Commit Graph

8651 Commits

Author SHA1 Message Date
Hanno Becker
bcf97ec18c UDP proxy: Don't attempt to dissect dgram into records when dropping
To prevent dropping the same message over and over again, the UDP proxy
test application programs/test/udp_proxy _logically_ maintains a mapping
from records to the number of times the record has already been dropped,
and stops dropping once a configurable threshold (currently 2) is passed.

However, the actual implementation deviates from this logical view
in two crucial respects:
- To keep the implementation simple and independent of
  implementations of suitable map interfaces, it only counts how
  many times a record of a given _size_ has been dropped, and
  stops dropping further records of that size once the configurable
  threshold is passed. Of course, this is not fail-proof, but a
  good enough approximation for the proxy, and it allows to use
  an inefficient but simple array for the required map.
- The implementation mixes datagram lengths and record lengths:
  When deciding whether it is allowed to drop a datagram, it
  uses the total datagram size as a lookup index into the map
  counting the number of times a package has been dropped. However,
  when updating this map, the UDP proxy traverses the datagram
  record by record, and updates the mapping at the level of record
  lengths.

Apart from this inconsistency, the current implementation suffers
from a lack of bounds checking for the parsed length of incoming
DTLS records that can lead to a buffer overflow when facing
malformed records.

This commit removes the inconsistency in datagram vs. record length
and resolves the buffer overflow issue by not attempting any dissection
of datagrams into records, and instead only counting how often _datagrams_
of a particular size have been dropped.

There is only one practical situation where this makes a difference:
If datagram packing is used by default but disabled on retransmission
(which OpenSSL has been seen to do), it can happen that we drop a
datagram in its initial transmission, then also drop some of its records
when they retransmitted one-by-one afterwards, yet still keeping the
drop-counter at 1 instead of 2. However, even in this situation, we'll
correctly count the number of droppings from that point on and eventually
stop dropping, because the peer will not fall back to using packing
and hence use stable record lengths.
2019-06-13 11:21:42 +01:00
Jaeden Amero
16772566d9 Merge remote-tracking branch 'origin/pr/2680' into mbedtls-2.16
* origin/pr/2680:
  test: Remove redundant 0-byte decryption test
  test: Check empty buffer decryption for chachapoly
2019-06-06 14:19:42 +01:00
Jaeden Amero
c30740368b Merge remote-tracking branch 'origin/pr/2657' into mbedtls-2.16
* origin/pr/2657:
  Create link to include/mbedtls only when testing is enabled
2019-06-06 14:18:59 +01:00
Jaeden Amero
adffe39fdb test: Remove redundant 0-byte decryption test
Remove the "Decrypt empty buffer" test, as ChaCha20 is a stream cipher
and 0 bytes encrypted is identical to a 0 length buffer. The "ChaCha20
Encrypt and decrypt 0 bytes" test will test decryption of a 0 length
buffer.
2019-06-06 12:04:13 +01:00
Jaeden Amero
4e47aa0120 test: Check empty buffer decryption for chachapoly
Previously, even in the Chacha20 and Chacha20-Poly1305 tests, we would
test that decryption of an empty buffer would work with
MBEDTLS_CIPHER_AES_128_CBC.

Make the cipher used with the dec_empty_buf() test configurable, so that
Chacha20 and Chacha20-Poly1305 empty buffer tests can use ciphers other
than AES CBC. Then, make the Chacha20 and Chacha20-Poly1305 empty buffer
tests use the MBEDTLS_CIPHER_CHACHA20 and
MBEDTLS_CIPHER_CHACHA20_POLY1305 cipher suites.
2019-06-06 12:04:13 +01:00
Jaeden Amero
08f363baa9 Merge remote-tracking branch 'origin/pr/2666' into mbedtls-2.16
* origin/pr/2666:
  test: Always use `make clean` by itself
2019-06-03 09:56:44 +01:00
Jaeden Amero
ada38317dd test: Always use make clean by itself
When running make with parallelization, running both "clean" and "lib"
with a single make invocation can lead to each target building in
parallel. It's bad if lib is partially done building something, and then
clean deletes what was built. This can lead to errors later on in the
lib target.

    $ make -j9 clean lib
      CC    aes.c
      CC    aesni.c
      CC    arc4.c
      CC    aria.c
      CC    asn1parse.c
      CC    ./library/error.c
      CC    ./library/version.c
      CC    ./library/version_features.c
      AR    libmbedcrypto.a
    ar: aes.o: No such file or directory
    Makefile:120: recipe for target 'libmbedcrypto.a' failed
    make[2]: *** [libmbedcrypto.a] Error 1
    Makefile:152: recipe for target 'libmbedcrypto.a' failed
    make[1]: *** [libmbedcrypto.a] Error 2
    Makefile:19: recipe for target 'lib' failed
    make: *** [lib] Error 2
    make: *** Waiting for unfinished jobs....

To avoid this sort of trouble, always invoke clean by itself without
other targets throughout the library. Don't run clean in parallel with
other rules. The only place where clean was run in parallel with other
targets was in list-symbols.sh.
2019-05-31 17:49:25 +01:00
Renz Christian Bagaporo
ac859f39bd Create link to include/mbedtls only when testing is enabled 2019-05-27 15:58:36 +08:00
Jaeden Amero
bab2367924 Merge remote-tracking branch 'origin/pr/2648' into mbedtls-2.16
* origin/pr/2648:
  list-symbols.sh: if the build fails, print the build transcript
  Document "check-names.sh -v"
  all.sh: invoke check-names.sh in print-trace-on-exit mode
  Print a command trace if the check-names.sh exits unexpectedly
2019-05-23 15:14:35 +01:00
Jaeden Amero
cbcd327376 Merge remote-tracking branch 'origin/pr/2611' into mbedtls-2.16
* origin/pr/2611:
  Update change log
  Reword ssl_conf_max_frag_len documentation for clarity
2019-05-23 15:14:06 +01:00
Gilles Peskine
39d7c58db5 list-symbols.sh: if the build fails, print the build transcript
If "make clean lib" fails in list-symbols.sh, print the transcript
from running make.
2019-05-22 19:07:36 +02:00
Gilles Peskine
902a1f3f7f Document "check-names.sh -v" 2019-05-22 19:07:36 +02:00
Gilles Peskine
473f2d4ec2 all.sh: invoke check-names.sh in print-trace-on-exit mode 2019-05-15 17:55:06 +02:00
Gilles Peskine
5e525fb6e5 Print a command trace if the check-names.sh exits unexpectedly
We've observed that sometimes check-names.sh exits unexpectedly with
status 2 and no error message. The failure is not reproducible. This
commits makes the script print a trace if it exits unexpectedly.
2019-05-15 17:40:58 +02:00
Jaeden Amero
c7aa05eb34 Merge remote-tracking branch 'origin/pr/2637' into mbedtls-2.16
* origin/pr/2637:
  Only use submodule if present
2019-05-14 16:20:53 +01:00
Jaeden Amero
122cf66a54 Merge remote-tracking branch 'origin/pr/2493' into mbedtls-2.16
* origin/pr/2493:
  Ignore more generated files: seedfile, apidoc
  Improve .gitignore grouping and documentation
  Generate tags for Vi, for Emacs and with Global
2019-05-14 16:20:07 +01:00
Darryl Green
fbf3c8ac23 Only use submodule if present
Enabling the USE_CRYPTO_SUBMODULE option causes problems if the
crypto submodule isn't present. For example, when building
mbed-crypto as a submodule, it should use error.c from the parent
project if USE_CRYPTO_SUBMODULE is set. However if the parent
project isn't present, then the build will fail. Only enable it
if the submodule actually exists.
2019-05-09 13:25:26 +01:00
Jaeden Amero
9fb12bd1a2 Merge remote-tracking branch 'origin/pr/2564' into mbedtls-2.16
* origin/pr/2564:
  Fix CMake build error on Cygwin and minGW platforms
2019-05-01 09:57:28 +01:00
k-stachowiak
b5f9a198da Update change log 2019-04-29 13:00:05 +02:00
k-stachowiak
d707783cf3 Reword ssl_conf_max_frag_len documentation for clarity 2019-04-29 11:39:58 +02:00
Jaeden Amero
b4128bd0c0 Merge remote-tracking branch 'origin/pr/2589' into mbedtls-2.16
* origin/pr/2589:
  Document the scripts behaviour further
  Add --internal option to list-identifiers.sh
2019-04-24 11:23:33 +01:00
Jaeden Amero
9cfc9ceaf9 Merge remote-tracking branch 'origin/pr/2542' into mbedtls-2.16
* origin/pr/2542:
  Add guards for MBEDTLS_X509_CRL_PARSE_C in sample
2019-04-24 11:21:35 +01:00
Jaeden Amero
f57a9349ad Merge remote-tracking branch 'origin/pr/2545' into mbedtls-2.16
* origin/pr/2545: (24 commits)
  Use check_output instead of Popen
  Start unused variable with underscore
  Correct documentation
  Check that the report directory is a directory
  Use namespaces instead of full classes
  Fix pylint issues
  Don't put abi dumps in subfolders
  Add verbose switch to silence all output except the final report
  Fetch the remote crypto branch, rather than cloning it
  Prefix internal functions with underscore
  Add RepoVersion class to make handling of many arguments easier
  Reduce indentation levels
  Improve documentation
  Use optional arguments for setting repositories
  Only build the library
  Add ability to compare submodules from different repositories
  Add handling for cases when not all .so files are present
  Extend functionality to allow setting crypto submodule version
  Simplify logic for checking if report folder can be removed
  Add option for a brief report of problems only
  ...
2019-04-24 11:19:38 +01:00
Jaeden Amero
4400cd1294 Merge remote-tracking branch 'origin/pr/2594' into mbedtls-2.16
* origin/pr/2594:
  Add more missing parentheses around macro parameters
  Add further missing brackets around macro parameters
  Adapt ChangeLog
  Improve macro hygiene
2019-04-24 11:18:25 +01:00
Hanno Becker
9306f1c65d Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
Hanno Becker
3ac21aca9b Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
Hanno Becker
ee60034a60 Adapt ChangeLog 2019-04-24 10:52:37 +02:00
Hanno Becker
d6028a1894 Improve macro hygiene
This commit improves hygiene and formatting of macro definitions
throughout the library. Specifically:
- It adds brackets around parameters to avoid unintended
  interpretation of arguments, e.g. due to operator precedence.
- It adds uses of the `do { ... } while( 0 )` idiom for macros that
  can be used as commands.
2019-04-24 10:51:54 +02:00
Darryl Green
3997a6cd25 Document the scripts behaviour further 2019-04-18 13:18:22 +01:00
Darryl Green
3ef06d5bf7 Add --internal option to list-identifiers.sh
When doing ABI/API checking, its useful to have a list of all the
identifiers that are defined in the internal header files, as we
do not promise compatibility for them. This option allows for a
simple method of getting them for use with the ABI checking script.
2019-04-18 12:02:49 +01:00
Darryl Green
a0415bc779 Use check_output instead of Popen 2019-04-18 11:47:28 +01:00
Darryl Green
03c5e856e8 Start unused variable with underscore 2019-04-18 11:47:28 +01:00
Darryl Green
3c9e7d23b1 Correct documentation 2019-04-18 11:47:28 +01:00
Darryl Green
6b3cbfa370 Check that the report directory is a directory 2019-04-18 11:47:28 +01:00
Darryl Green
30dc6d5bb9 Use namespaces instead of full classes 2019-04-18 11:47:28 +01:00
Darryl Green
26dff8e68d Fix pylint issues 2019-04-18 11:47:28 +01:00
Darryl Green
5783847c63 Don't put abi dumps in subfolders 2019-04-18 11:47:28 +01:00
Darryl Green
6602538544 Add verbose switch to silence all output except the final report 2019-04-18 11:47:28 +01:00
Darryl Green
3f742987b8 Fetch the remote crypto branch, rather than cloning it 2019-04-18 11:47:28 +01:00
Darryl Green
88bfbc2deb Prefix internal functions with underscore 2019-04-18 11:47:28 +01:00
Darryl Green
7381bea6be Add RepoVersion class to make handling of many arguments easier
There are a number of arguments being passed around, nearly all of
which are duplicated between the old and new versions. Moving these
into a separate class should hopefully make it simpler to follow
what is being done.
2019-04-18 11:47:28 +01:00
Darryl Green
0478a32162 Reduce indentation levels 2019-04-18 11:47:28 +01:00
Darryl Green
7c0e052276 Improve documentation 2019-04-18 11:47:28 +01:00
Darryl Green
06c51d0470 Use optional arguments for setting repositories 2019-04-18 11:47:28 +01:00
Darryl Green
c8e6ad4ace Only build the library
We only need the .so files, so only build the library
2019-04-18 11:47:28 +01:00
Darryl Green
879f2509dc Add ability to compare submodules from different repositories
As before with wanting to compare revisions across different
repositories, the ability to select the crypto submodule from a
different repository is useful.
2019-04-18 11:47:28 +01:00
Darryl Green
de118091f2 Add handling for cases when not all .so files are present
We may wish to compare ABI/API between Mbed TLS and Mbed Crypto,
which will cause issues as not all .so files are shared. Only
compare .so files which both libraries have.
2019-04-18 11:47:28 +01:00
Darryl Green
ae5d66c612 Extend functionality to allow setting crypto submodule version
As going forward we will have Crypto in a submodule, we will need to
be able to check ABI compatibility between versions using different
submodule versions. For TLS versions that support the submodule, we
will always build using the submodule.

If the Crypto submodule is used, libmbedcrypto.so is not in the main
library folder, but in crypto/library instead. Given this, the script
searches for *.so files and notes their path, in order to create the
dumps correctly.
2019-04-18 11:47:28 +01:00
Darryl Green
131e24b1b5 Simplify logic for checking if report folder can be removed 2019-04-18 11:47:28 +01:00
Darryl Green
0da4578fae Add option for a brief report of problems only 2019-04-18 11:47:28 +01:00