Commit Graph

2155 Commits

Author SHA1 Message Date
Gilles Peskine
00de80378c Rename Python scripts to use '_' and not '-'
You can't import a Python script whose name includes '-'.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 12:09:25 +02:00
Janos Follath
2a4f8991b3 Bump version to Mbed TLS 2.7.16
Executed "./scripts/bump_version.sh --version 2.7.16"

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-06-26 12:37:57 +01:00
Janos Follath
9cdda866bf Merge branch 'mbedtls-2.7-restricted' into mbedtls-2.7.16r0 2020-06-25 09:20:57 +01:00
Manuel Pégourié-Gonnard
c09bb4c3ab all.sh: clean up some uses of "local" variables
While pure sh doesn't have a concept of local variables, we can partially
emulate them by unsetting variables before we exit the function, and use the
convention of giving them lowercase names to distinguish from global
variables.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-23 11:54:13 +02:00
Manuel Pégourié-Gonnard
4f265fbff7 Use all.sh in pre-push hook
The list in the pre-push hook was redundant with the list of `check_*`
components in all.sh, and unsurprisingly it was outdated.

Missing components were:

- check_recursion
- check_changelog
- check_test_cases
- check_python_files
- check_generate_test_code

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-23 11:54:13 +02:00
Manuel Pégourié-Gonnard
73341a0f84 Add a --quiet option to all.sh
The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but
this can be useful in any circumstance where you're not interested in the full
output from each component and just want a short summary of which components
were run (and if any failed).

Note that only stdout from components is suppressed, stderr is preserved so
that errors are reported. This means components should avoid printing to
stderr in normal usage (ie in the absence of errors).

Currently all the `check_*` components obey this convention except:
- check_generate_test_code: unittest prints progress to stderr
- check_test_cases: lots of non-fatal warnings printed to stderr

These components will be fixed in follow-up commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-23 11:53:07 +02:00
Manuel Pégourié-Gonnard
e4a5c05d49 Adjust comments about SEED synchronisation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-22 10:54:38 +02:00
Manuel Pégourié-Gonnard
54d95b1722 Make basic-build-test.sh deterministic
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-22 10:54:38 +02:00
Manuel Pégourié-Gonnard
138109133d Remove SHA-1 as a fallback option
- it's 2020, there shouldn't be too many systems out there where SHA-1 is the
  only available hash option, so its usefulness is limited
- OTOH testing configurations without SHA-2 reveal bugs that are not easy to
  fix in a fully compatible way

So overall, the benefit/cost ratio is not good enough to justify keeping SHA-1
as a fallback option here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-19 11:00:19 +02:00
Manuel Pégourié-Gonnard
6d61498e05 Add fall-back to hash-based KDF for internal ECP DRBG
The dependency on a DRBG module was perhaps a bit strict for LTS branches, so
let's have an option that works with no DRBG when at least one SHA module is
present.

This changes the internal API of ecp_drbg_seed() by adding the size of the
MPI as a parameter. Re-computing the size from the number of limbs doesn't
work too well here as we're writing out to a fixed-size buffer and for some
curves (P-521) that would round up too much. Using mbedtls_mpi_get_len() is
not entirely satisfactory either as it would mean using a variable-length
encoding, with could open side channels.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-19 10:56:55 +02:00
Manuel Pégourié-Gonnard
d90faf92b2 Add config.h option MBEDTLS_ECP_NO_INTERNAL_RNG
No effect so far, except on dependency checking, as the feature it's meant to
disable isn't implemented yet (so the descriptions in config.h and the
ChangeLog entry are anticipation for now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-19 10:05:16 +02:00
Bence Szépkúti
4e9f71227a Update license headers to Apache-2.0 OR GPL-2.0-or-later
This will allow us to ship the LTS branches in a single archive

This commit was generated using the following script:

# ========================
#!/bin/sh

header1='\ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later\
 *\
 *  This file is provided under the Apache License 2.0, or the\
 *  GNU General Public License v2.0 or later.\
 *\
 *  **********\
 *  Apache License 2.0:\
 *\
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\
 *  not use this file except in compliance with the License.\
 *  You may obtain a copy of the License at\
 *\
 *  http://www.apache.org/licenses/LICENSE-2.0\
 *\
 *  Unless required by applicable law or agreed to in writing, software\
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
 *  See the License for the specific language governing permissions and\
 *  limitations under the License.\
 *\
 *  **********\
 *\
 *  **********\
 *  GNU General Public License v2.0 or later:\
 *\
 *  This program is free software; you can redistribute it and/or modify\
 *  it under the terms of the GNU General Public License as published by\
 *  the Free Software Foundation; either version 2 of the License, or\
 *  (at your option) any later version.\
 *\
 *  This program is distributed in the hope that it will be useful,\
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of\
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\
 *  GNU General Public License for more details.\
 *\
 *  You should have received a copy of the GNU General Public License along\
 *  with this program; if not, write to the Free Software Foundation, Inc.,\
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.\
 *\
 *  **********'

find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i "
# Normalize the first line of the copyright headers (no text on the first line of a block comment)
/^\/\*.*Copyright.*Arm/I s/\/\*/&\n */

# Insert new copyright header
/SPDX-License-Identifier/ i\
$header1

# Delete old copyright header
/SPDX-License-Identifier/,$ {
  # Delete lines until the one preceding the mbedtls declaration
  N
  1,/This file is part of/ {
    /This file is part of/! D
  }
}
"

# Format copyright header for inclusion into scripts
header2=$(echo "$header1" | sed 's/^\\\? \* \?/#/')

find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i "
# Insert new copyright header
/SPDX-License-Identifier/ i\
$header2

# Delete old copyright header
/SPDX-License-Identifier/,$ {
  # Delete lines until the one preceding the mbedtls declaration
  N
  1,/This file is part of/ {
    /This file is part of/! D
  }
}
"
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:56:41 +02:00
Bence Szépkúti
09b4f19f94 Add Apache-2.0 headers to all scripts
This commit was generated using the following script:

# ========================
#!/bin/sh

# Find scripts
find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i '

# Remove Mbed TLS declaration if it occurs before the copyright line
1,/Copyright.*Arm/I {
  /This file is part of/,$ {
    /Copyright.*Arm/I! d
  }
}

# Convert non-standard header in scripts/abi_check.py to the format used in the other scripts
/"""/,/"""/ {

  # Cut copyright declaration
  /Copyright.*Arm/I {
    h
    N
    d
  }

  # Paste copyright declaration
  /"""/ {
    x
    /./ {
      s/^/# /    # Add #
      x          # Replace orignal buffer with Copyright declaration
      p          # Print original buffer, insert newline
      i\

      s/.*//     # Clear original buffer
    }
    x
  }
}

/Copyright.*Arm/I {

  # Print copyright declaration
  p

  # Read the two lines immediately following the copyright declaration
  N
  N

  # Insert Apache header if it is missing
  /SPDX/! {
    i\
# SPDX-License-Identifier: Apache-2.0\
#\
# Licensed under the Apache License, Version 2.0 (the "License"); you may\
# not use this file except in compliance with the License.\
# You may obtain a copy of the License at\
#\
# http://www.apache.org/licenses/LICENSE-2.0\
#\
# Unless required by applicable law or agreed to in writing, software\
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
# See the License for the specific language governing permissions and\
# limitations under the License.

    # Insert Mbed TLS declaration if it is missing
    /This file is part of/! i\
#\
# This file is part of Mbed TLS (https://tls.mbed.org)
  }

  # Clear copyright declaration from buffer
  D
}
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-08 17:46:40 +02:00
Bence Szépkúti
b7246ad938 Add copyright dates to all scripts
To find any files with a missing copyright declaration, use the following script:

# ========================
#!/bin/sh

# Find files with copyright declarations, and list their file extensions
exts=$(grep -Ril --exclude-dir .git 'Copyright.*Arm' | sed '
  s/.*\./-name "*./
  s/$/"/
' | sort -u | sed -n '
  :l
    N
    $!bl
  s/\n/ -o /gp
')

# Find files with file extensions that ususally include copyright extensions,
# but don't include a copyright declaration themselves.
eval "find -path './.git' -prune -o\
  ! -path './tests/data_files/format_pkcs12.fmt'\
  ! -path './programs/psa/psa_constant_names_generated.c'\
  '(' $exts ')' -print" | xargs grep -Li 'Copyright.*Arm'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-08 17:26:24 +02:00
Manuel Pégourié-Gonnard
9967bfe35b
Merge pull request #3397 from danh-arm/dh/branch-cov-2.7
Backport 2.7: Enable branch coverage in basic_build_test.sh
2020-06-08 10:15:26 +02:00
Manuel Pégourié-Gonnard
74908a0465
Merge pull request #3402 from mpg/fix-hmac-drbg-deps-2.7
[Backport 2.7] Fix undeclared dependencies on HMAC_DRBG
2020-06-05 11:50:16 +02:00
Manuel Pégourié-Gonnard
1539d15dd5
Merge pull request #3353 from gilles-peskine-arm/fix-ecp-mul-memory-leak-2.7
Backport 2.7: Fix potential memory leak in EC multiplication
2020-06-05 11:44:14 +02:00
Manuel Pégourié-Gonnard
cdfa2f983b Add test for dependencies on HMAC_DRBG in all.sh
Similarly to the recently-added tests for dependencies on CTR_DRBG:
constrained environments will probably want only one DRBG module, and we
should make sure that tests pass in such a configuration.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:52:39 +02:00
Dan Handley
aba9e22d25 Enable branch coverage in basic_build_test.sh
Enable branch coverage output in basic_build_test.sh. This
includes enabling branch coverage output to the lcov make target,
which is disabled by default.

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-06-04 16:41:02 +01:00
Manuel Pégourié-Gonnard
7e384f11f5
Merge pull request #3385 from mpg/fix-ctr-drbg-deps-2.7
[Backport 2.7] Fix undeclared dependencies on CTR_DRBG (and add test)
2020-06-03 10:56:13 +02:00
Manuel Pégourié-Gonnard
c98fde5ca8 Add test for building without CTR_DRBG
People who prefer to rely on HMAC_DRBG (for example because they use it for
deterministic ECDSA and don't want a second DRBG for code size reasons) should
be able to build and run the tests suites without CTR_DRBG.

Ideally we should make sure the level of testing (SSL) is the same regardless
of which DRBG modules is enabled, but that's a more significant piece of work.
For now, just ensure everything builds and `make test` passes.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-03 09:57:08 +02:00
Manuel Pégourié-Gonnard
801318d47e
Merge pull request #3376 from gilles-peskine-arm/basic-build-test-status-2.7
Backport 2.7: Fix failure detection in basic-build-test.sh
2020-06-03 09:41:34 +02:00
Manuel Pégourié-Gonnard
8eea3ae860 Fix undeclared deps on MBEDTLS_CTR_DRBG in tests
While at it, declare deps on ENTROPY as well.

A non-regression test will be added in a follow-up commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 12:33:21 +02:00
Gilles Peskine
39b610227b MBEDTLS_MEMORY_BACKTRACE is no longer included in the full config
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 20:47:34 +02:00
Gilles Peskine
9cc203a7ea Create a seedfile explicitly
Running the entropy unit test creates a suitable seedfile, but this
only works due to the happy accident that no prior unit test needs one
(specifically, test_suite_entropy runs before test_suite_rsa). So
create one explicitly, both for robustness and to keep the script
closer to the version in development where the explicit seedfile
creation is required.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 20:47:34 +02:00
Gilles Peskine
b07541d9f0 If 'make lcov' failed, exit immediately
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 20:47:34 +02:00
Gilles Peskine
27c36f050f Note that we keep going even if some tests fail
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 20:47:34 +02:00
Gilles Peskine
dd7ea389ff Exit with a failure status if some tests failed
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 20:47:34 +02:00
Gilles Peskine
14b559a4c3 Finish the documentation of normalize_path
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:34:20 +02:00
Gilles Peskine
c3189259e7 Run assemble_changelog.py in all.sh
Avoid nasty surprises where it would fail when we want to make a release.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:34:20 +02:00
Gilles Peskine
8fa5be5224 Some .pem files are openssl output and have tabs and that's ok
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:34:20 +02:00
Gilles Peskine
e7e149f469 .dsw files are Visual Studio stuff
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:34:20 +02:00
Gilles Peskine
be76c19801 Permit empty files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:34:20 +02:00
Gilles Peskine
4be18cf1f1 Normalize line endings
Convert all text files to Unix line endings unless they're Windows
stuff.

Make sure that all text files have a trailing newline.

Remove whitespace at the end of lines.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:34:20 +02:00
Gilles Peskine
4bda3254cf Check only files checked into Git
We're only interested in files that are committed and pushed to be
included in Mbed TLS, not in any other files that may be lying around.
So ask git for the list of file names.

This script is primarily intended to run on the CI, and there it runs
on a fresh Git checkout plus potentially some other checkouts or
leftovers from a previous part of the CI job. It should also run
reasonably well on developer machines, where there may be various
additional files. In both cases, git is available.

Ad hoc directory exclusions are no longer needed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:33:56 +02:00
Gilles Peskine
986a06de94 Exclude binary files from text checks
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:33:18 +02:00
Gilles Peskine
b4805ece78 Regex mechanism for check-specific exemptions
Suffixes are convenient but not always sufficient.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:33:18 +02:00
Gilles Peskine
ab55bc71fe Check all files by default
Have an explicit list of exemptions for specific checks rather than
whitelisting files to check. Some checks, such as permissions, should
apply to all files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:33:18 +02:00
Gilles Peskine
45137617db More accurate variable name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:33:18 +02:00
Jonas
154b470ff3 Add test cases to check rng failure
Signed-off-by: Jonas <jonas.lejeune4420@gmail.com>
2020-05-25 14:01:30 +02:00
Gilles Peskine
b0483152fb
Merge pull request #3248 from gilles-peskine-arm/travis-rationalize-2.7
Backport 2.7: Rationalize Travis builds
2020-05-04 12:10:57 +02:00
Gilles Peskine
81b60fb7bd all.sh: on arm builds (GCC or Arm Compiler), show the code size
Just show the code size in the logs, for human consumption.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:31:04 +02:00
Gilles Peskine
4fb7a2f23f all.sh: add a Cortex-M0+ build
It's pretty fast and adds a little variety.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:31:04 +02:00
Gilles Peskine
009908b562 all.sh: build_arm_none_eabi_gcc: do optimize
Otherwise the bignum assembly code is not used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:31:04 +02:00
Gilles Peskine
a27af6f023 all.sh: backport component_build_arm_none_eabi_gcc_arm5vte
Backport this component that was added to development after 2.7.0.
It's easier to keep the 2.7 branch closer to the other maintained
branches.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:31:03 +02:00
Gilles Peskine
f1709bb4ad Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix
This is supposed to be for GCC (or a compiler with a compatible
command line interface) targeting arm-none-eabi, so name it
accordingly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:31:03 +02:00
Gilles Peskine
adaaddbe3b all.sh: reorganize testing around deprecated features
build_deprecated combined the testing of deprecated features, and
testing of the build without deprecated features. Also, it violated the
component naming convention by being called build_xxx but running tests.

Replace it by:
* test_default_no_deprecated: check that you can remove deprecated
  features from the default build.
* test_full_deprecated_warning: check that enabling DEPRECATED_WARNING
  doesn't cause any warning from our own code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:47:37 +02:00
Gilles Peskine
2717eaf1e0 Fix build failure with MBEDTLS_PLATFORM_NV_SEED_ALT
An earlier botched backport (d56ca658ab)
had the wrong name for a variable and a missing header inclusion.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 13:21:27 +02:00
Gilles Peskine
a21c5e9988 Document and fix the MBEDTLS_xxx_ALT logic for the full config
The intended logic around MBEDTLS_xxx_ALT is to exclude them from full
because they require the alternative implementation of one or more
library functions, except that MBEDTLS_PLATFORM_xxx_ALT are different:
they're alternative implementations of a platform function and they
have a built-in default, so they should be included in full. Document
this.

Fix a bug whereby MBEDTLS_PLATFORM_xxx_ALT didn't catch symbols where
xxx contains an underscore. As a consequence, MBEDTLS_PLATFORM_NV_SEED_ALT
is now enabled in the full config. Explicitly exclude
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT because it behaves like the
non-platform ones, requiring an extra build-time dependency.
Explicitly exclude MBEDTLS_PLATFORM_NV_SEED_ALT from baremetal
because it requires MBEDTLS_ENTROPY_NV_SEED, and likewise explicitly
unset it from builds that unset MBEDTLS_ENTROPY_NV_SEED.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 09:16:36 +02:00
Gilles Peskine
86e5816dda check-files: support Windows .bat files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:27:39 +02:00
Gilles Peskine
cd7b0422ef all.sh: make the arm-gcc cross-compiler prefix configurable
Make it possible to use a compiler that isn't in $PATH, or that's
installed with a different name, or even a compiler for a different
target such as arm-linux-gnueabi.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:24:40 +02:00
Gilles Peskine
bfda033f3d all.sh: run selftest in the full config and with ASan
Almost everything the selftest program does is in the test suites. But
just in case run the selftest program itself once in the full
configuration, and once in the default configuration with ASan, in
addition to running it out of box.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-27 11:23:11 +02:00
Gilles Peskine
5d32e64ad0
Merge pull request #3170 from gilles-peskine-arm/check-windows-files-2.7
Backport 2.7: Check Windows files for sanity as well
2020-04-20 13:59:22 +02:00
Gilles Peskine
bc8c513ecb
Merge pull request #3185 from gilles-peskine-arm/pylint-up-to-2.4-2.7
Backport 2.7: Pass Pylint up to 2.4
2020-04-20 09:47:54 +02:00
Jaeden Amero
8aaf2c5861
Merge pull request #3196 from piotr-now/max_pathlen_overflow_mbedtls-2.7
Backport 2.7: Guard from undefined behaviour in case of an INT_MAX max_pathlen
2020-04-17 14:24:45 +01:00
Andrzej Kurek
3fd9297658 Guard from undefined behaviour in case of an INT_MAX max_pathlen
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-17 11:30:21 +02:00
Gilles Peskine
e61988a766
Merge pull request #3165 from ronald-cron-arm/unmet-dependencies-buffer-overflow-fix-2.7
[backport 2.7] Unmet dependencies buffer overflow fix
2020-04-17 10:08:18 +02:00
Gilles Peskine
b5847d20d3 Pylint: abide by useless-object-inheritance warnings
Inheriting from object is a remainder of Python 2 habits and is just
clutter in Python 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 21:08:26 +02:00
Gilles Peskine
558e26dbda Document more methods in Python scripts
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 21:07:43 +02:00
Janos Follath
b4b458fe01 Bump version to Mbed TLS 2.7.15
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-08 17:22:51 +01:00
Gilles Peskine
70ef5c6c9a In Windows files, detect CR without LF as well as LF without CR
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:06 +02:00
Gilles Peskine
783da6345e Check that Windows files have Windows line endings
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:04 +02:00
Gilles Peskine
227dfd435e Also check Windows files
Check Windows files for some issues, including permissions. Omit the
checks related to special characters (whitespace, line endings,
encoding) as appropriate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:03 +02:00
Gilles Peskine
318f15ef92 Sort the list for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:02 +02:00
Gilles Peskine
c7153226f6 List each item on a separate line for easier maintenance
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:39:00 +02:00
Gilles Peskine
c251e0d75a Clarify confusion between file names and suffixes of file names
To test a file name exactly, prepend a / to the base name.

files_to_check actually checks suffixes, not file names, so rename it
to extensions_to_check.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-06 16:38:58 +02:00
Ronald Cron
75d26b5d17 unit tests: Indicate missing unmet dependencies
The identifiers of the unmet dependencies of a test case are
stored in a buffer of fixed size that can be potentially too
small to store all the unmet dependencies. Indicate in test
report if some unmet dependencies are missing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:26 +02:00
Ronald Cron
1d3eab684c unit tests: Fix potential buffer overflow
Fix potential buffer overflow when tracking the unmet dependencies
of a test case. The identifiers of unmet dependencies are stored
in an array of fixed size. Ensure that we don't overrun the array.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:26 +02:00
Ronald Cron
59f2139df0 Prefer unsigned types for non-negative numbers
Use size_t for some variables that are array indices.
Use unsigned for some variables that are counts of "small" things.

This is a backport of commit 3c1c8ea3e7.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 14:20:18 +02:00
Ronald Cron
eb5d0e9f4f unit tests: Backport ARRAY_LENGTH macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-06 10:34:54 +02:00
Gilles Peskine
29b7b9585b
Merge pull request #3145 from mpg/fix-reconnect-2.7
[backport 2.7] Fix issues in handling of client reconnecting from the same port
2020-04-02 19:21:22 +02:00
Gilles Peskine
67665509ab Note that unmet_dependencies is only filled in verbose mode
Warn about a gotcha that caused a bug in development.

Ensure that it's at least zeroed out, rather than uninitialized, in
non-verbose mode.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-01 09:59:54 +02:00
Manuel Pégourié-Gonnard
b1ee30bfe9 Adjust timeout of tests with "no resend" assertions
There are currently 4 tests in ssl-opt.sh with either -C "resend" or -S
"resend", that is, asserting that no retransmission will occur. They sometimes
fail on loaded CI machines as one side doesn't send a message fast enough,
causing the other side to retransmit, causing the test to fail.

(For the "reconnect" test there was an other issue causing random failures,
fixed in a previous commit, but even after that fix the test would still
sometimes randomly fail, even if much more rarely.)

While it's a hard problem to fix in a general and perfect way, in practice the
probability of failures can be drastically reduced by making the timeout
values much larger.

For some tests, where retransmissions are actually expected, this would have
the negative effect of increasing the average running time of the test, as
each side would wait for longer before it starts retransmission, so we have a
trade-off between average running time and probability of spurious failures.

But for tests where retransmission is not expected, there is no such trade-off
as the expected running time of the test (assuming the code is correct most of
the time) is not impacted by the timeout value. So the only negative effect of
increasing the timeout value is on the worst-case running time on the test,
which is much less important, as test should only fail quite rarely.

This commit addresses the easy case of tests that don't expect retransmission
by increasing the value of their timeout range to 10s-20s. This value
corresponds to the value used for tests that assert `-S "autoreduction"` which
are in the same case and where the current value seems acceptable so far.

It also represents an increase, compared to the values before this commit, of
a factor 20 for the "reconnect" tests which were frequently observed to fail
in the CI, and of a factor 10 for the first two "DTLS proxy" tests, which were
observed to fail much less frequently, so hopefully the new values are enough
to reduce the probability of spurious failures to an acceptable level.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 09:57:45 +02:00
Manuel Pégourié-Gonnard
a58b04649b Add negative test for hard reconnect cookie check
The server must check client reachability (we chose to do that by checking a
cookie) before destroying the existing association (RFC 6347 section 4.2.8).
Let's make sure we do, by having a proxy-in-the-middle inject a ClientHello -
the server should notice, but not destroy the connection.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-31 09:57:45 +02:00
Manuel Pégourié-Gonnard
d6e4454de8 Improve some test names in ssl-opt.sh
- "Default" should only be used for tests that actually use the defaults (ie,
  not passing options on the command line, except maybe debug/dtls)
- All tests in the "Encrypt then MAC" group should start with that string as a
  common prefix

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-24 10:58:20 +01:00
Manuel Pégourié-Gonnard
eb22ad2ddc
Merge pull request #2440 from andresag01/mbedtls-2.7-iotssl-2544-deprecate-record-accel
Backport 2.7: Fix compilation failure when MBEDTLS_SSL_HW_RECORD_ACCEL is enabled
2020-03-16 10:37:32 +01:00
Manuel Pégourié-Gonnard
aa719e78ce Align some timeouts with the 2.16 branch in ssl-opt.sh
This commit only addresses the timeouts in the "DTLS proxy: 3d, ..." tests.
The discrepancy with the 2.16 branch became apparent for some of these tests
when backporting the previous commit (skip_close_nofity), so let's align the
whole series for consistency and to make future backporting easier.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-03 10:15:50 +01:00
Manuel Pégourié-Gonnard
5e261e958c Fix possible close_notify/ClientHello confusion
The ssl-opt.sh test cases using session resumption tend to fail occasionally
on the CI due to a race condition in how ssl_server2 and ssl_client2 handle
the reconnection cycle.

The server does the following in order:
- S1 send application data
- S2 send a close_notify alert
- S3 close the client socket
- S4 wait for a "new connection" (actually a new datagram)
- S5 start a handshake

The client does the following in order:
- C1 wait for and read application data from the server
- C2 send a close_notify alert
- C3 close the server socket
- C4 reset session data and re-open a server socket
- C5 start a handshake

If the client has been able to send the close_notify (C2) and if has been
delivered to the server before if closes the client socket (S3), when the
server reaches S4, the datagram that we start the new connection will be the
ClientHello and everything will be fine.

However if S3 wins the race and happens before the close_notify is delivered,
in S4 the close_notify is what will be seen as the first datagram in a new
connection, and then in S5 this will rightfully be rejected as not being a
valid ClientHello and the server will close the connection (and go wait for
another one). The client will then fail to read from the socket and exit
non-zero and the ssl-opt.sh harness will correctly report this as a failure.

In order to avoid this race condition in test using ssl_client2 and
ssl_server2, this commits introduces a new command-line option
skip_close_notify to ssl_client2 and uses it in all ssl-opt.sh tests that use
session resumption with DTLS and ssl_server2.

This works because ssl_server2 knows how many messages it expects in each
direction and in what order, and closes the connection after that rather than
relying on close_notify (which is also why there was a race in the first
place).

Tests that use another server (in practice there are two of them, using
OpenSSL as a server) wouldn't work with skip_close_notify, as the server won't
close the connection until the client sends a close_notify, but for the same
reason they don't need it (there is no race between receiving close_notify and
closing as the former is the cause of the later).

An alternative approach would be to make ssl_server2 keep the connection open
until it receives a close_notify. Unfortunately it creates problems for tests
where we simulate a lossy network, as the close_notify could be lost (and the
client can't retransmit it). We could modify udp_proxy with an option to never
drop alert messages, but when TLS 1.3 comes that would no longer work as the
type of messages will be encrypted.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-03 10:15:26 +01:00
Andres Amaya Garcia
bb13e3b8e4 Add test for MBEDTLS_SSL_HW_RECORD_ACCEL in all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 10:26:02 +01:00
Janos Follath
0f22670243 Bump version to Mbed TLS 2.7.14 2020-02-19 12:08:10 +00:00
Manuel Pégourié-Gonnard
9c16ede466 Check for buffer overflow in test function 2020-02-19 09:45:02 +01:00
Manuel Pégourié-Gonnard
355bbc0e70 Test each failure mode of pk_parse_key_pkcs1_der()
(Only the top-level ones, ie, for each call to eg asn1_get_mpi(), ensure
there's at least one test case that makes this call fail in one way, but don't
test the various ways to make asn1_get_mpi fail - that should be covered
elsewhere.)

- the new checks added by the previous commits needed exercising
- existing tests sometimes had wrong descriptions or where passing for the
  wrong reason (eg with the "length mismatch" test, the function actually
failed before reaching the length check)
- while at it, add tests for the rest as well

The valid minimal-size key was generated with:

openssl genrsa 128 2>/dev/null | openssl rsa -outform der 2>/dev/null | xxd -p
2020-02-18 11:27:08 +01:00
Manuel Pégourié-Gonnard
bfd0259d26 Clean up test function pk_parse_key
- remove incorrect compile-time dependency (the individual cases already have
  correct run-time dependency information)
- remove unused argument
- remove unused stack buffer
- remove useless code block
2020-02-18 11:27:08 +01:00
Manuel Pégourié-Gonnard
37d0dfc0c5
Merge pull request #3030 from gilles-peskine-arm/test-opt-all-2.7
Backport 2.7: Fix and test the full config with gcc and clang
2020-02-11 09:17:14 +01:00
Manuel Pégourié-Gonnard
6cf5931f1d
Merge pull request #3028 from gilles-peskine-arm/mpi_copy_shrink-2.7
Backport 2.7: Improve robustness and testing of mbedtls_mpi_copy
2020-02-06 09:52:18 +01:00
Janos Follath
5d1171268c
Merge pull request #3020 from mpg/fix-ssl-opt-gnutls-no-sha1-2.7
[backport 2.7] Fix ssl-opt.sh for GnuTLS versions rejecting SHA-1
2020-02-04 11:19:18 +00:00
Gilles Peskine
fa0e8b51c4 Test GCC and Clang with common build options
Goals:
* Build with common compilers with common options, so that we don't
  miss a (potentially useful) warning only triggered with certain
  build options.
* A previous commit removed -O0 test jobs, leaving only the one with
  -m32. We have inline assembly that is disabled with -O0, falling
  back to generic C code. This commit restores a test that runs the
  generic C code on a 64-bit platform.
2020-02-03 20:06:31 +01:00
Gilles Peskine
c9247122e3 Replace -O0 by -O1 or -Os in most components
Gcc skips some analyses when compiling with -O0, so we may miss
warnings about things like uninitialized variables.
2020-02-03 20:06:31 +01:00
Gilles Peskine
261aea1956 shrink tests: clearer description 2020-02-03 16:35:01 +01:00
Gilles Peskine
84b8e25426 Better coverage for copy and swap
Cover more cases: different signs, different zeronesses, repeated
argument.
2020-02-03 16:34:51 +01:00
Gilles Peskine
6f43c6038e Bignum copy/shrink: More precise test case descriptions 2020-02-03 16:27:56 +01:00
Manuel Pégourié-Gonnard
179c227203 Fix CA encoding issue with gnutls-cli
In the 2.7 branch, test-ca.crt has all the components of its Subject name
encoded as PrintableString, because it's generated with our cert_write
program, and our code writes all components that way until Mbed TLS 2.14.

But the default RSA SHA-256 certificate, server2-sha256.crt, has the O and CN
components of its Issuer name encoded as UTF8String, because it was generated
with OpenSSL and that's what OpenSSL does, regardless of how those components
were encoded in the CA's Subject name.

This triggers some overly strict behaviour in some libraries, most notably NSS
and GnuTLS (of interest to us in ssl-opt.sh) which won't recognize the trusted
root as a possible parent for the presented certificate, see for example:
https://github.com/ARMmbed/mbedtls/issues/1033

Fortunately, we have at our disposal a version of test-ca.crt with encodings
matching the ones in server2-sha256.crt, in the file test-ca_utf8.crt. So
let's append that to gnutls-cli's list of trusted roots, so that it recognizes
certs signed by this CA but with the O and CN components as UTF8String.

Note: Since https://github.com/ARMmbed/mbedtls/pull/1641 was merged (in Mbed
TLS 2.14), we changed how we encode those components, so in the 2.16 branch,
cert_write generates test-ca.crt with encodings that matches the ones used by
openssl when generating server2-sha256.crt, so the issue of gnutls-cli
rejecting server2-sha256.crt is specific to the 2.7 branch.
2020-02-03 15:55:43 +01:00
Manuel Pégourié-Gonnard
350823d0da
Merge pull request #2976 from mpg/add-zlib-tests-2.7
[2.7] Add zlib tests
2020-01-31 09:22:36 +01:00
Manuel Pégourié-Gonnard
37abf12631 De-duplicate SHA1-independent test in ssl-opt.sh
The splitting of this test into two versions depending on whether SHA-1 was
allowed by the server was a mistake in
5d2511c4d4 - the test has nothing to do with
SHA-1 in the first place, as the server doesn't request a certificate from
the client so it doesn't matter if the server accepts SHA-1 or not.
2020-01-30 12:49:43 +01:00
Manuel Pégourié-Gonnard
a92990a082 Fix ssl-opt.sh for GnuTLS versions rejecting SHA-1
While the whole script makes (often implicit) assumptions about the version of
GnuTLS used, generally speaking it should work out of the box with the version
packaged on our reference testing platform, which is Ubuntu 16.04 so far.

With the update from Jan 8 2020 (3.4.10-4ubuntu1.6), the patches for rejecting
SHA-1 in certificate signatures were backported, so we should avoid presenting
SHA-1 signed certificates to a GnuTLS peer in ssl-opt.sh.
2020-01-30 11:19:45 +01:00
Janos Follath
a67508e066 Merge pull request #3002 from gilles-peskine-arm/coverity-20200115-2.7 into mbedtls-2.7 2020-01-29 14:53:48 +00:00
Manuel Pégourié-Gonnard
2150fb22c8 Add detection for zlib headers to all.sh 2020-01-29 09:51:56 +01:00
Gilles Peskine
16ba09c621 Check that mbedtls_mpi_grow succeeds 2020-01-22 19:09:05 +01:00
Janos Follath
ee88f8145d Bump version to Mbed TLS 2.7.13 2020-01-20 14:28:41 +00:00
Jaeden Amero
d8180f8d84 Merge remote-tracking branch 'origin/mbedtls-2.7' into mbedtls-2.7-restricted
* origin/mbedtls-2.7:
  Enable more test cases without MBEDTLS_MEMORY_DEBUG
  More accurate test case description
  Clarify that the "FATAL" message is expected
  Note that mbedtls_ctr_drbg_seed() must not be called twice
  Fix CTR_DRBG benchmark
  Changelog entry for xxx_drbg_set_entropy_len before xxx_drbg_seed
  CTR_DRBG: support set_entropy_len() before seed()
  CTR_DRBG: Don't use functions before they're defined
  HMAC_DRBG: support set_entropy_len() before seed()
2020-01-15 16:59:10 +00:00