Commit Graph

11708 Commits

Author SHA1 Message Date
Philippe Antoine
3e408d59c4 Fixes warnings from MSVC 2019-07-10 01:09:50 +02:00
Philippe Antoine
702c65922f Add a linker flag to enable gcov in basic-build-test.sh 2019-07-09 17:44:53 +02:00
Ron Eldor
b7c9626e76 Update soon to be expired crl
Update crl.pem, as it will expire on November 25 2019.
Resolves #2357.
2019-07-09 16:48:09 +03:00
k-stachowiak
01b3be4aa8 Add a test for mlaformed ECJPAKE context 2019-07-08 14:34:27 +02:00
k-stachowiak
4150335a27 Fix handling of md failure
The failure of mbedtls_md was not checked in one place. This could have led
to an incorrect computation if a hardware accelerator failed. In most cases
this would have led to the key exchange failing, so the impact would have been
a hard-to-diagnose error reported in the wrong place. If the two sides of the
key exchange failed in the same way with an output from mbedtls_md that was
independent of the input, this could have led to an apparently successful key
exchange with a predictable key, thus a glitching md accelerator could have
caused a security vulnerability.
2019-07-08 14:32:38 +02:00
Jaeden Amero
482a479ef0 Merge remote-tracking branch 'origin/pr/2699' into development
* origin/pr/2699:
  Update crypto submodule to a revision with the HAVEGE header changes
  Fix misuse of signed ints in the HAVEGE module
2019-07-05 15:41:39 +01:00
Gilles Peskine
06e752b2c2 Update crypto submodule to a revision with the HAVEGE header changes 2019-07-05 16:36:40 +02:00
Jaeden Amero
b6229e304e
Merge pull request #149 from gilles-peskine-arm/havege-asan-crypto
Fix misuse of signed ints in the HAVEGE module
2019-07-05 15:30:30 +01:00
Jaeden Amero
0f220ec73b Test with MBEDTLS_ECP_RESTARTABLE
We accidentally disabled testing with MBEDTLS_ECP_RESTARTABLE. Re-enable
testing with restartable ECP when MBEDTLS_USE_PSA_CRYPTO is not set.

Fixes 971dea3745 ("Enable USE_PSA_CRYPTO with config.pl full")
2019-07-05 15:14:57 +01:00
Jaeden Amero
e78cd62acb
Merge pull request #159 from k-stachowiak/IOTCRYPT-474-prevent-dead-code-warning
Prevent dead code warning
2019-07-05 14:43:11 +01:00
Hanno Becker
e69d0150d7 Add TEST_ASSUME macro to allow skipping tests at runtime
This commit adds a macro TEST_ASSUME to the test infrastructure
which allows to skip tests based on unmet conditions determined
at runtime.
2019-07-05 13:39:09 +01:00
Gilles Peskine
55b49ee10f Allow TODO in code
Don't reject TODO in code. Fix #2587
2019-07-04 19:39:06 +02:00
Gilles Peskine
7dfcfceb49 Use the docstring in the command line help 2019-07-04 19:39:06 +02:00
Gilles Peskine
ada828f36a Split _abi_compliance_command into smaller functions
This makes the code easier to read and pacifies pylint.
2019-07-04 19:20:35 +02:00
Gilles Peskine
3e2da4acf2 Record the commits that were compared
Record the commit ID in addition to the symbolic name of the version
being tested. This makes it easier to figure out what has been
compared when reading logs that don't always indicate explicitly what
things like HEAD are.

This makes the title of HTML reports somewhat verbose, but I think
that's a small price to pay.
2019-07-04 19:06:54 +02:00
Gilles Peskine
b6ce234c57 Document how to build the typical argument for -s 2019-07-04 19:00:31 +02:00
Gilles Peskine
6aa32ccfae Allow running /somewhere/else/path/to/abi_check.py
Don't require abi_check.py to be the one in scripts/ under the current
directory.
2019-07-04 18:59:36 +02:00
Jaeden Amero
93fe3a1a8f
Merge pull request #160 from yanesca/iotcrypt-790-update-tests-to-multipart-key-derivation
Iotcrypt 790 update tests to multipart key derivation
2019-07-04 17:19:36 +01:00
Gilles Peskine
2a38e2477a Slightly simplify derive_wrapping_key
No error can arise after the wrapping key is created, so remove the
corresponding cleanup code.
2019-07-04 14:41:07 +01:00
Gilles Peskine
4e2cc5353c Update key_ladder_demo to the current key derivation API 2019-07-04 14:41:00 +01:00
Janos Follath
343067e0d1 Add invalid_key_derivation test cases for TLS PRF
Add test_derive_invalid_key_derivation_state test cases for TLS 1.2 PRF.
2019-07-04 14:29:30 +01:00
Janos Follath
d958bb7aae Convert invalid_key_derivation_state to new API
Convert the test_derive_invalid_key_derivation_state() test to the new
KDF API.
2019-07-04 14:29:30 +01:00
Janos Follath
5ab0e0b601 Add derive_key_export test cases for TLS 1.2 PRF 2019-07-04 14:29:30 +01:00
Janos Follath
42fd888ab0 Convert derive_key_export to the new KDF API 2019-07-04 14:29:30 +01:00
Janos Follath
8d98a1e626 Add derive_key_exercise test cases for TLS 1.2 PRF 2019-07-04 14:29:30 +01:00
Janos Follath
e60c9052ec Convert derive_key_exercise to the new KDF API 2019-07-04 14:29:30 +01:00
Janos Follath
f2815eaec6 Refactor key derivation setup in tests 2019-07-04 14:29:00 +01:00
Janos Follath
e7e4706230 Add derive_full test cases for TLS 1.2 PRF 2019-07-04 14:22:27 +01:00
Janos Follath
47f27ed752 Convert derive_full test to the new KDF API 2019-07-04 14:22:27 +01:00
Janos Follath
46d9fbc4a9 Add test cases for exercise_key_derivation_key 2019-07-04 14:22:27 +01:00
Gilles Peskine
7607cd6e57 Convert exercise_key_derivation_key to the new KDF API 2019-07-04 14:22:27 +01:00
Jaeden Amero
c19dcebbdd
Merge pull request #154 from yanesca/iotcrypt-789-update-tls-prf-to-multipart
Update TLS 1.2 PRF to multipart API
2019-07-04 11:53:04 +01:00
k-stachowiak
653a4a2fba Prevent dead code warning
The window size variable in ecp_pick_window_size() can take values
4, 5 or 6, but we clamp it not to exceed the value of
MBEDTLS_ECP_WINDOW_SIZE. If that is 6 (default) or higher, the
static analyzer will point out that the test:
w > MBEDTLS_ECP_WINDOW_SIZE always evaluates to false.

This commit removes the test for the cases of the window size
large enough to fit all the potential values of the variable.
2019-07-04 12:19:47 +02:00
Janos Follath
d6dce9f4f3 Fix zero-length seed or label in TLS 1.2 PRF
The psa_tls12_prf_set_seed() and psa_tls12_prf_set_label() functions did
not work on platforms where malloc(0) returns NULL.

It does not affect the TLS use case but these PRFs are used in other
protocols as well and might not be used the same way. For example EAP
uses the TLS PRF with an empty secret. (This would not trigger the bug,
but is a strong indication that it is not safe to assume that certain
inputs to this function are not zero length.)

The conditional block includes the memcpy() call as well to avoid
passing a NULL pointer as a parameter resulting in undefined behaviour.

The current tests are already using zero length label and seed, there is
no need to add new test for this bug.
2019-07-04 09:11:38 +01:00
Jaeden Amero
6e70eb2678 tests: Limit each log to 10 GiB
Limit log output in compat.sh and ssl-opt.sh, in case of failures with these
scripts where they may output seemingly unlimited length error logs.

Note that ulimit -f uses units of 512 bytes, so we use 10 * 1024 * 1024 * 2 to
get 10 GiB.
2019-07-03 16:54:44 +01:00
Gilles Peskine
be517164d2 Warn if VLAs are used
We don't intend to use C99 variable-length arrays, so make the
compiler complain about them.
2019-07-02 20:22:11 +02:00
Gilles Peskine
1e65771ba3 Remove redundant compiler flag
`-Wunused' is included in `-Wall -Wextra'.
2019-07-02 20:05:20 +02:00
Gilles Peskine
85aba47715 Consistently spell -Wextra
-W is a deprecated alias of -Wextra. Consistently use the new name.
2019-07-02 20:05:16 +02:00
Jaeden Amero
14fde3f678
Merge pull request #155 from gilles-peskine-arm/psa-se_driver-registration
Secure element driver registration
2019-07-02 15:14:50 +01:00
Ron Eldor
5131f771ef Fix parsing issue when int parameter is in base 16
Fix error `ValueError: invalid literal for int() with base 10:` that
is caused when a parameter is given in base 16. Use relevant base
when calling `int()` function.
2019-07-02 11:02:29 +03:00
Jaeden Amero
a4b94c460d Update Mbed Crypto to contain mbed-crypto#152
Update Mbed Crypto to a commit on its development branch that contains
the merged [mbed-crypto#152
PR](https://github.com/ARMmbed/mbed-crypto/pull/152).
2019-07-02 08:43:57 +01:00
Jaeden Amero
ee6f9b2a9f
Merge pull request #152 from Patater/cmake-subproject-fix
Enable use of Mbed TLS and Mbed Crypto as a CMake subproject
2019-07-02 08:39:11 +01:00
Peter Kolbus
718c74ca85 Improve compatibility with firewalled networks
* Allow specifying MBEDTLS_DOCKER_REGISTRY for organizations that have
  a mirroring proxy of Docker Hub
* Specify "--network host" during build to ensure use of the host's
  DNS resolution.
2019-06-29 17:45:34 -05:00
Peter Kolbus
be54358fa7 Dockerfile: apt -> apt-get
Dockerfile commands should be using apt-get, not apt.
2019-06-29 17:45:34 -05:00
Peter Kolbus
49c2435a40 Change Docker container to bionic
Commit 117b8a4516 requires version 6+
of i686-w64-mingw32-gcc to run the mingw builds, but Ubuntu Xenial (16.04)
supplies 5.3.1. Change the Docker container to Ubuntu Bionic (18.04) to
pick up a version that will run the tests.
2019-06-29 17:45:34 -05:00
Peter Kolbus
4225b1a966 Clean up file prologue comments
Update new files to include the same legalese as in aes.h. Editorial
touchups in Dockerfile and ssl-opt-in-docker.sh.
2019-06-29 17:45:34 -05:00
Peter Kolbus
e4e2d3a396 Add docker-based test scripts
Enable running tests under Docker. This makes it easier to spin up an
environment with all dependencies (especially the multiple versions of
openssl and gnutls needed).
* tests/docker/xenial/Dockerfile: Definition for the docker image,
  including local builds for openssl and gnutls.
* tests/scripts/docker_env.sh: New helper script that creates the Docker
  image and has a function to run a command in the Docker container.
* tests/docker/all-in-docker.sh: Wrapper for all.sh under Docker.
* tests/docker/basic-in-docker.sh: Script that runs the same commands as
  .travis.yml, in Docker.
* tests/ssl-opt-in-docker.sh: Wrapper to run ssl-opt.sh in Docker.
* tests/compat-in-docker.sh: Wrapper to run compat.sh in Docker.
* tests/make-in-docker.sh: Wrapper to run make in Docker.

Change-Id: Ie092b1deed24c24c3859754535589523ce1d0a58
2019-06-29 17:45:34 -05:00
Janos Follath
0c1ed84258 Improve style 2019-06-28 15:10:06 +01:00
Philippe Antoine
daab28a4af checks MBEDTLS_PEM_PARSE_C 2019-06-28 12:31:23 +02:00
Jaeden Amero
8646a9241c
Merge pull request #156 from k-stachowiak/add-basic-build-to-all-sh
Add an alternarive full build component to all.sh
2019-06-28 10:32:19 +01:00