Commit graph

10228 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard f03c13c046
Merge pull request #3050 from mpg/skip-close-notify-dev
Fix possible close_notify/ClientHello confusion
2020-03-03 12:11:48 +01:00
Jaeden Amero 335fcede35
Merge pull request #3074 from AndrzejKurek/dtls-handshake-fragmentation
Add a DTLS handshake fragmentation test
2020-02-28 13:25:53 +04:00
Piotr Nowicki bde7ee88a6
Add DTLS handshake fragmentation test
For this test it is good to have a handshake messages length as big as
possible, so for the server the certificate verification mode is
changed from default NONE to REQUIRED. It requires the client to send
certificate date to the server during handshake

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-27 09:31:42 -05:00
Jaeden Amero 5f80040729
Merge pull request #3069 from AndrzejKurek/handshake-tests-refactor
Handshake tests refactor
2020-02-27 15:26:48 +04:00
Andrzej Kurek 8a6ff15079
test_suite_ssl refactoring: provide default options structure for tests
Create and provide a structure with default options so that the caller won't have
to pass all of the parameters each time the handshake is called. In the future
this can be improved so that the options are passed as a string, just like in
ssl-opt.sh.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-26 09:10:14 -05:00
Andrzej Kurek 316da1f86e
test_suite_ssl refactoring: merge renegotiation test into handshake
Move the renegotiation test to a shared handshake function to simplify further
addition of tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-26 09:03:47 -05:00
Andrzej Kurek 9e9efdc277
test_suite_ssl refactoring: merge tls & dtls application data tests
Move the app data tests to a shared handshake function to simplify further 
addition of tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-26 09:00:18 -05:00
Manuel Pégourié-Gonnard 56941fe6a2 Fix possible close_notify/ClientHello confusion
The ssl-opt.sh test cases using session resumption tend to fail occasionally
on the CI due to a race condition in how ssl_server2 and ssl_client2 handle
the reconnection cycle.

The server does the following in order:
- S1 send application data
- S2 send a close_notify alert
- S3 close the client socket
- S4 wait for a "new connection" (actually a new datagram)
- S5 start a handshake

The client does the following in order:
- C1 wait for and read application data from the server
- C2 send a close_notify alert
- C3 close the server socket
- C4 reset session data and re-open a server socket
- C5 start a handshake

If the client has been able to send the close_notify (C2) and if has been
delivered to the server before if closes the client socket (S3), when the
server reaches S4, the datagram that we start the new connection will be the
ClientHello and everything will be fine.

However if S3 wins the race and happens before the close_notify is delivered,
in S4 the close_notify is what will be seen as the first datagram in a new
connection, and then in S5 this will rightfully be rejected as not being a
valid ClientHello and the server will close the connection (and go wait for
another one). The client will then fail to read from the socket and exit
non-zero and the ssl-opt.sh harness will correctly report this as a failure.

In order to avoid this race condition in test using ssl_client2 and
ssl_server2, this commits introduces a new command-line option
skip_close_notify to ssl_client2 and uses it in all ssl-opt.sh tests that use
session resumption with DTLS and ssl_server2.

This works because ssl_server2 knows how many messages it expects in each
direction and in what order, and closes the connection after that rather than
relying on close_notify (which is also why there was a race in the first
place).

Tests that use another server (in practice there are two of them, using
OpenSSL as a server) wouldn't work with skip_close_notify, as the server won't
close the connection until the client sends a close_notify, but for the same
reason they don't need it (there is no race between receiving close_notify and
closing as the former is the cause of the later).

An alternative approach would be to make ssl_server2 keep the connection open
until it receives a close_notify. Unfortunately it creates problems for tests
where we simulate a lossy network, as the close_notify could be lost (and the
client can't retransmit it). We could modify udp_proxy with an option to never
drop alert messages, but when TLS 1.3 comes that would no longer work as the
type of messages will be encrypted.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 09:33:45 +01:00
Manuel Pégourié-Gonnard 0d20740437
Merge pull request #2263 from andresag01/iotssl-2544-deprecate-record-accel-2
Deprecate feature MBEDTLS_SSL_HW_RECORD_ACCEL
2020-02-26 09:18:48 +01:00
Jaeden Amero 6fb7bd0228
Merge pull request #3046 from piotr-now/dtls-renegotiation
DTLS renegotiation
2020-02-25 18:58:04 +04:00
Jaeden Amero 2287a47d11
Merge pull request #3043 from piotr-now/dtls-application-data
DTLS application data
2020-02-25 18:35:14 +04:00
Piotr Nowicki 95e9eb8d91 Add test for renegotiation in DTLS
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-25 14:15:00 +01:00
Piotr Nowicki 6a7f01c237 Add test with sending application data via DTLS
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-25 14:10:15 +01:00
Manuel Pégourié-Gonnard a4522e8467 Uniformize wording for removal of deprecated things
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:54 +01:00
Andres Amaya Garcia 10edb3e8da Add comment to matching #endif
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:52 +01:00
Andres Amaya Garcia da15409aea Remove the word likely from deprecated documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:51 +01:00
Andres Amaya Garcia 4156ac18d7 Wrap deprecations for HW_RECORD_ACCEL with DEPRECATED_REMOVED
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:48 +01:00
Andres Amaya Garcia 3f6cc5f786 Deprecate global func ptrs for MBEDTLS_SSL_HW_RECORD_ACCEL
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:46 +01:00
Andres Amaya Garcia 84b4e796a3 Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL config
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:27 +01:00
Jaeden Amero 20b3a68e70
Merge pull request #3042 from AndrzejKurek/dtls-handshake-serialization
Dtls handshake serialization test
2020-02-24 14:56:00 +04:00
Janos Follath 6fc816ae7c
Merge pull request #3038 from gilles-peskine-arm/align-crypto-programs
Side-port from crypto: programs/
2020-02-24 10:36:39 +00:00
Andrzej Kurek da2b67806b
Add a dtls handshake test with context serialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-24 04:56:53 -05:00
Jaeden Amero a08e699afc
Merge pull request #3036 from AndrzejKurek/dtls-handshake-tests
DTLS handshake tests
2020-02-21 15:18:52 +04:00
Janos Follath aaabe86ac1
Merge pull request #3055 from yanesca/update_submodule_and_version_2.21.0
Update submodule and version 2.21.0
2020-02-19 17:13:48 +00:00
Janos Follath 138c2eac55 Add release info to ChangeLog 2020-02-19 14:35:16 +00:00
Janos Follath 84d2fd4ee2 Bump version to Mbed TLS 2.21.0 2020-02-19 14:35:16 +00:00
Janos Follath d1692ee07a Update ChangeLog for crypto changes from a591985c62
Add ChangeLog entries for changes brought by the submodule update in
the previous commit.
2020-02-19 14:30:44 +00:00
Janos Follath a591985c62 Update submodule
* #365 Change PSA compatibility API to inline functions
* #367 Fix pk_parse_key()'s use of rsa_complete()
* #370 Bump version to Mbed TLS 2.21.0
2020-02-19 14:29:38 +00:00
Gilles Peskine 8d073c7330
Merge pull request #3037 from gilles-peskine-arm/update-submodule-20200206
Update crypto submodule 2020-02-06
2020-02-18 10:29:18 +01:00
Gilles Peskine 25a5c09fbb Update ChangeLog for crypto changes from 799ae77f90
Add ChangeLog entries for changes brought by the submodule update in
the previous commit.
2020-02-17 11:49:33 +01:00
Gilles Peskine 799ae77f90 Update crypto submodule
* #352: Parse RSA parameters DP, DQ and QP from PKCS1 private keys
* #263: Introduce ASN.1 SEQUENCE traversal API
* #345: Fix possible error code mangling in psa_mac_verify_finish
* #357: Update Mbed Crypto with latest Mbed TLS changes as of 2020-02-03
* #350: test_suite_asn1parse: improve testing of trailing garbage in parse_prefixes
* #346: Improve robustness and testing of mbedtls_mpi_copy
2020-02-17 11:46:12 +01:00
Gilles Peskine f142d4ccab Update ChangeLog for crypto changes since Mbed Crypto 3.0.1
Add ChangeLog entries for changes brought by the submodule update in
81d3100250.
2020-02-17 11:46:12 +01:00
Andrzej Kurek 941962eb91 Add DTLS handshake tests for the mocked ssl test suite
Starting with TLS 1.1
2020-02-12 09:18:19 -05:00
Andrzej Kurek 15daf50b05 Parametrize the endpoint init and free to prepare for DTLS tests 2020-02-12 09:17:52 -05:00
Manuel Pégourié-Gonnard a0c164a2d4
Merge pull request #3010 from hanno-arm/tls_msg_split
Introduce separate source file for SSL messaging layer
2020-02-12 09:59:12 +01:00
Manuel Pégourié-Gonnard 657daba81c
Merge pull request #2873 from gilles-peskine-arm/bk-warning-fixes-x509
Fix some possibly-undefined variable warnings
2020-02-12 09:16:23 +01:00
Gilles Peskine 765d240ca6 Test component with malloc(0) returning NULL: run some ssl tests 2020-02-11 19:26:28 +01:00
Gilles Peskine c4ef7a9de3 Add a test component with malloc(0) returning NULL
Exercise the library functions with calloc returning NULL for a size
of 0. Make this a separate job with UBSan (and ASan) to detect
places where we try to dereference the result of calloc(0) or to do
things like

    buf = calloc(size, 1);
    if (buf == NULL && size != 0) return INSUFFICIENT_MEMORY;
    memcpy(buf, source, size);

which has undefined behavior when buf is NULL at the memcpy call even
if size is 0.

This is needed because other test components jobs either use the system
malloc which returns non-NULL on Linux and FreeBSD, or the
memory_buffer_alloc malloc which returns NULL but does not give as
useful feedback with ASan (because the whole heap is a single C
object).
2020-02-11 19:26:28 +01:00
Gilles Peskine 6fc21f630c Add a calloc self-test
Add a very basic test of calloc to the selftest program. The selftest
program acts in its capacity as a platform compatibility checker rather
than in its capacity as a test of the library.

The main objective is to report whether calloc returns NULL for a size
of 0. Also observe whether a free/alloc sequence returns the address
that was just freed and whether a size overflow is properly detected.
2020-02-11 19:26:27 +01:00
Gilles Peskine db0cb2578c Fix CTR_DRBG benchmark
You can't reuse a CTR_DRBG context without free()ing it and
re-init()ing. This generally happened to work, but was never
guaranteed. It could have failed with alternative implementations of
the AES module because mbedtls_ctr_drbg_seed() calls
mbedtls_aes_init() on a context which is already initialized if
mbedtls_ctr_drbg_seed() hasn't been called before, plausibly causing a
memory leak. Calling free() and seed() with no intervening init fails
when MBEDTLS_THREADING_C is enabled and all-bits-zero is not a valid
mutex representation. So add the missing free() and init().
2020-02-11 19:26:27 +01:00
Gilles Peskine e732f04443 cmake: link programs that only use x509 with libmbedx509
When building with CMake, for sample programs that only use
functionality in libmbedcrypto and libmbedx509, link with
libmbedx509, not with libmbedtls.

cert_app makes a TLS connection, so do link it with libmbedtls.
2020-02-11 19:26:27 +01:00
Gilles Peskine e123395317 cmake: link programs that only use crypto with libmbedcrypto
When building with CMake, for sample programs that only use
functionality in libmbedcrypto (i.e. crypto and platform), link with
libmbedcrypto, not with libmbedtls.

This doesn't change the result, because the linker skips libraries in
which no symbol is used, but it changes the build dependencies, and it
has the advantage of bringing programs/*/CMakeLists.txt closer to the
corresponding files under crypto/.

The programs concerned are crypto sample and test programs, and
programs that only use (potential) platform functions such as
mbedtls_printf. dh_client and dh_server keep linking with mbedtls
because they use functions from the net_sockets module.
2020-02-11 19:26:27 +01:00
Jaeden Amero 7cb47de12a query_config: Move to programs/test
As the SSL programs, like ssl_client2 and ssl_server2, are dependent on
SSL and therefore about to be removed, the only consumer of query_config
is the query_compile_time_config test. As such, it makes sense to move
query_config to be next to what uses it.
2020-02-11 19:26:27 +01:00
Jaeden Amero 93a0f90dca pkey/rsa_genkey: Remove commented out code
There is some commented out X.509 certificate writing code present in
rsa_genkey. It looks like it has been commented out since the beginning
of time. Let's remove it, since commented out code is not in good style.
2020-02-11 19:26:27 +01:00
Jaeden Amero ed736992d5 pkey: Remove dependency on X.509 2020-02-11 19:26:27 +01:00
Gilles Peskine 8de196a590 programs/Makefile: List all programs one by one
This makes it easier to add or remove programs as well as see which
programs were added or removed in diffs.

Side port of 30fae8ee7d in mbed-crypto.
2020-02-11 19:26:27 +01:00
Hanno Becker 08f091397c Add compile-time guards around declarations in ssl_internal.h 2020-02-11 15:40:07 +00:00
Gilles Peskine 393defe7ed Clarify two identical changelog entries
The contribution from #2663 was split in two: the crypto part was
mereged in 2.19.1 and the x509 part was merged after 2.20.0. Tweak the
wording of the changelog entries to specify which is which.
2020-02-11 15:31:18 +01:00
Manuel Pégourié-Gonnard 4c08dd4e71
Merge pull request #2852 from gilles-peskine-arm/2.19-fix-full-Os
Fix and test the full config with gcc and clang
2020-02-11 09:17:02 +01:00
Gilles Peskine 3ca1bcc7e5 Add ChangeLog entry for #2663 2020-02-10 19:50:22 +01:00