Commit Graph

9520 Commits

Author SHA1 Message Date
Gilles Peskine
c071373842 Mutex usage testing: set up wrapper functions
When using pthread mutexes (MBEDTLS_THREADING_C and
MBEDTLS_THREADING_PTHREAD enabled), and when test hooks are
enabled (MBEDTLS_TEST_HOOKS), set up wrappers around the
mbedtls_mutex_xxx abstraction. In this commit, the wrapper functions
don't do anything yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-17 13:10:42 +00:00
Gilles Peskine
96a7064754 Remove reference to a document that doesn't exist in this branch
Don't reference the architecture document. This is an LTS branch and
new invasive tests are only going to be introduced as (perhaps partial
or adapted) backports of invasive tests from development anyway.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 12:53:44 +00:00
Gilles Peskine
44e89c547f Declare MBEDTLS_TEST_HOOKS in config.h
When this option is enabled, the product includes additional
interfaces that enable additional tests. This option should not be
enabled in production, but is included in the "full" build to enable
the extra tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 12:50:52 +00:00
Gilles Peskine
7f652adc48 Use $ASAN_FLAGS instead of repeating its contents
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 12:48:33 +00:00
Manuel Pégourié-Gonnard
47e4035e98
Merge pull request #4134 from gilles-peskine-arm/ssl-opt-server-failure-2.16
Backport 2.16: ssl-opt.sh: if the server fails, do treat it as a test failure
2021-02-12 12:16:09 +01:00
Gilles Peskine
2cf44b6941 ssl-opt.sh: Only check the server exit for Mbed TLS
We care about the exit code of our server, for example if it's
reporting a memory leak after having otherwise executed correctly.

We don't care about the exit code of the servers we're using for
interoperability testing (openssl s_server, gnutls-serv). We assume
that they're working correctly anyway, and they return 1 (gnutls-serv)
or die by the signal handle the signal (openssl) when killed by a
signal.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-10 13:05:21 +01:00
Gilles Peskine
634fe27a12 ssl-opt.sh: if the server fails, do treat it as a test failure
This used to be the case a long time ago but was accidentally broken.

Fix <github:nogrep> #4103 for ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-10 13:05:19 +01:00
Janos Follath
fee234afcd
Merge pull request #4100 from d-otte/mbedtls-2.16
Backport 2.16: wrong RSA_PRV_DER_MAX_BYTES for odd MBEDTLS_MPI_MAX_SIZE
2021-02-02 16:14:59 +00:00
Janos Follath
9039f16c48
Merge pull request #4097 from gilles-peskine-arm/mpi_sub_abs-buffer_overflow-2.16
Backport 2.16: Fix buffer overflow in mbedtls_mpi_sub_abs negative case
2021-02-02 13:10:22 +00:00
Daniel Otte
80fa1b4d8f adding changelog entry for issue #4093
Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-02 12:57:48 +01:00
Daniel Otte
9c6cb217f1 adding parentheses to macro definitions.
Avoid confusion and possible mistakes in usage of macros.

Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-02 12:52:18 +01:00
Daniel Otte
80a2c2a5f9 avoid errorneous computation of RSA_PRV_DER_MAX_BYTES.
if MBEDTLS_MPI_MAX_SIZE is odd then RSA_PRV_DER_MAX_BYTES will be two less than expected, since the macros are lacking parentheses.


Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-02 12:51:02 +01:00
Gilles Peskine
6260b70717 mbedtls_mpi_sub_abs: fix buffer overflow in error case
Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE).

Fix #4042

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 17:27:06 +01:00
Gilles Peskine
9a3cf3174d Add mpi_sub_abs negative tests with a larger-in-size second operand
Add test cases for mbedtls_mpi_sub_abs() where the second operand has
more limbs than the first operand (which, if the extra limbs are not
all zero, implies that the function returns
MBEDTLS_ERR_MPI_NEGATIVE_VALUE).

This exposes a buffer overflow (reported in #4042).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 17:27:04 +01:00
Janos Follath
5d453ee882
Merge pull request #4068 from stevew817/backport/pr-4008
[Backport 2.16] Avoid unreferenced items in ECDSA when ALT is in use
2021-01-29 12:54:35 +00:00
Ronald Cron
226626fd42
Merge pull request #4021 from gilles-peskine-arm/ssl-test_without_hmac_drbg-2.16
Backport 2.16: Test SSL with non-deterministic ECDSA
2021-01-29 09:10:11 +01:00
Steven Cooreman
a82e56aa91 Avoid unreferenced item warnings in ECDSA when ALT is in use
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-26 18:04:10 +01:00
Janos Follath
01c69377bd
Merge pull request #4057 from stevew817/backport/pr-4007
[backport 2.16] Skip known entropy tests for ECJPAKE ALT implementations
2021-01-25 12:38:53 +00:00
Steven Cooreman
0b7cb319cd Skip tests requiring known entropy for ECJPAKE ALT implementations
These implementations don't necessarily consume entropy the same way the
mbed TLS internal software implementation does, and the 'reference
handshake' test vectors can thus not be applied to an ALT implementation.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-25 10:36:37 +01:00
Gilles Peskine
629fd9362c Test SSL with non-deterministic ECDSA
In component_test_no_hmac_drbg, the fact that HMAC_DRBG is disabled
doesn't affect the SSL code, but the fact that deterministic ECDSA is
disabled does. So run some ECDSA-related SSL tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:38:13 +01:00
Gilles Peskine
15c39e53e5
Merge pull request #3988 from gilles-peskine-arm/rsa_private-ret-2.16
Backport 2.16: Fix an incorrect error code if RSA private operation glitched
2021-01-13 11:10:08 +01:00
Gilles Peskine
3b7523e11e Fix an incorrect error code if RSA private operation glitched
mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:

* If rsa_prepare_blinding() returned  MBEDTLS_ERR_RSA_RNG_FAILED
  (indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
  a glitch attack).

Make sure not to add two high-level error codes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:55:34 +01:00
Janos Follath
3fac0bae4a
Merge pull request #787 from ARMmbed/dev/yanesca/mbedtls-2.16.9r0-pr
Prepare Release Candidate for Mbed TLS 2.16.9
2020-12-10 12:54:15 +00:00
Janos Follath
3d5d889e0d Add missing ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 16:41:44 +00:00
Janos Follath
7bbd7ea7ad Improve wording in Changelog
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 16:39:36 +00:00
Janos Follath
f3493024f6 Finalize ChangeLog
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 01:35:14 +00:00
Janos Follath
69029cd29b Bump version to Mbed TLS 2.16.9
Executed ./scripts/bump_version.sh --version 2.16.9

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 01:21:50 +00:00
Janos Follath
a4b98a970f Assemble ChangeLog
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 00:31:29 +00:00
Janos Follath
2d3f296729 Fix Changelog format
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 00:30:04 +00:00
Janos Follath
22a854ab96 Add missing ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-08 23:45:45 +00:00
Janos Follath
15e860c639 Merge branch 'mbedtls-2.16-restricted' into mbedtls-2.16.9r0-pr 2020-12-08 21:00:17 +00:00
Gilles Peskine
9e8acb6861
Merge pull request #3935 from paul-elliott-arm/fix_pem_write_2_16
Backport 2.16: Remove Extraneous bytes from buffer post pem write
2020-12-08 12:31:47 +01:00
Paul Elliott
319b5939dd Remove Extraneous bytes from buffer post pem write
In order to remove large buffers from the stack, the der data is written
into the same buffer that the pem is eventually written into, however
although the pem data is zero terminated, there is now data left in the
buffer after the zero termination, which can cause
mbedtls_x509_crt_parse to fail to parse the same buffer if passed back
in. Patches also applied to mbedtls_pk_write_pubkey_pem, and
mbedtls_pk_write_key_pem, which use similar methods of writing der data
to the same buffer, and tests modified to hopefully catch any future
regression on this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-12-07 16:47:02 +00:00
Ronald Cron
3f35b87db9
Merge pull request #3938 from geecrypt/mbedtls-2.16
Backport to Mbedtls 2.16:  Support set *_drbg reseed interval before seed
2020-12-07 14:30:13 +01:00
Gilles Peskine
8ed9ac85e5
Merge pull request #3513 from gilles-peskine-arm/ecp-bignum-error-checks-2.16
Backport 2.16: add missing some error checks in ECP and bignum
2020-12-07 13:06:42 +01:00
Janos Follath
bcfa41753d
Merge pull request #782 from chris-jones-arm/mbedtls-2.16-restricted
[Backport 2.16] Fix Diffie-Hellman large key size DoS
2020-12-07 09:27:55 +00:00
gacquroff
07d1f47a39 Add changelog entry file for bugfix 2927
Signed-off-by: gacquroff <gavina352@gmail.com>
2020-12-03 13:41:45 -08:00
Gavin Acquroff
77cb30c3cb Support set *_drbg reseed interval before seed
mbedtls_ctr_drbg_set_reseed_interval() and
mbedtls_hmac_drbg_set_reseed_interval() can now be called before
their seed functions and the reseed_interval value will persist.
Previously it would be overwritten with the default value.

*_drbg_reseed_interval is now set in init() and free().

mbedtls_ctr_drbg_free() and mbedtls_hmac_drbg_free() now
reset the drbg context to the state immediately after init().

Tests:
- Added test to check that DRBG reseeds when reseed_counter
reaches reseed_interval, if reseed_interval set before seed
and reseed_interval is less than MBEDTLS_*_DRBG_RESEED_INTERVAL.

Signed-off-by: gacquroff <gavina352@gmail.com>
2020-12-03 13:30:36 -08:00
Chris Jones
5dd1e266e1 Fix exponentiation tests with MBEDTLS_MPI_MAX_BITS larger than 256
Fixes an issue where configs that had `MBEDTLS_MPI_MAX_BITS` greater than 256
but smaller than the test that was running (792 bits) the test would fail
incorrectly.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 17:56:21 +00:00
Chris Jones
74b7ee4f12 Fix test_suite_dhm build
Fix build as the name of the random function changed from development to 2.7.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 17:55:59 +00:00
Chris Jones
c7ea6340cf Fix whitespace in changelog entry
Extra whitespace and a missing newline at end of file was causing an error with
`check_files.py`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:11:23 +00:00
Chris Jones
49e6e9d410 Move dependancy to specific test cases
Move dependancy on `MBEDTLS_MPI_MAX_BITS` to apply to the specific test cases
which will break when `MBEDTLS_MPI_MAX_BITS` is too small. This re-enables
previous tests that were turned off accidentally.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:11:20 +00:00
Chris Jones
ce6fa8f411 Fix broken testing on numbers that may be greater than MPI_MAX_SIZE
Previously `mbedtls_mpi_exp_mod` was tested with values that were over
`MBEDTLS_MPI_MAX_SIZE` in size. This is useful to do as some paths are only
taken when the exponent is large enough however, on builds where
`MBEDTLS_MPI_MAX_SIZE` is under the size of these test values.

This fix turns off these tests when `MBEDTLS_MPI_MAX_SIZE` is too small to
safely test (notably this is the case in config-thread.h).

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
877329af75 Fix cases where exponentiation was not fully tested
In two test cases, the exponentiation computation was not being fully tested
as when A_bytes (the base) == N_bytes (the modulus) -> A = N. When this is the
case A is reduced to 0 and therefore the result of the computation will always
be 0.

This fixes that issue and therefore increases the test coverage to ensure
different computations are actually being run.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
a18813ea1c Reword test cases
Reword test cases to be easier to read and understand.
Adds comments to better explain what the test is doing.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
4a0ccb6862 Extend exponentiation test coverage
Add two further boundary tests for cases where both the exponent and modulus to
`mbedtls_mpi_exp_mod()` are `MBEDTLS_MPI_MAX_SIZE`, or longer, bytes long.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
415c7be0aa Test that overly large Diffie-Hellman keys are rejected
Adds test cases to ensure that `mbedtls_mpi_exp_mod` will return an error with
an exponent or modulus that is greater than `MBEDTLS_MPI_MAX_SIZE` in size.

Adds test cases to ensure that Diffie-Hellman will fail to make a key pair
(using `mbedtls_dhm_make_public`) when the prime modulus is greater than
`MBEDTLS_MPI_MAX_SIZE` in size.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
25038abadb Add ChangeLog entry for modular exponentiation size limit
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:49 +00:00
Chris Jones
63d19c0586 Test that overly large Diffie-Hellman keys are rejected
Add a test case to ensure `mbedtls_mpi_exp_mod` fails when using a key size
larger than MBEDTLS_MPI_MAX_SIZE.
Add a test case to ensure that Diffie-Hellman operations fail when using a key
size larger than MBEDTLS_MPI_MAX_SIZE.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:07:33 +00:00
Chris Jones
ad59a2a4a7 Fix potential DoS by limiting number sizes in exponentiation
Check that the exponent and modulus is below `MBEDTLS_MPI_MAX_BITS` before
performing a time expensive operation (modular exponentiation). This prevents
a potential DoS from Diffie-Hellman computations with extremely
large key sizes.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 16:02:20 +00:00