Commit Graph

16559 Commits

Author SHA1 Message Date
Gilles Peskine
bba3b4c79a Add or fix requirements on FALLBACK_SCSV
Automatically detect when an mbedtls or openssl client enables fallback
SCSV.

For test cases with a hard-coded ClientHello with FALLBACK_SCSV, declare the
dependency manually. Remove the erroneous requirement on openssl in these
test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
4b137d1bc4 Automatically detect protocol version requirement from force_version
When the client or server uses a specific protocol version, automatically
require that version to be enabled at compile time.

An explicit call is still needed in test cases that require a specific
protocol version (due to analyzing version-specific behavior, or checking
the version in logs), but do not force that specific protocol version, or that
force a specific version only on the openssl/gnutls side.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
3c985f6b70 Move ticket, alpn detection into maybe_requires_ciphersuite_enabled
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
511fdf435f Prepare to generalize maybe_requires_ciphersuite_enabled
Rename maybe_requires_ciphersuite_enabled() to detect_required_features()
and refactor its code a little. No intended behavior change. In subsequent
commits, this function will detect other requirements in a similar way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
e70605c28e Add requirement for RC4 tests
The automatic ciphersuite detection deliberately doesn't operate on test
cases that verify that the test suite is rejected, but some RC4 test cases
only apply to configurations where the algorithm must be enabled at compile
time (otherwise the connection would fail in a different way).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
5a1b3bdc44 Make mbedtls_ssl_get_bytes_avail tests more independent
Don't depend on the default sizes in the test programs: pass explicit
request and buffer sizes.

Don't depend on MAX_CONTENT_LEN (other than it not being extremely small:
this commit assumes that it will never be less than 101).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
a30439a7f9 Fix off-by-one in buffer_size usage
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
736d91dae6 Fix buffer size calculation
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
f2e1f47b2e set_maybe_calc_verify: $1 is intended to be auth_mode
Document that this is what it is. Don't allow made-up numerical values.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
de4cb3569e Add requirements of "Default"
The log checks require a specific hash and a specific curve.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
d5b1a30c2f Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
e719d174c9 Minor documentation improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
22cc649769 Skip some DTLS reordering tests in PSK-only builds
Some DTLS reordering tests rely on certificate authentication messages. It
is probably possible to adapt them to rely on different messages, but for
now, skip them in PSK-only builds.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
64c683fd18 calc_verify is only called in some configurations
If MBEDTLS_SSL_EXTENDED_MASTER_SECRET is disabled or the feature is disabled
at runtime, and if client authentication is not used, then calc_verify is not
called, so don't require the corresponding debug trace.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
def0e147ab test-ref-configs: clarify configuration-related traces
When doing builds with PSA enabled or with debug traces enabled, convey this
in $MBEDTLS_TEST_CONFIGURATION and in the terminal logs.

This fixes a bug that the outcome file did not distinguish entries from
test cases run in a reference configuration with or without PSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
20e25b9012 Simplify the logic to select configurations
User-visible changes:
* With no argument, configurations are now tested in a deterministic order.
* When given arguments, configurations are now tested in the order given.
* When given arguments, if the same configuration is passed multiple times,
  it will now be tested multiple times.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
291372fd41 Add a missing requires_max_content_len
Slightly reduce the amount of data so that the test passes with 512.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:38 +02:00
Gilles Peskine
dcb13af837 ssl-opt needs debug messages
Many test cases in ssl-opt.sh need error messages (MBEDTLS_ERROR_C) or SSL
traces (MBEDTLS_DEBUG_C). Some sample configurations don't include these
options. When running ssl-opt.sh on those configurations, enable the
required options. They must be listed in the config*.h file, commented out.

Run ssl-opt in the following configurations with debug options:
ccm-psk-tls1_2, ccm-psk-dtls1_2, suite-b. Skip mini-tls1_1 for now because
it requires significant improvements to ssl-opt.sh (lots of missing
requires_xxx).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:24:13 +02:00
Gilles Peskine
89d892ffdd Adapt tests for PSK in PSK-only builds
In a PSK-only build:
* Skip tests that rely on a specific non-PSK cipher suite.
* Skip tests that exercise a certificate authentication feature.
* Pass a pre-shared key in tests that don't mind the key exchange type.

This commit only considers PSK-only builds vs builds with certificates. It
does not aim to do something useful for builds with an asymmetric key
exchange and a pre-shared key for authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 21:26:36 +02:00
Gilles Peskine
111fde4ce9 Add some missing dependencies: EXTENDED_MASTER_SECRET, CACHE
This commit is not necessarily complete, but it's a step forward.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 21:26:36 +02:00
Gilles Peskine
dff48c1c65 Only run "Default" tests if the ciphersuite is enabled
These tests ensure that a certain cipher suite is in use, so they fail in
builds that lack one of the corresponding algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 21:26:36 +02:00
Gilles Peskine
df4ad90a15 ssl-opt: check for protocol version support
Skip tests that require a specific version of the protocol if that version
is disabled at compile time.

This commit only partially does the job, mostly covering tests that check
the protocol version in client or server logs. It is not intended to be
exhaustive; in particular many uses of force_version are not covered (I
think they should instead be covered automatically, but this is out of scope
of the current commit).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 21:26:36 +02:00
Gilles Peskine
4502671e0b Automatically skip tests for some absent features: tickets, ALPN
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 21:26:36 +02:00
Gilles Peskine
e5f4958c80 ssl-opt: automatically skip DTLS tests in builds without DTLS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 21:26:36 +02:00
Gilles Peskine
83f7108f3d Small DTLS 1.2 config: timing is a default entropy source
Since MBEDTLS_TIMING_C is enabled, mbedtls_entropy_init() adds the weak
source MBEDTLS_ENTROPY_MAX_SOURCES(). With mbedtls_platform_entropy_poll(),
this makes two sources. The unit tests need room for a third source.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 21:26:36 +02:00
Gilles Peskine
8c5c2930db New sample/test configuration: small DTLS 1.2
1. Copy config-ccm-psk-tls1_2.h
2. Add DTLS support
3. Add some TLS and DTLS features that are useful in low-bandwidth,
   low-reliability networks
4. Reduce the SSL buffer to a very small size

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 21:26:36 +02:00
Gilles Peskine
a132beb750 Minimal TLS configuration: documentation improvements
Some of the options have been moved around, but there are no semantic
changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 21:26:36 +02:00
Gilles Peskine
7c45b6767b Fix the build when MBEDTLS_PLATFORM_C is unset
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 21:26:36 +02:00
Gilles Peskine
27ad033a96
Merge pull request #5718 from AndrzejKurek/timeless-struggles-2-28
Backport 2.28: Remove the dependency on MBEDTLS_TIME_H from the timing module
2022-04-08 18:43:12 +02:00
Gilles Peskine
7ece768578 Seed the PRNG even if time() isn't available
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 08:34:50 -04:00
Andrzej Kurek
263d8f7e61 Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
The timing module might include time.h on its own when on
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled.

Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 08:34:41 -04:00
Andrzej Kurek
2603fec329 Remove dummy timing implementation
Having such implementation might cause issues for those that
expect to have a working implementation.
Having a compile-time error is better in such case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 08:28:50 -04:00
Gilles Peskine
e29a837ed3
Merge pull request #5705 from AndrzejKurek/off-by-one-ssl-opt-2-28
Backport 2.28 - Fix an off-by-one error in ssl-opt.sh
2022-04-07 16:20:58 +02:00
Andrzej Kurek
363553b5e4 Fix an off-by-one error in ssl-opt.sh
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 13:38:15 -04:00
Gilles Peskine
619cbfedc9
Merge pull request #5696 from yanesca/fix-lts-version-in-guidelines-2.28
Fix lts version in guidelines [2.28 Backport]
2022-04-05 11:11:22 +02:00
Janos Follath
b71c6259b4 Fix LTS version in contributing guidelines
The LTS branch hasn't been updated in the contributing guidelines.
Deleting it instead of updating as the information is available at the
link above and deleting prevents similar mistakes in the future.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-04-05 09:05:22 +01:00
Gilles Peskine
a8827d190f
Merge pull request #5542 from gilles-peskine-arm/config-baremetal-size-2.28
Backport 2.28: Disable debugging features in the primary code size measurement job
2022-04-04 16:13:05 +02:00
Dave Rodgman
f749930ab8
Merge pull request #5682 from daverodgman/migration_2.28
Update references to old Github organisation
2022-04-01 09:51:28 +01:00
Dave Rodgman
52af769878 Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:27:24 +01:00
Manuel Pégourié-Gonnard
3a7d7b926b
Merge pull request #5670 from bensze01/typo-2.28
[Backport 2.28] Fix comment typo in threading.c
2022-03-30 10:00:05 +02:00
Artur Allmann
e25dc1ccdc Fix typo "phtreads" to "pthreads"
Closes issue #5349

Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>
2022-03-29 17:56:55 +02:00
Manuel Pégourié-Gonnard
19f2d59184
Merge pull request #5660 from ronald-cron-arm/restore-full-compat-testing-2.28
Backport 2.28: Restore full compat testing
2022-03-28 18:31:25 +02:00
Ronald Cron
e7dad1f616 ssl_tls.c: Fix inappropriate use of ssl context
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-28 12:16:56 +02:00
Ronald Cron
f1ed5951e3 ssl_srv.c: Mark ETM as disabled if cipher is not CBC
Encrypt-Then-Mac (ETM) is supported in Mbed TLS
server for TLS version geater than SSLv3 and only
for the CBC cipher mode thus make it
clear in the SSL context.

The previous code was ok as long as the check of
the ETM status was done only in the case of the CBC
cipher mode but fragile as #5573 revealed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-28 12:16:13 +02:00
Ronald Cron
c2e2876e0e compat.sh: Fix check for OpenSSL support
If OpenSSL does not support a mode (tls12 or
dtls12 or tls13) just skip the tests involving
OpenSSL.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:32:38 +01:00
Ronald Cron
01e3c37f7b compat.sh: Restore full TLS compatibility testing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:32:38 +01:00
Dave Rodgman
ce514def84
Merge pull request #5563 from AndrzejKurek/timeless-2.28
Backport 2.28: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:18 +00:00
Dave Rodgman
2f39f191e3
Merge pull request #5603 from tom-cosgrove-arm/fix_test_md_api_violation-2.28
Backport 2.28: Fix test md api violation 2.28
2022-03-10 09:21:52 +00:00
Gilles Peskine
76d1cb26ef
Merge pull request #5601 from SiliconLabs/erase_secret_before_free_backport_2_28
Backport 2.28: Erase secrets in allocated memory before freeing said memory
2022-03-07 17:04:01 +01:00
Gilles Peskine
ecd119d241
Merge pull request #5605 from gilles-peskine-arm/storage-format-check-mononicity-2.28
Backport 2.28: Check storage format tests for regressions
2022-03-07 17:02:29 +01:00