Commit Graph

9366 Commits

Author SHA1 Message Date
Gilles Peskine
e6e812a712 Commit the intermediate files cert_md*.csr
They are used to generate cert_md*.crt.

Regenerate cert_md5.crt which had previously been generated for a
different key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 20:35:55 +02:00
Gilles Peskine
6b739bb138 Fix "make -C tests/data_files"
It wasn't working when invoking programs/x509/cert_write or
programs/x509/cert_req due to relying on the current directory rather
than the location of the makefile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 19:54:18 +02:00
Gilles Peskine
c3d0a7f1ec cert_req: discover hash algorithms automatically
Discover hash algorithms automatically rather than hard-coding a list,
as was previously done in cert_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 19:54:04 +02:00
Gilles Peskine
db1e7a8f7b cert_write: support all hash algorithms
For some reason, RIPEMD160, SHA224 and SHA384 were not supported.

This fixes the build recipes for tests/data_files/cert_sha224.crt and
tests/data_files/cert_sha384.crt .

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 18:58:33 +02:00
Gilles Peskine
0ac8a78aa7
Merge pull request #3593 from mpg/fix-compat.sh-with-ubuntu-16.04-gnutls-2.16
[backport 2.16] Fix compat.sh with ubuntu 16.04 gnutls
2020-08-21 14:18:33 +02:00
Manuel Pégourié-Gonnard
300e1b3a6f compat.sh: stop using allow_sha1
After the changes of certificates, it's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:17 +02:00
Manuel Pégourié-Gonnard
91615cf7ff compat.sh: quit using SHA-1 certificates
Replace server2.crt with server2-sha256.crt which, as the name implies, is
just the SHA-256 version of the same certificate.

Replace server1.crt with cert_sha256.crt which, as the name doesn't imply, is
associated with the same key and just have a slightly different Subject Name,
which doesn't matter in this instance.

The other certificates used in this script (server5.crt and server6.crt) are
already signed with SHA-256.

This change is motivated by the fact that recent versions of GnuTLS (or older
versions with the Debian patches) reject SHA-1 in certificates by default, as
they should. There are options to still accept it (%VERIFY_ALLOW_BROKEN and
%VERIFY_ALLOW_SIGN_WITH_SHA1) but:

- they're not available in all versions that reject SHA-1-signed certs;
- moving to SHA-2 just seems cleaner anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:17 +02:00
Manuel Pégourié-Gonnard
0e7bdd1340 compat.sh: enable CBC-SHA-2 suites for GnuTLS
Recent GnuTLS packages on Ubuntu 16.04 have them disabled.

From /usr/share/doc/libgnutls30/changelog.Debian.gz:

gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Lucky-13 issues
    [...]
    - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
      ciphersuites were removed from defaults in lib/gnutls_priority.c,
      tests/priorities.c.

Since we do want to test the ciphersuites, explicitly re-enable them in the
server's priority string. (This is a no-op with versions of GnuTLS where those
are already enabled by default.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 13:01:16 +02:00
Gilles Peskine
2dcd0674e6
Merge pull request #3582 from bensze01/license-2.16
2.16 only: Fix license header in pre-commit hook
2020-08-20 09:43:56 +02:00
Bence Szépkúti
2645bcc709 Fix license header in pre-commit hook
The file was not updated to include the GPL 2.0+ header as well when it
was backported.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 17:54:47 +02:00
danh-arm
2823efabc8
Merge pull request #3580 from bensze01/copyright-2.16
[Backport 2.16] Update copyright notices to use Linux Foundation guidance
2020-08-19 16:31:50 +01:00
Bence Szépkúti
a2947ac7bb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 16:37:36 +02:00
Manuel Pégourié-Gonnard
daba4f67cc
Merge pull request #3555 from mpg/x509-verify-non-dns-san-2.16
[Backport 2.16]  X509 verify non-DNS SANs
2020-08-18 10:02:08 +02:00
Manuel Pégourié-Gonnard
b9c64e4538
Merge pull request #3558 from gufe44/net-sockets-fixes-2.16
[Backport 2.16] NetBSD 9.0 build fixes
2020-08-18 09:13:30 +02:00
Manuel Pégourié-Gonnard
5bfa623e9b
Merge pull request #3565 from mpg/improve-ssl-opt-logs-2.16
[Backport 2.16] Improve ssl-opt.sh logs
2020-08-17 12:05:16 +02:00
gufe44
19735b69b8 Fix building on NetBSD 9.0
Fixes #2310

Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-17 07:31:06 +02:00
Gilles Peskine
4ca60502d8
Merge pull request #734 from gilles-peskine-arm/x509parse_crl-empty_entry-2.16
Backport 2.16: Fix buffer overflow in x509_get_entries (oss-fuzz 24123)
2020-08-14 23:22:23 +02:00
Manuel Pégourié-Gonnard
62870c9a7e Remove obsolete buildbot reference in compat.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard
a1919ad6e0 Fix misuse of printf in shell script
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard
7442f843d5 Fix added proxy command when IPv6 is used
For explicit proxy commands (included with `-p "$P_PXY <args>` in the test
case), it's the test's writer responsibility to handle IPv6; only fix the
proxy command when we're auto-adding it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard
581af9f720 Simplify test syntax
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard
bedcb3eb24 Fix logic error in setting client port
We need to do this after we possibly added the proxy.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard
cbd5c03343 ssl-opt.sh: include test name in log files
This is a convenience for when we get log files from failed CI runs, or attach
them to bug reports, etc.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard
e63fc6d52b ssl-opt.sh: remove old buildbot-specific condition
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Manuel Pégourié-Gonnard
fcf6c16470 ssl-opt.sh: add proxy to all DTLS tests
A lot of DTLS test are timing-sensitive, especially those that contain
assertions about retransmission. Sometimes some DTLS test fails intermittently
on the CI with no clear apparent reason; we need more information in the log
to understand the cause of those failures.

Adding a proxy means we'll get timing information from the proxy logs.

An alternative would be to add timing information to the debug output of
ssl_server2 and ssl_client2. But that's more complex because getting
sub-second timing info is outside the scope of the C standard, and our current
timing module only provides a APi for sub-second intervals, not absolute time.
Using the proxy is easier as it's a single point that sees all messages, so
elapsed time is fine here, and it's already implemented in the proxy output.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-14 11:00:40 +02:00
Gilles Peskine
9acf943b98
Merge pull request #3560 from gufe44/netbsd-rand-arc4random_buf-2.16
[Backport 2.16] Use arc4random_buf instead of rand on NetBSD
2020-08-13 15:27:53 +02:00
Gilles Peskine
1505e42de9
Merge pull request #3548 from mpg/check-generated-files-2.16
[Backport 2.16] Add update option to check-generated-files
2020-08-13 11:24:26 +02:00
gufe44
ba5cba838c Log change as bugfix
Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-13 06:46:57 +02:00
gufe44
d5f8c26e01 Add changelog entry
Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-13 06:46:04 +02:00
gufe44
3fa7c64edf Use arc4random_buf instead of rand on NetBSD
Avoid old implementation of rand returning numbers with cyclical lower bits. Allow tests to pass.

Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-13 06:45:27 +02:00
Gilles Peskine
0ca801af76
Merge pull request #732 from gabor-mezei-arm/689_bp216_zeroising_of_plaintext_buffers
[Backport 2.16] Zeroising of plaintext buffers in mbedtls_ssl_read()
2020-08-12 18:51:44 +02:00
Gilles Peskine
de7e03688d
Merge pull request #3489 from CodeMonkeyLeet/mbedtls-2.16_backport_3464
Backport 2.16: PR #3464 Dynamically allocate requested CSR write buffer size
2020-08-12 18:22:22 +02:00
Gilles Peskine
4ddfdbf76a Add the decomposition of the base case as a comment
Put the base good case first, then the bad cases derived from it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-12 12:50:42 +02:00
Gilles Peskine
6579235d9c x509_crl_parse: fix 1-byte buffer overflow and entry->raw.tag
In the entries (mbedtls_x509_crl_entry values) on the list constructed
by mbedtls_x509_crl_parse_der(), set entry->raw.tag to
(SEQUENCE | CONSTRUCTED) rather than to the tag of the first ASN.1
element of the entry (which happens to be the tag of the serial
number, so INTEGER or INTEGER | CONTEXT_SPECIFIC). This is doesn't
really matter in practice (and in particular the value is never used
in Mbed TLS itself), and isn't documented, but at least it's
consistent with how mbedtls_x509_buf is normally used.

The primary importance of this change is that the old code tried to
access the tag of the first element of the entry even when the entry
happened to be empty. If the entry was empty and not followed by
anything else in the CRL, this could cause a read 1 byte after the end
of the buffer containing the CRL.

The test case "X509 CRL ASN1 (TBSCertList, single empty entry at end)"
hit the problematic buffer overflow, which is detected with ASan.

Credit to OSS-Fuzz for detecting the problem.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-12 12:50:42 +02:00
Gilles Peskine
d8dc8e29c1 x509parse_crl: more negative test cases
Add a few more negative test cases for mbedtls_x509_crl_parse.
The test data is manually adapted from the existing positive test case
"X509 CRL ASN1 (TBSCertList, sig present)" which decomposes as

305c
 3047                                   tbsCertList TBSCertList
  020100                                version INTEGER OPTIONAL
  300d                                  signatureAlgorithm AlgorithmIdentifier
   06092a864886f70d01010e
   0500
  300f                                  issuer Name
   310d300b0603550403130441424344
  170c303930313031303030303030          thisUpdate Time
  3014                                  revokedCertificates
   3012                                 entry 1
    8202abcd                            userCertificate CertificateSerialNumber
    170c303831323331323335393539        revocationDate Time
 300d                                   signatureAlgorithm AlgorithmIdentifier
  06092a864886f70d01010e
  0500
 03020001                               signatureValue BIT STRING

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-12 12:50:42 +02:00
Manuel Pégourié-Gonnard
58c8da2d7e Add test: DNS names should not match IP addresses
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-11 12:51:21 +02:00
Manuel Pégourié-Gonnard
dfd517234d
Merge pull request #3488 from CodeMonkeyLeet/mbedtls-2.16_backport_2632
Backport 2.16: PR #2632 Avoid use of large stack buffers in CRT writing
2020-08-11 10:32:18 +02:00
Manuel Pégourié-Gonnard
c703cf1aec Add a pre-commit hook that checks generated files
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-10 12:56:08 +02:00
Manuel Pégourié-Gonnard
9ad5128324 Add -u option to check-generated-files.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-10 12:56:08 +02:00
Manuel Pégourié-Gonnard
f1ef89586b
Merge pull request #728 from mpg/ct-varlen-hmac-2.16
[Backport 2.16] Add constant-flow variable-length HMAC function
2020-08-10 12:40:49 +02:00
gabor-mezei-arm
b394b43cf8 Add missing newline
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-07-31 16:00:06 +02:00
gabor-mezei-arm
3eaa10389d Zeroising of plaintext buffers to erase unused application data from memory
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-07-31 15:57:26 +02:00
Manuel Pégourié-Gonnard
7433fa4f4a Add warning about test-only config.h option
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-31 13:20:47 +02:00
Manuel Pégourié-Gonnard
f82cb79b87 Add comments clarifying differences between macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-31 13:19:09 +02:00
Manuel Pégourié-Gonnard
681615a276 Remove obsolete comment about test dependency
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-31 10:00:17 +02:00
Ronald Cron
8e8898d40f tests: Replace "TEST_ASSERT(!memcmp ...)" by ASSERT_COMPARE
The usage of "!memcmp()" is at least not recommended
and better to use the macro dedicated for buffer
comparisons.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 16:08:50 +02:00
Ronald Cron
4bdc13ff09 tests: Remove usage of mbedtls_test_hexify for comparison
Do not hexify binary data to compare them, do compare
them directly. That simplifies the check code and save
memory.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 16:01:41 +02:00
Ronald Cron
aea41df254 tests: suites: Remove hex in name of variables of type data_t
Remove `hex` in name of variables of type data_t to reserve it
for variables of type char* that are the hexadecimal
representation of a data buffer.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 15:59:46 +02:00
Ronald Cron
9fde353f68 tests: Reformating due to hexcmp() renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep hexcmp

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 15:51:41 +02:00
Ronald Cron
d239794deb tests: Add mbedtls_test_ prefix to hexcmp()
Add mbedtls_test_ prefix to hexcmp() test helper
function.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/hexcmp\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 15:41:32 +02:00