Commit Graph

252 Commits

Author SHA1 Message Date
Jaeden Amero
942cfea65f Merge remote-tracking branch 'upstream-public/pr/1815' into mbedtls-2.1 2018-08-10 11:00:40 +01:00
Andres Amaya Garcia
dc8b6df7a7 Add test for empty app data records to ssl-opt.sh 2018-07-16 20:22:30 +01:00
Ron Eldor
6877685ac6 Restore accidentally deleted lines
Restore lines that were accidentally deleted by a previous
moerge conflict.
2018-07-01 10:05:49 +03:00
Gilles Peskine
2cc7ad4cfc Fix ssl-opt.sh not starting when lsof is not available
$START_DELAY was used before it was defined.
2018-06-29 16:03:18 +02:00
Ron Eldor
2eee2e63e5 Update ssl-opt.sh test to run condition
1. Update the test script to un the ECC tests only if the relevant
configurations are defined in `config.h` file
2. Change the HASH of the ciphersuite from SHA1 based to SHA256
for better example
2018-06-28 16:20:00 +03:00
Ron Eldor
b27a1ab18f Add ECC extensions test in ssl-opts.sh
Add test to verify if an ecc based extension exists
or not if an ecc based ciphersuite is used or not.
2018-06-28 16:09:31 +03:00
Simon Butcher
12826dfb83 Extend the timeout for SNI DTLS tests
The following tests were timing out under valgrind so now have a much
longer timeout:
    SNI: DTLS, CA no override
    SNI: DTLS, CA override with CRL
2018-06-16 19:46:52 +01:00
Andres Amaya Garcia
0b8eaa899d Add more SNI/DTLS tests
Run the normal SNI/TLS tests over DTLS in ssl-opt.sh for greater
coverage.
2018-05-30 08:30:07 +01:00
Andres Amaya Garcia
021ad3dc38 Rename SNI/DTLS tests in ssl-opt.sh script 2018-05-30 08:30:06 +01:00
Andres AG
52142f186f Add SNI with DTLS tests to ssl-opt.sh script 2018-05-30 08:30:03 +01:00
Azim Khan
341e3789a3 Enable SSL test scripts to dump logs on stdout 2018-04-03 17:59:56 +01:00
Gilles Peskine
25ec9cc9b3 Merge branch 'prr_428' into mbedtls-2.1-proposed 2018-02-22 16:24:13 +01:00
Jaeden Amero
2b72742e3f Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-29 12:52:10 +00:00
Jaeden Amero
bfafd12789 Merge remote-tracking branch 'upstream-restricted/pr/414' into mbedtls-2.1-restricted 2018-01-26 18:09:14 +00:00
Gilles Peskine
784f41c90d wait_server_start: warn if lsof is not available
If lsof is not available, wait_server_start uses a fixed timeout,
which can trigger a race condition if the timeout turns out to be too
short. Emit a warning so that we know this is going on from the test
logs.
2018-01-22 11:24:01 +01:00
Manuel Pégourié-Gonnard
3f69e54f3b Increase waiting times compat.sh and ssl-opt.sh
- Some of the CI machines don't have lsof installed yet, so rely on an sleeping
an arbitrary number of seconds while the server starts. We're seeing
occasional failures with the current delay because the CI machines are highly
loaded, which seems to indicate the current delay is not quite enough, but
hopefully not to far either, so double it.

- While at it, also double the watchdog delay: while I don't remember seeing
  much failures due to client timeout, this change doesn't impact normal
running time of the script, so better err on the safe side.

These changes don't affect the test and should only affect the false positive
rate coming from the test framework in those scripts.
2018-01-22 11:23:58 +01:00
Manuel Pégourié-Gonnard
87244fa253 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  compat.sh: use wait_server_start
  wait_server_start: minor efficiency improvement
2017-12-21 11:13:30 +01:00
Gilles Peskine
684a517220 wait_server_start: minor efficiency improvement
In wait_server_start, fork less. When lsof is present, call it on the
expected process. This saves a few percent of execution time on a
lightly loaded machine. Also, sleep for a short duration rather than
using a tight loop.
2017-12-19 13:33:08 +01:00
Manuel Pégourié-Gonnard
914fd5d2c9 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  ssl-opt.sh: support fixed seed for random tests
2017-12-19 12:19:12 +01:00
Gilles Peskine
aed7188b2e Merge remote-tracking branch 'upstream-restricted/pr/427' into mbedtls-2.1-restricted 2017-12-01 18:05:40 +01:00
Gilles Peskine
bb4aaf1bbc ssl-opt.sh: support fixed seed for random tests
Support --seed and $SEED to set the seed for random tests.

Partial backport of commit 7770ea82d5
(the part applying to all.sh is already present).
2017-12-01 17:23:34 +01:00
Hanno Becker
8e75b6ce56 Improve style in tests/ssl-opt.sh
Try to avoid line breaks in server and client command line arguments to ease
reading of test cases.
2017-12-01 10:18:41 +00:00
Hanno Becker
b018723d3e Correct truncated HMAC tests in ssl-opt.sh
Many truncated HMAC tests were missing the `trunc_hmac=1` for the server
application, thereby not testing the extension.
2017-12-01 10:18:41 +00:00
Hanno Becker
02f632ecce Add truncated HMAC extension tests for DTLS 2017-12-01 10:18:22 +00:00
Hanno Becker
d51bec701b Add missing truncated HMAC test for TLS
The case 'Client disabled, Server enabled' was missing.
2017-12-01 10:18:22 +00:00
Hanno Becker
461cb81a55 Add small packet tests for DTLS
Add a DTLS small packet test for each of the following combinations:
- DTLS version: 1.0 or 1.2
- Encrypt then MAC extension enabled
- Truncated HMAC extension enabled

Large packets tests for DTLS are currently not possible due to parameter
constraints in ssl_server2.
2017-12-01 10:18:22 +00:00
Hanno Becker
0b9d913ac6 Extend large packet tests for TLS
Same as previous commit, but for large packet tests.
2017-12-01 10:18:22 +00:00
Hanno Becker
7aae46c05a Extend small packet tests for TLS
This commit ensures that there is a small packet test for at least any
combination of
- SSL/TLS version: SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2
- Stream cipher (RC4) or Block cipher (AES)
- Usage of Encrypt then MAC extension [TLS only]
- Usage of truncated HMAC extension [TLS only]
2017-12-01 10:18:22 +00:00
Hanno Becker
a83fafa5df Add missing dependencies on trunc HMAC ext in ssl-opt.sh
Noticed that the test cases in ssl-opt.sh exercising the truncated HMAC
extension do not depend on MBEDTLS_SSL_TRUNCATED_HMAC being enabled in
config.h. This commit fixes this.
2017-12-01 10:18:22 +00:00
Gilles Peskine
49349bacb9 Merge remote-tracking branch 'upstream-public/pr/1153' into mbedtls-2.1 2017-11-29 20:53:58 +01:00
Hanno Becker
ce516ff449 Fix heap corruption in ssl_decrypt_buf
Previously, MAC validation for an incoming record proceeded as follows:

1) Make a copy of the MAC contained in the record;
2) Compute the expected MAC in place, overwriting the presented one;
3) Compare both.

This resulted in a record buffer overflow if truncated MAC was used, as in this
case the record buffer only reserved 10 bytes for the MAC, but the MAC
computation routine in 2) always wrote a full digest.

For specially crafted records, this could be used to perform a controlled write of
up to 6 bytes past the boundary of the heap buffer holding the record, thereby
corrupting the heap structures and potentially leading to a crash or remote code
execution.

This commit fixes this by making the following change:
1) Compute the expected MAC in a temporary buffer that has the size of the
   underlying message digest.
2) Compare to this to the MAC contained in the record, potentially
   restricting to the first 10 bytes if truncated HMAC is used.

A similar fix is applied to the encryption routine `ssl_encrypt_buf`.
2017-11-20 10:16:17 +00:00
Hanno Becker
7889113075 Add dependency on SSL_RENEGOTIATION to renego tests in ssl-opt.sh 2017-10-24 11:54:55 +01:00
Hanno Becker
6ed76f74d2 Use a conservative excess of the maximum fragment length in tests
This leads to graceful test failure instead of crash when run on the previous
code.
2017-10-19 15:45:17 +01:00
Hanno Becker
64691dc3fc Let ssl-opt.sh gracefully fail is SSL_MAX_CONTENT_LEN is not 16384
Some tests in ssl-opt.sh require MBEDTLS_SSL_MAX_CONTENT_LEN to be set to its
default value of 16384 to succeed. While ideally such a dependency should not
exist, as a short-term remedy this commit adds a small check that will at least
lead to graceful exit if that assumption is violated.
2017-10-19 15:45:17 +01:00
Hanno Becker
0d885d3d8c Add expected number of fragments to 16384-byte packet tests 2017-10-19 15:44:37 +01:00
Hanno Becker
2fabe5fb70 Add tests for messages beyond 16384 bytes to ssl-opt.sh
This commit adds four tests to ssl-opt.sh testing the library's behavior when
`mbedtls_ssl_write` is called with messages beyond 16384 bytes. The combinations
tested are TLS vs. DTLS and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH enabled vs. disabled.
2017-10-19 15:44:37 +01:00
Hanno Becker
0560778fb0 Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
The tests for the maximum fragment length extension were lacking a dependency on
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config.
2017-10-19 15:44:37 +01:00
Hanno Becker
80e0d46062 Use 2048-bit DHE parameters from RFC 3526 instead of 5114 by default
The parameters from RFC 5114 are not considered trustworthy, while those from
RFC 3526 have been generated in a nothing-up-my-sleeve manner.
2017-10-13 16:51:54 +01:00
Janos Follath
5f1dd80eaf Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-11 13:58:17 +01:00
Simon Butcher
266f3446b7 Remove the check in ssl-opt.sh for MAX_INTERMEDIATE_CA
The check uses grep, not config.pl, on the x509 headers - not where it should
be configured - config.h. grep syntax isn't very portable. Without config.pl
it's quite hard to do this check properly so removing this check.
2017-07-28 13:02:33 +01:00
Hanno Becker
81cc8f668b Check value of MBEDTLS_X509_MAX_INTERMEDIATE_CA in ssl-opt.sh
Some tests in ssl-opt.sh assumes the value 8 for the maximal number
MBEDTLS_X509_MAX_INTERMEDIATE_CA of intermediate CA's. This commit adds a check
before conducting the respective tests.
2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
cdb4dc9393 Improve comments 2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
591035d0b4 Add SSL tests for long cert chains 2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
55393666a1 Fix issue in testing SHA-1 compile-time option 2017-06-08 18:11:57 +02:00
Hanno Becker
61c0c70418 Add tests for missing CA chains and bad curves.
This commit adds four tests to tests/ssl-opt.sh:
(1) & (2): Check behaviour of optional/required verification when the
trusted CA chain is empty.
(3) & (4): Check behaviour of optional/required verification when the
client receives a server certificate with an unsupported curve.
2017-06-07 11:36:12 +01:00
Manuel Pégourié-Gonnard
b55f613601 Merge remote-tracking branch 'gilles/iotssl-1223/mbedtls-2.1' into mbedtls-2.1
* gilles/iotssl-1223/mbedtls-2.1:
  Fix FALLBACK_SCSV parsing
2017-06-06 20:12:51 +02:00
Gilles Peskine
7344e1bd05 SHA-1 deprecation: allow it in key exchange
By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.

SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.
2017-06-06 19:09:02 +02:00
Gilles Peskine
35db5bae2c Allow SHA-1 in test scripts 2017-06-06 19:08:23 +02:00
Gilles Peskine
ae76599686 Test that SHA-1 defaults off
Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.
2017-06-06 19:08:23 +02:00
Gilles Peskine
39e2981b22 Fix FALLBACK_SCSV parsing
Fixed a bug in ssl_srv.c when parsing TLS_FALLBACK_SCSV in the
ciphersuite list that caused it to miss it sometimes. Reported by Hugo
Leisink as issue #810. Fix initially by @andreasag01; this commit
isolates the bug fix and adds a non-regression test.
2017-05-16 18:03:02 +02:00