Commit Graph

6582 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
5bc9738139 Add test for profile on trusted EE cert 2018-03-05 13:01:11 +01:00
Manuel Pégourié-Gonnard
cd2118f67b Add tests for flags passed to f_vrfy
The tests cover chains of length 0, 1 and 2, with one error, located at any of
the available levels in the chain. This exercises all three call sites of
f_vrfy (two in verify_top, one in verify_child). Chains of greater length
would not cover any new code path or behaviour that I can see.
2018-03-05 13:01:02 +01:00
Manuel Pégourié-Gonnard
ae6d7103cc Add ability to test flags value in vrfy callback
So far there was no test ensuring that the flags passed to the vrfy callback
are correct (ie the flags for the current certificate, not including those of
the parent).

Actual tests case making use of that test function will be added in the next
commit.
2018-03-05 13:00:43 +01:00
Manuel Pégourié-Gonnard
b9c72eb733 Improve handling of md errors in X.509
md() already checks for md_info == NULL. Also, in the future it might also
return other errors (eg hardware errors if acceleration is used), so it make
more sense to check its return value than to check for NULL ourselves and then
assume no other error can occur.

Also, currently, md_info == NULL can never happen except if the MD and OID modules
get out of sync, or if the user messes with members of the x509_crt structure
directly.

This commit does not change the current behaviour, which is to treat MD errors
the same way as a bad signature or no trusted root.
2018-03-05 13:00:31 +01:00
Manuel Pégourié-Gonnard
3a130848fd Clarify documentation for directly-trusted certs
The fact that self-signed end-entity certs can be explicitly trusted by
putting them in the CA list even if they don't have the CA bit was not
documented though it's intentional, and tested by "Certificate verification #73
(selfsigned trusted without CA bit)" in test_suite_x509parse.data

It is unclear to me whether the restriction that explicitly trusted end-entity
certs must be self-signed is a good one. However, it seems intentional as it is
tested in tests #42 and #43, so I'm not touching it for now.
2018-03-05 13:00:20 +01:00
Manuel Pégourié-Gonnard
4d9e7cb66b Fix usage of CFLAGS with cmake in all.sh
With cmake, CFLAGS has to be set when invoking cmake, not make (which totally
ignores the value of CFLAGS when it runs and only keeps the one from cmake).

Also, in that case the flags were either redundant (-Werror etc) or wrong
(-std=c99 -pedantic) as some parts of the library will not build with
-pedantic (see the other -pedantic tests, which are correct, for what needs to
be disabled).
2018-03-05 13:00:03 +01:00
Manuel Pégourié-Gonnard
1ddd682843 Fix depends_on:pk_alg in test suites 2018-03-05 12:58:51 +01:00
Manuel Pégourié-Gonnard
153b5ef696 Add new test script depends-pkalgs.pl 2018-03-05 12:58:42 +01:00
Manuel Pégourié-Gonnard
0ce53f5d13 Fix depends_on:curve in x509 tests 2018-03-05 12:58:35 +01:00
Manuel Pégourié-Gonnard
056eab5ff0 Fix usage of {curves,key-exchanges}.pl in all.sh 2018-03-05 12:58:22 +01:00
Manuel Pégourié-Gonnard
483a776019 Fix missing depends_on:SHA/MD in x509 tests 2018-03-05 12:57:36 +01:00
Manuel Pégourié-Gonnard
73fc679293 Add new test script depends-hashes.pl
This is step 1 of a plan to get rid once and for all of missing depends_on in
the X509 test suite (step 2 will be RSA/ECDSA, and step 0 was curves.pl).
2018-03-05 12:57:16 +01:00
Manuel Pégourié-Gonnard
9c1b20c7df Add tests for spurious certs in the chain
We have code to skip them but didn't have explicit tests ensuring they are
(the corresponding branch was never taken).

While at it, remove extra copy of the chain in server10*.crt, which was
duplicated for no reason.
2018-03-05 12:56:49 +01:00
Manuel Pégourié-Gonnard
fe65bf7658 Add test for bad signature with longer chain
This is one line that wasn't covered in verify_child()
2018-03-05 12:53:39 +01:00
Manuel Pégourié-Gonnard
3bdcda79e5 Add test for expired cert in longer chain
That's two lines that were not covered in verify_child()
2018-03-05 12:53:23 +01:00
Manuel Pégourié-Gonnard
b0ef3e2c51 Add tests for fatal error in vrfy callback
This shows inconsistencies in how flags are handled when callback fails:
- sometimes the flags set by the callback are transmitted, sometimes not
- when the cert if not trusted, sometimes BADCERT_NOT_TRUSTED is set,
  sometimes not

This adds coverage for 9 lines and 9 branches. Now all lines related to
callback failure are covered.
2018-03-05 12:52:46 +01:00
Manuel Pégourié-Gonnard
9cca267ef3 Add ability to test failing vrfy callback 2018-03-05 12:52:37 +01:00
Manuel Pégourié-Gonnard
189bb40e60 Add tests for profile enforcement
Now all checks related to profile are covered in:
- verify_with_profile()
- verify_child()
- verify_top()
(that's 10 lines that were previously not covered)

Leaving aside profile enforcement in CRLs for now, as the focus is on
preparing to refactor cert verification.
2018-03-05 12:52:30 +01:00
Manuel Pégourié-Gonnard
94f2aa344d Set deterministic flags for NULL profile
Previously flags was left to whatever value it had before. It's cleaner to
make sure it has a definite value, and all bits set looks like the safest way
for when it went very wrong.
2018-03-05 12:52:22 +01:00
Manuel Pégourié-Gonnard
7e9709a281 Add "profile" arg to X.509 test function
Unused yet, tests using it will be added in the next commit
2018-03-05 12:52:08 +01:00
itayzafrir
33d8e3335f Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
2018-03-05 09:46:21 +02:00
Gilles Peskine
b4ef45b4f5 all.sh: build with -O -Werror in the full config
Build with MBEDTLS_DEPRECATED_REMOVED and MBEDTLS_DEPRECATED_WARNING
separately.

Do these builds with `-O -Werror -Wall -Wextra` to catch a maximum of
issues while we're at it. Do one with gcc and one with clang for
variety. This caught an uninitialized variable warning in cmac.c that
builds without -O didn't catch.
2018-03-01 22:23:50 +01:00
Gilles Peskine
df761d5a6b Fix build with gcc -O -Wall
Fix warnings from gcc -O -Wall about `ret` used uninitialized in
CMAC selftest auxiliary functions. The variable was indeed
uninitialized if the function was called with num_tests=0 (which
never happens).
2018-03-01 22:18:14 +01:00
Gilles Peskine
f936cb1c1b Add attribution for #1351 report 2018-02-27 10:21:45 +01:00
Jaeden Amero
6a4e22c26c Update version to 2.7.1 2018-02-26 10:53:47 +00:00
mohammad1603
6085c721d2 Backport 2.7:Add guard to out_left to avoid negative values
Add guard to out_left to avoid negative values
2018-02-25 01:18:46 -08:00
Gilles Peskine
3f9cff20d7 Merge branch 'prr_424' into mbedtls-2.7-proposed 2018-02-22 16:07:32 +01:00
Hanno Becker
e80cd463ef Adapt version_features.c 2018-02-22 15:02:47 +00:00
Gilles Peskine
30c3433183 Merge remote-tracking branch 'upstream-public/pr/1393' into mbedtls-2.7-proposed 2018-02-22 15:44:24 +01:00
Gilles Peskine
e2bada976e Merge remote-tracking branch 'upstream-public/pr/1392' into mbedtls-2.7-proposed 2018-02-22 15:44:14 +01:00
Gilles Peskine
04f9bd028f Note incompatibility of truncated HMAC extension in ChangeLog
The change in the truncated HMAC extension aligns Mbed TLS with the
standard, but breaks interoperability with previous versions. Indicate
this in the ChangeLog, as well as how to restore the old behavior.
2018-02-22 15:41:26 +01:00
Jaeden Amero
3a11404fcb Add LinkLibraryDependencies to VS2010 app template
Add mbedTLS.vcxproj to the VS2010 application template so that the next
time we auto-generate the application project files, the
LinkLibraryDependencies for mbedTLS.vcxproj are maintained.

Fixes #1347
2018-02-22 12:22:21 +00:00
Gilles Peskine
4945192099 Add ChangeLog entry for PR #1382 2018-02-22 10:23:13 +00:00
Jaeden Amero
a0d60a4dbc Add ChangeLog entry for PR #1384 2018-02-22 08:28:10 +00:00
Krzysztof Stachowiak
31f0a3b827 Have Visual Studio handle linking to mbedTLS.lib internally
Fixes #1347
2018-02-22 08:28:10 +00:00
Jaeden Amero
a53ff8d088 MD: Make deprecated functions not inline
In 2.7.0, we replaced a number of MD functions with deprecated inline
versions. This causes ABI compatibility issues, as the functions are no
longer guaranteed to be callable when built into a shared library.
Instead, deprecate the functions without also inlining them, to help
maintain ABI backwards compatibility.
2018-02-22 08:20:42 +00:00
Gilles Peskine
0afe624fff all.sh: add test with MBEDTLS_DEPRECATED_REMOVED 2018-02-21 19:28:12 +01:00
Gilles Peskine
8db3efbc76 Add missing MBEDTLS_DEPRECATED_REMOVED guards
Add missing MBEDTLS_DEPRECATED_REMOVED guards around the definitions
of mbedtls_aes_decrypt and mbedtls_aes_encrypt.
This fixes the build under -Wmissing-prototypes -Werror.

Fixes #1388
2018-02-21 19:16:20 +01:00
Gilles Peskine
420386d61d Merge branch 'pr_1352' into mbedtls-2.7-proposed 2018-02-20 16:40:50 +01:00
Gilles Peskine
200b24fdf8 Mention in ChangeLog that this fixes #1351 2018-02-20 16:40:11 +01:00
Gilles Peskine
1e3fd69777 Merge remote-tracking branch 'upstream-public/pr/1333' into development-proposed 2018-02-14 15:12:49 +01:00
Gilles Peskine
49ac5d06ed Merge branch 'pr_1365' into development-proposed 2018-02-14 14:36:44 +01:00
Gilles Peskine
27b0754501 Add ChangeLog entries for PR #1168 and #1362 2018-02-14 14:36:33 +01:00
Gilles Peskine
5daa76537a Add ChangeLog entry for PR #1165 2018-02-14 14:10:24 +01:00
Paul Sokolovsky
8d6d8c84b1 ctr_drbg: Typo fix in the file description comment.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
2018-02-10 11:11:41 +02:00
Jaeden Amero
6d6c7982ce Merge remote-tracking branch 'upstream-public/pr/1362' into development 2018-02-08 17:02:31 +00:00
Jaeden Amero
69f3072553 Merge remote-tracking branch 'upstream-public/pr/1168' into development 2018-02-08 15:18:52 +00:00
Jaeden Amero
129f50838b dhm: Fix typo in RFC 5114 constants
We accidentally named the constant MBEDTLS_DHM_RFC5114_MODP_P instead of
MBEDTLS_DHM_RFC5114_MODP_2048_P.

Fixes #1358
2018-02-08 14:29:14 +00:00
Antonio Quartulli
8d7d1ea9f6
tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1
Extend the pkparse test suite with the newly created keys
encrypted using PKCS#8 with PKCS#5 v2.0 with PRF being
SHA224, 256, 384 and 512.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:20 +08:00
Antonio Quartulli
f476b9d98c
data_files/pkcs8-v2: add keys generated with PRF != SHA1
We now have support for the entire SHA family to be used as
PRF in PKCS#5 v2.0, therefore we need to add new keys to test
these new functionalities.

This patch adds the new keys in `tests/data_files` and
commands to generate them in `tests/data_files/Makefile`.

Note that the pkcs8 command in OpenSSL 1.0 called with
the -v2 argument generates keys using PKCS#5 v2.0 with SHA1
as PRF by default.

(This behaviour has changed in OpenSSL 1.1, where the exact same
command instead uses PKCS#5 v2.0 with SHA256)

The new keys are generated by specifying different PRFs with
-v2prf.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:19 +08:00