Commit Graph

9512 Commits

Author SHA1 Message Date
Philippe Antoine
f91b3722cf More clarity for ifdef orders 2019-06-11 16:02:43 +02:00
Philippe Antoine
0ff84fb6fe Only warns if MBEDTLS_HAVE_TIME 2019-06-11 12:15:17 +02:00
Philippe Antoine
7c9d72497d Option used added in string 2019-06-11 12:11:36 +02:00
Jaeden Amero
a3daa21d8c Merge remote-tracking branch 'origin/pr/2678' into development
* origin/pr/2678:
  Update crypto submodule to 1.1.0d2
  all.sh: Perform targeted EtM tests for MAC-less configs
  ssl: Don't access non-existent encrypt_then_mac field
2019-06-10 11:00:14 +01:00
Philippe Antoine
3ca5085f10 Code review
Typo rproduce -> reproducible
Call mbedtls_entropy_func
2019-06-07 22:31:59 +02:00
Gilles Peskine
5d26e7cbfe Pass -m32 to the linker as well
For unit tests and sample programs, CFLAGS=-m32 is enough to get a
32-bit build, because these programs are all compiled directly
from *.c to the executable in one shot. But with makefile rules that
first build object files and then link them, LDFLAGS=-m32 is also
needed.
2019-06-07 18:15:37 +02:00
Gilles Peskine
95f5cbc85a Don't systematically rebuild programs
Fix the dependency on libmbedcrypto.a, which is now located under
crypto.

Fix #2682
2019-06-07 18:15:37 +02:00
Philippe Antoine
986b6f20a9 Style fixes 2019-06-07 15:04:32 +02:00
Jaeden Amero
e1ae731efa Update crypto submodule to 1.1.0d2 2019-06-07 13:51:36 +01:00
Philippe Antoine
aa4d15264a SSL reproducible test mode 2019-06-06 21:30:01 +02:00
Jaeden Amero
048df33d62 Merge remote-tracking branch 'origin/pr/2679' into development
* origin/pr/2679:
  test: Remove redundant 0-byte decryption test
  test: Check empty buffer decryption for chachapoly
2019-06-06 14:19:23 +01:00
Jaeden Amero
bb16d0c956 Merge remote-tracking branch 'origin/pr/2654' into development
* origin/pr/2654:
  Create link to include/mbedtls only when testing is enabled
2019-06-06 14:18:23 +01:00
Jaeden Amero
2353b542d9 test: Remove redundant 0-byte decryption test
Remove the "Decrypt empty buffer" test, as ChaCha20 is a stream cipher
and 0 bytes encrypted is identical to a 0 length buffer. The "ChaCha20
Encrypt and decrypt 0 bytes" test will test decryption of a 0 length
buffer.
2019-06-06 11:56:54 +01:00
Jaeden Amero
ab11889958 test: Check empty buffer decryption for chachapoly
Previously, even in the Chacha20 and Chacha20-Poly1305 tests, we would
test that decryption of an empty buffer would work with
MBEDTLS_CIPHER_AES_128_CBC.

Make the cipher used with the dec_empty_buf() test configurable, so that
Chacha20 and Chacha20-Poly1305 empty buffer tests can use ciphers other
than AES CBC. Then, make the Chacha20 and Chacha20-Poly1305 empty buffer
tests use the MBEDTLS_CIPHER_CHACHA20 and
MBEDTLS_CIPHER_CHACHA20_POLY1305 cipher suites.
2019-06-06 11:56:54 +01:00
Jaeden Amero
6b1683dd5d all.sh: Perform targeted EtM tests for MAC-less configs
When testing a configuration where no ciphersuites have MAC, via
component_test_when_no_ciphersuites_have_mac(), perform a targeted test
of only encrypt-then-MAC tests within ssl-opt.sh.
2019-06-05 14:42:50 +01:00
Jaeden Amero
2de07f1dd1 ssl: Don't access non-existent encrypt_then_mac field
When MBEDTLS_SSL_ENCRYPT_THEN_MAC is enabled, but not
MBEDTLS_SSL_SOME_MODES_USE_MAC, mbedtls_ssl_derive_keys() and
build_transforms() will attempt to use a non-existent `encrypt_then_mac`
field in the ssl_transform.

    Compile [ 93.7%]: ssl_tls.c
    [Error] ssl_tls.c@865,14: 'mbedtls_ssl_transform {aka struct mbedtls_ssl_transform}' ha
s no member named 'encrypt_then_mac'
    [ERROR] ./mbed-os/features/mbedtls/src/ssl_tls.c: In function 'mbedtls_ssl_derive_keys'
:
    ./mbed-os/features/mbedtls/src/ssl_tls.c:865:14: error: 'mbedtls_ssl_transform {aka str
uct mbedtls_ssl_transform}' has no member named 'encrypt_then_mac'
         transform->encrypt_then_mac = session->encrypt_then_mac;
                  ^~

Change mbedtls_ssl_derive_keys() and build_transforms() to only access
`encrypt_then_mac` if `encrypt_then_mac` is actually present.

Add a regression test to detect when we have regressions with
configurations that do not include any MAC ciphersuites.

Fixes d56ed2491b ("Reduce size of `ssl_transform` if no MAC ciphersuite is enabled")
2019-06-05 14:09:29 +01:00
Darryl Green
c6f874bfea Show removed symbols in abi check 2019-06-05 12:57:50 +01:00
Hanno Becker
7717c41adc Add X.509 CRT parsing test for mixed time-encodings 2019-06-04 17:26:46 +01:00
Hanno Becker
8671e81b7a Improve X.509 CRT parsing test names 2019-06-04 17:26:46 +01:00
Hanno Becker
04b10c073e Add negative X.509 parsing tests for v3Ext in v1/v2 CRT 2019-06-04 17:26:46 +01:00
Hanno Becker
d51d4856e6 Add negative X.509 parsing tests for IssuerID/SubjectID in v1 CRT 2019-06-04 17:26:46 +01:00
Hanno Becker
7ca07e3459 Improve name of X.509 CRT parsing test 2019-06-04 17:26:46 +01:00
Hanno Becker
764fbdf97d Always use the same X.509 alg structure inside and outside of TBS 2019-06-04 17:26:46 +01:00
Hanno Becker
60dd6fc944 Fix test dependencies in X.509 CRT parsing suite
Most tests use an sha256WithRSAEncryption OID which isn't recognized
unless RSA and SHA-256 are enabled.
2019-06-04 17:26:43 +01:00
Hanno Becker
31af3b874b Fix non-DER length encoding in two X.509 CRT parsing tests
Lengths below 128 Bytes must be encoded as a single 'XX' byte in DER,
but two tests in the X.509 CRT parsing suite used the BER but non-DER
encoding '81 XX' (the first byte 10000001 indicating that the length
is to follow (high bit) and has length 1 byte (low bit)).
2019-06-04 17:26:06 +01:00
Hanno Becker
19db19e41f Fix test case name formatting in X.509 parsing suite 2019-06-04 17:25:44 +01:00
Hanno Becker
0f5acc18c5 Use ASN.1 NULL TLVs when testing invalid tags
Previously, a test exercising the X.509 CRT parser's behaviour
on unexpected tags would use a '00' byte in place of the tag
for the expected structure. This makes reviewing the examples
harder because the binary data isn't valid DER-encoded ASN.1.

This commit uses the ASN.1 NULL TLV '05 00' to test invalid
tags, and adapts surrounding structures' length values accordingly.
This eases reviewing because now the ASN.1 structures are still
well-formed at the place where the mismatch occurs.
2019-06-04 17:25:44 +01:00
Hanno Becker
2389d1684b Shorten X.509 CRT parsing test names 2019-06-04 17:25:40 +01:00
Hanno Becker
44199b69b4 Extend negative testing for X.509 Signature parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
5f88a77e2d Extend negative testing for X.509 SignatureAlgorithm parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
05987e33f1 Extend negative testing for X.509 v3 Extension parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
be3850a2b3 Extend negative testing for X.509 SubjectID parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
9f06b50b66 Extend negative testing for X.509 IssuerID parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
bb955e5195 Extend negative testing for X.509 SubjectPublicKeyInfo parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
28ae6b1ba8 Extend negative testing for X.509 Subject parsing 2019-06-04 17:19:46 +01:00
Hanno Becker
18459d420f Extend negative testing for X.509 Validity parsing 2019-06-04 17:19:46 +01:00
Hanno Becker
5e2cf38ff6 Extend negative testing for X.509 Issuer parsing 2019-06-04 17:19:46 +01:00
Hanno Becker
a328fffdaa Extend negative testing for X.509 AlgorithmIdentifier parsing 2019-06-04 17:19:43 +01:00
Hanno Becker
e7d8f96f9f Extend negative testing for X.509 Serial number parsing 2019-06-04 16:23:46 +01:00
Hanno Becker
a9ef412cee Extend negative testing for X.509 Version parsing 2019-06-04 16:23:46 +01:00
Hanno Becker
a5c481e384 Extend negative testing for X.509 TBS header parsing 2019-06-04 16:23:46 +01:00
Simon Butcher
a1491fe74f Merge remote-tracking branch 'public/pr/2651' into HEAD 2019-06-04 16:09:30 +01:00
Simon Butcher
fe20bea3c7 Merge remote-tracking branch 'public/pr/2643' into HEAD 2019-06-04 16:09:20 +01:00
Simon Butcher
150deca7b9 Merge remote-tracking branch 'public/pr/2642' into HEAD 2019-06-04 16:09:14 +01:00
Simon Butcher
ca6aee4a45 Merge remote-tracking branch 'public/pr/2641' into HEAD 2019-06-04 16:09:07 +01:00
Hanno Becker
3c03a881eb Correct placement of ChangeLog entry 2019-06-04 13:59:55 +01:00
Hanno Becker
3cddba887a Improve documentation of mbedtls_x509_get_ext()
- Explain the use of explicit ASN.1 tagging for the extensions structuree
- Remove misleading comment which suggests that mbedtls_x509_get_ext()
  also parsed the header of the first extension, which is not the case.
2019-06-04 13:59:55 +01:00
Hanno Becker
d57a3a6a4f Adapt ChangeLog 2019-06-04 13:59:55 +01:00
Hanno Becker
6ccfb18ab1 Always return a high-level error code from X.509 module
Some functions within the X.509 module return an ASN.1 low level
error code where instead this error code should be wrapped by a
high-level X.509 error code as in the bulk of the module.

Specifically, the following functions are affected:
- mbedtls_x509_get_ext()
- x509_get_version()
- x509_get_uid()

This commit modifies these functions to always return an
X.509 high level error code.

Care has to be taken when adapting `mbetls_x509_get_ext()`:
Currently, the callers `mbedtls_x509_crt_ext()` treat the
return code `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG` specially to
gracefully detect and continue if the extension structure is not
present. Wrapping the ASN.1 error with
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and adapting the check
accordingly would mean that an unexpected tag somewhere
down the extension parsing would be ignored by the caller.

The way out of this is the following: Luckily, the extension
structure is always the last field in the surrounding structure,
so if there is some data remaining, it must be an Extension
structure, so we don't need to deal with a tag mismatch gracefully
in the first place.

We may therefore wrap the return code from the initial call to
`mbedtls_asn1_get_tag()` in `mbedtls_x509_get_ext()` by
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and simply remove
the special treatment of `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG`
in the callers `x509_crl_get_ext()` and `x509_crt_get_ext()`.

This renders `mbedtls_x509_get_ext()` unsuitable if it ever
happened that an Extension structure is optional and does not
occur at the end of its surrounding structure, but for CRTs
and CRLs, it's fine.

The following tests need to be adapted:
- "TBSCertificate v3, issuerID wrong tag"
  The issuerID is optional, so if we look for its presence
  but find a different tag, we silently continue and try
  parsing the subjectID, and then the extensions. The tag '00'
  used in this test doesn't match either of these, and the
  previous code would hence return LENGTH_MISMATCH after
  unsucessfully trying issuerID, subjectID and Extensions.
  With the new code, any data remaining after issuerID and
  subjectID _must_ be Extension data, so we fail with
  UNEXPECTED_TAG when trying to parse the Extension data.
- "TBSCertificate v3, UIDs, invalid length"
  The test hardcodes the expectation of
  MBEDTLS_ERR_ASN1_INVALID_LENGTH, which needs to be
  wrapped in MBEDTLS_ERR_X509_INVALID_FORMAT now.

Fixes #2431.
2019-06-04 13:59:48 +01:00
Hanno Becker
12f62fb82c Obey bounds of ASN.1 substructures
When parsing a substructure of an ASN.1 structure, no field within
the substructure must exceed the bounds of the substructure.
Concretely, the `end` pointer passed to the ASN.1 parsing routines
must be updated to point to the end of the substructure while parsing
the latter.

This was previously not the case for the routines
- x509_get_attr_type_and_value(),
- mbedtls_x509_get_crt_ext(),
- mbedtls_x509_get_crl_ext().
These functions kept using the end of the parent structure as the
`end` pointer and would hence allow substructure fields to cross
the substructure boundary. This could lead to successful parsing
of ill-formed X.509 CRTs.

This commit fixes this.

Care has to be taken when adapting `mbedtls_x509_get_crt_ext()`
and `mbedtls_x509_get_crl_ext()`, as the underlying function
`mbedtls_x509_get_ext()` returns `0` if no extensions are present
but doesn't set the variable which holds the bounds of the Extensions
structure in case the latter is present. This commit addresses
this by returning early from `mbedtls_x509_get_crt_ext()` and
`mbedtls_x509_get_crl_ext()` if parsing has reached the end of
the input buffer.

The following X.509 parsing tests need to be adapted:
- "TBSCertificate, issuer two inner set datas"
  This test exercises the X.509 CRT parser with a Subject name
  which has two empty `AttributeTypeAndValue` structures.
  This is supposed to fail with `MBEDTLS_ERR_ASN1_OUT_OF_DATA`
  because the parser should attempt to parse the first structure
  and fail because of a lack of data. Previously, it failed to
  obey the (0-length) bounds of the first AttributeTypeAndValue
  structure and would try to interpret the beginning of the second
  AttributeTypeAndValue structure as the first field of the first
  AttributeTypeAndValue structure, returning an UNEXPECTED_TAG error.
- "TBSCertificate, issuer, no full following string"
  This test exercises the parser's behaviour on an AttributeTypeAndValue
  structure which contains more data than expected; it should therefore
  fail with MBEDTLS_ERR_ASN1_LENGTH_MISMATCH. Because of the missing bounds
  check, it previously failed with UNEXPECTED_TAG because it interpreted
  the remaining byte in the first AttributeTypeAndValue structure as the
  first byte in the second AttributeTypeAndValue structure.
- "SubjectAltName repeated"
  This test should exercise two SubjectAltNames extensions in succession,
  but a wrong length values makes the second SubjectAltNames extension appear
  outside of the Extensions structure. With the new bounds in place, this
  therefore fails with a LENGTH_MISMATCH error. This commit adapts the test
  data to put the 2nd SubjectAltNames extension inside the Extensions
  structure, too.
2019-06-04 10:15:09 +01:00