MEMORY_BUFFER_ALLOC with ASan
  Remove config.pl calls with no effect
2019-09-05 14:23:55 +01:00
Jaeden Amero 481659a9c0 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Fix uninitialized variable in x509_crt
  Add a ChangeLog entry for mbedtls_net_close()
  Added mbedtls_net_close and use it in ssl_fork_server to correctly disassociate the client socket from the parent process and the server socket from the child process.
  Add ChangeLog entry
  fix memory leak in mpi_miller_rabin()
2019-09-03 19:42:19 +01:00
Jaeden Amero 8dd6bc7ac4 Merge remote-tracking branch 'origin/pr/2803' into development
* origin/pr/2803:
  Add a ChangeLog entry for mbedtls_net_close()
  Added mbedtls_net_close and use it in ssl_fork_server to correctly disassociate the client socket from the parent process and the server socket from the child process.
2019-09-03 16:41:51 +01:00
Jaeden Amero 3f0fc38735 Merge remote-tracking branch 'origin/pr/2795' into development
* origin/pr/2795:
  Fix uninitialized variable in x509_crt
2019-09-03 16:33:59 +01:00
Jaeden Amero a66fc94547 Merge remote-tracking branch 'origin/pr/2363' into development
* origin/pr/2363:
  Add ChangeLog entry
  fix memory leak in mpi_miller_rabin()
2019-09-03 13:45:34 +01:00
Gilles Peskine dc3a179995 Fix copypasta in msg 2019-09-03 14:11:36 +02:00
Gilles Peskine 6ce30722d0 When not using PSA crypto, disable it
In the test with the full config without MBEDTLS_USE_PSA_CRYPTO, don't
build MBEDTLS_PSA_CRYPTO_C, since it isn't supposed to be used.
2019-09-03 14:11:36 +02:00
Gilles Peskine 751bb4c0e1 Disable MEMORY_BUFFER_ALLOC with ASan
MBEDTLS_MEMORY_BUFFER_ALLOC_C makes ASan mostly ineffective since it
hides allocations. So disable it when testing with ASan.
2019-09-03 14:11:36 +02:00
Gilles Peskine c6f1c84663 Remove config.pl calls with no effect
When MBEDTLS_MEMORY_BUFFER_ALLOC_C is disabled, other
MBEDTLS_MEMORY_xxx options have no effect, so don't bother unsetting
them explicitly.
2019-09-03 14:11:36 +02:00
Unknown d364f4c7dd ssl-opt.sh: wait for proxy to start before running the script further 2019-09-02 10:42:57 -04:00
Jaeden Amero 4cf0e7e4d2 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (42 commits)
  Handle deleting non-existant files on Windows
  Update submodule
  Use 3rdparty headers from the submodule
  Add Everest components to all.sh
  3rdparty: Add config checks for Everest
  Fix macros in benchmark.c
  Update generated files
  3rdparty: Fix inclusion order of CMakeLists.txt
  Fix trailing whitespace
  ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
  ECDH: Fix use of ECDH API in full handshake benchmark
  ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark
  ECDH: Fix Everest x25519 make_public
  Fix file permissions
  3rdparty: Rename THIRDPARTY_OBJECTS
  3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
  3rdparty: Fix Makefile coding conventions
  ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
  Add a changelog entry for Everest ECDH (X25519)
  Document that curve lists can include partially-supported curves
  ...
2019-08-30 16:24:18 +01:00
Jaeden Amero 49fcbeab14 Merge remote-tracking branch 'origin/pr/2799' into development
Manually edit ChangeLog to ensure correct placement of ChangeLog notes.

* origin/pr/2799: (42 commits)
  Handle deleting non-existant files on Windows
  Update submodule
  Use 3rdparty headers from the submodule
  Add Everest components to all.sh
  3rdparty: Add config checks for Everest
  Fix macros in benchmark.c
  Update generated files
  3rdparty: Fix inclusion order of CMakeLists.txt
  Fix trailing whitespace
  ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
  ECDH: Fix use of ECDH API in full handshake benchmark
  ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark
  ECDH: Fix Everest x25519 make_public
  Fix file permissions
  3rdparty: Rename THIRDPARTY_OBJECTS
  3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
  3rdparty: Fix Makefile coding conventions
  ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
  Add a changelog entry for Everest ECDH (X25519)
  Document that curve lists can include partially-supported curves
  ...
2019-08-30 15:50:45 +01:00
Darryl Green 9b9a790be6 Handle deleting non-existant files on Windows
If we try to delete a non-existant file using del on Windows, as
can happen when running make clean, del will throw an error. Make
the Makefiles more robust by only deleting files if they exist.
2019-08-30 15:45:46 +01:00
Jaeden Amero d031378ff5 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Update library version to 2.19.0
  ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
  ssl-opt.sh: Duplicate context serialization tests for CID
  Fix SSL context deserialization
2019-08-30 15:30:58 +01:00
Jaeden Amero 379964a7b6 Merge remote-tracking branch 'origin/pr/2814' into development
* origin/pr/2814:
  Update library version to 2.19.0
2019-08-30 14:40:57 +01:00
Jaeden Amero 84f5d036d0 Merge remote-tracking branch 'origin/pr/2810' into development
* origin/pr/2810:
  ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
  ssl-opt.sh: Duplicate context serialization tests for CID
  Fix SSL context deserialization
2019-08-30 14:40:30 +01:00
Darryl Green fe997c646b Update library version to 2.19.0 2019-08-30 13:02:16 +01:00
Andy Gross 1f62714db8 Fix uninitialized variable in x509_crt
This patch fixes an issue we encountered with more stringent compiler
warnings.  The signature_is_good variable has a possibility of being
used uninitialized.  This patch moves the use of the variable to a
place where it cannot be used while uninitialized.

Signed-off-by: Andy Gross <andy.gross@linaro.org>
2019-08-30 14:48:36 +03:00
Hanno Becker e0b90ece55 ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
This commit splits each test in ssl-opt.sh related to context serialization
in three tests, exercising the use of CCM, GCM and ChaChaPoly separately.

The reason is that the choice of primitive affects the presence and size
of an explicit IV, and we should test that space for those IVs is correctly
restored during context deserialization; in fact, this was not the case
previously, as fixed in the last commit, and was not caught by the tests
because only ChaChaPoly was tested.
2019-08-30 12:14:38 +01:00
Hanno Becker 1b18fd3afe ssl-opt.sh: Duplicate context serialization tests for CID
This commit introduces a variant of each existing test for
context serialization in ssl-opt.sh that also uses the DTLS
Connection ID feature.
2019-08-30 12:14:38 +01:00
Hanno Becker 361b10d1c4 Fix SSL context deserialization
The SSL context maintains a set of 'out pointers' indicating the
address at which to write the header fields of the next outgoing
record. Some of these addresses have a static offset from the
beginning of the record header, while other offsets can vary
depending on the active record encryption mechanism: For example,
if an explicit IV is in use, there's an offset between the end
of the record header and the beginning of the encrypted data to
allow the explicit IV to be placed in between; also, if the DTLS
Connection ID (CID) feature is in use, the CID is part of the
record header, shifting all subsequent information (length, IV, data)
to the back.
When setting up an SSL context, the out pointers are initialized
according to the identity transform + no CID, and it is important
to keep them up to date whenever the record encryption mechanism
changes, which is done by the helper function ssl_update_out_pointers().

During context deserialization, updating the out pointers according
to the deserialized record transform went missing, leaving the out
pointers the initial state. When attemping to encrypt a record in
this state, this lead to failure if either a CID or an explicit IV
was in use. This wasn't caught in the tests by the bad luck that
they didn't use CID, _and_ used the default ciphersuite based on
ChaChaPoly, which doesn't have an explicit IV. Changing either of
this would have made the existing tests fail.

This commit fixes the bug by adding a call to ssl_update_out_pointers()
to ssl_context_load() implementing context deserialization.

Extending test coverage is left for a separate commit.
2019-08-30 12:14:25 +01:00
Janos Follath 31465c6c1f Update submodule 2019-08-29 16:12:38 +01:00
Janos Follath 4f055f4ca2 Use 3rdparty headers from the submodule 2019-08-29 16:12:38 +01:00
Gilles Peskine 0c6b79979c Add Everest components to all.sh
Test a native build and a 32-bit build. For variety, the native build
is with CMake and clang, and the 32-bit build is with GNU make and
gcc.
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 9c1b56b43a 3rdparty: Add config checks for Everest 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 9e8076ffdc Fix macros in benchmark.c
#2124 may suffer from the same problem.
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 3669c80a90 Update generated files 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 015f55b558 3rdparty: Fix inclusion order of CMakeLists.txt
This is so that third-party modules pick up the INSTALL_MBEDTLS_HEADERS variable.
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 12f359f7da Fix trailing whitespace 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger cc91fe2667 ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger 5d536cd814 ECDH: Fix use of ECDH API in full handshake benchmark 2019-08-29 16:12:38 +01:00