From f852f5fd15b5f63b376769cd9b77ef89383221ef Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jul 2019 20:42:16 +0200 Subject: [PATCH 1/8] Add a test of MBEDTLS_CONFIG_FILE configs/README.txt documents that you can use an alternative configuration file by defining the preprocessor symbol MBEDTLS_CONFIG_FILE. Test this. --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7130abcd6..44baeafc1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -837,6 +837,17 @@ component_test_make_shared () { make SHARED=1 all check } +component_build_mbedtls_config_file () { + msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s + # Use the full config so as to catch a maximum of places where + # the check of MBEDTLS_CONFIG_FILE might be missing. + scripts/config.pl full + sed 's!"check_config.h"!"mbedtls/check_config.h"!' <"$CONFIG_H" >full_config.h + echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" + make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" + rm -f full_config.h +} + component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s From 17ecb24cb8c4bb61f0f5c15b7c89793ed7caf3ab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jul 2019 20:43:05 +0200 Subject: [PATCH 2/8] Test that the shared library build with CMake works --- tests/scripts/all.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 44baeafc1..13efd05c0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -837,6 +837,13 @@ component_test_make_shared () { make SHARED=1 all check } +component_test_cmake_shared () { + msg "build/test: cmake shared" # ~ 2min + cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . + make + make test +} + component_build_mbedtls_config_file () { msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s # Use the full config so as to catch a maximum of places where From 950de1e331be096241ffcba27582b65675addd92 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jul 2019 20:43:32 +0200 Subject: [PATCH 3/8] Test that a shared library build produces a dynamically linked executable --- tests/scripts/all.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 13efd05c0..427ab6dc3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -835,12 +835,14 @@ component_test_platform_calloc_macro () { component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 all check + ldd programs/util/strerror | grep libmbedcrypto } component_test_cmake_shared () { msg "build/test: cmake shared" # ~ 2min cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . make + ldd programs/util/strerror | grep libmbedcrypto make test } From 923f7f9637e516ca313f5cc50bed297436b87552 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Jun 2019 19:31:29 +0200 Subject: [PATCH 4/8] entropy_nv_seed: clean up properly Call mbedtls_entropy_free on test failure. Restore the previous NV seed functions which the call to mbedtls_platform_set_nv_seed() changed. This didn't break anything, but only because the NV seed functions used for these tests happened to work for the tests that got executed later in the .data file. --- tests/suites/test_suite_entropy.function | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 4db03d27c..18ad25e33 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -305,6 +305,10 @@ void entropy_nv_seed( char *read_seed_str ) { mbedtls_sha512_context accumulator; mbedtls_entropy_context ctx; + int (*original_mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) = + mbedtls_nv_seed_read; + int (*original_mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) = + mbedtls_nv_seed_write; unsigned char header[2]; unsigned char entropy[MBEDTLS_ENTROPY_BLOCK_SIZE]; @@ -373,7 +377,10 @@ void entropy_nv_seed( char *read_seed_str ) TEST_ASSERT( memcmp( check_seed, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); TEST_ASSERT( memcmp( check_entropy, entropy, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); +exit: mbedtls_entropy_free( &ctx ); + mbedtls_nv_seed_read = original_mbedtls_nv_seed_read; + mbedtls_nv_seed_write = original_mbedtls_nv_seed_write; } /* END_CASE */ From d56ca658ab8bd49cbbde8790240ec4074c0a7622 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Jun 2019 19:33:42 +0200 Subject: [PATCH 5/8] entropy_nv_seed: cope with SHA-256 This test case was only executed if the SHA-512 module was enabled and MBEDTLS_ENTROPY_FORCE_SHA256 was not enabled, so "config.pl full" didn't have a chance to reach it even if that enabled MBEDTLS_PLATFORM_NV_SEED_ALT. Now all it takes to enable this test is MBEDTLS_PLATFORM_NV_SEED_ALT and its requirements, and the near-ubiquitous MD module. --- tests/suites/test_suite_entropy.function | 63 +++++++++++++++--------- 1 file changed, 40 insertions(+), 23 deletions(-) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 18ad25e33..3b87244d0 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -300,10 +300,19 @@ void entropy_nv_seed_std_io() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_C:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT */ void entropy_nv_seed( char *read_seed_str ) { - mbedtls_sha512_context accumulator; +#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 ); +#elif defined(MBEDTLS_ENTROPY_SHA256_ACCUMULATOR) + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ); +#else +#error "Unsupported entropy accumulator" +#endif + mbedtls_md_context_t accumulator; mbedtls_entropy_context ctx; int (*original_mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) = mbedtls_nv_seed_read; @@ -320,18 +329,14 @@ void entropy_nv_seed( char *read_seed_str ) memset( entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); - memset( buffer_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); memset( empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); memset( check_seed, 2, MBEDTLS_ENTROPY_BLOCK_SIZE ); memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE ); - // Set the initial NV seed to read - unhexify( read_seed, read_seed_str ); - memcpy( buffer_seed, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); - // Make sure we read/write NV seed from our buffers mbedtls_platform_set_nv_seed( buffer_nv_seed_read, buffer_nv_seed_write ); + mbedtls_md_init( &accumulator ); mbedtls_entropy_init( &ctx ); entropy_clear_sources( &ctx ); @@ -339,45 +344,57 @@ void entropy_nv_seed( char *read_seed_str ) MBEDTLS_ENTROPY_BLOCK_SIZE, MBEDTLS_ENTROPY_SOURCE_STRONG ) == 0 ); + // Set the initial NV seed to read. + // Get exactly MBEDTLS_ENTROPY_BLOCK_SIZE bytes from read_str. + TEST_ASSERT( strlen( read_seed ) / 2 >= MBEDTLS_ENTROPY_BLOCK_SIZE ); + read_seed_str[MBEDTLS_ENTROPY_BLOCK_SIZE * 2] = '\0'; + unhexify( read_seed, read_seed_str ); + memcpy( buffer_seed, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); + // Do an entropy run TEST_ASSERT( mbedtls_entropy_func( &ctx, entropy, sizeof( entropy ) ) == 0 ); - // Determine what should have happened with manual entropy internal logic - // Only use the SHA-512 version to check // Init accumulator header[1] = MBEDTLS_ENTROPY_BLOCK_SIZE; - mbedtls_sha512_starts( &accumulator, 0 ); + TEST_ASSERT( mbedtls_md_setup( &accumulator, md_info, 0 ) == 0 ); // First run for updating write_seed header[0] = 0; - mbedtls_sha512_update( &accumulator, header, 2 ); - mbedtls_sha512_update( &accumulator, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); - mbedtls_sha512_finish( &accumulator, buf ); + TEST_ASSERT( mbedtls_md_starts( &accumulator ) == 0 ); + TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 ); + TEST_ASSERT( mbedtls_md_update( &accumulator, + read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + TEST_ASSERT( mbedtls_md_finish( &accumulator, buf ) == 0 ); - memset( &accumulator, 0, sizeof( mbedtls_sha512_context ) ); - mbedtls_sha512_starts( &accumulator, 0 ); - mbedtls_sha512_update( &accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + TEST_ASSERT( mbedtls_md_starts( &accumulator ) == 0 ); + TEST_ASSERT( mbedtls_md_update( &accumulator, + buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); - mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_seed, 0 ); + TEST_ASSERT( mbedtls_md( md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + check_seed ) == 0 ); // Second run for actual entropy (triggers mbedtls_entropy_update_nv_seed) header[0] = MBEDTLS_ENTROPY_SOURCE_MANUAL; - mbedtls_sha512_update( &accumulator, header, 2 ); - mbedtls_sha512_update( &accumulator, empty, MBEDTLS_ENTROPY_BLOCK_SIZE ); + TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 ); + TEST_ASSERT( mbedtls_md_update( &accumulator, + empty, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); header[0] = 0; - mbedtls_sha512_update( &accumulator, header, 2 ); - mbedtls_sha512_update( &accumulator, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); - mbedtls_sha512_finish( &accumulator, buf ); + TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 ); + TEST_ASSERT( mbedtls_md_update( &accumulator, + check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + TEST_ASSERT( mbedtls_md_finish( &accumulator, buf ) == 0 ); - mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_entropy, 0 ); + TEST_ASSERT( mbedtls_md( md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + check_entropy ) == 0 ); // Check result of both NV file and entropy received with the manual calculations TEST_ASSERT( memcmp( check_seed, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); TEST_ASSERT( memcmp( check_entropy, entropy, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); exit: + mbedtls_md_free( &accumulator ); mbedtls_entropy_free( &ctx ); mbedtls_nv_seed_read = original_mbedtls_nv_seed_read; mbedtls_nv_seed_write = original_mbedtls_nv_seed_write; From 29c317b604e6f8447dc319270762e607fecef066 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 19 Jul 2019 17:26:55 +0200 Subject: [PATCH 6/8] Add ChangeLog entry for entropy_nv_seed test case fix --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 28502a371..b0b473d48 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,7 @@ Bugfix * Enable Suite B with subset of ECP curves. Make sure the code compiles even if some curves are not defined. Fixes #1591 reported by dbedev. * Fix misuse of signed arithmetic in the HAVEGE module. #2598 + * Make NV seed test support MBEDTLS_ENTROPY_FORCE_SHA256. Changes * Make `make clean` clean all programs always. Fixes #1862. From cabbd2e954ccd065a647e600fef3e8f8853b38d4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 3 Aug 2019 14:08:46 +0200 Subject: [PATCH 7/8] Changelog entry for test certificates update --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 28502a371..fe4dd14d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ Bugfix * Enable Suite B with subset of ECP curves. Make sure the code compiles even if some curves are not defined. Fixes #1591 reported by dbedev. * Fix misuse of signed arithmetic in the HAVEGE module. #2598 + * Update test certificates that were about to expire. Reported by + Bernhard M. Wiedemann in #2357. Changes * Make `make clean` clean all programs always. Fixes #1862. From 6ad89c2a3a492c65fb907cea34deca3955530a05 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 10 Aug 2019 17:38:34 +0200 Subject: [PATCH 8/8] Exclude DTLS 1.2 only with older OpenSSL compat.sh used to skip OpenSSL altogether for DTLS 1.2, because older versions of OpenSSL didn't support it. But these days it is supported. We don't want to use DTLS 1.2 with OpenSSL unconditionally, because we still use legacy versions of OpenSSL to test with legacy ciphers. So check whether the version we're using supports it. --- tests/compat.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index b4d2c524a..88f29843b 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -211,14 +211,13 @@ filter_ciphersuites() G_CIPHERS=$( filter "$G_CIPHERS" ) fi - # OpenSSL 1.0.1h doesn't support DTLS 1.2 - if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then + # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL + # supports from the s_server help. (The s_client help isn't + # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it. + # But the s_server help seems to be accurate.) + if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$MODE "; then + M_CIPHERS="" O_CIPHERS="" - case "$PEER" in - [Oo]pen*) - M_CIPHERS="" - ;; - esac fi # For GnuTLS client -> mbed TLS server,