From 39bdab791d8d3f7ad4b2aa173714fbf19215e110 Mon Sep 17 00:00:00 2001 From: Junhwan Park Date: Wed, 17 Oct 2018 21:01:08 +0900 Subject: [PATCH 01/87] x509.c: Fix potential memory leak in X.509 self test Found and fixed by Junhwan Park in #2106. Signed-off-by: Junhwan Park --- ChangeLog | 2 ++ library/x509.c | 16 +++++++--------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 214b414eb..6f7afd46d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,8 @@ Bugfix replacements of standard calloc/free functions through the macros MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO. Reported by ole-de and ddhome2006. Fixes #882, #1642 and #1706. + * Fix potential memory leak in X.509 self test. Found and fixed by + Junhwan Park, #2106. Changes * Removed support for Yotta as a build tool. diff --git a/library/x509.c b/library/x509.c index 52b5b649f..7cc813ec6 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1001,8 +1001,8 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ) */ int mbedtls_x509_self_test( int verbose ) { + int ret = 0; #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C) - int ret; uint32_t flags; mbedtls_x509_crt cacert; mbedtls_x509_crt clicert; @@ -1010,6 +1010,7 @@ int mbedtls_x509_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " X.509 certificate load: " ); + mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &clicert ); ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt, @@ -1019,11 +1020,9 @@ int mbedtls_x509_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( ret ); + goto cleanup; } - mbedtls_x509_crt_init( &cacert ); - ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt, mbedtls_test_ca_crt_len ); if( ret != 0 ) @@ -1031,7 +1030,7 @@ int mbedtls_x509_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( ret ); + goto cleanup; } if( verbose != 0 ) @@ -1043,20 +1042,19 @@ int mbedtls_x509_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( ret ); + goto cleanup; } if( verbose != 0 ) mbedtls_printf( "passed\n\n"); +cleanup: mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &clicert ); - - return( 0 ); #else ((void) verbose); - return( 0 ); #endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */ + return( ret ); } #endif /* MBEDTLS_SELF_TEST */ From 09e53b6ff3cce41868a79b8311b328c89a9da06f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 9 Nov 2018 15:30:52 +0000 Subject: [PATCH 02/87] Remove Circle CI script We are running an equivalent set of test by other means and therefore this script is no longer needed. --- circle.yml | 44 -------------------------------------------- 1 file changed, 44 deletions(-) delete mode 100644 circle.yml diff --git a/circle.yml b/circle.yml deleted file mode 100644 index eaed02a81..000000000 --- a/circle.yml +++ /dev/null @@ -1,44 +0,0 @@ -# Purpose: -# - To test and prove that a new commit in the mbed TLS repository builds -# and integrates with mbed-os properly. -# AND -# - To test and prove that the current development head of mbed TLS builds -# and integrates with the current mbed-os master branch. -# -# The script fetches all the prerequisites and builds the mbed TLS 'tls-client' -# example. This script is triggered by every commit and once each night and the -# exact behaviour depends on how it was triggered: -# - If it is a nightly build then it builds the mbed TLS development head with -# mbed-os master. -# - If it was triggered by the commit, then it builds the example with mbed TLS -# at that commit and mbed-os at the commit pointed by mbed-os.lib in the -# example repository. - -test: - override: - - cd ../mbed-os-example-tls/tls-client/ && mbed compile -m K64F -t GCC_ARM -c - -dependencies: - pre: - # Install gcc-arm - - cd .. && wget "https://launchpad.net/gcc-arm-embedded/4.9/4.9-2015-q3-update/+download/gcc-arm-none-eabi-4_9-2015q3-20150921-linux.tar.bz2" - - cd .. && tar -xvjf gcc-arm-none-eabi-4_9-2015q3-20150921-linux.tar.bz2 - - ln -s ../gcc-arm-none-eabi-4_9-2015q3/bin/* ../bin/ - # Install mbed-cli - - cd ../ && git clone https://github.com/ARMmbed/mbed-cli.git - - cd ../mbed-cli && sudo -H pip install -e . - # Get the sample application - - cd ../ && git clone git@github.com:ARMmbed/mbed-os-example-tls.git - # Get mbed-os - - cd ../mbed-os-example-tls/tls-client && mbed deploy - # Update mbed-os to master only if it is a nightly build - - > - if [ -n "${RUN_NIGHTLY_BUILD}" ]; then - cd ../mbed-os-example-tls/tls-client/mbed-os/ && mbed update master; - fi - # Import mbedtls current revision - - ln -s ../../../../../../../mbedtls/ ../mbed-os-example-tls/tls-client/mbed-os/features/mbedtls/importer/TARGET_IGNORE/mbedtls - - cd ../mbed-os-example-tls/tls-client/mbed-os/features/mbedtls/importer/ && make - override: - # Install the missing python packages - - cd ../mbed-os-example-tls/tls-client/mbed-os/ && sudo -H pip install -r requirements.txt From 732ccc4b068d4420a352a7ee4cdb3597b8b2a3cb Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 13 Nov 2018 18:59:17 +0200 Subject: [PATCH 03/87] Reduce Stack usage of hkdf test function `test_hkdf` in the hkdf test suites consumed stack of ~6KB with 6 buffers of ~1KB each. This causes stack overflow on some platforms with smaller stack. The buffer sizes were reduced. By testing, the sizes can be reduced even further, as the largest seen size is 82 bytes(for okm). --- tests/suites/test_suite_hkdf.function | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index c85a51a7a..020555f3b 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -14,12 +14,12 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, { int ret; size_t ikm_len, salt_len, info_len, okm_len; - unsigned char ikm[1024] = { '\0' }; - unsigned char salt[1024] = { '\0' }; - unsigned char info[1024] = { '\0' }; - unsigned char expected_okm[1024] = { '\0' }; - unsigned char okm[1024] = { '\0' }; - unsigned char okm_string[1000] = { '\0' }; + unsigned char ikm[128] = { '\0' }; + unsigned char salt[128] = { '\0' }; + unsigned char info[128] = { '\0' }; + unsigned char expected_okm[256] = { '\0' }; + unsigned char okm[256] = { '\0' }; + unsigned char okm_string[200] = { '\0' }; const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); From ae3a631518f6308786df1ba6eef4d0c7e9396855 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 14 Nov 2018 20:22:03 +0200 Subject: [PATCH 04/87] Reduce buffer size of okm Reduce the buffer size of okm to 128, to reduce stack usage. --- tests/suites/test_suite_hkdf.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 020555f3b..e41422a63 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -17,9 +17,9 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, unsigned char ikm[128] = { '\0' }; unsigned char salt[128] = { '\0' }; unsigned char info[128] = { '\0' }; - unsigned char expected_okm[256] = { '\0' }; - unsigned char okm[256] = { '\0' }; - unsigned char okm_string[200] = { '\0' }; + unsigned char expected_okm[128] = { '\0' }; + unsigned char okm[128] = { '\0' }; + unsigned char okm_string[256] = { '\0' }; const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); From cdfe0bcad8948fe6576de3f20cf3e54204c6812c Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 27 Nov 2018 11:14:06 +0200 Subject: [PATCH 05/87] Update ChangeLog Add ChangeLog entry describing the fix. --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 4abb6254c..4d866f533 100644 --- a/ChangeLog +++ b/ChangeLog @@ -77,6 +77,7 @@ Bugfix replacements of standard calloc/free functions through the macros MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO. Reported by ole-de and ddhome2006. Fixes #882, #1642 and #1706. + * Reduce stack usage of hkdf tests. Fixes #2195. Changes * Removed support for Yotta as a build tool. From 276bd00414b2e3c9ad599b21b891fad66c706a29 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 17 Jan 2019 17:51:55 -0600 Subject: [PATCH 06/87] Change Perl to Python in test builds Change references to Perl when mentioning building the tests, to Python, as this is now the script that builds the tests. Fixes #2078. --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d7a0e9d6b..94ea84b9d 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ In order to run the tests, enter: make check -The tests need Perl to be built and run. If you don't have Perl installed, you can skip building the tests with: +The tests need Python to be built and Perl to be run. If you don't have one of them installed, you can skip building the tests with: make no_test @@ -65,7 +65,7 @@ In order to run the tests, enter: make test -The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with: +The test suites need Python to be built and Perl to be executed. If you don't have one of these installed, you'll want to disable the test suites with: cmake -DENABLE_TESTING=Off /path/to/mbedtls_source @@ -133,7 +133,7 @@ on the build mode as seen above), it's merely prepended to it. The build files for Microsoft Visual Studio are generated for Visual Studio 2010. -The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need a perl environment as well. However, the selftest program in `programs/test/` is still available. +The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available. Example programs ---------------- @@ -143,7 +143,7 @@ We've included example programs for a lot of different features and uses in [`pr Tests ----- -Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. +Mbed TLS includes an elaborate test suite in `tests/` that initially requires Python to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available: From 1a3a7e5fc7b32b53ea82a1c885cd56488270c13c Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 28 Jan 2019 15:01:53 +0200 Subject: [PATCH 07/87] Add explanation for okm_string size Add explanation for why the size of `okm_string` buffer is twice as `okm` buffer. --- tests/suites/test_suite_hkdf.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index e41422a63..fc0e24217 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -19,6 +19,10 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, unsigned char info[128] = { '\0' }; unsigned char expected_okm[128] = { '\0' }; unsigned char okm[128] = { '\0' }; + /* + * okm_string is the string representation of okm, + * so its size is twice as the size of okm. + */ unsigned char okm_string[256] = { '\0' }; const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); From bc93219f667cfd211c24eee02d3c38172b51606d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 28 Jan 2019 15:07:55 +0200 Subject: [PATCH 08/87] Minor modifications to hkdf test 1. Fix comment grammar. 2. Rename `okm_string` to `okm_hex`. --- tests/suites/test_suite_hkdf.function | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index fc0e24217..d2d66596f 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -20,10 +20,10 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, unsigned char expected_okm[128] = { '\0' }; unsigned char okm[128] = { '\0' }; /* - * okm_string is the string representation of okm, - * so its size is twice as the size of okm. + * okm_hex is the string representation of okm, + * so its size is twice the size of okm. */ - unsigned char okm_string[256] = { '\0' }; + unsigned char okm_hex[256] = { '\0' }; const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); @@ -38,8 +38,8 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, TEST_ASSERT( ret == 0 ); // Run hexify on it so that it looks nicer if the assertion fails - hexify( okm_string, okm, okm_len ); - TEST_ASSERT( !strcmp( (char *)okm_string, hex_okm_string ) ); + hexify( okm_hex, okm, okm_len ); + TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) ); } /* END_CASE */ From 17233f5a5cad2c407dc07b842abab9cfe5f68c2a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 28 Jan 2019 15:18:15 +0200 Subject: [PATCH 09/87] Increase okm_hex buffer to contain null character Add an additional byte for the `okm_hex` buffer, to assure it is null-terminated in case `okm` is 128 bytes long. --- tests/suites/test_suite_hkdf.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index d2d66596f..3e8720734 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -21,9 +21,9 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, unsigned char okm[128] = { '\0' }; /* * okm_hex is the string representation of okm, - * so its size is twice the size of okm. + * so its size is twice the size of okm, and an extra null-termination. */ - unsigned char okm_hex[256] = { '\0' }; + unsigned char okm_hex[257] = { '\0' }; const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); From c983c81a239d44b53a32f794ee77a86f7f8d9e38 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Feb 2019 16:41:30 +0000 Subject: [PATCH 10/87] Fix 1-byte buffer overflow in mbedtls_mpi_write_string() This can only occur for negative numbers. Fixes #2404. --- library/bignum.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/bignum.c b/library/bignum.c index 87015af0c..23bcca92c 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -602,7 +602,10 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, mbedtls_mpi_init( &T ); if( X->s == -1 ) + { *p++ = '-'; + buflen--; + } if( radix == 16 ) { From f5e2861958fe55dffa4aa78927abd212cb185404 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Feb 2019 16:42:48 +0000 Subject: [PATCH 11/87] Adapt ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5c2fbbbd4..b59e31528 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx Bugfix + * Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when + used with negative inputs. Found by Guido Vranken in #2404. * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242. * Run the AD too long test only if MBEDTLS_CCM_ALT is not defined. From 23cfea01e8a38878bc3f6d273e3588ce35819e4b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 4 Feb 2019 09:45:07 +0000 Subject: [PATCH 12/87] Improve documentation of mbedtls_mpi_write_string() --- library/bignum.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 23bcca92c..50b75be6a 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -582,15 +582,20 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, if( radix < 2 || radix > 16 ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - n = mbedtls_mpi_bitlen( X ); - if( radix >= 4 ) n >>= 1; - if( radix >= 16 ) n >>= 1; - /* - * Round up the buffer length to an even value to ensure that there is - * enough room for hexadecimal values that can be represented in an odd - * number of digits. - */ - n += 3 + ( ( n + 1 ) & 1 ); + n = mbedtls_mpi_bitlen( X ); /* Number of bits necessary to present `n`. */ + if( radix >= 4 ) n >>= 1; /* Number of 4-adic digits necessary to present + * `n`. If radix > 4, this might be a strict + * overapproximation of the number of + * radix-adic digits needed to present `n`. */ + if( radix >= 16 ) n >>= 1; /* Number of hexadecimal digits necessary to + * present `n`. */ + + n += 1; /* NULL termination */ + n += 1; /* Compensate for the divisions above, which round down `n` + * in case it's not even. */ + n += 1; /* Potential '-'-sign. */ + n += ( n & 1 ); /* Make n even to have enough space for hexadecimal writing, + * which always uses an even number of hex-digits. */ if( buflen < n ) { From c8530dfd7e47d07f5a26b3071003010619fcb685 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 27 Feb 2019 10:46:56 +0100 Subject: [PATCH 13/87] Fix the proxy seed in Travis runs This is what we do in Jenkins, so it only makes sense to do it here as well. This will avoid random failures for no other reason than the proxy was dropping all the messages due to an unlucky PRNG seed. See https://docs.travis-ci.com/user/environment-variables/ for syntax --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 4fc31c923..c45d4081d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,7 +31,8 @@ after_failure: - tests/scripts/travis-log-failure.sh env: global: - secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k=" + - SEED=1 + - secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k=" addons: apt: From 7f61575cba6ad7396d9d2cd3a28fcdf479ef71fb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 20:17:33 +0100 Subject: [PATCH 14/87] New, documented pylint configuration The pylint configuration in .pylint was a modified version of the output of `pylint --generate-rcfile` from an unknown version of pylint. Replace it with a file that only contains settings that are modified from the default, with an explanation of why each setting is modified. The new .pylintrc was written from scratch, based on the output of pylint on the current version of the files and on a judgement of what to silence generically, what to silence on a case-by-case basis and what to fix. --- .pylint | 425 ---------------------------- .pylintrc | 52 ++++ tests/scripts/check-python-files.sh | 6 +- 3 files changed, 55 insertions(+), 428 deletions(-) delete mode 100644 .pylint create mode 100644 .pylintrc diff --git a/.pylint b/.pylint deleted file mode 100644 index 934f30be5..000000000 --- a/.pylint +++ /dev/null @@ -1,425 +0,0 @@ -[MASTER] - -# A comma-separated list of package or module names from where C extensions may -# be loaded. Extensions are loading into the active Python interpreter and may -# run arbitrary code -extension-pkg-whitelist= - -# Add files or directories to the blacklist. They should be base names, not -# paths. -ignore=CVS - -# Add files or directories matching the regex patterns to the blacklist. The -# regex matches against base names, not paths. -ignore-patterns= - -# Python code to execute, usually for sys.path manipulation such as -# pygtk.require(). -#init-hook= - -# Use multiple processes to speed up Pylint. -jobs=1 - -# List of plugins (as comma separated values of python modules names) to load, -# usually to register additional checkers. -load-plugins= - -# Pickle collected data for later comparisons. -persistent=yes - -# Specify a configuration file. -#rcfile= - -# Allow loading of arbitrary C extensions. Extensions are imported into the -# active Python interpreter and may run arbitrary code. -unsafe-load-any-extension=no - - -[MESSAGES CONTROL] - -# Only show warnings with the listed confidence levels. Leave empty to show -# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED -confidence= - -# Disable the message, report, category or checker with the given id(s). You -# can either give multiple identifiers separated by comma (,) or put this -# option multiple times (only on the command line, not in the configuration -# file where it should appear only once).You can also use "--disable=all" to -# disable everything first and then reenable specific checks. For example, if -# you want to run only the similarities checker, you can use "--disable=all -# --enable=similarities". If you want to run only the classes checker, but have -# no Warning level messages displayed, use"--disable=all --enable=classes -# --disable=W" -disable=print-statement,parameter-unpacking,unpacking-in-except,old-raise-syntax,backtick,long-suffix,old-ne-operator,old-octal-literal,import-star-module-level,raw-checker-failed,bad-inline-option,locally-disabled,locally-enabled,file-ignored,suppressed-message,useless-suppression,deprecated-pragma,apply-builtin,basestring-builtin,buffer-builtin,cmp-builtin,coerce-builtin,execfile-builtin,file-builtin,long-builtin,raw_input-builtin,reduce-builtin,standarderror-builtin,unicode-builtin,xrange-builtin,coerce-method,delslice-method,getslice-method,setslice-method,no-absolute-import,old-division,dict-iter-method,dict-view-method,next-method-called,metaclass-assignment,indexing-exception,raising-string,reload-builtin,oct-method,hex-method,nonzero-method,cmp-method,input-builtin,round-builtin,intern-builtin,unichr-builtin,map-builtin-not-iterating,zip-builtin-not-iterating,range-builtin-not-iterating,filter-builtin-not-iterating,using-cmp-argument,eq-without-hash,div-method,idiv-method,rdiv-method,exception-message-attribute,invalid-str-codec,sys-max-int,bad-python3-import,deprecated-string-function,deprecated-str-translate-call - -# Enable the message, report, category or checker with the given id(s). You can -# either give multiple identifier separated by comma (,) or put this option -# multiple time (only on the command line, not in the configuration file where -# it should appear only once). See also the "--disable" option for examples. -enable= - - -[REPORTS] - -# Python expression which should return a note less than 10 (10 is the highest -# note). You have access to the variables errors warning, statement which -# respectively contain the number of errors / warnings messages and the total -# number of statements analyzed. This is used by the global evaluation report -# (RP0004). -evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) - -# Template used to display messages. This is a python new-style format string -# used to format the message information. See doc for all details -#msg-template= - -# Set the output format. Available formats are text, parseable, colorized, json -# and msvs (visual studio).You can also give a reporter class, eg -# mypackage.mymodule.MyReporterClass. -output-format=text - -# Tells whether to display a full report or only the messages -reports=no - -# Activate the evaluation score. -score=yes - - -[REFACTORING] - -# Maximum number of nested blocks for function / method body -max-nested-blocks=5 - - -[SIMILARITIES] - -# Ignore comments when computing similarities. -ignore-comments=yes - -# Ignore docstrings when computing similarities. -ignore-docstrings=yes - -# Ignore imports when computing similarities. -ignore-imports=no - -# Minimum lines number of a similarity. -min-similarity-lines=4 - - -[FORMAT] - -# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. -expected-line-ending-format= - -# Regexp for a line that is allowed to be longer than the limit. -ignore-long-lines=^\s*(# )??$ - -# Number of spaces of indent required inside a hanging or continued line. -indent-after-paren=4 - -# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 -# tab). -indent-string=' ' - -# Maximum number of characters on a single line. -max-line-length=79 - -# Maximum number of lines in a module -max-module-lines=2000 - -# List of optional constructs for which whitespace checking is disabled. `dict- -# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}. -# `trailing-comma` allows a space between comma and closing bracket: (a, ). -# `empty-line` allows space-only lines. -no-space-check=trailing-comma,dict-separator - -# Allow the body of a class to be on the same line as the declaration if body -# contains single statement. -single-line-class-stmt=no - -# Allow the body of an if to be on the same line as the test if there is no -# else. -single-line-if-stmt=no - - -[BASIC] - -# Naming hint for argument names -argument-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ - -# Regular expression matching correct argument names -argument-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ - -# Naming hint for attribute names -attr-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ - -# Regular expression matching correct attribute names -attr-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ - -# Bad variable names which should always be refused, separated by a comma -bad-names=foo,bar,baz,toto,tutu,tata - -# Naming hint for class attribute names -class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ - -# Regular expression matching correct class attribute names -class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ - -# Naming hint for class names -class-name-hint=[A-Z_][a-zA-Z0-9]+$ - -# Regular expression matching correct class names -class-rgx=[A-Z_][a-zA-Z0-9]+$ - -# Naming hint for constant names -const-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$ - -# Regular expression matching correct constant names -const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$ - -# Minimum line length for functions/classes that require docstrings, shorter -# ones are exempt. -docstring-min-length=-1 - -# Naming hint for function names -function-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ - -# Regular expression matching correct function names -function-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ - -# Good variable names which should always be accepted, separated by a comma -good-names=i,j,k,ex,Run,_ - -# Include a hint for the correct naming format with invalid-name -include-naming-hint=no - -# Naming hint for inline iteration names -inlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$ - -# Regular expression matching correct inline iteration names -inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$ - -# Naming hint for method names -method-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ - -# Regular expression matching correct method names -method-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ - -# Naming hint for module names -module-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ - -# Regular expression matching correct module names -module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ - -# Colon-delimited sets of names that determine each other's naming style when -# the name regexes allow several styles. -name-group= - -# Regular expression which should only match function or class names that do -# not require a docstring. -no-docstring-rgx=^_ - -# List of decorators that produce properties, such as abc.abstractproperty. Add -# to this list to register other decorators that produce valid properties. -property-classes=abc.abstractproperty - -# Naming hint for variable names -variable-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ - -# Regular expression matching correct variable names -variable-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ - - -[TYPECHECK] - -# List of decorators that produce context managers, such as -# contextlib.contextmanager. Add to this list to register other decorators that -# produce valid context managers. -contextmanager-decorators=contextlib.contextmanager - -# List of members which are set dynamically and missed by pylint inference -# system, and so shouldn't trigger E1101 when accessed. Python regular -# expressions are accepted. -generated-members= - -# Tells whether missing members accessed in mixin class should be ignored. A -# mixin class is detected if its name ends with "mixin" (case insensitive). -ignore-mixin-members=yes - -# This flag controls whether pylint should warn about no-member and similar -# checks whenever an opaque object is returned when inferring. The inference -# can return multiple potential results while evaluating a Python object, but -# some branches might not be evaluated, which results in partial inference. In -# that case, it might be useful to still emit no-member and other checks for -# the rest of the inferred objects. -ignore-on-opaque-inference=yes - -# List of class names for which member attributes should not be checked (useful -# for classes with dynamically set attributes). This supports the use of -# qualified names. -ignored-classes=optparse.Values,thread._local,_thread._local - -# List of module names for which member attributes should not be checked -# (useful for modules/projects where namespaces are manipulated during runtime -# and thus existing member attributes cannot be deduced by static analysis. It -# supports qualified module names, as well as Unix pattern matching. -ignored-modules= - -# Show a hint with possible names when a member name was not found. The aspect -# of finding the hint is based on edit distance. -missing-member-hint=yes - -# The minimum edit distance a name should have in order to be considered a -# similar match for a missing member name. -missing-member-hint-distance=1 - -# The total number of similar names that should be taken in consideration when -# showing a hint for a missing member. -missing-member-max-choices=1 - - -[VARIABLES] - -# List of additional names supposed to be defined in builtins. Remember that -# you should avoid to define new builtins when possible. -additional-builtins= - -# Tells whether unused global variables should be treated as a violation. -allow-global-unused-variables=yes - -# List of strings which can identify a callback function by name. A callback -# name must start or end with one of those strings. -callbacks=cb_,_cb - -# A regular expression matching the name of dummy variables (i.e. expectedly -# not used). -dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_ - -# Argument names that match this expression will be ignored. Default to name -# with leading underscore -ignored-argument-names=_.*|^ignored_|^unused_ - -# Tells whether we should check for unused import in __init__ files. -init-import=no - -# List of qualified module names which can have objects that can redefine -# builtins. -redefining-builtins-modules=six.moves,future.builtins - - -[SPELLING] - -# Spelling dictionary name. Available dictionaries: none. To make it working -# install python-enchant package. -spelling-dict= - -# List of comma separated words that should not be checked. -spelling-ignore-words= - -# A path to a file that contains private dictionary; one word per line. -spelling-private-dict-file= - -# Tells whether to store unknown words to indicated private dictionary in -# --spelling-private-dict-file option instead of raising a message. -spelling-store-unknown-words=no - - -[MISCELLANEOUS] - -# List of note tags to take in consideration, separated by a comma. -notes=FIXME,XXX,TODO - - -[LOGGING] - -# Logging modules to check that the string format arguments are in logging -# function parameter format -logging-modules=logging - - -[CLASSES] - -# List of method names used to declare (i.e. assign) instance attributes. -defining-attr-methods=__init__,__new__,setUp - -# List of member names, which should be excluded from the protected access -# warning. -exclude-protected=_asdict,_fields,_replace,_source,_make - -# List of valid names for the first argument in a class method. -valid-classmethod-first-arg=cls - -# List of valid names for the first argument in a metaclass class method. -valid-metaclass-classmethod-first-arg=mcs - - -[DESIGN] - -# Maximum number of arguments for function / method -max-args=5 - -# Maximum number of attributes for a class (see R0902). -max-attributes=7 - -# Maximum number of boolean expressions in a if statement -max-bool-expr=5 - -# Maximum number of branch for function / method body -max-branches=12 - -# Maximum number of locals for function / method body -max-locals=15 - -# Maximum number of parents for a class (see R0901). -max-parents=7 - -# Maximum number of public methods for a class (see R0904). -max-public-methods=20 - -# Maximum number of return / yield for function / method body -max-returns=6 - -# Maximum number of statements in function / method body -max-statements=50 - -# Minimum number of public methods for a class (see R0903). -min-public-methods=2 - - -[IMPORTS] - -# Allow wildcard imports from modules that define __all__. -allow-wildcard-with-all=no - -# Analyse import fallback blocks. This can be used to support both Python 2 and -# 3 compatible code, which means that the block might have code that exists -# only in one or another interpreter, leading to false positives when analysed. -analyse-fallback-blocks=no - -# Deprecated modules which should not be used, separated by a comma -deprecated-modules=regsub,TERMIOS,Bastion,rexec - -# Create a graph of external dependencies in the given file (report RP0402 must -# not be disabled) -ext-import-graph= - -# Create a graph of every (i.e. internal and external) dependencies in the -# given file (report RP0402 must not be disabled) -import-graph= - -# Create a graph of internal dependencies in the given file (report RP0402 must -# not be disabled) -int-import-graph= - -# Force import order to recognize a module as part of the standard -# compatibility libraries. -known-standard-library= - -# Force import order to recognize a module as part of a third party library. -known-third-party=enchant - - -[EXCEPTIONS] - -# Exceptions that will emit a warning when being caught. Defaults to -# "Exception" -overgeneral-exceptions=Exception diff --git a/.pylintrc b/.pylintrc new file mode 100644 index 000000000..168e0b759 --- /dev/null +++ b/.pylintrc @@ -0,0 +1,52 @@ +[BASIC] +# We're ok with short funtion argument names. +# [invalid-name] +argument-rgx=[a-z_][a-z0-9_]*$ + +# Allow filter and map. +# [bad-builtin] +bad-functions=input + +# We prefer docstrings, but we don't require them on all functions. +# Require them only on long functions (for some value of long). +# [missing-docstring] +docstring-min-length=10 + +# Allow longer methods than the default. +# [invalid-name] +method-rgx=[a-z_][a-z0-9_]{2,35}$ + +# Allow module names containing a dash (but no underscore or uppercase letter). +# They are whole programs, not meant to be included by another module. +# [invalid-name] +module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|[a-z][-0-9a-z]+)$ + +# Some functions don't need docstrings. +# [missing-docstring] +no-docstring-rgx=(run_)main$ + +# We're ok with short local or global variable names. +# [invalid-name] +variable-rgx=[a-z_][a-z0-9_]*$ + +[DESIGN] +# Allow more than the default 7 attributes. +# [too-many-instance-attributes] +max-attributes=15 + +[FORMAT] +# Allow longer modules than the default recommended maximum. +# [too-many-lines] +max-module-lines=2000 + +[MESSAGES CONTROL] +disable= + +[REPORTS] +# Don't diplay statistics. Just the facts. +reports=no + +[VARIABLES] +# Allow unused variables if their name starts with an underscore. +# [unused-argument] +dummy-variables-rgx=_.* diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index 009ba4cb0..a37d1d570 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -10,9 +10,9 @@ # PEP8 coding standards. if `hash pylint > /dev/null 2>&1`; then - pylint -j 2 tests/scripts/generate_test_code.py --rcfile .pylint - pylint -j 2 tests/scripts/test_generate_test_code.py --rcfile .pylint - pylint -j 2 tests/scripts/mbedtls_test.py --rcfile .pylint + pylint -j 2 tests/scripts/generate_test_code.py + pylint -j 2 tests/scripts/test_generate_test_code.py + pylint -j 2 tests/scripts/mbedtls_test.py else echo "$0: WARNING: 'pylint' not found! Skipping checks on Python files." fi From b2c269eeee8750048a5521df78434cc06510224f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 20:25:02 +0100 Subject: [PATCH 15/87] Call pylint3, not pylint We use Python 3, so call Pylint for Python 3, not for Python 2. --- tests/scripts/check-python-files.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index a37d1d570..e64d6b331 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -9,10 +9,10 @@ # Run 'pylint' on Python files for programming errors and helps enforcing # PEP8 coding standards. -if `hash pylint > /dev/null 2>&1`; then - pylint -j 2 tests/scripts/generate_test_code.py - pylint -j 2 tests/scripts/test_generate_test_code.py - pylint -j 2 tests/scripts/mbedtls_test.py +if `hash pylint3 > /dev/null 2>&1`; then + pylint3 -j 2 tests/scripts/generate_test_code.py + pylint3 -j 2 tests/scripts/test_generate_test_code.py + pylint3 -j 2 tests/scripts/mbedtls_test.py else - echo "$0: WARNING: 'pylint' not found! Skipping checks on Python files." + echo "$0: WARNING: 'pylint3' not found! Skipping checks on Python files." fi From aad2ebdf3074ea61cadae53b0f49475774edf0ac Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 20:26:06 +0100 Subject: [PATCH 16/87] Fix pylint errors going uncaught Make check-python-files.sh run pylint on all *.py files (in directories where they are known to be present), rather than list files explicitly. Fix a bug whereby the return status of check-python-files.sh was only based on the last file passing, i.e. errors in other files were effectively ignored. Make check-python-files.sh run pylint unconditionally. Since pylint3 is not critical, make all.sh to skip running check-python-files.sh if pylint3 is not available. --- tests/scripts/all.sh | 3 +++ tests/scripts/check-python-files.sh | 8 +------- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 90f9632d9..fd9d664bb 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1344,6 +1344,9 @@ component_test_zeroize () { unset gdb_disable_aslr } +support_check_python_files () { + type pylint3 >/dev/null 2>/dev/null +} component_check_python_files () { msg "Lint: Python scripts" record_status tests/scripts/check-python-files.sh diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index e64d6b331..929041822 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -9,10 +9,4 @@ # Run 'pylint' on Python files for programming errors and helps enforcing # PEP8 coding standards. -if `hash pylint3 > /dev/null 2>&1`; then - pylint3 -j 2 tests/scripts/generate_test_code.py - pylint3 -j 2 tests/scripts/test_generate_test_code.py - pylint3 -j 2 tests/scripts/mbedtls_test.py -else - echo "$0: WARNING: 'pylint3' not found! Skipping checks on Python files." -fi +pylint3 -j 2 scripts/*.py tests/scripts/*.py From 0d060ef328fc1ed8dc61a3e6229d6984dbb764a0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 20:35:31 +0100 Subject: [PATCH 17/87] check-files.py: document some classes and methods Document all classes and longer methods. Declare a static method as such. Pointed out by pylint. --- tests/scripts/check-files.py | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 005a077c7..92cae1dc2 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -66,6 +66,9 @@ class IssueTracker(object): class PermissionIssueTracker(IssueTracker): + """Track files with bad permissions. + + Files that are not executable scripts must not be executable.""" def __init__(self): super().__init__() @@ -78,6 +81,8 @@ class PermissionIssueTracker(IssueTracker): class EndOfFileNewlineIssueTracker(IssueTracker): + """Track files that end with an incomplete line + (no newline character at the end of the last line).""" def __init__(self): super().__init__() @@ -90,6 +95,8 @@ class EndOfFileNewlineIssueTracker(IssueTracker): class Utf8BomIssueTracker(IssueTracker): + """Track files that start with a UTF-8 BOM. + Files should be ASCII or UTF-8. Valid UTF-8 does not start with a BOM.""" def __init__(self): super().__init__() @@ -102,6 +109,7 @@ class Utf8BomIssueTracker(IssueTracker): class LineEndingIssueTracker(IssueTracker): + """Track files with non-Unix line endings (i.e. files with CR).""" def __init__(self): super().__init__() @@ -112,6 +120,7 @@ class LineEndingIssueTracker(IssueTracker): class TrailingWhitespaceIssueTracker(IssueTracker): + """Track lines with trailing whitespace.""" def __init__(self): super().__init__() @@ -123,6 +132,7 @@ class TrailingWhitespaceIssueTracker(IssueTracker): class TabIssueTracker(IssueTracker): + """Track lines with tabs.""" def __init__(self): super().__init__() @@ -136,6 +146,8 @@ class TabIssueTracker(IssueTracker): class MergeArtifactIssueTracker(IssueTracker): + """Track lines with merge artifacts. + These are leftovers from a ``git merge`` that wasn't fully edited.""" def __init__(self): super().__init__() @@ -157,6 +169,7 @@ class MergeArtifactIssueTracker(IssueTracker): self.record_issue(filepath, line_number) class TodoIssueTracker(IssueTracker): + """Track lines containing ``TODO``.""" def __init__(self): super().__init__() @@ -172,8 +185,12 @@ class TodoIssueTracker(IssueTracker): class IntegrityChecker(object): + """Sanity-check files under the current directory.""" def __init__(self, log_file): + """Instantiate the sanity checker. + Check files under the current directory. + Write a report of issues to log_file.""" self.check_repo_path() self.logger = None self.setup_logger(log_file) @@ -197,7 +214,8 @@ class IntegrityChecker(object): TodoIssueTracker(), ] - def check_repo_path(self): + @staticmethod + def check_repo_path(): if not all(os.path.isdir(d) for d in ["include", "library", "tests"]): raise Exception("Must be run from Mbed TLS root") From 712afa74f43a5b335b43ec7c47ad0d66d792cb47 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 20:36:52 +0100 Subject: [PATCH 18/87] abi_check.py: Document more methods --- scripts/abi_check.py | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index fe5dd3f21..88435ef02 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -26,8 +26,16 @@ import tempfile class AbiChecker(object): + """API and ABI checker.""" def __init__(self, report_dir, old_rev, new_rev, keep_all_reports): + """Instantiate the API/ABI checker. + + report_dir: directory for output files + old_rev: reference git revision to compare against + new_rev: git revision to check + keep_all_reports: if false, delete old reports + """ self.repo_path = "." self.log = None self.setup_logger() @@ -42,7 +50,8 @@ class AbiChecker(object): self.git_command = "git" self.make_command = "make" - def check_repo_path(self): + @staticmethod + def check_repo_path(): current_dir = os.path.realpath('.') root_dir = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) if current_dir != root_dir: @@ -53,12 +62,15 @@ class AbiChecker(object): self.log.setLevel(logging.INFO) self.log.addHandler(logging.StreamHandler()) - def check_abi_tools_are_installed(self): + @staticmethod + def check_abi_tools_are_installed(): for command in ["abi-dumper", "abi-compliance-checker"]: if not shutil.which(command): raise Exception("{} not installed, aborting".format(command)) def get_clean_worktree_for_git_revision(self, git_rev): + """Make a separate worktree with git_rev checked out. + Do not modify the current worktree.""" self.log.info( "Checking out git worktree for revision {}".format(git_rev) ) @@ -88,6 +100,7 @@ class AbiChecker(object): raise Exception("git submodule update failed, aborting") def build_shared_libraries(self, git_worktree_path): + """Build the shared libraries in the specified worktree.""" my_environment = os.environ.copy() my_environment["CFLAGS"] = "-g -Og" my_environment["SHARED"] = "1" @@ -104,6 +117,9 @@ class AbiChecker(object): raise Exception("make failed, aborting") def get_abi_dumps_from_shared_libraries(self, git_ref, git_worktree_path): + """Generate the ABI dumps for the specified git revision. + It must be checked out in git_worktree_path and the shared libraries + must have been built.""" abi_dumps = {} for mbed_module in self.mbedtls_modules: output_path = os.path.join( @@ -129,6 +145,7 @@ class AbiChecker(object): return abi_dumps def cleanup_worktree(self, git_worktree_path): + """Remove the specified git worktree.""" shutil.rmtree(git_worktree_path) worktree_process = subprocess.Popen( [self.git_command, "worktree", "prune"], @@ -142,6 +159,7 @@ class AbiChecker(object): raise Exception("Worktree cleanup failed, aborting") def get_abi_dump_for_ref(self, git_rev): + """Generate the ABI dumps for the specified git revision.""" git_worktree_path = self.get_clean_worktree_for_git_revision(git_rev) self.update_git_submodules(git_worktree_path) self.build_shared_libraries(git_worktree_path) @@ -152,6 +170,9 @@ class AbiChecker(object): return abi_dumps def get_abi_compatibility_report(self): + """Generate a report of the differences between the reference ABI + and the new ABI. ABI dumps from self.old_rev and self.new_rev must + be available.""" compatibility_report = "" compliance_return_code = 0 for mbed_module in self.mbedtls_modules: @@ -201,6 +222,8 @@ class AbiChecker(object): return compliance_return_code def check_for_abi_changes(self): + """Generate a report of ABI differences + between self.old_rev and self.new_rev.""" self.check_repo_path() self.check_abi_tools_are_installed() self.old_dumps = self.get_abi_dump_for_ref(self.old_rev) From 6ee576e0b5dc8cccee57906ac186e3636714abef Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 20:59:05 +0100 Subject: [PATCH 19/87] check-files.py: clean up class structure Line issue trackers are conceptually a subclass of file issue trackers: they're file issue trackers where issues arise from checking each line independently. So make it an actual subclass. Pylint pointed out the design smell: there was an abstract method that wasn't always overridden in concrete child classes. --- tests/scripts/check-files.py | 71 ++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 32 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 92cae1dc2..a6743bbfc 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -19,10 +19,12 @@ import codecs import sys -class IssueTracker(object): - """Base class for issue tracking. Issues should inherit from this and - overwrite either issue_with_line if they check the file line by line, or - overwrite check_file_for_issue if they check the file as a whole.""" +class FileIssueTracker(object): + """Base class for file-wide issue tracking. + + To implement a checker that processes a file as a whole, inherit from + this class and implement `check_file_for_issue`. + """ def __init__(self): self.heading = "" @@ -35,23 +37,14 @@ class IssueTracker(object): return False return True - def issue_with_line(self, line): - raise NotImplementedError - def check_file_for_issue(self, filepath): - with open(filepath, "rb") as f: - for i, line in enumerate(iter(f.readline, b"")): - self.check_file_line(filepath, line, i + 1) + raise NotImplementedError def record_issue(self, filepath, line_number): if filepath not in self.files_with_issues.keys(): self.files_with_issues[filepath] = [] self.files_with_issues[filepath].append(line_number) - def check_file_line(self, filepath, line, line_number): - if self.issue_with_line(line): - self.record_issue(filepath, line_number) - def output_file_issues(self, logger): if self.files_with_issues.values(): logger.info(self.heading) @@ -64,8 +57,26 @@ class IssueTracker(object): logger.info(filename) logger.info("") +class LineIssueTracker(FileIssueTracker): + """Base class for line-by-line issue tracking. -class PermissionIssueTracker(IssueTracker): + To implement a checker that processes files line by line, inherit from + this class and implement `line_with_issue`. + """ + + def issue_with_line(self, line, filepath): + raise NotImplementedError + + def check_file_line(self, filepath, line, line_number): + if self.issue_with_line(line, filepath): + self.record_issue(filepath, line_number) + + def check_file_for_issue(self, filepath): + with open(filepath, "rb") as f: + for i, line in enumerate(iter(f.readline, b"")): + self.check_file_line(filepath, line, i + 1) + +class PermissionIssueTracker(FileIssueTracker): """Track files with bad permissions. Files that are not executable scripts must not be executable.""" @@ -80,7 +91,7 @@ class PermissionIssueTracker(IssueTracker): self.files_with_issues[filepath] = None -class EndOfFileNewlineIssueTracker(IssueTracker): +class EndOfFileNewlineIssueTracker(FileIssueTracker): """Track files that end with an incomplete line (no newline character at the end of the last line).""" @@ -94,7 +105,7 @@ class EndOfFileNewlineIssueTracker(IssueTracker): self.files_with_issues[filepath] = None -class Utf8BomIssueTracker(IssueTracker): +class Utf8BomIssueTracker(FileIssueTracker): """Track files that start with a UTF-8 BOM. Files should be ASCII or UTF-8. Valid UTF-8 does not start with a BOM.""" @@ -108,18 +119,18 @@ class Utf8BomIssueTracker(IssueTracker): self.files_with_issues[filepath] = None -class LineEndingIssueTracker(IssueTracker): +class LineEndingIssueTracker(LineIssueTracker): """Track files with non-Unix line endings (i.e. files with CR).""" def __init__(self): super().__init__() self.heading = "Non Unix line endings:" - def issue_with_line(self, line): + def issue_with_line(self, line, _filepath): return b"\r" in line -class TrailingWhitespaceIssueTracker(IssueTracker): +class TrailingWhitespaceIssueTracker(LineIssueTracker): """Track lines with trailing whitespace.""" def __init__(self): @@ -127,11 +138,11 @@ class TrailingWhitespaceIssueTracker(IssueTracker): self.heading = "Trailing whitespace:" self.files_exemptions = [".md"] - def issue_with_line(self, line): + def issue_with_line(self, line, _filepath): return line.rstrip(b"\r\n") != line.rstrip() -class TabIssueTracker(IssueTracker): +class TabIssueTracker(LineIssueTracker): """Track lines with tabs.""" def __init__(self): @@ -141,11 +152,11 @@ class TabIssueTracker(IssueTracker): "Makefile", "generate_visualc_files.pl" ] - def issue_with_line(self, line): + def issue_with_line(self, line, _filepath): return b"\t" in line -class MergeArtifactIssueTracker(IssueTracker): +class MergeArtifactIssueTracker(LineIssueTracker): """Track lines with merge artifacts. These are leftovers from a ``git merge`` that wasn't fully edited.""" @@ -153,22 +164,18 @@ class MergeArtifactIssueTracker(IssueTracker): super().__init__() self.heading = "Merge artifact:" - def issue_with_line(self, filepath, line): + def issue_with_line(self, line, _filepath): # Detect leftover git conflict markers. if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '): return True if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3 return True if line.rstrip(b'\r\n') == b'=======' and \ - not filepath.endswith('.md'): + not _filepath.endswith('.md'): return True return False - def check_file_line(self, filepath, line, line_number): - if self.issue_with_line(filepath, line): - self.record_issue(filepath, line_number) - -class TodoIssueTracker(IssueTracker): +class TodoIssueTracker(LineIssueTracker): """Track lines containing ``TODO``.""" def __init__(self): @@ -180,7 +187,7 @@ class TodoIssueTracker(IssueTracker): "pull_request_template.md", ] - def issue_with_line(self, line): + def issue_with_line(self, line, _filepath): return b"todo" in line.lower() From 1e9698af4b8b6d393f9537dfea0708cfe9306d42 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 21:10:04 +0100 Subject: [PATCH 20/87] check-files.py: use class fields for class-wide constants In an issue tracker, heading and files_exemptions are class-wide constants, so make them so instead of being per-instance fields. --- tests/scripts/check-files.py | 64 ++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 36 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index a6743bbfc..19fc528f7 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -23,12 +23,19 @@ class FileIssueTracker(object): """Base class for file-wide issue tracking. To implement a checker that processes a file as a whole, inherit from - this class and implement `check_file_for_issue`. + this class and implement `check_file_for_issue` and define ``heading``. + + ``files_exemptions``: files whose name ends with a string in this set + will not be checked. + + ``heading``: human-readable description of the issue """ + files_exemptions = frozenset() + # heading must be defined in derived classes. + # pylint: disable=no-member + def __init__(self): - self.heading = "" - self.files_exemptions = [] self.files_with_issues = {} def should_check_file(self, filepath): @@ -81,9 +88,7 @@ class PermissionIssueTracker(FileIssueTracker): Files that are not executable scripts must not be executable.""" - def __init__(self): - super().__init__() - self.heading = "Incorrect permissions:" + heading = "Incorrect permissions:" def check_file_for_issue(self, filepath): if not (os.access(filepath, os.X_OK) == @@ -95,9 +100,7 @@ class EndOfFileNewlineIssueTracker(FileIssueTracker): """Track files that end with an incomplete line (no newline character at the end of the last line).""" - def __init__(self): - super().__init__() - self.heading = "Missing newline at end of file:" + heading = "Missing newline at end of file:" def check_file_for_issue(self, filepath): with open(filepath, "rb") as f: @@ -109,9 +112,7 @@ class Utf8BomIssueTracker(FileIssueTracker): """Track files that start with a UTF-8 BOM. Files should be ASCII or UTF-8. Valid UTF-8 does not start with a BOM.""" - def __init__(self): - super().__init__() - self.heading = "UTF-8 BOM present:" + heading = "UTF-8 BOM present:" def check_file_for_issue(self, filepath): with open(filepath, "rb") as f: @@ -122,9 +123,7 @@ class Utf8BomIssueTracker(FileIssueTracker): class LineEndingIssueTracker(LineIssueTracker): """Track files with non-Unix line endings (i.e. files with CR).""" - def __init__(self): - super().__init__() - self.heading = "Non Unix line endings:" + heading = "Non Unix line endings:" def issue_with_line(self, line, _filepath): return b"\r" in line @@ -133,10 +132,8 @@ class LineEndingIssueTracker(LineIssueTracker): class TrailingWhitespaceIssueTracker(LineIssueTracker): """Track lines with trailing whitespace.""" - def __init__(self): - super().__init__() - self.heading = "Trailing whitespace:" - self.files_exemptions = [".md"] + heading = "Trailing whitespace:" + files_exemptions = frozenset(".md") def issue_with_line(self, line, _filepath): return line.rstrip(b"\r\n") != line.rstrip() @@ -145,12 +142,11 @@ class TrailingWhitespaceIssueTracker(LineIssueTracker): class TabIssueTracker(LineIssueTracker): """Track lines with tabs.""" - def __init__(self): - super().__init__() - self.heading = "Tabs present:" - self.files_exemptions = [ - "Makefile", "generate_visualc_files.pl" - ] + heading = "Tabs present:" + files_exemptions = frozenset([ + "Makefile", + "generate_visualc_files.pl", + ]) def issue_with_line(self, line, _filepath): return b"\t" in line @@ -160,9 +156,7 @@ class MergeArtifactIssueTracker(LineIssueTracker): """Track lines with merge artifacts. These are leftovers from a ``git merge`` that wasn't fully edited.""" - def __init__(self): - super().__init__() - self.heading = "Merge artifact:" + heading = "Merge artifact:" def issue_with_line(self, line, _filepath): # Detect leftover git conflict markers. @@ -178,14 +172,12 @@ class MergeArtifactIssueTracker(LineIssueTracker): class TodoIssueTracker(LineIssueTracker): """Track lines containing ``TODO``.""" - def __init__(self): - super().__init__() - self.heading = "TODO present:" - self.files_exemptions = [ - os.path.basename(__file__), - "benchmark.c", - "pull_request_template.md", - ] + heading = "TODO present:" + files_exemptions = frozenset([ + os.path.basename(__file__), + "benchmark.c", + "pull_request_template.md", + ]) def issue_with_line(self, line, _filepath): return b"todo" in line.lower() From 23e64f226bf01c6f913ea64dc333858bcc4d7dad Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 21:24:27 +0100 Subject: [PATCH 21/87] check-files.py: readability improvement in permission check --- tests/scripts/check-files.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 19fc528f7..00fd0edfb 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -91,8 +91,9 @@ class PermissionIssueTracker(FileIssueTracker): heading = "Incorrect permissions:" def check_file_for_issue(self, filepath): - if not (os.access(filepath, os.X_OK) == - filepath.endswith((".sh", ".pl", ".py"))): + is_executable = os.access(filepath, os.X_OK) + should_be_executable = filepath.endswith((".sh", ".pl", ".py")) + if is_executable != should_be_executable: self.files_with_issues[filepath] = None From e915d532a6b1a4c7ade1463124be74107c3a765c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 21:39:42 +0100 Subject: [PATCH 22/87] Silence pylint Silence pylint in specific places where we're doing slightly unusual or dodgy, but correct. --- scripts/abi_check.py | 4 +++- tests/scripts/generate_test_code.py | 2 +- tests/scripts/mbedtls_test.py | 3 ++- tests/scripts/test_generate_test_code.py | 4 +++- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 88435ef02..7926bc8cd 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -268,7 +268,9 @@ def run_main(): ) return_code = abi_check.check_for_abi_changes() sys.exit(return_code) - except Exception: + except Exception: # pylint: disable=broad-except + # Print the backtrace and exit explicitly so as to exit with + # status 2, not 1. traceback.print_exc() sys.exit(2) diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index 125802442..1fff09992 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -238,7 +238,7 @@ class FileWrapper(io.FileIO, object): if hasattr(parent, '__next__'): line = parent.__next__() # Python 3 else: - line = parent.next() # Python 2 + line = parent.next() # Python 2 # pylint: disable=no-member if line is not None: self._line_no += 1 # Convert byte array to string with correct encoding and diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py index c7027659f..ac2912d4c 100755 --- a/tests/scripts/mbedtls_test.py +++ b/tests/scripts/mbedtls_test.py @@ -37,7 +37,8 @@ https://github.com/ARMmbed/greentea import re import os import binascii -from mbed_host_tests import BaseHostTest, event_callback + +from mbed_host_tests import BaseHostTest, event_callback # pylint: disable=import-error class TestDataParserError(Exception): diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py index 2ef12e18d..6d7113e18 100755 --- a/tests/scripts/test_generate_test_code.py +++ b/tests/scripts/test_generate_test_code.py @@ -22,7 +22,7 @@ Unit tests for generate_test_code.py """ - +# pylint: disable=wrong-import-order try: # Python 2 from StringIO import StringIO @@ -36,6 +36,7 @@ try: except ImportError: # Python 3 from unittest.mock import patch +# pylint: enable=wrong-import-order from generate_test_code import gen_dependencies, gen_dependencies_one_line from generate_test_code import gen_function_wrapper, gen_dispatch from generate_test_code import parse_until_pattern, GeneratorInputError @@ -336,6 +337,7 @@ class StringIOWrapper(StringIO, object): :param length: :return: """ + # pylint: disable=unused-argument line = super(StringIOWrapper, self).readline() if line is not None: self.line_no += 1 From a0c615ef42d69b8c600c354f67dafd95cba63831 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 27 Feb 2019 11:03:43 +0100 Subject: [PATCH 23/87] Allow main() to lack a docstring. --- .pylintrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pylintrc b/.pylintrc index 168e0b759..037717e35 100644 --- a/.pylintrc +++ b/.pylintrc @@ -23,7 +23,7 @@ module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|[a-z][-0-9a-z]+)$ # Some functions don't need docstrings. # [missing-docstring] -no-docstring-rgx=(run_)main$ +no-docstring-rgx=(run_)?main$ # We're ok with short local or global variable names. # [invalid-name] From 001626e44ea5d6cb4f8b66c10c1ab60c54351739 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 27 Feb 2019 11:16:41 +0000 Subject: [PATCH 24/87] Fix typo in data_file generator code The file to generate is `server10_int3-bs.pem`, not `server10-bs_int3-bs.pem`. --- tests/data_files/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index ff8947686..be0858014 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -153,7 +153,7 @@ test-int-ca3-badsign.crt: test-int-ca3.crt all_final += test-int-ca3-badsign.crt server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt cat server10.crt test-int-ca3-badsign.crt > $@ -all_final += server10-bs_int3-bs.pem +all_final += server10_int3-bs.pem rsa_pkcs1_2048_public.pem: server8.key $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ From f5ce5d52acbbd4d987e654857b5acd273e015c59 Mon Sep 17 00:00:00 2001 From: irwir Date: Sat, 19 Jan 2019 19:05:56 +0300 Subject: [PATCH 25/87] Fix default port number information --- ChangeLog | 2 ++ programs/ssl/ssl_mail_client.c | 30 +++++++++++++++--------------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index b39b95391..ac04588a8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix previously lead to a stack overflow on constrained targets. * Add `MBEDTLS_SELF_TEST` for the mbedtls_self_test functions in the header files, which missed the precompilation check. #971 + * Fix incorrect default port number in ssl_mail_client example's usage. + Found and fixed by irwir. #2337 = mbed TLS 2.16.0 branch released 2018-12-21 diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index bbe4c700b..c73297c2a 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -110,9 +110,9 @@ int main( void ) #if defined(MBEDTLS_BASE64_C) #define USAGE_AUTH \ - " authentication=%%d default: 0 (disabled)\n" \ - " user_name=%%s default: \"user\"\n" \ - " user_pwd=%%s default: \"password\"\n" + " authentication=%%d default: 0 (disabled)\n" \ + " user_name=%%s default: \"" DFL_USER_NAME "\"\n" \ + " user_pwd=%%s default: \"" DFL_USER_PWD "\"\n" #else #define USAGE_AUTH \ " authentication options disabled. (Require MBEDTLS_BASE64_C)\n" @@ -129,17 +129,17 @@ int main( void ) #endif /* MBEDTLS_FS_IO */ #define USAGE \ - "\n usage: ssl_mail_client param=<>...\n" \ - "\n acceptable parameters:\n" \ - " server_name=%%s default: localhost\n" \ - " server_port=%%d default: 4433\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ + "\n usage: ssl_mail_client param=<>...\n" \ + "\n acceptable parameters:\n" \ + " server_name=%%s default: " DFL_SERVER_NAME "\n" \ + " server_port=%%d default: " DFL_SERVER_PORT "\n" \ + " debug_level=%%d default: 0 (disabled)\n" \ " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \ - USAGE_AUTH \ - " mail_from=%%s default: \"\"\n" \ - " mail_to=%%s default: \"\"\n" \ - USAGE_IO \ - " force_ciphersuite= default: all enabled\n"\ + USAGE_AUTH \ + " mail_from=%%s default: \"\"\n" \ + " mail_to=%%s default: \"\"\n" \ + USAGE_IO \ + " force_ciphersuite= default: all enabled\n" \ " acceptable ciphersuite names:\n" #if defined(MBEDTLS_CHECK_PARAMS) @@ -324,7 +324,7 @@ static int write_and_get_response( mbedtls_net_context *sock_fd, unsigned char * mbedtls_printf("\n%s", buf); if( len && ( ret = mbedtls_net_send( sock_fd, buf, len ) ) <= 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret ); return -1; } @@ -336,7 +336,7 @@ static int write_and_get_response( mbedtls_net_context *sock_fd, unsigned char * if( ret <= 0 ) { - mbedtls_printf( "failed\n ! read returned %d\n\n", ret ); + mbedtls_printf( "failed\n ! mbedtls_net_recv returned %d\n\n", ret ); return -1; } From 04dadb73fdbf9556b3cd3f72524d801bd91aa9cc Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 6 Mar 2019 12:29:37 +0000 Subject: [PATCH 26/87] Add non-regression test for buffer overflow --- tests/suites/test_suite_mpi.data | 3 +++ tests/suites/test_suite_mpi.function | 3 +++ 2 files changed, 6 insertions(+) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 8b5f97d38..425e93ad2 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -25,6 +25,9 @@ mpi_read_write_string:16:"-20":10:"-32":100:0:0 Base test mpi_read_write_string #3 (Negative decimal) mpi_read_write_string:16:"-23":16:"-23":100:0:0 +Base test mpi_read_write_string #4 (Buffer just fits) +mpi_read_write_string:16:"-4":4:"-10":4:0:0 + Test mpi_read_write_string #1 (Invalid character) mpi_read_write_string:10:"a28":0:"":100:MBEDTLS_ERR_MPI_INVALID_CHARACTER:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index d1fa5a46c..f982385e1 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -294,6 +294,8 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A, mbedtls_mpi_init( &X ); + memset( str, '!', sizeof( str ) ); + TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read ); if( result_read == 0 ) { @@ -301,6 +303,7 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A, if( result_write == 0 ) { TEST_ASSERT( strcasecmp( str, input_A ) == 0 ); + TEST_ASSERT( str[len] == '!' ); } } From 80470627e2e7b9310eefbaa3aafa10930f64bd51 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 6 Mar 2019 13:43:02 +0000 Subject: [PATCH 27/87] Fix typo --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 50b75be6a..02086c04b 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -590,7 +590,7 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, if( radix >= 16 ) n >>= 1; /* Number of hexadecimal digits necessary to * present `n`. */ - n += 1; /* NULL termination */ + n += 1; /* Terminating null byte */ n += 1; /* Compensate for the divisions above, which round down `n` * in case it's not even. */ n += 1; /* Potential '-'-sign. */ From b6a59f66cdea97465d04be7a3cb1367770c97dd1 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 6 Mar 2019 16:29:37 +0000 Subject: [PATCH 28/87] Fix ChangeLog entry ordering --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b59e31528..8f989eb19 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx Bugfix - * Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when - used with negative inputs. Found by Guido Vranken in #2404. * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242. * Run the AD too long test only if MBEDTLS_CCM_ALT is not defined. @@ -21,6 +19,8 @@ Bugfix in X.509 module. Fixes #2212. * Reduce stack usage of `mpi_write_hlp()` by eliminating recursion. Fixes #2190. + * Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when + used with negative inputs. Found by Guido Vranken in #2404. Changes * Include configuration file in all header files that use configuration, From 288dedcc7221901d61ed355026839b3cfa82c543 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Mar 2019 11:00:53 +0000 Subject: [PATCH 29/87] Add compile-time option to enable X.509 CA callbacks --- include/mbedtls/config.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3a2fed528..ed8bafa75 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1744,6 +1744,25 @@ */ //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +/** + * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK + * + * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_cb()` + * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure + * the set of trusted certificates through a callback instead of a linked + * list. + * + * This is useful for example in environments where a large number of trusted + * certificates is present and storing them in a linked list isn't efficient + * enough, or when the set of trusted certificates changes frequently. + * + * See the documentation of `mbedtls_x509_crt_verify_with_cb()` and + * `mbedtls_ssl_conf_ca_cb()` for more information. + * + * Uncomment to enable trusted certificate callbacks. + */ +//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK + /** * \def MBEDTLS_X509_CHECK_KEY_USAGE * From 5c8df78feb7716bf3b0a53b51451225432fae582 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Mar 2019 11:01:17 +0000 Subject: [PATCH 30/87] Add X.509 CRT verification API using trusted CA callbacks --- include/mbedtls/x509_crt.h | 64 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index b3f27be93..2e3e6e9a1 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -501,6 +501,70 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx ); +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) +/** + * \brief The type of trusted certificate callbacks. + * + * Callbacks of this type are passed to and used by the CRT + * verification routine mbedtls_x509_crt_verify_with_cb() + * when looking for trusted signers of a given certificate. + * + * On success, the callback returns a list of trusted + * certificates to be considered as potential signers + * for the input certificate. + * + * \param p_ctx An opaque context passed to the callback. + * \param child The certificate for which to search a potential signer. + * This must point to a readable certificate. + * \param candidate_cas The address at which to store the address of the first + * entry in the generated linked list of candidate signers. + * This must not be \c NULL. + * + * \note The callback must only return a non-zero value on a + * fatal error. If, in contrast, the search for a potential + * signer completes without a single candidate, the + * callback must return \c 0 and get \c *candidate_cas + * to \c NULL. + * + * \return \c 0 on success. In this case, \c *candidate_cas points + * to a heap-allocated linked list of instances of + * ::mbedtls_x509_crt, and ownership of this list is passed + * to the caller. + * \return A negative error code on failure. + */ +typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx, + mbedtls_x509_crt const *child, + mbedtls_x509_crt **candidate_cas ); +/** + * \brief Version of \c mbedtls_x509_crt_verify_with_profile() which + * uses a callback to acquire the list of trusted CA + * certificates. + * + * \param crt The certificate chain to be verified. + * \param f_ca_cb The callback to be used to query for potential signers + * of a given child certificate. See the documentation of + * ::mbedtls_x509_crt_ca_cb_t for more information. + * \param p_ca_cb The opaque context to be passed to \p f_ca_cb. + * \param profile The security profile for the verification. + * \param cn The expected Common Name. This may be \c NULL if the + * CN need not be verified. + * \param flags The address at which to store the result of the verification. + * \param f_vrfy The verification callback to use. See the documentation + * of mbedtls_x509_crt_verify() for more information. + * \param p_vrfy The context to be passed to \p f_vrfy. + * + * \return See \c mbedtls_crt_verify_with_profile(). + */ +int mbedtls_x509_crt_verify_with_cb( mbedtls_x509_crt *crt, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy ); + +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) /** * \brief Check usage of certificate against keyUsage extension. From 902451db8bcac27b75b4ee200f62d77677ef9c0f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Mar 2019 11:48:40 +0000 Subject: [PATCH 31/87] Improve documentation of old X.509 CRT verification functions This commit applies the documentation improvements noticed and applied while adding the documentation for the new X.509 CRT verification API mbedtls_x509_crt_verify_with_cb() to the existing verification APIs. --- include/mbedtls/x509_crt.h | 94 +++++++++++++++++++++----------------- 1 file changed, 52 insertions(+), 42 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 2e3e6e9a1..64ee66e55 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -371,7 +371,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, uint32_t flags ); /** - * \brief Verify the certificate signature + * \brief Verify a chain of certificates. * * The verify callback is a user-supplied callback that * can clear / modify / add flags for a certificate. If set, @@ -411,22 +411,25 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * specific peers you know) - in that case, the self-signed * certificate doesn't need to have the CA bit set. * - * \param crt a certificate (chain) to be verified - * \param trust_ca the list of trusted CAs (see note above) - * \param ca_crl the list of CRLs for trusted CAs (see note above) - * \param cn expected Common Name (can be set to - * NULL if the CN must not be verified) - * \param flags result of the verification - * \param f_vrfy verification function - * \param p_vrfy verification parameter + * \param crt The certificate chain to be verified. + * \param trust_ca The list of trusted CAs. + * \param ca_crl The list of CRLs for trusted CAs. + * \param cn The expected Common Name. This may be \c NULL if the + * CN need not be verified. + * \param flags The address at which to store the result of the verification. + * \param f_vrfy The verification callback to use. See the documentation + * of mbedtls_x509_crt_verify() for more information. + * \param p_vrfy The context to be passed to \p f_vrfy. * - * \return 0 (and flags set to 0) if the chain was verified and valid, - * MBEDTLS_ERR_X509_CERT_VERIFY_FAILED if the chain was verified - * but found to be invalid, in which case *flags will have one - * or more MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX - * flags set, or another error (and flags set to 0xffffffff) - * in case of a fatal error encountered during the - * verification process. + * \return \c 0 if the chain is valid with respect to the + * passed CN, CAs, CRLs and security profile. + * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the + * certificate chain verification failed. In this case, + * \c *flags will have one or more + * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX + * flags set. + * \return Another negative error code in case of a fatal error + * encountered during the verification process. */ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, @@ -436,7 +439,8 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, void *p_vrfy ); /** - * \brief Verify the certificate signature according to profile + * \brief Verify a chain of certificates with respect to + * a configurable security profile. * * \note Same as \c mbedtls_x509_crt_verify(), but with explicit * security profile. @@ -445,22 +449,26 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, * for ECDSA) apply to all certificates: trusted root, * intermediate CAs if any, and end entity certificate. * - * \param crt a certificate (chain) to be verified - * \param trust_ca the list of trusted CAs - * \param ca_crl the list of CRLs for trusted CAs - * \param profile security profile for verification - * \param cn expected Common Name (can be set to - * NULL if the CN must not be verified) - * \param flags result of the verification - * \param f_vrfy verification function - * \param p_vrfy verification parameter + * \param crt The certificate chain to be verified. + * \param trust_ca The list of trusted CAs. + * \param ca_crl The list of CRLs for trusted CAs. + * \param profile The security profile to use for the verification. + * \param cn The expected Common Name. This may be \c NULL if the + * CN need not be verified. + * \param flags The address at which to store the result of the verification. + * \param f_vrfy The verification callback to use. See the documentation + * of mbedtls_x509_crt_verify() for more information. + * \param p_vrfy The context to be passed to \p f_vrfy. * - * \return 0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED - * in which case *flags will have one or more - * MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags - * set, - * or another error in case of a fatal error encountered - * during the verification process. + * \return \c 0 if the chain is valid with respect to the + * passed CN, CAs, CRLs and security profile. + * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the + * certificate chain verification failed. In this case, + * \c *flags will have one or more + * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX + * flags set. + * \return Another negative error code in case of a fatal error + * encountered during the verification process. */ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, @@ -477,16 +485,18 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, * but can return early and restart according to the limit * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. * - * \param crt a certificate (chain) to be verified - * \param trust_ca the list of trusted CAs - * \param ca_crl the list of CRLs for trusted CAs - * \param profile security profile for verification - * \param cn expected Common Name (can be set to - * NULL if the CN must not be verified) - * \param flags result of the verification - * \param f_vrfy verification function - * \param p_vrfy verification parameter - * \param rs_ctx restart context (NULL to disable restart) + * \param crt The certificate chain to be verified. + * \param trust_ca The list of trusted CAs. + * \param ca_crl The list of CRLs for trusted CAs. + * \param profile The security profile to use for the verification. + * \param cn The expected Common Name. This may be \c NULL if the + * CN need not be verified. + * \param flags The address at which to store the result of the verification. + * \param f_vrfy The verification callback to use. See the documentation + * of mbedtls_x509_crt_verify() for more information. + * \param p_vrfy The context to be passed to \p f_vrfy. + * \param rs_ctx The restart context to use. This may be set to \c NULL + * to disable restartable ECC. * * \return See \c mbedtls_crt_verify_with_profile(), or * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of From 8bf74f37dca6af98c3aa7e7a050fcec4fc8a9510 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Mar 2019 11:01:30 +0000 Subject: [PATCH 32/87] Add SSL configuration API for trusted CA callbacks --- include/mbedtls/ssl.h | 57 +++++++++++++++++++++++++++++++++++++++++++ library/ssl_srv.c | 5 ++++ 2 files changed, 62 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b793ac04b..d1ba608da 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2071,6 +2071,63 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl ); +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) +/** + * \brief Set the trusted certificate callback. + * + * This API allows to register the set of trusted certificates + * through a callback, instead of a linked list as configured + * by mbedtls_ssl_conf_ca_chain(). + * + * This is useful for example in contexts where a large number + * of CAs are used, and the inefficiency of maintaining them + * in a linked list cannot be tolerated. It is also useful when + * the set of trusted CAs needs to be modified frequently. + * + * See the documentation of `mbedtls_x509_crt_ca_cb_t` for + * more information. + * + * \param conf The SSL configuration to register the callback with. + * \param f_ca_cb The trusted certificate callback to use when verifying + * certificate chains. + * \param p_ca_cb The context to be passed to \p f_ca_cb (for example, + * a reference to a trusted CA database). + * + * \note This API is incompatible with mbedtls_ssl_conf_ca_chain(): + * Any call to this function overwrites the values set through + * earlier calls to mbedtls_ssl_conf_ca_chain() or + * mbedtls_ssl_conf_ca_cb(). + * + * \note This API is incompatible with CA indication in + * CertificateRequest messages: A server-side SSL context which + * is bound to an SSL configuration that uses a CA callback + * configured via mbedtls_ssl_conf_ca_cb(), and which requires + * client authentication, will send an empty CA list in the + * corresponding CertificateRequest message. + * + * \note This API is incompatible with mbedtls_ssl_set_hs_ca_chain(): + * If an SSL context is bound to an SSL configuration which uses + * CA callbacks configured via mbedtls_ssl_conf_ca_cb(), then + * calls to mbedtls_ssl_set_hs_ca_chain() have no effect. + * + * \note The use of this API disables the use of restartable ECC + * during X.509 CRT signature verification (but doesn't affect + * other uses). + * + * \warning This API is incompatible with the use of CRLs. Any call to + * mbedtls_ssl_conf_ca_cb() unsets CRLs configured through + * earlier calls to mbedtls_ssl_conf_ca_chain(). + * + * \warning In multi-threaded environments, the callback \p f_ca_cb + * must be thread-safe, and it is the user's responsibility + * to guaranteee this (for example through a mutex + * contained in the callback context pointed to by \p p_ca_cb). + */ +void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb ); +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + /** * \brief Set own certificate chain and private key * diff --git a/library/ssl_srv.c b/library/ssl_srv.c index c96908956..b8e10d6dc 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2818,6 +2818,11 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) if( ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED ) { + /* NOTE: If trusted certificates are provisioned + * via a CA callback (configured through + * `mbedtls_ssl_conf_ca_cb()`, then the + * CertificateRequest is currently left empty. */ + #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if( ssl->handshake->sni_ca_chain != NULL ) crt = ssl->handshake->sni_ca_chain; From 03cd120ce4f8d4d66b74e72bbef2e7c1689a4091 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Wed, 27 Mar 2019 15:45:04 +0200 Subject: [PATCH 33/87] Test for ca list callback --- tests/suites/test_suite_x509parse.function | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 4a826082b..6b93a5fe1 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -68,6 +68,25 @@ int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32 return 0; } +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) +int verify_cb( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **candidates) +{ + mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; + + mbedtls_x509_crt *first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + TEST_ASSERT( first != NULL); + TEST_ASSERT( mbedtls_x509_crt_init( first ) == 0 ); + TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + while( ca->next != NULL ) + { + ca = ca->next; + TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + } + *candidates = first; + return 0; +} +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) { int *levels = (int *) data; @@ -374,6 +393,14 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, TEST_ASSERT( res == ( result ) ); TEST_ASSERT( flags == (uint32_t)( flags_result ) ); +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + flags = 0; + + res = mbedtls_x509_crt_verify_with_cb( &crt, verify_cb, &ca, profile, cn_name, &flags, f_vrfy, NULL ); + + TEST_ASSERT( res == ( result ) ); + TEST_ASSERT( flags == (uint32_t)( flags_result ) ); +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ exit: mbedtls_x509_crt_free( &crt ); mbedtls_x509_crt_free( &ca ); From 912ed3399191860991d154a8a1dcef5163eb125d Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Wed, 27 Mar 2019 15:57:15 +0200 Subject: [PATCH 34/87] Change callback name to ca_callback --- tests/suites/test_suite_x509parse.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 6b93a5fe1..f62b0a641 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -69,7 +69,7 @@ int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32 } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -int verify_cb( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **candidates) +int ca_callback( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **candidates) { mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; @@ -396,7 +396,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) flags = 0; - res = mbedtls_x509_crt_verify_with_cb( &crt, verify_cb, &ca, profile, cn_name, &flags, f_vrfy, NULL ); + res = mbedtls_x509_crt_verify_with_cb( &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL ); TEST_ASSERT( res == ( result ) ); TEST_ASSERT( flags == (uint32_t)( flags_result ) ); From 557426ad770fdbeaac8a622baaf27d120235d544 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Wed, 27 Mar 2019 17:08:29 +0200 Subject: [PATCH 35/87] Add a failure testcase for ca callback --- tests/suites/test_suite_x509parse.data | 4 +++ tests/suites/test_suite_x509parse.function | 36 ++++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 042d653b5..38a75daf1 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -827,6 +827,10 @@ X509 Certificate verification #97 (next profile Valid Cert SHA256 Digest) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" +X509 Certificate verification with ca callback: failure +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +x509_verify_ca_cb_failure:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" + X509 Certificate verification callback: bad name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f62b0a641..d7745a901 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -69,6 +69,15 @@ int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32 } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) +int ca_callback_fail( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **candidates) +{ + ((void) data); + ((void) child); + ((void) candidates); + + return -1; +} + int ca_callback( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **candidates) { mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; @@ -408,6 +417,33 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ +void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name, + int exp_ret, char *exp_vrfy_out ) +{ + int ret; + mbedtls_x509_crt crt; + mbedtls_x509_crt ca; + uint32_t flags = 0; + + mbedtls_x509_crt_init( &crt ); + mbedtls_x509_crt_init( &ca ); + + TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); + TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); + + if( strcmp( name, "NULL" ) == 0 ) + name = NULL; + + ret = mbedtls_x509_crt_verify_with_cb( &crt, ca_callback_fail, &ca, &compat_profile, name, &flags, verify_all, NULL ); + + TEST_ASSERT( ret == exp_ret ); +exit: + mbedtls_x509_crt_free( &crt ); + mbedtls_x509_crt_free( &ca ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ void x509_verify_callback( char *crt_file, char *ca_file, char *name, int exp_ret, char *exp_vrfy_out ) From 1b4a2bad7ab78f45f951f1129769a9c25ac0b8b8 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Wed, 27 Mar 2019 17:55:27 +0200 Subject: [PATCH 36/87] Add possibility to use ca_callbacks in ssl programs --- programs/ssl/ssl_client2.c | 46 +++++++++++++++++++++++++++++++++++++- programs/ssl/ssl_server2.c | 46 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 89 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f7e24598d..2e297e362 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -122,6 +122,8 @@ int main( void ) #define DFL_FALLBACK -1 #define DFL_EXTENDED_MS -1 #define DFL_ETM -1 +#define DFL_CA_CALLBACK 0 + #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST_END "\r\n\r\n" @@ -169,6 +171,13 @@ int main( void ) #else #define USAGE_PSK_SLOT "" #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) +#define USAGE_CA_CALLBACK \ + " ca_callback=%%d default: 0 (disabled)\n" \ + " Enable this to use the trusted certificate callback function\n" +#else +#define USAGE_CA_CALLBACK "" +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -312,6 +321,7 @@ int main( void ) " options: none, optional, required\n" \ USAGE_IO \ USAGE_KEY_OPAQUE \ + USAGE_CA_CALLBACK \ "\n" \ USAGE_PSK \ USAGE_ECJPAKE \ @@ -385,6 +395,9 @@ struct options int key_opaque; /* handle private key as if it were opaque */ #if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; +#endif +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + int use_ca_callback /* Use a callback for a trusted certificate list */ #endif const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ @@ -439,6 +452,25 @@ static void my_debug( void *ctx, int level, fflush( (FILE *) ctx ); } +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) +int ca_callback( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **candidates) +{ + mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; + + mbedtls_x509_crt *first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + TEST_ASSERT( first != NULL); + TEST_ASSERT( mbedtls_x509_crt_init( first ) == 0 ); + TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + while( ca->next != NULL ) + { + ca = ca->next; + TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + } + *candidates = first; + return 0; +} +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + /* * Test recv/send functions that make sure each try returns * WANT_READ/WANT_WRITE at least once before sucesseding @@ -697,6 +729,9 @@ int main( int argc, char *argv[] ) opt.psk = DFL_PSK; #if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; +#endif +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.ecjpake_pw = DFL_ECJPAKE_PW; @@ -805,6 +840,10 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_USE_PSA_CRYPTO) else if( strcmp( p, "psk_opaque" ) == 0 ) opt.psk_opaque = atoi( q ); +#endif +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + else if( strcmp( p, "ca_callback" ) == 0) + opt.ca_callback = atoi( q ); #endif else if( strcmp( p, "psk_identity" ) == 0 ) opt.psk_identity = q; @@ -1600,7 +1639,12 @@ int main( int argc, char *argv[] ) if( strcmp( opt.ca_path, "none" ) != 0 && strcmp( opt.ca_file, "none" ) != 0 ) { - mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + if( opt.ca_callback != 0 ) + mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert); + else +#endif + mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); } if( strcmp( opt.crt_file, "none" ) != 0 && strcmp( opt.key_file, "none" ) != 0 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 7858db305..887fe4e96 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -166,6 +166,7 @@ int main( void ) #define DFL_DGRAM_PACKING 1 #define DFL_EXTENDED_MS -1 #define DFL_ETM -1 +#define DFL_CA_CALLBACK 0 #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -264,7 +265,13 @@ int main( void ) #else #define USAGE_PSK "" #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ - +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) +#define USAGE_CA_CALLBACK \ + " ca_callback=%%d default: 0 (disabled)\n" \ + " Enable this to use the trusted certificate callback function\n" +#else +#define USAGE_CA_CALLBACK "" +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) #define USAGE_TICKETS \ " tickets=%%d default: 1 (enabled)\n" \ @@ -420,6 +427,7 @@ int main( void ) USAGE_SNI \ "\n" \ USAGE_PSK \ + USAGE_CA_CALLBACK \ USAGE_ECJPAKE \ "\n" \ " allow_legacy=%%d default: (library default: no)\n" \ @@ -506,6 +514,9 @@ struct options #if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; int psk_list_opaque; +#endif +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + int use_ca_callback /* Use a callback for a trusted certificate list */ #endif const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ @@ -564,6 +575,25 @@ static void my_debug( void *ctx, int level, fflush( (FILE *) ctx ); } +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) +int ca_callback( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **candidates) +{ + mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; + + mbedtls_x509_crt *first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + TEST_ASSERT( first != NULL); + TEST_ASSERT( mbedtls_x509_crt_init( first ) == 0 ); + TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + while( ca->next != NULL ) + { + ca = ca->next; + TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + } + *candidates = first; + return 0; +} +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + /* * Test recv/send functions that make sure each try returns * WANT_READ/WANT_WRITE at least once before sucesseding @@ -1457,6 +1487,9 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE; +#endif +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_list = DFL_PSK_LIST; @@ -1591,6 +1624,10 @@ int main( int argc, char *argv[] ) opt.psk_opaque = atoi( q ); else if( strcmp( p, "psk_list_opaque" ) == 0 ) opt.psk_list_opaque = atoi( q ); +#endif +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + else if( strcmp( p, "ca_callback" ) == 0) + opt.ca_callback = atoi( q ); #endif else if( strcmp( p, "psk_identity" ) == 0 ) opt.psk_identity = q; @@ -2570,7 +2607,12 @@ int main( int argc, char *argv[] ) if( strcmp( opt.ca_path, "none" ) != 0 && strcmp( opt.ca_file, "none" ) != 0 ) { - mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + if( opt.ca_callback != 0 ) + mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert); + else +#endif + mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); } if( key_cert_init ) { From 5adaad98467ef7becfcf3333412640b564f5d3e2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Mar 2019 16:54:37 +0000 Subject: [PATCH 37/87] Add X.509 CA callback to SSL configuration and implement setter API --- include/mbedtls/ssl.h | 4 ++++ library/ssl_tls.c | 22 ++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d1ba608da..aabbb83cd 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -928,6 +928,10 @@ struct mbedtls_ssl_config mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */ mbedtls_x509_crt *ca_chain; /*!< trusted CAs */ mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */ +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + mbedtls_x509_crt_ca_cb_t f_ca_cb; + void *p_ca_cb; +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 660d548e4..01f5dccea 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7875,7 +7875,29 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, { conf->ca_chain = ca_chain; conf->ca_crl = ca_crl; + +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb() + * cannot be used together. */ + conf->f_ca_cb = NULL; + conf->p_ca_cb = NULL; +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ } + +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) +void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, + mbedtls_x509_ca_cb_t f_ca_cb, + void *p_ca_cb ) +{ + conf->f_ca_cb = f_ca_cb; + conf->p_ca_cb = p_ca_cb; + + /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb() + * cannot be used together. */ + conf->ca_chain = NULL; + conf->ca_crl = NULL; +} +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) From afd0b0a1a7165b78e21a864754eafbd70c98d0c0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Mar 2019 16:55:01 +0000 Subject: [PATCH 38/87] Make use of CA callback if present when verifying peer CRT chain --- library/ssl_tls.c | 73 +++++++++++++++++++++++++++++++---------------- 1 file changed, 49 insertions(+), 24 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 01f5dccea..3064b5249 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6035,35 +6035,60 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, int ret = 0; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; - mbedtls_x509_crt *ca_chain; - mbedtls_x509_crl *ca_crl; + int have_ca_chain = 0; if( authmode == MBEDTLS_SSL_VERIFY_NONE ) return( 0 ); -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ssl->handshake->sni_ca_chain != NULL ) - { - ca_chain = ssl->handshake->sni_ca_chain; - ca_crl = ssl->handshake->sni_ca_crl; - } - else -#endif - { - ca_chain = ssl->conf->ca_chain; - ca_crl = ssl->conf->ca_crl; - } - /* * Main check: verify certificate */ - ret = mbedtls_x509_crt_verify_restartable( - chain, - ca_chain, ca_crl, - ssl->conf->cert_profile, - ssl->hostname, - &ssl->session_negotiate->verify_result, - ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx ); +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + if( ssl->conf->f_ca_cb != NULL ) + { + ((void) rs_ctx); + have_ca_chain = 1; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "use CA callback for X.509 CRT verification" ) ); + ret = mbedtls_x509_crt_verify_with_cb( + chain, + ssl->conf->f_ca_cb, + ssl->conf->p_ca_cb, + ssl->conf->cert_profile, + ssl->hostname, + &ssl->session_negotiate->verify_result, + ssl->conf->f_vrfy, ssl->conf->p_vrfy ); + } + else +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + { + mbedtls_x509_crt *ca_chain; + mbedtls_x509_crl *ca_crl; + +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + if( ssl->handshake->sni_ca_chain != NULL ) + { + ca_chain = ssl->handshake->sni_ca_chain; + ca_crl = ssl->handshake->sni_ca_crl; + } + else +#endif + { + ca_chain = ssl->conf->ca_chain; + ca_crl = ssl->conf->ca_crl; + } + + if( ca_chain != NULL ) + have_ca_chain = 1; + + ret = mbedtls_x509_crt_verify_restartable( + chain, + ca_chain, ca_crl, + ssl->conf->cert_profile, + ssl->hostname, + &ssl->session_negotiate->verify_result, + ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx ); + } if( ret != 0 ) { @@ -6119,7 +6144,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, ret = 0; } - if( ca_chain == NULL && authmode == MBEDTLS_SSL_VERIFY_REQUIRED ) + if( have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; @@ -7886,7 +7911,7 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, - mbedtls_x509_ca_cb_t f_ca_cb, + mbedtls_x509_crt_ca_cb_t f_ca_cb, void *p_ca_cb ) { conf->f_ca_cb = f_ca_cb; From 3116fb362c72490b3e3427b0535c7bb25d4ea89a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Mar 2019 13:34:42 +0000 Subject: [PATCH 39/87] Add prototype for CRT verification with static and dynamic CA list So far, there were the following CRT verification functions: - `mbedtls_x509_crt_verify()` -- no profile, no restartable ECC - `mbedtls_x509_crt_verify_with_profile()` -- profile, no restartable ECC - `mbedtls_x509_crt_verify_restartable()` -- profile, restartable ECC all publicly declared and offering increasing functionality. On the implementation-side, - `mbedtls_x509_crt_verify()` resolves to a call to `mbedtls_x509_crt_verify_with_profile()` setting the profile to `NULL`, and - `mbedtls_x509_crt_verify_with_profile()` resolves to a call to ``mbedtls_x509_crt_verify_restartable()` setting the ECC restart context to NULL. This commit adds two more functions to this zoo: - `mbedtls_x509_crt_verify_with_cb()` - `x509_crt_verify_restartable_cb()` Here, `mbedtls_x509_crt_verify_with_cb()` is similar to `mbedtls_x509_crt_verify_with_profile()` but uses a CA callback instead of a static CA list, and no restart context. `x509_crt_verify_restartable_cb()` is similar to `mbedtls_x509_crt_verify_restartable()` but allows to either use a static list of trusted CAs _or_ a trusted CA callback. On the implementation-side, - the body of `mbedtls_x509_crt_verify_restartable()` is moved to `x509_crt_verify_restartable_cb()`, and the new version of `mbedtls_x509_crt_verify_restartable()` just resolves to `x509_crt_verify_restartable_cb()` with the trusted CA callback set to NULL. - The new function `mbedtls_x509_crt_verify_with_cb()` forward to `x509_crt_verify_restartable_cb()` with the restart context set to `NULL`. There's no change to the implementation yet, and in particular, `mbedtls_x509_crt_verify_with_cb()` isn't yet usable. --- library/x509_crt.c | 117 ++++++++++++++++++++++++++++++++------------- 1 file changed, 85 insertions(+), 32 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5d82816f2..1e6cb8ec6 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2309,6 +2309,8 @@ static int x509_crt_verify_chain( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, const mbedtls_x509_crt_profile *profile, mbedtls_x509_crt_verify_chain *ver_chain, mbedtls_x509_crt_restart_ctx *rs_ctx ) @@ -2539,36 +2541,6 @@ static int x509_crt_merge_flags_with_cb( return( 0 ); } -/* - * Verify the certificate validity (default profile, not restartable) - */ -int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) -{ - return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl, - &mbedtls_x509_crt_profile_default, cn, flags, - f_vrfy, p_vrfy, NULL ) ); -} - -/* - * Verify the certificate validity (user-chosen profile, not restartable) - */ -int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) -{ - return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl, - profile, cn, flags, f_vrfy, p_vrfy, NULL ) ); -} - /* * Verify the certificate validity, with profile, restartable version * @@ -2578,10 +2550,19 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, * as that isn't done as part of chain building/verification currently * - builds and verifies the chain * - then calls the callback and merges the flags + * + * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb` + * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the + * verification routine to search for trusted signers, and CRLs will + * be disabled. Otherwise, `trust_ca` will be used as the static list + * of trusted signers, and `ca_crl` will be use as the static list + * of CRLs. */ -int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, +static int mbedtls_x509_crt_verify_restartable_cb( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), @@ -2617,7 +2598,8 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; /* Check the chain */ - ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, + ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, + f_ca_cb, p_ca_cb, profile, &ver_chain, rs_ctx ); if( ret != 0 ) @@ -2653,6 +2635,77 @@ exit: return( 0 ); } + +/* + * Verify the certificate validity (default profile, not restartable) + */ +int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy ) +{ + return( mbedtls_x509_crt_verify_restartable_cb( crt, trust_ca, ca_crl, + NULL, NULL, + &mbedtls_x509_crt_profile_default, + cn, flags, + f_vrfy, p_vrfy, NULL ) ); +} + +/* + * Verify the certificate validity (user-chosen profile, not restartable) + */ +int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy ) +{ + return( mbedtls_x509_crt_verify_restartable_cb( crt, trust_ca, ca_crl, + NULL, NULL, + profile, cn, flags, + f_vrfy, p_vrfy, NULL ) ); +} + +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) +/* + * Verify the certificate validity (user-chosen profile, CA callback, + * not restartable). + */ +int mbedtls_x509_crt_verify_with_cb( mbedtls_x509_crt *crt, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy ) +{ + return( mbedtls_x509_crt_verify_restartable_cb( crt, NULL, NULL, + f_ca_cb, p_ca_cb, + profile, cn, flags, + f_vrfy, p_vrfy, NULL ) ); +} +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + +int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy, + mbedtls_x509_crt_restart_ctx *rs_ctx ) +{ + return( mbedtls_x509_crt_verify_restartable_cb( crt, trust_ca, ca_crl, + NULL, NULL, + profile, cn, flags, + f_vrfy, p_vrfy, rs_ctx ) ); +} + + /* * Initialize a certificate chain */ From f53893b00ca418f51639ef5f9d99ccade3a5fcd3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Mar 2019 13:45:55 +0000 Subject: [PATCH 40/87] Implement X.509 CRT verification using CA callback --- include/mbedtls/x509_crt.h | 8 ++++++++ library/x509_crt.c | 38 +++++++++++++++++++++++++++++++++++++- 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 64ee66e55..c38ddc77f 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -166,6 +166,14 @@ typedef struct { mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; unsigned len; + +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + /* This stores the list of potential trusted signers obtained from + * the CA callback used for the CRT verification, if configured. + * We must track it somewhere because the callback passes its + * ownership to the caller. */ + mbedtls_x509_crt *trust_ca_cb_result; +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ } mbedtls_x509_crt_verify_chain; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/library/x509_crt.c b/library/x509_crt.c index 1e6cb8ec6..b74ebffa2 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -377,6 +377,10 @@ static void x509_crt_verify_chain_reset( } ver_chain->len = 0; + +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + ver_chain->trust_ca_cb_result = NULL; +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ } /* @@ -2326,6 +2330,7 @@ static int x509_crt_verify_chain( int child_is_trusted; int signature_is_good; unsigned self_cnt; + mbedtls_x509_crt *cur_trust_ca = NULL; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* resume if we had an operation in progress */ @@ -2385,8 +2390,32 @@ static int x509_crt_verify_chain( #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) find_parent: #endif + + /* Obtain list of potential trusted signers from CA callback, + * or use statically provided list. */ +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + if( f_ca_cb != NULL ) + { + mbedtls_x509_crt_free( ver_chain->trust_ca_cb_result ); + mbedtls_free( ver_chain->trust_ca_cb_result ); + ver_chain->trust_ca_cb_result = NULL; + + ret = f_ca_cb( p_ca_cb, child, &ver_chain->trust_ca_cb_result ); + if( ret != 0 ) + return( MBEDTLS_ERR_X509_FATAL_ERROR ); + + cur_trust_ca = ver_chain->trust_ca_cb_result; + } + else +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + { + ((void) f_ca_cb); + ((void) p_ca_cb); + cur_trust_ca = trust_ca; + } + /* Look for a parent in trusted CAs or up the chain */ - ret = x509_crt_find_parent( child, trust_ca, &parent, + ret = x509_crt_find_parent( child, cur_trust_ca, &parent, &parent_is_trusted, &signature_is_good, ver_chain->len - 1, self_cnt, rs_ctx ); @@ -2612,6 +2641,13 @@ static int mbedtls_x509_crt_verify_restartable_cb( mbedtls_x509_crt *crt, ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); exit: + +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + mbedtls_x509_crt_free( ver_chain.trust_ca_cb_result ); + mbedtls_free( ver_chain.trust_ca_cb_result ); + ver_chain.trust_ca_cb_result = NULL; +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) mbedtls_x509_crt_restart_free( rs_ctx ); From e15dae7fcf15ec3a09fd12fd651f07fb7e071ea9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Mar 2019 13:55:38 +0000 Subject: [PATCH 41/87] Declare CA callback type even if feature is disabled --- include/mbedtls/x509_crt.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index c38ddc77f..800e64ba8 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -519,7 +519,6 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx ); -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) /** * \brief The type of trusted certificate callbacks. * @@ -553,6 +552,8 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidate_cas ); + +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) /** * \brief Version of \c mbedtls_x509_crt_verify_with_profile() which * uses a callback to acquire the list of trusted CA From cbb590369c554c294b885c52b8a57774d810a1d9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Mar 2019 14:14:22 +0000 Subject: [PATCH 42/87] Minor fixes to CA callback tests --- programs/ssl/ssl_client2.c | 57 ++++++++++++++++---- programs/ssl/ssl_server2.c | 55 +++++++++++++++---- tests/suites/test_suite_x509parse.data | 2 +- tests/suites/test_suite_x509parse.function | 63 +++++++++++++++++----- 4 files changed, 145 insertions(+), 32 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 2e297e362..0540c6589 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -397,7 +397,7 @@ struct options int psk_opaque; #endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - int use_ca_callback /* Use a callback for a trusted certificate list */ + int ca_callback; /* Use callback for trusted certificate list */ #endif const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ @@ -453,21 +453,58 @@ static void my_debug( void *ctx, int level, } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -int ca_callback( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **candidates) +int ca_callback( void *data, mbedtls_x509_crt const *child, + mbedtls_x509_crt **candidates) { + int ret = 0; mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; - - mbedtls_x509_crt *first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); - TEST_ASSERT( first != NULL); - TEST_ASSERT( mbedtls_x509_crt_init( first ) == 0 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + mbedtls_x509_crt *first; + + /* This is a test-only implementation of the CA callback + * which always returns the entire list of trusted certificates. + * Production implementations managing a large number of CAs + * should use an efficient presentation and lookup for the + * set of trusted certificates (such as a hashtable) and only + * return those trusted certificates which satisfy basic + * parental checks, such as the matching of child `Issuer` + * and parent `Subject` field. */ + ((void) child); + + first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + if( first == NULL ) + { + ret = -1; + goto exit; + } + mbedtls_x509_crt_init( first ); + + if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) + { + ret = -1; + goto exit; + } + while( ca->next != NULL ) { ca = ca->next; - TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) + { + ret = -1; + goto exit; + } } + +exit: + + if( ret != 0 ) + { + mbedtls_x509_crt_free( first ); + mbedtls_free( first ); + first = NULL; + } + *candidates = first; - return 0; + return( ret ); } #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ @@ -1641,7 +1678,7 @@ int main( int argc, char *argv[] ) { #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) if( opt.ca_callback != 0 ) - mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert); + mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert ); else #endif mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 887fe4e96..476a6728a 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -516,7 +516,7 @@ struct options int psk_list_opaque; #endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - int use_ca_callback /* Use a callback for a trusted certificate list */ + int ca_callback; /* Use callback for trusted certificate list */ #endif const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ @@ -576,21 +576,58 @@ static void my_debug( void *ctx, int level, } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -int ca_callback( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **candidates) +int ca_callback( void *data, mbedtls_x509_crt const *child, + mbedtls_x509_crt **candidates) { + int ret = 0; mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; - - mbedtls_x509_crt *first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); - TEST_ASSERT( first != NULL); - TEST_ASSERT( mbedtls_x509_crt_init( first ) == 0 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + mbedtls_x509_crt *first; + + /* This is a test-only implementation of the CA callback + * which always returns the entire list of trusted certificates. + * Production implementations managing a large number of CAs + * should use an efficient presentation and lookup for the + * set of trusted certificates (such as a hashtable) and only + * return those trusted certificates which satisfy basic + * parental checks, such as the matching of child `Issuer` + * and parent `Subject` field. */ + ((void) child); + + first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + if( first == NULL ) + { + ret = -1; + goto exit; + } + mbedtls_x509_crt_init( first ); + + if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) + { + ret = -1; + goto exit; + } + while( ca->next != NULL ) { ca = ca->next; - TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) + { + ret = -1; + goto exit; + } } + +exit: + + if( ret != 0 ) + { + mbedtls_x509_crt_free( first ); + mbedtls_free( first ); + first = NULL; + } + *candidates = first; - return 0; + return( ret ); } #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 38a75daf1..edd3a6fc5 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -829,7 +829,7 @@ x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/cr X509 Certificate verification with ca callback: failure depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -x509_verify_ca_cb_failure:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" +x509_verify_ca_cb_failure:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_FATAL_ERROR X509 Certificate verification callback: bad name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index d7745a901..e90ddc41d 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -69,7 +69,7 @@ int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32 } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -int ca_callback_fail( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **candidates) +int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) { ((void) data); ((void) child); @@ -78,21 +78,58 @@ int ca_callback_fail( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **ca return -1; } -int ca_callback( void *data, mbedtls_x509_crt *child, mbedtls_x509_crt **candidates) +int ca_callback( void *data, mbedtls_x509_crt const *child, + mbedtls_x509_crt **candidates) { + int ret = 0; mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; - - mbedtls_x509_crt *first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); - TEST_ASSERT( first != NULL); - TEST_ASSERT( mbedtls_x509_crt_init( first ) == 0 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + mbedtls_x509_crt *first; + + /* This is a test-only implementation of the CA callback + * which always returns the entire list of trusted certificates. + * Production implementations managing a large number of CAs + * should use an efficient presentation and lookup for the + * set of trusted certificates (such as a hashtable) and only + * return those trusted certificates which satisfy basic + * parental checks, such as the matching of child `Issuer` + * and parent `Subject` field. */ + ((void) child); + + first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + if( first == NULL ) + { + ret = -1; + goto exit; + } + mbedtls_x509_crt_init( first ); + + if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) + { + ret = -1; + goto exit; + } + while( ca->next != NULL ) { ca = ca->next; - TEST_ASSERT( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) == 0); + if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) + { + ret = -1; + goto exit; + } } + +exit: + + if( ret != 0 ) + { + mbedtls_x509_crt_free( first ); + mbedtls_free( first ); + first = NULL; + } + *candidates = first; - return 0; + return( ret ); } #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ @@ -419,7 +456,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name, - int exp_ret, char *exp_vrfy_out ) + int exp_ret ) { int ret; mbedtls_x509_crt crt; @@ -434,8 +471,10 @@ void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name, if( strcmp( name, "NULL" ) == 0 ) name = NULL; - - ret = mbedtls_x509_crt_verify_with_cb( &crt, ca_callback_fail, &ca, &compat_profile, name, &flags, verify_all, NULL ); + + ret = mbedtls_x509_crt_verify_with_cb( &crt, ca_callback_fail, &ca, + &compat_profile, name, &flags, + verify_all, NULL ); TEST_ASSERT( ret == exp_ret ); exit: From 0350d562862e0ffe3a3869140693ca6111d4e1e6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Mar 2019 14:23:36 +0000 Subject: [PATCH 43/87] Only run X.509 CRT verification tests with CA callback tests if !CRL --- tests/suites/test_suite_x509parse.function | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index e90ddc41d..1d9218adf 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -440,12 +440,17 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, TEST_ASSERT( flags == (uint32_t)( flags_result ) ); #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - flags = 0; + /* CRLs aren't supported with CA callbacks, so skip the CA callback + * version of the test of CRLs are in use. */ + if( crl_file == NULL || strcmp( crl_file, "" ) == 0 ) + { + flags = 0; - res = mbedtls_x509_crt_verify_with_cb( &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL ); + res = mbedtls_x509_crt_verify_with_cb( &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL ); - TEST_ASSERT( res == ( result ) ); - TEST_ASSERT( flags == (uint32_t)( flags_result ) ); + TEST_ASSERT( res == ( result ) ); + TEST_ASSERT( flags == (uint32_t)( flags_result ) ); + } #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ exit: mbedtls_x509_crt_free( &crt ); From 746aaf3f387679a4b371578ad11777a97812cc3c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Mar 2019 15:25:23 +0000 Subject: [PATCH 44/87] Add ssl-opt.sh tests for trusted CA callbacks --- tests/ssl-opt.sh | 228 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 228 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 45b2c4e96..6f967da40 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -941,6 +941,33 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "CA callback on client" \ + "$P_SRV debug_level=3" \ + "$P_CLI ca_callback=1 debug_level=3 " \ + 0 \ + -c "use CA callback for X.509 CRT verification"\ + -s "Protocol is TLSv1.2" \ + -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ + -s "client hello v3, signature_algorithm ext: 6" \ + -s "ECDHE curve: secp521r1" \ + -S "error" \ + -C "error" + +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SHA256_C +run_test "CA callback on server" \ + "$P_SRV auth_mode=required" \ + "$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \ + key_file=data_files/server5.key" \ + 0 \ + -c "use CA callback for X.509 CRT verification"\ + -s "Verifying peer X.509 certificate... ok" \ + -S "error" \ + -C "error" + # Test using an opaque private key for client authentication requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C @@ -2954,6 +2981,207 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig -c "! mbedtls_ssl_handshake returned" \ -s "X509 - Certificate verification failed" +# Tests for auth_mode, using CA callback + +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: server badcert, client required" \ + "$P_SRV crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \ + 1 \ + -c "use CA callback for X.509 CRT verification"\ + -c "x509_verify_cert() returned" \ + -c "! The certificate is not correctly signed by the trusted CA" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: server badcert, client optional" \ + "$P_SRV crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \ + 0 \ + -c "use CA callback for X.509 CRT verification"\ + -c "x509_verify_cert() returned" \ + -c "! The certificate is not correctly signed by the trusted CA" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + +# The purpose of the next two tests is to test the client's behaviour when receiving a server +# certificate with an unsupported elliptic curve. This should usually not happen because +# the client informs the server about the supported curves - it does, though, in the +# corner case of a static ECDH suite, because the server doesn't check the curve on that +# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a +# different means to have the server ignoring the client's supported curve list. + +requires_config_enabled MBEDTLS_ECP_C +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ + "$P_SRV debug_level=1 key_file=data_files/server5.key \ + crt_file=data_files/server5.ku-ka.crt" \ + "$P_CLI ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \ + 1 \ + -c "use CA callback for X.509 CRT verification"\ + -c "bad certificate (EC key curve)"\ + -c "! Certificate verification flags"\ + -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage + +requires_config_enabled MBEDTLS_ECP_C +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ + "$P_SRV debug_level=1 key_file=data_files/server5.key \ + crt_file=data_files/server5.ku-ka.crt" \ + "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \ + 1 \ + -c "use CA callback for X.509 CRT verification"\ + -c "bad certificate (EC key curve)"\ + -c "! Certificate verification flags"\ + -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check + +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: client SHA256, server required" \ + "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ + "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ + key_file=data_files/server6.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ + 0 \ + -s "use CA callback for X.509 CRT verification"\ + -c "Supported Signature Algorithm found: 4," \ + -c "Supported Signature Algorithm found: 5," + +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: client SHA384, server required" \ + "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ + "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ + key_file=data_files/server6.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ + 0 \ + -s "use CA callback for X.509 CRT verification"\ + -c "Supported Signature Algorithm found: 4," \ + -c "Supported Signature Algorithm found: 5," + +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: client badcert, server required" \ + "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ + "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + 1 \ + -s "use CA callback for X.509 CRT verification"\ + -S "skip write certificate request" \ + -C "skip parse certificate request" \ + -c "got a certificate request" \ + -C "skip write certificate" \ + -C "skip write certificate verify" \ + -S "skip parse certificate verify" \ + -s "x509_verify_cert() returned" \ + -s "! The certificate is not correctly signed by the trusted CA" \ + -s "! mbedtls_ssl_handshake returned" \ + -s "send alert level=2 message=48" \ + -c "! mbedtls_ssl_handshake returned" \ + -s "X509 - Certificate verification failed" +# We don't check that the client receives the alert because it might +# detect that its write end of the connection is closed and abort +# before reading the alert message. + +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: client cert not trusted, server required" \ + "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ + "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ + key_file=data_files/server5.key" \ + 1 \ + -s "use CA callback for X.509 CRT verification"\ + -S "skip write certificate request" \ + -C "skip parse certificate request" \ + -c "got a certificate request" \ + -C "skip write certificate" \ + -C "skip write certificate verify" \ + -S "skip parse certificate verify" \ + -s "x509_verify_cert() returned" \ + -s "! The certificate is not correctly signed by the trusted CA" \ + -s "! mbedtls_ssl_handshake returned" \ + -c "! mbedtls_ssl_handshake returned" \ + -s "X509 - Certificate verification failed" + +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: client badcert, server optional" \ + "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ + "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + 0 \ + -s "use CA callback for X.509 CRT verification"\ + -S "skip write certificate request" \ + -C "skip parse certificate request" \ + -c "got a certificate request" \ + -C "skip write certificate" \ + -C "skip write certificate verify" \ + -S "skip parse certificate verify" \ + -s "x509_verify_cert() returned" \ + -s "! The certificate is not correctly signed by the trusted CA" \ + -S "! mbedtls_ssl_handshake returned" \ + -C "! mbedtls_ssl_handshake returned" \ + -S "X509 - Certificate verification failed" + +requires_full_size_output_buffer +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: server max_int chain, client default" \ + "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ + key_file=data_files/dir-maxpath/09.key" \ + "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ + 0 \ + -c "use CA callback for X.509 CRT verification"\ + -C "X509 - A fatal error occurred" + +requires_full_size_output_buffer +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: server max_int+1 chain, client default" \ + "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ + key_file=data_files/dir-maxpath/10.key" \ + "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ + 1 \ + -c "use CA callback for X.509 CRT verification"\ + -c "X509 - A fatal error occurred" + +requires_full_size_output_buffer +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ + "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ + key_file=data_files/dir-maxpath/10.key" \ + "$P_CLI ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ + debug_level=3 auth_mode=optional" \ + 1 \ + -c "use CA callback for X.509 CRT verification"\ + -c "X509 - A fatal error occurred" + +requires_full_size_output_buffer +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ + "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ + "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ + key_file=data_files/dir-maxpath/10.key" \ + 1 \ + -s "use CA callback for X.509 CRT verification"\ + -s "X509 - A fatal error occurred" + +requires_full_size_output_buffer +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: client max_int+1 chain, server required" \ + "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ + "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ + key_file=data_files/dir-maxpath/10.key" \ + 1 \ + -s "use CA callback for X.509 CRT verification"\ + -s "X509 - A fatal error occurred" + +requires_full_size_output_buffer +requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +run_test "Authentication, CA callback: client max_int chain, server required" \ + "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ + "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ + key_file=data_files/dir-maxpath/09.key" \ + 0 \ + -s "use CA callback for X.509 CRT verification"\ + -S "X509 - A fatal error occurred" + # Tests for certificate selection based on SHA verson run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ From fa738d148d0af73d6af32c7f7ca792774544a74d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Mar 2019 17:06:04 +0000 Subject: [PATCH 45/87] Update query_config.c --- programs/ssl/query_config.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index f2f7b46d6..5e00a013f 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1490,6 +1490,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */ +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + if( strcmp( "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK ); + return( 0 ); + } +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) if( strcmp( "MBEDTLS_X509_CHECK_KEY_USAGE", config ) == 0 ) { From 3f932bbc5ddba8f2869c2f3760867db0e25a2d7f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Mar 2019 17:06:47 +0000 Subject: [PATCH 46/87] Remove trailing whitespace in test_suite_x509parse.function --- tests/suites/test_suite_x509parse.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 1d9218adf..b08949ad4 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -467,7 +467,7 @@ void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name, mbedtls_x509_crt crt; mbedtls_x509_crt ca; uint32_t flags = 0; - + mbedtls_x509_crt_init( &crt ); mbedtls_x509_crt_init( &ca ); From fed5d9d1e9b30a25050a3cedf4b1b132d3edfc10 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Mar 2019 17:07:12 +0000 Subject: [PATCH 47/87] Update version_features.c --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index 161788ca7..af3eb6ce5 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -543,6 +543,9 @@ static const char *features[] = { #if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) "MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION", #endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */ +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK", +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) "MBEDTLS_X509_CHECK_KEY_USAGE", #endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ From 1bac87c5dcecf99072f8b046d20378854ec8322c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Mar 2019 12:02:26 +0000 Subject: [PATCH 48/87] Correct placement of usage macro in ssl_client2 --- programs/ssl/ssl_client2.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 0540c6589..2e99e964c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -171,6 +171,11 @@ int main( void ) #else #define USAGE_PSK_SLOT "" #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT +#else +#define USAGE_PSK "" +#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ + #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #define USAGE_CA_CALLBACK \ " ca_callback=%%d default: 0 (disabled)\n" \ @@ -178,10 +183,6 @@ int main( void ) #else #define USAGE_CA_CALLBACK "" #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT -#else -#define USAGE_PSK "" -#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) #define USAGE_TICKETS \ From d6d100beb742226dc337ab0b793a581ccc86c7e0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sat, 30 Mar 2019 06:27:43 +0000 Subject: [PATCH 49/87] Fix ssl_client2 and ssl_server2 if !PLATFORM_C The CA callback changes introduce mbedtls_calloc() and mbedtls_free() to ssl_client2 and ssl_server2, which wasn't defined unless MBEDTLS_PLATFORM_C was set. --- programs/ssl/ssl_client2.c | 2 ++ programs/ssl/ssl_server2.c | 1 + 2 files changed, 3 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 2e99e964c..d4c73fc8d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -35,6 +35,8 @@ #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_snprintf snprintf +#define mbedtls_calloc calloc +#define mbedtls_free free #define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 476a6728a..d1e45be3c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -30,6 +30,7 @@ #else #include #include +#define mbedtls_calloc calloc #define mbedtls_free free #define mbedtls_time time #define mbedtls_time_t time_t From 31d9db6195d452ee4e66cd2f0f9214e9d28718d7 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 1 Apr 2019 14:33:49 +0300 Subject: [PATCH 50/87] Change the verify function naming Change the naming to reflect that the function uses a new ca callback feature to distinguish different callbacks. --- include/mbedtls/x509_crt.h | 4 ++-- library/x509_crt.c | 12 ++++++------ tests/suites/test_suite_x509parse.function | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 800e64ba8..67a24f029 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -523,7 +523,7 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, * \brief The type of trusted certificate callbacks. * * Callbacks of this type are passed to and used by the CRT - * verification routine mbedtls_x509_crt_verify_with_cb() + * verification routine mbedtls_x509_crt_verify_with_ca_cb() * when looking for trusted signers of a given certificate. * * On success, the callback returns a list of trusted @@ -574,7 +574,7 @@ typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx, * * \return See \c mbedtls_crt_verify_with_profile(). */ -int mbedtls_x509_crt_verify_with_cb( mbedtls_x509_crt *crt, +int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, mbedtls_x509_crt_ca_cb_t f_ca_cb, void *p_ca_cb, const mbedtls_x509_crt_profile *profile, diff --git a/library/x509_crt.c b/library/x509_crt.c index b74ebffa2..5850ccf77 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2587,7 +2587,7 @@ static int x509_crt_merge_flags_with_cb( * of trusted signers, and `ca_crl` will be use as the static list * of CRLs. */ -static int mbedtls_x509_crt_verify_restartable_cb( mbedtls_x509_crt *crt, +static int mbedtls_x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, mbedtls_x509_crt_ca_cb_t f_ca_cb, @@ -2682,7 +2682,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { - return( mbedtls_x509_crt_verify_restartable_cb( crt, trust_ca, ca_crl, + return( mbedtls_x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, NULL, NULL, &mbedtls_x509_crt_profile_default, cn, flags, @@ -2700,7 +2700,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { - return( mbedtls_x509_crt_verify_restartable_cb( crt, trust_ca, ca_crl, + return( mbedtls_x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, NULL, NULL, profile, cn, flags, f_vrfy, p_vrfy, NULL ) ); @@ -2711,7 +2711,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, * Verify the certificate validity (user-chosen profile, CA callback, * not restartable). */ -int mbedtls_x509_crt_verify_with_cb( mbedtls_x509_crt *crt, +int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, mbedtls_x509_crt_ca_cb_t f_ca_cb, void *p_ca_cb, const mbedtls_x509_crt_profile *profile, @@ -2719,7 +2719,7 @@ int mbedtls_x509_crt_verify_with_cb( mbedtls_x509_crt *crt, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { - return( mbedtls_x509_crt_verify_restartable_cb( crt, NULL, NULL, + return( mbedtls_x509_crt_verify_restartable_ca_cb( crt, NULL, NULL, f_ca_cb, p_ca_cb, profile, cn, flags, f_vrfy, p_vrfy, NULL ) ); @@ -2735,7 +2735,7 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx ) { - return( mbedtls_x509_crt_verify_restartable_cb( crt, trust_ca, ca_crl, + return( mbedtls_x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, NULL, NULL, profile, cn, flags, f_vrfy, p_vrfy, rs_ctx ) ); diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index b08949ad4..c51d54aab 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -446,7 +446,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, { flags = 0; - res = mbedtls_x509_crt_verify_with_cb( &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL ); + res = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL ); TEST_ASSERT( res == ( result ) ); TEST_ASSERT( flags == (uint32_t)( flags_result ) ); @@ -477,7 +477,7 @@ void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name, if( strcmp( name, "NULL" ) == 0 ) name = NULL; - ret = mbedtls_x509_crt_verify_with_cb( &crt, ca_callback_fail, &ca, + ret = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback_fail, &ca, &compat_profile, name, &flags, verify_all, NULL ); From f49fedc34563262533a8a832f983ceacf43398c7 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 1 Apr 2019 14:58:30 +0300 Subject: [PATCH 51/87] Change docs according to review comments --- include/mbedtls/config.h | 4 ++-- include/mbedtls/x509_crt.h | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ed8bafa75..fc9a1623e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1747,7 +1747,7 @@ /** * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK * - * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_cb()` + * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()` * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure * the set of trusted certificates through a callback instead of a linked * list. @@ -1756,7 +1756,7 @@ * certificates is present and storing them in a linked list isn't efficient * enough, or when the set of trusted certificates changes frequently. * - * See the documentation of `mbedtls_x509_crt_verify_with_cb()` and + * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and * `mbedtls_ssl_conf_ca_cb()` for more information. * * Uncomment to enable trusted certificate callbacks. diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 67a24f029..96f014287 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -532,15 +532,15 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, * * \param p_ctx An opaque context passed to the callback. * \param child The certificate for which to search a potential signer. - * This must point to a readable certificate. + * This will point to a readable certificate. * \param candidate_cas The address at which to store the address of the first * entry in the generated linked list of candidate signers. - * This must not be \c NULL. + * This will not be \c NULL. * * \note The callback must only return a non-zero value on a * fatal error. If, in contrast, the search for a potential * signer completes without a single candidate, the - * callback must return \c 0 and get \c *candidate_cas + * callback must return \c 0 and set \c *candidate_cas * to \c NULL. * * \return \c 0 on success. In this case, \c *candidate_cas points From 2ee67a66f42390050fa7bf5762ab6a547a3611ef Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 1 Apr 2019 14:59:33 +0300 Subject: [PATCH 52/87] Remove mbedtls_ from the static function name --- library/x509_crt.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5850ccf77..9ca562f8b 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2587,7 +2587,7 @@ static int x509_crt_merge_flags_with_cb( * of trusted signers, and `ca_crl` will be use as the static list * of CRLs. */ -static int mbedtls_x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt, +static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, mbedtls_x509_crt_ca_cb_t f_ca_cb, @@ -2682,7 +2682,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { - return( mbedtls_x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, + return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, NULL, NULL, &mbedtls_x509_crt_profile_default, cn, flags, @@ -2700,7 +2700,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { - return( mbedtls_x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, + return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, NULL, NULL, profile, cn, flags, f_vrfy, p_vrfy, NULL ) ); @@ -2719,7 +2719,7 @@ int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { - return( mbedtls_x509_crt_verify_restartable_ca_cb( crt, NULL, NULL, + return( x509_crt_verify_restartable_ca_cb( crt, NULL, NULL, f_ca_cb, p_ca_cb, profile, cn, flags, f_vrfy, p_vrfy, NULL ) ); @@ -2735,7 +2735,7 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx ) { - return( mbedtls_x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, + return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, NULL, NULL, profile, cn, flags, f_vrfy, p_vrfy, rs_ctx ) ); From f7a7f9ee433a0bcd2b38a8224610f0d9e3b22cc0 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 1 Apr 2019 15:11:54 +0300 Subject: [PATCH 53/87] Address review comments regarding ssl_client2 and ssl tests --- programs/ssl/ssl_client2.c | 2 +- tests/ssl-opt.sh | 10 ++++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d4c73fc8d..e13c7cba7 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -470,7 +470,7 @@ int ca_callback( void *data, mbedtls_x509_crt const *child, * set of trusted certificates (such as a hashtable) and only * return those trusted certificates which satisfy basic * parental checks, such as the matching of child `Issuer` - * and parent `Subject` field. */ + * and parent `Subject` field or matching key identifiers. */ ((void) child); first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6f967da40..e9322ec0b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -947,10 +947,6 @@ run_test "CA callback on client" \ "$P_CLI ca_callback=1 debug_level=3 " \ 0 \ -c "use CA callback for X.509 CRT verification"\ - -s "Protocol is TLSv1.2" \ - -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ - -s "client hello v3, signature_algorithm ext: 6" \ - -s "ECDHE curve: secp521r1" \ -S "error" \ -C "error" @@ -2602,7 +2598,8 @@ run_test "DER format: with 9 trailing random bytes" \ 0 \ -c "Handshake was completed" \ -# Tests for auth_mode +# Tests for auth_mode, there are duplicated tests using ca callback for authentication +# When updating these tests, modify the matching authentication tests accordingly run_test "Authentication: server badcert, client required" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ @@ -2981,7 +2978,8 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig -c "! mbedtls_ssl_handshake returned" \ -s "X509 - Certificate verification failed" -# Tests for auth_mode, using CA callback +# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests +# When updating these tests, modify the matching authentication tests accordingly requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server badcert, client required" \ From dfd22c4dbdd272f73d1d5839fabfccc391353417 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 1 Apr 2019 15:18:53 +0300 Subject: [PATCH 54/87] Address comments for x509 tests --- tests/suites/test_suite_x509parse.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index c51d54aab..d574c941c 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -441,7 +441,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) /* CRLs aren't supported with CA callbacks, so skip the CA callback - * version of the test of CRLs are in use. */ + * version of the test if CRLs are in use. */ if( crl_file == NULL || strcmp( crl_file, "" ) == 0 ) { flags = 0; @@ -479,7 +479,7 @@ void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name, ret = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback_fail, &ca, &compat_profile, name, &flags, - verify_all, NULL ); + NULL, NULL ); TEST_ASSERT( ret == exp_ret ); exit: From 9822c0d2f1fcbb52202302a9d76dad1fb704fa7c Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 1 Apr 2019 16:59:48 +0300 Subject: [PATCH 55/87] Fix name to function call --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3064b5249..09645cd0a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6050,7 +6050,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, have_ca_chain = 1; MBEDTLS_SSL_DEBUG_MSG( 3, ( "use CA callback for X.509 CRT verification" ) ); - ret = mbedtls_x509_crt_verify_with_cb( + ret = mbedtls_x509_crt_verify_with_ca_cb( chain, ssl->conf->f_ca_cb, ssl->conf->p_ca_cb, From 1dbc5a257fd0767ca741ec18b951f1d666d3a062 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 7 Mar 2019 16:59:14 -0500 Subject: [PATCH 56/87] Fix errors in AEAD test function It was failing to set the key in the ENCRYPT direction before encrypting. This just happened to work for GCM and CCM. After re-encrypting, compare the length to the expected ciphertext length not the plaintext length. Again this just happens to work for GCM and CCM since they do not perform any kind of padding. --- ChangeLog | 3 +++ tests/suites/test_suite_cipher.function | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d4e945a86..3a8e94a57 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ Features rfc 5280 section 4.2.1.4. Bugfix + * Fix bugs in the AEAD test suite which would be exposed by ciphers which + either used both encrypt and decrypt key schedules, or which perform padding. + GCM and CCM were not affected. Fixed by Jack Lloyd. * Fix private key DER output in the key_app_writer example. File contents were shifted by one byte, creating an invalid ASN.1 tag. Fixed by Christian Walther in #2239. diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index a7d3a6ee3..9a0637ee1 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1011,6 +1011,9 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 ); /* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */ + TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, + MBEDTLS_ENCRYPT ) ); + memset( output, 0xFF, sizeof( output ) ); outlen = 0; @@ -1023,7 +1026,7 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, output_tag, tag->len ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( outlen == clear->len ); + TEST_ASSERT( outlen == cipher->len ); TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 ); TEST_ASSERT( memcmp( output_tag, tag->x, tag->len ) == 0 ); From ffdf28851d4da1a49095845ac5fb5bceb6f68e01 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 7 Mar 2019 17:00:32 -0500 Subject: [PATCH 57/87] Add NIST keywrap as a cipher mode Closes #2003 see also #1658 --- ChangeLog | 2 + include/mbedtls/cipher.h | 8 + library/cipher.c | 34 +++ library/cipher_wrap.c | 138 ++++++++++ tests/CMakeLists.txt | 6 +- tests/suites/test_suite_cipher.nist_kw.data | 271 ++++++++++++++++++++ 6 files changed, 454 insertions(+), 5 deletions(-) create mode 100644 tests/suites/test_suite_cipher.nist_kw.data diff --git a/ChangeLog b/ChangeLog index 3a8e94a57..d8fe167d2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,8 @@ Features * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites from the default list (enabled by default). See https://sweet32.info/SWEET32_CCS16.pdf. + * It is now possible to use NIST key wrap mode via the mbedtls_cipher API. + Contributed by Jack Lloyd and Fortanix Inc. API Changes * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 2d609db69..ea00703c5 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -176,6 +176,12 @@ typedef enum { MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */ MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */ MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */ + MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */ + MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */ + MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */ + MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */ + MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */ + MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */ } mbedtls_cipher_type_t; /** Supported cipher modes. */ @@ -191,6 +197,8 @@ typedef enum { MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */ MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */ MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */ + MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */ + MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */ } mbedtls_cipher_mode_t; /** Supported cipher padding types. */ diff --git a/library/cipher.c b/library/cipher.c index 9ceea13d6..8a9b1dae2 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -63,6 +63,10 @@ #include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_NIST_KW_C) +#include "mbedtls/nist_kw.h" +#endif + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -1387,6 +1391,21 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, ilen, iv, ad, ad_len, input, output, tag ) ); } #endif /* MBEDTLS_CHACHAPOLY_C */ +#if defined(MBEDTLS_NIST_KW_C) + if( MBEDTLS_MODE_KW == ctx->cipher_info->mode || MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) + { + mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ? + MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; + + /* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */ + if( iv_len != 0 || tag_len != 0 || ad_len != 0 ) + { + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + } + + return( mbedtls_nist_kw_wrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) ); + } +#endif /* MBEDTLS_NIST_KW_C */ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } @@ -1496,6 +1515,21 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, return( ret ); } #endif /* MBEDTLS_CHACHAPOLY_C */ +#if defined(MBEDTLS_NIST_KW_C) + if( MBEDTLS_MODE_KW == ctx->cipher_info->mode || MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) + { + mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ? + MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; + + /* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */ + if( iv_len != 0 || tag_len != 0 || ad_len != 0 ) + { + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + } + + return( mbedtls_nist_kw_unwrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) ); + } +#endif /* MBEDTLS_NIST_KW_C */ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index d4538ed7b..019959883 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -73,6 +73,10 @@ #include "mbedtls/ccm.h" #endif +#if defined(MBEDTLS_NIST_KW_C) +#include "mbedtls/nist_kw.h" +#endif + #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #include #endif @@ -2119,6 +2123,131 @@ static const mbedtls_cipher_info_t null_cipher_info = { }; #endif /* defined(MBEDTLS_CIPHER_NULL_CIPHER) */ +#if defined(MBEDTLS_NIST_KW_C) +static void *kw_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_nist_kw_context ) ); + + if( ctx != NULL ) + mbedtls_nist_kw_init( (mbedtls_nist_kw_context *) ctx ); + + return( ctx ); +} + +static void kw_ctx_free( void *ctx ) +{ + mbedtls_nist_kw_free( ctx ); + mbedtls_free( ctx ); +} + +static int kw_aes_setkey_wrap( void *ctx, const unsigned char *key, + unsigned int key_bitlen ) +{ + return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx, MBEDTLS_CIPHER_ID_AES, + key, key_bitlen, 1 ); +} + +static int kw_aes_setkey_unwrap( void *ctx, const unsigned char *key, + unsigned int key_bitlen ) +{ + return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx, MBEDTLS_CIPHER_ID_AES, + key, key_bitlen, 0 ); +} + +static const mbedtls_cipher_base_t kw_aes_info = { + MBEDTLS_CIPHER_ID_AES, + NULL, +#if defined(MBEDTLS_CIPHER_MODE_CBC) + NULL, +#endif +#if defined(MBEDTLS_CIPHER_MODE_CFB) + NULL, +#endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif +#if defined(MBEDTLS_CIPHER_MODE_CTR) + NULL, +#endif +#if defined(MBEDTLS_CIPHER_MODE_XTS) + NULL, +#endif +#if defined(MBEDTLS_CIPHER_MODE_STREAM) + NULL, +#endif + kw_aes_setkey_wrap, + kw_aes_setkey_unwrap, + kw_ctx_alloc, + kw_ctx_free, +}; + +static const mbedtls_cipher_info_t aes_128_nist_kw_info = { + MBEDTLS_CIPHER_AES_128_KW, + MBEDTLS_MODE_KW, + 128, + "AES-128-KW", + 0, + 0, + 16, + &kw_aes_info +}; + +static const mbedtls_cipher_info_t aes_192_nist_kw_info = { + MBEDTLS_CIPHER_AES_192_KW, + MBEDTLS_MODE_KW, + 192, + "AES-192-KW", + 0, + 0, + 16, + &kw_aes_info +}; + +static const mbedtls_cipher_info_t aes_256_nist_kw_info = { + MBEDTLS_CIPHER_AES_256_KW, + MBEDTLS_MODE_KW, + 256, + "AES-256-KW", + 0, + 0, + 16, + &kw_aes_info +}; + +static const mbedtls_cipher_info_t aes_128_nist_kwp_info = { + MBEDTLS_CIPHER_AES_128_KWP, + MBEDTLS_MODE_KWP, + 128, + "AES-128-KWP", + 0, + 0, + 16, + &kw_aes_info +}; + +static const mbedtls_cipher_info_t aes_192_nist_kwp_info = { + MBEDTLS_CIPHER_AES_192_KWP, + MBEDTLS_MODE_KWP, + 192, + "AES-192-KWP", + 0, + 0, + 16, + &kw_aes_info +}; + +static const mbedtls_cipher_info_t aes_256_nist_kwp_info = { + MBEDTLS_CIPHER_AES_256_KWP, + MBEDTLS_MODE_KWP, + 256, + "AES-256-KWP", + 0, + 0, + 16, + &kw_aes_info +}; +#endif /* MBEDTLS_NIST_KW_C */ + const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { #if defined(MBEDTLS_AES_C) @@ -2259,6 +2388,15 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { MBEDTLS_CIPHER_CHACHA20_POLY1305, &chachapoly_info }, #endif +#if defined(MBEDTLS_NIST_KW_C) + { MBEDTLS_CIPHER_AES_128_KW, &aes_128_nist_kw_info }, + { MBEDTLS_CIPHER_AES_192_KW, &aes_192_nist_kw_info }, + { MBEDTLS_CIPHER_AES_256_KW, &aes_256_nist_kw_info }, + { MBEDTLS_CIPHER_AES_128_KWP, &aes_128_nist_kwp_info }, + { MBEDTLS_CIPHER_AES_192_KWP, &aes_192_nist_kwp_info }, + { MBEDTLS_CIPHER_AES_256_KWP, &aes_256_nist_kwp_info }, +#endif + #if defined(MBEDTLS_CIPHER_NULL_CIPHER) { MBEDTLS_CIPHER_NULL, &null_cipher_info }, #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 52dac487a..c0a0c845b 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -88,6 +88,7 @@ if(NOT USE_CRYPTO_SUBMODULE) add_test_suite(cipher cipher.misc) add_test_suite(cipher cipher.null) add_test_suite(cipher cipher.padding) + add_test_suite(cipher cipher.nist_kw) add_test_suite(cmac) add_test_suite(ctr_drbg) add_test_suite(des) @@ -130,11 +131,6 @@ if(NOT USE_CRYPTO_SUBMODULE) add_test_suite(rsa) add_test_suite(xtea) endif() -add_test_suite(debug) -add_test_suite(ssl) -add_test_suite(version) -add_test_suite(x509parse) -add_test_suite(x509write) # Make scripts and data files needed for testing available in an # out-of-source build. diff --git a/tests/suites/test_suite_cipher.nist_kw.data b/tests/suites/test_suite_cipher.nist_kw.data new file mode 100644 index 000000000..59ef931e3 --- /dev/null +++ b/tests/suites/test_suite_cipher.nist_kw.data @@ -0,0 +1,271 @@ +KW AES-128 wrap rfc 3394 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"000102030405060708090A0B0C0D0E0F":"":"":"1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5":"":"":"00112233445566778899AABBCCDDEEFF":0 + +KW AES-192 wrap rfc 3394 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"000102030405060708090A0B0C0D0E0F1011121314151617":"":"":"96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D":"":"":"00112233445566778899AABBCCDDEEFF":0 + +KW AES-256 wrap rfc 3394 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"":"":"A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1":"":"":"00112233445566778899AABBCCDDEEFF0001020304050607":0 + +KW AES-256 wrap rfc 3394 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"":"":"64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7":"":"":"00112233445566778899AABBCCDDEEFF":0 + +KWP AES-192 RFC 5649 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8"::"":"":"138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a":"":"":"c37b7e6492584340bed12207808941155068f738":0 + +KWP AES-192 RFC 5649 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8"::"":"":"138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a":"":"":"c37b7e6492584340bed12207808941155068f738":0 + +KWP AES-128 1 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"A9D2D4394815D53F2799ABD7E51D2C8B":"":"":"00":0 + +KWP AES-128 2 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"36D0CA197F638BF478D022C7E543B699":"":"":"0001":0 + +KWP AES-128 3 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"DAB4EE2853E1C44C5E553E644143902B":"":"":"000102":0 + +KWP AES-128 4 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"446C037F831092B147C372616357BF7D":"":"":"00010203":0 + +KWP AES-128 5 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"9ED0AF6457B82E0DDADBD2240A303D74":"":"":"0001020304":0 + +KWP AES-128 6 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"D863A8CE0DF301A564945259B4F74E7D":"":"":"000102030405":0 + +KWP AES-128 7 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E8387E5456242B0C30BE77FC1FF0C1FD":"":"":"00010203040506":0 + +KWP AES-128 8 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"01FF4C430CDF3D2D815B0972B23D7C35":"":"":"0001020304050607":0 + +KWP AES-128 9 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"C06E2163E0CC845B348E012AC9413DEEE40C8C3B030A3681":"":"":"000102030405060708":0 + +KWP AES-128 10 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"3DFD2F643C38B07E121C77C2CA0EF82DA742B0989B6D848E":"":"":"00010203040506070809":0 + +KWP AES-128 11 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"AFAEF390634E21E754FD09F55A4EDD918A1D23ECA9B76F2B":"":"":"000102030405060708090A":0 + +KWP AES-128 12 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"A42D14C830F64F0A73570BFA7FDF8DDDD5E3AD3065A09FB0":"":"":"000102030405060708090A0B":0 + +KWP AES-128 13 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"83F23527625FC643942279D090C1B61D10FC978B54D778CD":"":"":"000102030405060708090A0B0C":0 + +KWP AES-128 14 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E073C30E0DAC595F9FD28A0CB9E53945B26D1E1DE4E66D04":"":"":"000102030405060708090A0B0C0D":0 + +KWP AES-128 15 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"64E3C2F7E0F7CB297C6B8C4CAF665F9F0A3F7082D2522635":"":"":"000102030405060708090A0B0C0D0E":0 + +KWP AES-128 16 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"8F5982C7D265A0A40FC81D2326429A0A65BCD1368F0E16CB":"":"":"000102030405060708090A0B0C0D0E0F":0 + +KWP AES-128 17 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E29EC6664BCBA00986DD9845F8C4B26472BFDDF98522E537B5D23D5D2A8D02C5":"":"":"000102030405060708090A0B0C0D0E0F10":0 + +KWP AES-128 18 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"9451ABCA0B9756A183F8C9ADA834E1AD2400B693C33624E59F26C35AC1586E2B":"":"":"000102030405060708090A0B0C0D0E0F1011":0 + +KWP AES-128 19 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"F03CB49A65FD3EF8FC83C52F029A3D73667D5B84DB429C38436619ED8320D12E":"":"":"000102030405060708090A0B0C0D0E0F101112":0 + +KWP AES-128 20 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"759524B855037849812D62979A18F24D3E672C2663DEA9204BA5A639FB7DB292":"":"":"000102030405060708090A0B0C0D0E0F10111213":0 + +KWP AES-128 21 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"F352B8228FBFA0769C2E3858D7451FA603E9B751CFE780ED0F93C850C7870259":"":"":"000102030405060708090A0B0C0D0E0F1011121314":0 + +KWP AES-128 22 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"3491F4C8D916A1BC3824D1478EC746BE8C837415017ED52A1ABC30FB14DDE825":"":"":"000102030405060708090A0B0C0D0E0F101112131415":0 + +KWP AES-128 23 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"0E6E35C5B9D706C2FF2C4C6CFCF254849879D6C1CB577E0A73BB12CBC7AC9740":"":"":"000102030405060708090A0B0C0D0E0F10111213141516":0 + +KWP AES-128 24 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E7DB580663B113B57489E1107F2DCAF7CF80629E7CE1839E1ED044ECD0299E79":"":"":"000102030405060708090A0B0C0D0E0F1011121314151617":0 + +KWP AES-128 25 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"883500DB91747BAD8C5E122ED2338F3BCB6B43064F5DA9D1303E165815EC8CC4C5BFD31AEAE1B6A3":"":"":"000102030405060708090A0B0C0D0E0F101112131415161718":0 + +KWP AES-128 26 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"24099AAAD4F19BF614ECC35DA9E3646F73AAFAA9C46975D4B56D72A332AF7EC4850B8294D94B7E1A":"":"":"000102030405060708090A0B0C0D0E0F10111213141516171819":0 + +KWP AES-128 27 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"C24F8CCE3425AC9638145A0DAC28B59368583FF3A7AAD85FBE1AEAAB5D23C0B128A1F9BC575B785A":"":"":"000102030405060708090A0B0C0D0E0F101112131415161718191A":0 + +KWP AES-128 28 byte input +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"EFD0BC7612331A98F2D68F86E606717197BF57E35114234C675D40E9462ACF00DE7860C0F38677F7":"":"":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B":0 + +KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 16 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"7575da3a93607cc2bfd8cec7aadfd9a6":"":"":"031f6bd7e61e643df68594816f64caa3f56fabea2548f5fb":"":"":"42136d3c384a3eeac95a066fd28fed3f":0 + +KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 16 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"7575da3a93607cc2bfd8cec7aadfd9a7":"":"":"031f6bd7e61e643df68594816f64cbb3f56fabea2548f5fb":"":"FAIL":"":0 + +KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 32 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"e5d058e7f1c22c016c4e1cc9b26b9f8f":"":"":"60b9f8ac797c56e01e9b5f84d65816a980777869f67991a0e6dc19b8cd75c9b54db4a38456bbd6f3":"":"":"7f604e9b8d39d3c91e193fe6f196c1e3da6211a7c9a33b8873b64b138d1803e4":0 + +KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 24 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"67ae4270bcdd31e8326b7e7f94c80276":"":"":"96cec0e3272a21faa550a857957aa38ce3c1cf06f0dd9f5b5c5c422cef6c69a1":"":"":"57e748b62fbc37ba25e904ee973d01b136cf7c1d0c8c5c87":0 + +KW AES-192 wrap CAVS 17.4 COUNT 0 PLEN 16 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"a6a3f6d509811859238fc569b5664605f7a73c475a691a8f":"":"":"57d7a4b4e85ffdcb7788b9b666cb63303dd2c5d0f11b1bbb":"":"":"8484e414b091f8a9f72cfd13087ddec1":0 + +KW AES-192 wrap CAVS 17.4 COUNT 0 PLEN 32 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"3686e50dd602f84024570f545bbf618362bef80d45472436":"":"":"c7d5a1a5dfeb7327acbb94767d74cc2afc622ffd01f854d7d3e2b6f75ca7e8f441a0c0bad3d26ee2":"":"":"d780d69b45483b682d311ccaaadcfa3a1cecf1f05dbe2ebc71e6d3fa979f3de8":0 + +KW AES-192 wrap CAVS 17.4 COUNT 0 PLEN 24 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"0a833412e7aa1384ff26866dc9c551bf60413c17e847d317":"":"":"3a7efd629305bf1d61360ed6ff8ec7d059e8af3e5104c29729adb55d1bb94f7e":"":"":"f734760cc0fa3bbfb271277d4f29a48ddecda733d610fa42":0 + +KW AES-256 wrap CAVS 17.4 COUNT 0 PLEN 16 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"f59782f1dceb0544a8da06b34969b9212b55ce6dcbdd0975a33f4b3f88b538da":"":"":"2e63946ea3c090902fa1558375fdb2907742ac74e39403fc":"":"":"73d33060b5f9f2eb5785c0703ddfa704":0 + +KW AES-256 wrap CAVS 17.4 COUNT 0 PLEN 32 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"8b54e6bc3d20e823d96343dc776c0db10c51708ceecc9a38a14beb4ca5b8b221":"":"":"b13eeb7619fab818f1519266516ceb82abc0e699a7153cf26edcb8aeb879f4c011da906841fc5956":"":"":"d6192635c620dee3054e0963396b260af5c6f02695a5205f159541b4bc584bac":0 + +KW AES-256 wrap CAVS 17.4 COUNT 0 PLEN 24 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"112ad41b4856c7254a9848d30fdd78335b039a48a8962c4d1cb78eabd5dad788":"":"":"ba8a259a471b787dd5d540ec25d43d87200fdadc6d1f05d916584fa9f6cbf512":"":"":"1b20bf1990b065d798e1b32264ad50a8747492ba09a04dd1":0 + +KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"6decf10a1caf8e3b80c7a4be8c9c84e8":"":"":"01a7d657fc4a5b216f261cca4d052c2b":"":"":"49":0 + +KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 8 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"a8e06da625a65b25cf5030826830b661":"":"":"b6f967616dd8d772e9fea295a456dba7":"":"":"43acff293120dd5d":0 + +KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 9 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"7865e20f3c21659ab4690b629cdf3cc4":"":"":"41eca956d4aa047eb5cf4efe659661e74db6f8c564e23500":"":"":"bd6843d420378dc896":0 + +KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 31 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"be96dc195ec034d616486ed70e97fe83":"":"":"974769b3a7b4d5d32985f87fddf9990631e5610fbfb278387b58b1f48e05c77d2fb7575c5169eb0e":"":"":"85b5437b6335ebba7635903a4493d12a77d9357a9e0dbc013456d85f1d3201":0 + +KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"9ca11078baebc1597a68ce2fe3fc79a201626575252b8860":"":"":"866bc0ae30e290bb20a0dab31a6e7165":"":"":"76":0 + +KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 8 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"c5029804d28341ca267c9e73afc5f963b14bb604708b43f2":"":"":"15b98046b2a3a49b9c0831c476fc34fb":"":"":"e6eb18a3e969ab5c":0 + +KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 9 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"9464f1af6aabad076661328bcfd15777da16a288a2660009":"":"":"d9b257b400d808a0b0386af3be9154fc7f2fb2d7edc06201":"":"":"431527c3a644c106bb":0 + +KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 31 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"a354ccd6dd97cf40bed840f8137e0cf2e91c00e592104765":"":"":"f018e7c8d6dcdbd20606502b2667439d9049a9a2d5c960af8e9251466d6ff8923fb82432b299f1a4":"":"":"22ccc034c5345550f5bc0114f2951f0fe439ec3ecd8ac1fea8889dd12bfb8e":0 + +KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"95da2700ca6fd9a52554ee2a8df1386f5b94a1a60ed8a4aef60a8d61ab5f225a":"":"":"06ba7ae6f3248cfdcf267507fa001bc4":"":"":"d1":0 + +KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 8 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"3517f0efa7f0c4d74f91af83ece5e7503bcc5ab82907a6e4b7ed34d87b69ab1d":"":"":"0b06a9b635d50cda9d4210cb3a71f990":"":"":"897e0456b289ad31":0 + +KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 9 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"70da43aac823c6dd37d1109f5b18feb4503c973288989745e2cc1cc21d9570c6":"":"":"d67b5b2ad15c645450e23b5e7b6d682f8ae20e716d470db7":"":"":"edf17d966ed896aee3":0 + +KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 31 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"e9bb7f44c7baafbf392ab912589a2f8db53268106eafb74689bb1833136e6113":"":"":"15b9f06fbc765e5e3d55d6b824616f21921d2a6918ee7bf1406b524274e170b4a78333ca5ee92af5":"":"":"ffe952604834bff899e63658f34246815c91597eb40a21729e0a8a959b61f2":0 +KW AES-128 wrap CAVS 17.4 FAIL COUNT 1 CLEN 48 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"5d4899ee66beff1bda1fc717a1ad4c50":"":"":"bb7fd0bce778bd775e4e88d904d26a7134364c53a6c493a0":"":"FAIL":"":0 + +KW AES-128 wrap CAVS 17.4 FAIL COUNT 1 CLEN 80 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"84bc6ce7ee4fd9db512536669d0686da":"":"":"c383db930ffd02c0073ac2cc79ec289e6866bdcc6a135a3b776aa42f14ee04f9cca06ed6c0b22901":"":"FAIL":"":0 + +KW AES-128 wrap CAVS 17.4 FAIL COUNT 3 CLEN 64 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"266b009e911bb55f9aa0661539a6fdd5":"":"":"db9c94e7236ec56982d7ddeb9427c24580bc1fb96db98ab19340e03670045b7a":"":"FAIL":"":0 + +KW AES-192 wrap CAVS 17.4 FAIL COUNT 3 CLEN 48 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"9200a0f688d86c0b6bfd9abeff66341684a373fe3f9a3057":"":"":"5c685c8596e374710fe327bafc45cd09190215fdcc03d010":"":"FAIL":"":0 + +KW AES-192 wrap CAVS 17.4 FAIL COUNT 1 CLEN 80 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"95c9e644559919cace6f93f545dbfe48b130808ed66d0964":"":"":"7b8d1307e992221f6ffdcc7909d972d5f02e92187139cfd77f79345cb998bbdbabedb3ac00a6cdc4":"":"FAIL":"":0 + +KW AES-192 wrap CAVS 17.4 FAIL COUNT 2 CLEN 64 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"e218e9643d5db01b412fcaefafe5eb237d03acfad0a3abaa":"":"":"5eee8fbf6a8ab6ba371f4581982ec61839bf28c0eb913d1f417a284dccd72580":"":"FAIL":"":0 + +KW AES-256 wrap CAVS 17.4 FAIL COUNT 4 CLEN 48 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"08c936b25b567a0aa679c29f201bf8b190327df0c2563e39cee061f149f4d91b":"":"":"e227eb8ae9d239ccd8928adec39c28810ca9b3dc1f366444":"":"FAIL":"":0 + +KW AES-256 wrap CAVS 17.4 FAIL COUNT 3 CLEN 80 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"605b22935f1eee56ba884bc7a869febc159ac306b66fb9767a7cc6ab7068dffa":"":"":"6607f5a64c8f9fd96dc6f9f735b06a193762cdbacfc367e410926c1bfe6dd715490adbad5b9697a6":"":"FAIL":"":0 + +KW AES-256 wrap CAVS 17.4 FAIL COUNT 3 CLEN 64 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"81c93da5baa5157bf700fd38d7d67662670778b690cfbca9fe11e06268b35605":"":"":"875e1ca385586f83d1e23e44ca201006df04e1854e41b933fd607a7383ae1a39":"":"FAIL":"":0 + +KWP AES-128 wrap CAVS 17.4 FAIL COUNT 1 CLEN 32 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"30be7ff51227f0eef786cb7be2482510":"":"":"7f61a0a8b2fe7803f2947d233ec3a255":"":"FAIL":"":0 + +KWP AES-192 wrap CAVS 17.4 FAIL COUNT 3 CLEN 32 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"21fb6600c1d34a74adee67612672593a86cf235421735350":"":"":"56b45c49c3e379b18d9c38b6423db133":"":"FAIL":"":0 + +KWP AES-256 wrap CAVS 17.4 FAIL COUNT 4 CLEN 32 +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"c32cb3e1e41a4b9f4de79989957866f5dd48dba38c22a6ebb80e14c84bdd9534":"":"":"c29b05c2619a58ecc1d239e7a34273cd":"":"FAIL":"":0 + From 5f28999433f496aa70493c45045cf4a47beff067 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 2 Apr 2019 10:07:28 -0700 Subject: [PATCH 58/87] Wrap lines at 80 columns --- library/cipher.c | 6 ++++-- library/cipher_wrap.c | 8 ++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index 8a9b1dae2..3cdd07f8f 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -1392,7 +1392,8 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_NIST_KW_C) - if( MBEDTLS_MODE_KW == ctx->cipher_info->mode || MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) + if( MBEDTLS_MODE_KW == ctx->cipher_info->mode || + MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) { mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ? MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; @@ -1516,7 +1517,8 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_NIST_KW_C) - if( MBEDTLS_MODE_KW == ctx->cipher_info->mode || MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) + if( MBEDTLS_MODE_KW == ctx->cipher_info->mode || + MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) { mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ? MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 019959883..7fc40b5f0 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -2143,15 +2143,15 @@ static void kw_ctx_free( void *ctx ) static int kw_aes_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_bitlen ) { - return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx, MBEDTLS_CIPHER_ID_AES, - key, key_bitlen, 1 ); + return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx, + MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1 ); } static int kw_aes_setkey_unwrap( void *ctx, const unsigned char *key, unsigned int key_bitlen ) { - return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx, MBEDTLS_CIPHER_ID_AES, - key, key_bitlen, 0 ); + return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx, + MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0 ); } static const mbedtls_cipher_base_t kw_aes_info = { From b6dc10545645a77098815b7225af9433ea37283e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 1 Apr 2019 18:12:23 +0300 Subject: [PATCH 59/87] Add Wisun Fan device extended key usage Add the Wisun extended key usage oid and tests. --- ChangeLog | 1 + include/mbedtls/oid.h | 10 +++++++++- library/oid.c | 13 +++++++------ tests/suites/test_suite_oid.data | 27 +++++++++++++++++++++++++++ tests/suites/test_suite_oid.function | 23 +++++++++++++++++++++++ 5 files changed, 67 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index d4e945a86..1f50ef3ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Add the Any Policy certificate policy oid, as defined in rfc 5280 section 4.2.1.4. + * Add the Wi-SUN Field Area Network (FAN) device extended key usage. Bugfix * Fix private key DER output in the key_app_writer example. File contents diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 342ef754e..55f72c8eb 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -122,7 +122,8 @@ * { iso(1) identified-organization(3) dod(6) internet(1) * security(5) mechanisms(5) pkix(7) } */ -#define MBEDTLS_OID_PKIX MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01\x05\x05\x07" +#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01" +#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07" /* * Arc for standard naming attributes @@ -206,6 +207,13 @@ #define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */ #define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */ +/** + * Wi-SUN Alliance Field Area Network + * { iso(1) identified-organization(3) dod(6) internet(1) + * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) } + */ +#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" + /* * PKCS definition OIDs */ diff --git a/library/oid.c b/library/oid.c index 4e10f8a26..8059a336c 100644 --- a/library/oid.c +++ b/library/oid.c @@ -284,12 +284,13 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, e static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = { - { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" }, - { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" }, - { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" }, - { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" }, - { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" }, - { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" }, + { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" }, + { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" }, + { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" }, + { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" }, + { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" }, + { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" }, + { ADD_LEN( MBEDTLS_OID_WISUN_FAN ), "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" }, { NULL, 0, NULL, NULL }, }; diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index 759a01038..625085f16 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -6,3 +6,30 @@ oid_get_certificate_policies:"5533445566":"" OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier oid_get_certificate_policies:"551D23":"" + +OID get Ext Key Usage - id-kp-serverAuth +oid_get_extended_key_usage:"2B06010505070301":"TLS Web Server Authentication" + +OID get Ext Key Usage - id-kp-clientAuth +oid_get_extended_key_usage:"2B06010505070302":"TLS Web Client Authentication" + +OID get Ext Key Usage - id-kp-codeSigning +oid_get_extended_key_usage:"2B06010505070303":"Code Signing" + +OID get Ext Key Usage - id-kp-emailProtection +oid_get_extended_key_usage:"2B06010505070304":"E-mail Protection" + +OID get Ext Key Usage - id-kp-timeStamping +oid_get_extended_key_usage:"2B06010505070308":"Time Stamping" + +OID get Ext Key Usage - id-kp-OCSPSigning +oid_get_extended_key_usage:"2B06010505070309":"OCSP Signing" + +OID get Ext Key Usage - id-kp-wisun-fan-device +oid_get_extended_key_usage:"2B0601040182E42501":"Wi-SUN Alliance Field Area Network (FAN)" + +OID get Ext Key Usage invalid oid +oid_get_extended_key_usage:"5533445566":"" + +OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier +oid_get_extended_key_usage:"551D23":"" diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index e95e48d06..59e700e51 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -32,3 +32,26 @@ void oid_get_certificate_policies( data_t * oid, char * result_str ) } } /* END_CASE */ + +/* BEGIN_CASE */ +void oid_get_extended_key_usage( data_t *oid, char *result_str ) +{ + mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; + int ret; + const char *desc; + + asn1_buf.tag = MBEDTLS_ASN1_OID; + asn1_buf.p = oid->x; + asn1_buf.len = oid->len; + + ret = mbedtls_oid_get_extended_key_usage( &asn1_buf, &desc ); + if( strlen( result_str ) == 0 ) + { + TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND ); + } + else + { + TEST_ASSERT( strcmp( ( char * )desc, result_str ) == 0 ); + } +} +/* END_CASE */ From 7b58fb1d1c02aedb612f74ac88455a40fba12d78 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Apr 2019 12:52:21 +0100 Subject: [PATCH 60/87] Improve documentation of mbedtls_ssl_conf_verify() --- include/mbedtls/ssl.h | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b793ac04b..12a210c7b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1366,13 +1366,17 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); /** * \brief Set the verification callback (Optional). * - * If set, the verify callback is called for each - * certificate in the chain. For implementation - * information, please see \c mbedtls_x509_crt_verify() + * If set, the provided verify callback is called for each + * certificate in the peer's CRT chain, including the trusted + * root. For more information, please see the documentation of + * \c mbedtls_x509_crt_verify(). * - * \param conf SSL configuration - * \param f_vrfy verification function - * \param p_vrfy verification parameter + * \note For per context callbacks and contexts, please use + * mbedtls_ssl_set_verify() instead. + * + * \param conf The SSL configuration to use. + * \param f_vrfy The verification callback to use during CRT verification. + * \param p_vrfy The opaque context to be passed to the callback. */ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), From 726c97a825bc5c48db92650901f85bdec33ca88b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Apr 2019 12:52:35 +0100 Subject: [PATCH 61/87] Add context-specific CRT verification callbacks --- include/mbedtls/ssl.h | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 12a210c7b..b8215a404 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1494,6 +1494,30 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ +#if defined(MBEDTLS_X509_CRT_PARSE_C) +/** + * \brief Set a connection-specific verification callback (optional). + * + * If set, the provided verify callback is called for each + * certificate in the peer's CRT chain, including the trusted + * root. For more information, please see the documentation of + * \c mbedtls_x509_crt_verify(). + * + * \note This call is analogous to mbedtls_ssl_conf_verify() but + * binds the verification callback and context to an SSL context + * as opposed to an SSL configuration. + * If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify() + * are both used, mbedtls_ssl_set_verify() takes precedence. + * + * \param conf The SSL context to use. + * \param f_vrfy The verification callback to use during CRT verification. + * \param p_vrfy The opaque context to be passed to the callback. + */ +void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy ); +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + /** * \brief Set the timeout period for mbedtls_ssl_read() * (Default: no timeout.) From 8927c833129a8d467a0f8e9192b37ea5c66c98b8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Apr 2019 12:52:50 +0100 Subject: [PATCH 62/87] Implement context-specific verification callbacks --- include/mbedtls/ssl.h | 6 ++++++ library/ssl_tls.c | 26 +++++++++++++++++++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b8215a404..bbe9a8383 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1090,6 +1090,12 @@ struct mbedtls_ssl_context unsigned badmac_seen; /*!< records with a bad MAC received */ #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ +#if defined(MBEDTLS_X509_CRT_PARSE_C) + /** Callback to customize X.509 certificate chain verification */ + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); + void *p_vrfy; /*!< context for X.509 verify calllback */ +#endif + mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */ mbedtls_ssl_recv_timeout_t *f_recv_timeout; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 660d548e4..8800cc7ec 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6038,6 +6038,9 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain; mbedtls_x509_crl *ca_crl; + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); + void *p_vrfy; + if( authmode == MBEDTLS_SSL_VERIFY_NONE ) return( 0 ); @@ -6054,6 +6057,17 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, ca_crl = ssl->conf->ca_crl; } + if( ssl->f_vrfy != NULL ) + { + f_vrfy = ssl->f_vrfy; + p_vrfy = ssl->p_vrfy; + } + else + { + f_vrfy = ssl->conf->f_vrfy; + p_vrfy = ssl->conf->p_vrfy; + } + /* * Main check: verify certificate */ @@ -6063,7 +6077,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, ssl->conf->cert_profile, ssl->hostname, &ssl->session_negotiate->verify_result, - ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx ); + f_vrfy, p_vrfy, rs_ctx ); if( ret != 0 ) { @@ -7902,6 +7916,16 @@ void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ +#if defined(MBEDTLS_X509_CRT_PARSE_C) +void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy ) +{ + ssl->f_vrfy = f_vrfy; + ssl->p_vrfy = p_vrfy; +} +#endif + #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * Set EC J-PAKE password for current handshake From bb425dbb1b3f1025c8ef763068d202c065647e20 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Apr 2019 12:59:58 +0100 Subject: [PATCH 63/87] Add cmd to use context-specific CRT callback in ssl_client2 --- programs/ssl/ssl_client2.c | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f7e24598d..170ce73bc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -80,6 +80,7 @@ int main( void ) #define DFL_REQUEST_PAGE "/" #define DFL_REQUEST_SIZE -1 #define DFL_DEBUG_LEVEL 0 +#define DFL_CONTEXT_CRT_CB 0 #define DFL_NBIO 0 #define DFL_EVENT 0 #define DFL_READ_TIMEOUT 0 @@ -126,6 +127,16 @@ int main( void ) #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST_END "\r\n\r\n" +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#define USAGE_CALLBACK \ + " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \ + " to the SSL configuration of the SSL context.\n" \ + " Possible values:\n"\ + " - 0 (default): Use CRT callback bound to configuration\n" \ + " - 1: Use CRT callback bound to SSL context\n" +#else +#define USAGE_CALLBACK "" +#endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_FS_IO) #define USAGE_IO \ @@ -326,6 +337,7 @@ int main( void ) USAGE_TICKETS \ USAGE_MAX_FRAG_LEN \ USAGE_TRUNC_HMAC \ + USAGE_CALLBACK \ USAGE_ALPN \ USAGE_FALLBACK \ USAGE_EMS \ @@ -419,6 +431,7 @@ struct options int dgram_packing; /* allow/forbid datagram packing */ int extended_ms; /* negotiate extended master secret? */ int etm; /* negotiate encrypt then mac? */ + int context_crt_cb; /* use context-specific CRT verify callback */ } opt; int query_config( const char *config ); @@ -685,6 +698,7 @@ int main( int argc, char *argv[] ) opt.debug_level = DFL_DEBUG_LEVEL; opt.nbio = DFL_NBIO; opt.event = DFL_EVENT; + opt.context_crt_cb = DFL_CONTEXT_CRT_CB; opt.read_timeout = DFL_READ_TIMEOUT; opt.max_resend = DFL_MAX_RESEND; opt.request_page = DFL_REQUEST_PAGE; @@ -759,6 +773,12 @@ int main( int argc, char *argv[] ) if( opt.debug_level < 0 || opt.debug_level > 65535 ) goto usage; } + else if( strcmp( p, "context_crt_cb" ) == 0 ) + { + opt.context_crt_cb = atoi( q ); + if( opt.context_crt_cb != 0 && opt.context_crt_cb != 1 ) + goto usage; + } else if( strcmp( p, "nbio" ) == 0 ) { opt.nbio = atoi( q ); @@ -1511,7 +1531,9 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test ); } - mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); + if( opt.context_crt_cb == 0 ) + mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); + memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -1715,6 +1737,11 @@ int main( int argc, char *argv[] ) } #endif +#if defined(MBEDTLS_X509_CRT_PARSE_C) + if( opt.context_crt_cb == 1 ) + mbedtls_ssl_set_verify( &ssl, my_verify, NULL ); +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + if( opt.nbio == 2 ) mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL ); else From efb440afec3d90a17da7f4a3205c186abbd5f9ab Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Apr 2019 13:04:33 +0100 Subject: [PATCH 64/87] Add test exercising context-specific CRT callback to ssl-opt.sh --- library/ssl_tls.c | 2 ++ tests/ssl-opt.sh | 14 ++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8800cc7ec..e030195bb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6059,11 +6059,13 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, if( ssl->f_vrfy != NULL ) { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use context-specific verification callback" ) ); f_vrfy = ssl->f_vrfy; p_vrfy = ssl->p_vrfy; } else { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use configuration-specific verification callback" ) ); f_vrfy = ssl->conf->f_vrfy; p_vrfy = ssl->conf->p_vrfy; } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d952f33fd..59786afdf 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1008,6 +1008,20 @@ run_test "Unique IV in GCM" \ -u "IV used" \ -U "IV used" +# Test for context-specific CRT verification callback +run_test "Context-specific CRT verification callback" \ + "$P_SRV debug_level=3" \ + "$P_CLI context_crt_cb=1 debug_level=3" \ + 0 \ + -s "Protocol is TLSv1.2" \ + -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ + -s "client hello v3, signature_algorithm ext: 6" \ + -s "ECDHE curve: secp521r1" \ + -S "error" \ + -c "Use context-specific verification callback"\ + -C "Use configuration-specific verification callback"\ + -C "error" + # Tests for rc4 option requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES From f345bafd30c41aae6a89163abe4674e3395811e1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Apr 2019 13:43:15 +0100 Subject: [PATCH 65/87] Fix doxygen documentation of mbedtls_ssl_set_verify() --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index bbe9a8383..04f8c17a9 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1515,7 +1515,7 @@ void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ); * If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify() * are both used, mbedtls_ssl_set_verify() takes precedence. * - * \param conf The SSL context to use. + * \param ssl The SSL context to use. * \param f_vrfy The verification callback to use during CRT verification. * \param p_vrfy The opaque context to be passed to the callback. */ From ee11be6572e0b6429748296108f9c4485ddb299b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 4 Apr 2019 12:03:30 +0100 Subject: [PATCH 66/87] Add test for configuration specific CRT callback --- tests/ssl-opt.sh | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 59786afdf..ac6736d4c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1008,7 +1008,21 @@ run_test "Unique IV in GCM" \ -u "IV used" \ -U "IV used" -# Test for context-specific CRT verification callback +# Tests for certificate verification callback +run_test "Configuration-specific CRT verification callback" \ + "$P_SRV debug_level=3" \ + "$P_CLI context_crt_cb=0 debug_level=3" \ + 0 \ + -s "Protocol is TLSv1.2" \ + -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ + -s "client hello v3, signature_algorithm ext: 6" \ + -s "ECDHE curve: secp521r1" \ + -S "error" \ + -c "Verify requested for " \ + -c "Use configuration-specific verification callback" \ + -C "Use context-specific verification callback" \ + -C "error" + run_test "Context-specific CRT verification callback" \ "$P_SRV debug_level=3" \ "$P_CLI context_crt_cb=1 debug_level=3" \ @@ -1018,8 +1032,9 @@ run_test "Context-specific CRT verification callback" \ -s "client hello v3, signature_algorithm ext: 6" \ -s "ECDHE curve: secp521r1" \ -S "error" \ - -c "Use context-specific verification callback"\ - -C "Use configuration-specific verification callback"\ + -c "Verify requested for " \ + -c "Use context-specific verification callback" \ + -C "Use configuration-specific verification callback" \ -C "error" # Tests for rc4 option From 924270f7690b338fee49338e506488075353735a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 4 Apr 2019 12:49:44 +0100 Subject: [PATCH 67/87] Fix typo --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 04f8c17a9..78f294f62 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1093,7 +1093,7 @@ struct mbedtls_ssl_context #if defined(MBEDTLS_X509_CRT_PARSE_C) /** Callback to customize X.509 certificate chain verification */ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); - void *p_vrfy; /*!< context for X.509 verify calllback */ + void *p_vrfy; /*!< context for X.509 verify callback */ #endif mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ From 274024f3d55c6c8c288c83e63ff3235cbcb5a859 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 4 Apr 2019 07:59:33 -0700 Subject: [PATCH 68/87] Fix a rebase error --- tests/CMakeLists.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index c0a0c845b..06b8997c5 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -131,6 +131,11 @@ if(NOT USE_CRYPTO_SUBMODULE) add_test_suite(rsa) add_test_suite(xtea) endif() +add_test_suite(debug) +add_test_suite(ssl) +add_test_suite(version) +add_test_suite(x509parse) +add_test_suite(x509write) # Make scripts and data files needed for testing available in an # out-of-source build. From d7ecbd6914be02237e9f4b6d4473ebb306248c60 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 5 Apr 2019 14:52:17 +0100 Subject: [PATCH 69/87] Fix style issues and a typo --- include/mbedtls/ssl.h | 2 +- programs/ssl/ssl_client2.c | 2 +- tests/ssl-opt.sh | 38 +++++++++++----------- tests/suites/test_suite_x509parse.function | 8 ++--- 4 files changed, 25 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index aabbb83cd..35e576481 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2124,7 +2124,7 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, * * \warning In multi-threaded environments, the callback \p f_ca_cb * must be thread-safe, and it is the user's responsibility - * to guaranteee this (for example through a mutex + * to guarantee this (for example through a mutex * contained in the callback context pointed to by \p p_ca_cb). */ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index e13c7cba7..f0c716441 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -457,7 +457,7 @@ static void my_debug( void *ctx, int level, #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback( void *data, mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidates) + mbedtls_x509_crt **candidates ) { int ret = 0; mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e9322ec0b..a9132a1c4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -946,7 +946,7 @@ run_test "CA callback on client" \ "$P_SRV debug_level=3" \ "$P_CLI ca_callback=1 debug_level=3 " \ 0 \ - -c "use CA callback for X.509 CRT verification"\ + -c "use CA callback for X.509 CRT verification" \ -S "error" \ -C "error" @@ -959,7 +959,7 @@ run_test "CA callback on server" \ "$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \ key_file=data_files/server5.key" \ 0 \ - -c "use CA callback for X.509 CRT verification"\ + -c "use CA callback for X.509 CRT verification" \ -s "Verifying peer X.509 certificate... ok" \ -S "error" \ -C "error" @@ -2987,7 +2987,7 @@ run_test "Authentication, CA callback: server badcert, client required" \ key_file=data_files/server5.key" \ "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \ 1 \ - -c "use CA callback for X.509 CRT verification"\ + -c "use CA callback for X.509 CRT verification" \ -c "x509_verify_cert() returned" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ @@ -2999,7 +2999,7 @@ run_test "Authentication, CA callback: server badcert, client optional" \ key_file=data_files/server5.key" \ "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \ 0 \ - -c "use CA callback for X.509 CRT verification"\ + -c "use CA callback for X.509 CRT verification" \ -c "x509_verify_cert() returned" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ @@ -3019,9 +3019,9 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p crt_file=data_files/server5.ku-ka.crt" \ "$P_CLI ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \ 1 \ - -c "use CA callback for X.509 CRT verification"\ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ + -c "use CA callback for X.509 CRT verification" \ + -c "bad certificate (EC key curve)" \ + -c "! Certificate verification flags" \ -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage requires_config_enabled MBEDTLS_ECP_C @@ -3031,7 +3031,7 @@ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p crt_file=data_files/server5.ku-ka.crt" \ "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \ 1 \ - -c "use CA callback for X.509 CRT verification"\ + -c "use CA callback for X.509 CRT verification" \ -c "bad certificate (EC key curve)"\ -c "! Certificate verification flags"\ -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check @@ -3043,7 +3043,7 @@ run_test "Authentication, CA callback: client SHA256, server required" \ key_file=data_files/server6.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 0 \ - -s "use CA callback for X.509 CRT verification"\ + -s "use CA callback for X.509 CRT verification" \ -c "Supported Signature Algorithm found: 4," \ -c "Supported Signature Algorithm found: 5," @@ -3054,7 +3054,7 @@ run_test "Authentication, CA callback: client SHA384, server required" \ key_file=data_files/server6.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 0 \ - -s "use CA callback for X.509 CRT verification"\ + -s "use CA callback for X.509 CRT verification" \ -c "Supported Signature Algorithm found: 4," \ -c "Supported Signature Algorithm found: 5," @@ -3064,7 +3064,7 @@ run_test "Authentication, CA callback: client badcert, server required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ 1 \ - -s "use CA callback for X.509 CRT verification"\ + -s "use CA callback for X.509 CRT verification" \ -S "skip write certificate request" \ -C "skip parse certificate request" \ -c "got a certificate request" \ @@ -3087,7 +3087,7 @@ run_test "Authentication, CA callback: client cert not trusted, server requir "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ key_file=data_files/server5.key" \ 1 \ - -s "use CA callback for X.509 CRT verification"\ + -s "use CA callback for X.509 CRT verification" \ -S "skip write certificate request" \ -C "skip parse certificate request" \ -c "got a certificate request" \ @@ -3106,7 +3106,7 @@ run_test "Authentication, CA callback: client badcert, server optional" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ 0 \ - -s "use CA callback for X.509 CRT verification"\ + -s "use CA callback for X.509 CRT verification" \ -S "skip write certificate request" \ -C "skip parse certificate request" \ -c "got a certificate request" \ @@ -3126,7 +3126,7 @@ run_test "Authentication, CA callback: server max_int chain, client default" key_file=data_files/dir-maxpath/09.key" \ "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ 0 \ - -c "use CA callback for X.509 CRT verification"\ + -c "use CA callback for X.509 CRT verification" \ -C "X509 - A fatal error occurred" requires_full_size_output_buffer @@ -3136,7 +3136,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default key_file=data_files/dir-maxpath/10.key" \ "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ 1 \ - -c "use CA callback for X.509 CRT verification"\ + -c "use CA callback for X.509 CRT verification" \ -c "X509 - A fatal error occurred" requires_full_size_output_buffer @@ -3147,7 +3147,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona "$P_CLI ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ debug_level=3 auth_mode=optional" \ 1 \ - -c "use CA callback for X.509 CRT verification"\ + -c "use CA callback for X.509 CRT verification" \ -c "X509 - A fatal error occurred" requires_full_size_output_buffer @@ -3157,7 +3157,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ 1 \ - -s "use CA callback for X.509 CRT verification"\ + -s "use CA callback for X.509 CRT verification" \ -s "X509 - A fatal error occurred" requires_full_size_output_buffer @@ -3167,7 +3167,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ 1 \ - -s "use CA callback for X.509 CRT verification"\ + -s "use CA callback for X.509 CRT verification" \ -s "X509 - A fatal error occurred" requires_full_size_output_buffer @@ -3177,7 +3177,7 @@ run_test "Authentication, CA callback: client max_int chain, server required" "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ 0 \ - -s "use CA callback for X.509 CRT verification"\ + -s "use CA callback for X.509 CRT verification" \ -S "X509 - A fatal error occurred" # Tests for certificate selection based on SHA verson diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index d574c941c..cd6e292eb 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -69,7 +69,7 @@ int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32 } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) +int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates ) { ((void) data); ((void) child); @@ -79,7 +79,7 @@ int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_cr } int ca_callback( void *data, mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidates) + mbedtls_x509_crt **candidates ) { int ret = 0; mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; @@ -478,8 +478,8 @@ void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name, name = NULL; ret = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback_fail, &ca, - &compat_profile, name, &flags, - NULL, NULL ); + &compat_profile, name, &flags, + NULL, NULL ); TEST_ASSERT( ret == exp_ret ); exit: From 846ae7a70d1399347411106669dc0cb4b3f54b8e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 5 Apr 2019 16:45:01 +0100 Subject: [PATCH 70/87] Document and test flags in x509_verify --- include/mbedtls/x509_crt.h | 8 ++++++++ tests/suites/test_suite_x509parse.function | 1 + 2 files changed, 9 insertions(+) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 96f014287..eea263201 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -425,6 +425,8 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * \param cn The expected Common Name. This may be \c NULL if the * CN need not be verified. * \param flags The address at which to store the result of the verification. + * If the verification couldn't be completed, the flag value is + * set to (uint32_t) -1. * \param f_vrfy The verification callback to use. See the documentation * of mbedtls_x509_crt_verify() for more information. * \param p_vrfy The context to be passed to \p f_vrfy. @@ -464,6 +466,8 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, * \param cn The expected Common Name. This may be \c NULL if the * CN need not be verified. * \param flags The address at which to store the result of the verification. + * If the verification couldn't be completed, the flag value is + * set to (uint32_t) -1. * \param f_vrfy The verification callback to use. See the documentation * of mbedtls_x509_crt_verify() for more information. * \param p_vrfy The context to be passed to \p f_vrfy. @@ -500,6 +504,8 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, * \param cn The expected Common Name. This may be \c NULL if the * CN need not be verified. * \param flags The address at which to store the result of the verification. + * If the verification couldn't be completed, the flag value is + * set to (uint32_t) -1. * \param f_vrfy The verification callback to use. See the documentation * of mbedtls_x509_crt_verify() for more information. * \param p_vrfy The context to be passed to \p f_vrfy. @@ -568,6 +574,8 @@ typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx, * \param cn The expected Common Name. This may be \c NULL if the * CN need not be verified. * \param flags The address at which to store the result of the verification. + * If the verification couldn't be completed, the flag value is + * set to (uint32_t) -1. * \param f_vrfy The verification callback to use. See the documentation * of mbedtls_x509_crt_verify() for more information. * \param p_vrfy The context to be passed to \p f_vrfy. diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index cd6e292eb..b11ab849a 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -482,6 +482,7 @@ void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name, NULL, NULL ); TEST_ASSERT( ret == exp_ret ); + TEST_ASSERT( flags == (uint32_t)( -1 ) ); exit: mbedtls_x509_crt_free( &crt ); mbedtls_x509_crt_free( &ca ); From ae13beb1d9f185632db54c1baca8f61982f2cea3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 5 Apr 2019 14:06:58 +0100 Subject: [PATCH 71/87] Rename constant in client2.c --- programs/ssl/ssl_client2.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 170ce73bc..fba02ac78 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -128,14 +128,14 @@ int main( void ) #define GET_REQUEST_END "\r\n\r\n" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#define USAGE_CALLBACK \ +#define USAGE_CONTEXT_CRT_CB \ " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \ " to the SSL configuration of the SSL context.\n" \ " Possible values:\n"\ " - 0 (default): Use CRT callback bound to configuration\n" \ " - 1: Use CRT callback bound to SSL context\n" #else -#define USAGE_CALLBACK "" +#define USAGE_CONTEXT_CRT_CB "" #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_FS_IO) @@ -337,7 +337,7 @@ int main( void ) USAGE_TICKETS \ USAGE_MAX_FRAG_LEN \ USAGE_TRUNC_HMAC \ - USAGE_CALLBACK \ + USAGE_CONTEXT_CRT_CB \ USAGE_ALPN \ USAGE_FALLBACK \ USAGE_EMS \ From 4031b314eddd677835d4cbb623a13778d8224620 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 5 Apr 2019 14:13:45 +0100 Subject: [PATCH 72/87] Make CRT callback tests more robust --- tests/ssl-opt.sh | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ac6736d4c..7e11f8944 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1013,10 +1013,6 @@ run_test "Configuration-specific CRT verification callback" \ "$P_SRV debug_level=3" \ "$P_CLI context_crt_cb=0 debug_level=3" \ 0 \ - -s "Protocol is TLSv1.2" \ - -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ - -s "client hello v3, signature_algorithm ext: 6" \ - -s "ECDHE curve: secp521r1" \ -S "error" \ -c "Verify requested for " \ -c "Use configuration-specific verification callback" \ @@ -1027,10 +1023,6 @@ run_test "Context-specific CRT verification callback" \ "$P_SRV debug_level=3" \ "$P_CLI context_crt_cb=1 debug_level=3" \ 0 \ - -s "Protocol is TLSv1.2" \ - -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ - -s "client hello v3, signature_algorithm ext: 6" \ - -s "ECDHE curve: secp521r1" \ -S "error" \ -c "Verify requested for " \ -c "Use context-specific verification callback" \ From 21cb3c34a37b6ea9c97fba86678e009f397be814 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 7 Apr 2019 16:42:25 +0300 Subject: [PATCH 73/87] Remove ssl_cert_test sample app Remove the ssl_cert_test sample application, as it uses hardcoded certificates that moved, and is redundant with the x509 tests and applications. Fixes #1905. --- programs/Makefile | 6 +- programs/README.md | 2 - programs/test/CMakeLists.txt | 5 +- programs/test/ssl_cert_test.c | 274 --------------------------- visualc/VS2010/mbedTLS.sln | 13 -- visualc/VS2010/ssl_cert_test.vcxproj | 174 ----------------- 6 files changed, 2 insertions(+), 472 deletions(-) delete mode 100644 programs/test/ssl_cert_test.c delete mode 100644 visualc/VS2010/ssl_cert_test.vcxproj diff --git a/programs/Makefile b/programs/Makefile index 753524c62..c17238566 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -73,7 +73,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ ssl/ssl_mail_client$(EXEXT) random/gen_entropy$(EXEXT) \ random/gen_random_havege$(EXEXT) \ random/gen_random_ctr_drbg$(EXEXT) \ - test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \ + test/benchmark$(EXEXT) \ test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \ test/zeroize$(EXEXT) \ test/query_compile_time_config$(EXEXT) \ @@ -247,10 +247,6 @@ ssl/mini_client$(EXEXT): ssl/mini_client.c $(DEP) echo " CC ssl/mini_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/ssl_cert_test$(EXEXT): test/ssl_cert_test.c $(DEP) - echo " CC test/ssl_cert_test.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/ssl_cert_test.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - test/benchmark$(EXEXT): test/benchmark.c $(DEP) echo " CC test/benchmark.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/README.md b/programs/README.md index eb25a7f69..d26349d0f 100644 --- a/programs/README.md +++ b/programs/README.md @@ -99,8 +99,6 @@ In addition to providing options for testing client-side features, the `ssl_clie * [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module. -* [`test/ssl_cert_test.c`](test/ssl_cert_test.c): demonstrates how to verify X.509 certificates, and (for RSA keys only) how to check that each certificate matches the corresponding private key. This program requires some test data which is not provided. - * [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. * [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb). diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 65ff24948..282ef58aa 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -21,9 +21,6 @@ if(TEST_CPP) target_link_libraries(cpp_dummy_build ${libs}) endif() -add_executable(ssl_cert_test ssl_cert_test.c) -target_link_libraries(ssl_cert_test ${libs}) - add_executable(udp_proxy udp_proxy.c) target_link_libraries(udp_proxy ${libs}) @@ -34,6 +31,6 @@ add_executable(query_compile_time_config query_compile_time_config.c) target_sources(query_compile_time_config PUBLIC ../ssl/query_config.c) target_link_libraries(query_compile_time_config ${libs}) -install(TARGETS selftest benchmark ssl_cert_test udp_proxy query_compile_time_config +install(TARGETS selftest benchmark udp_proxy query_compile_time_config DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c deleted file mode 100644 index fdf30ef40..000000000 --- a/programs/test/ssl_cert_test.c +++ /dev/null @@ -1,274 +0,0 @@ -/* - * SSL certificate functionality tests - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_snprintf snprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_X509_CRL_PARSE_C) -#include "mbedtls/certs.h" -#include "mbedtls/x509_crt.h" - -#include -#include -#endif - -#define MAX_CLIENT_CERTS 8 - -#if !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_X509_CRL_PARSE_C) -int main( void ) -{ - mbedtls_printf("MBEDTLS_RSA_C and/or MBEDTLS_X509_CRT_PARSE_C " - "MBEDTLS_FS_IO and/or MBEDTLS_X509_CRL_PARSE_C " - "not defined.\n"); - return( 0 ); -} -#else -const char *client_certificates[MAX_CLIENT_CERTS] = -{ - "client1.crt", - "client2.crt", - "server1.crt", - "server2.crt", - "cert_sha224.crt", - "cert_sha256.crt", - "cert_sha384.crt", - "cert_sha512.crt" -}; - -const char *client_private_keys[MAX_CLIENT_CERTS] = -{ - "client1.key", - "client2.key", - "server1.key", - "server2.key", - "cert_digest.key", - "cert_digest.key", - "cert_digest.key", - "cert_digest.key" -}; - -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif - -int main( void ) -{ - int ret = 1, i; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_x509_crt cacert; - mbedtls_x509_crl crl; - char buf[10240]; - - mbedtls_x509_crt_init( &cacert ); - mbedtls_x509_crl_init( &crl ); - - /* - * 1.1. Load the trusted CA - */ - mbedtls_printf( "\n . Loading the CA root certificate ..." ); - fflush( stdout ); - - /* - * Alternatively, you may load the CA certificates from a .pem or - * .crt file by calling mbedtls_x509_crt_parse_file( &cacert, "myca.crt" ). - */ - ret = mbedtls_x509_crt_parse_file( &cacert, "ssl/test-ca/test-ca.crt" ); - if( ret != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret ); - goto exit; - } - - mbedtls_printf( " ok\n" ); - - mbedtls_x509_crt_info( buf, 1024, "CRT: ", &cacert ); - mbedtls_printf("%s\n", buf ); - - /* - * 1.2. Load the CRL - */ - mbedtls_printf( " . Loading the CRL ..." ); - fflush( stdout ); - - ret = mbedtls_x509_crl_parse_file( &crl, "ssl/test-ca/crl.pem" ); - if( ret != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret ); - goto exit; - } - - mbedtls_printf( " ok\n" ); - - mbedtls_x509_crl_info( buf, 1024, "CRL: ", &crl ); - mbedtls_printf("%s\n", buf ); - - for( i = 0; i < MAX_CLIENT_CERTS; i++ ) - { - /* - * 1.3. Load own certificate - */ - char name[512]; - uint32_t flags; - mbedtls_x509_crt clicert; - mbedtls_pk_context pk; - - mbedtls_x509_crt_init( &clicert ); - mbedtls_pk_init( &pk ); - - mbedtls_snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]); - - mbedtls_printf( " . Loading the client certificate %s...", name ); - fflush( stdout ); - - ret = mbedtls_x509_crt_parse_file( &clicert, name ); - if( ret != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret ); - goto exit; - } - - mbedtls_printf( " ok\n" ); - - /* - * 1.4. Verify certificate validity with CA certificate - */ - mbedtls_printf( " . Verify the client certificate with CA certificate..." ); - fflush( stdout ); - - ret = mbedtls_x509_crt_verify( &clicert, &cacert, &crl, NULL, &flags, NULL, - NULL ); - if( ret != 0 ) - { - if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) - { - char vrfy_buf[512]; - - mbedtls_printf( " failed\n" ); - mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); - mbedtls_printf( "%s\n", vrfy_buf ); - } - else - { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_verify returned %d\n\n", ret ); - goto exit; - } - } - - mbedtls_printf( " ok\n" ); - - /* - * 1.5. Load own private key - */ - mbedtls_snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]); - - mbedtls_printf( " . Loading the client private key %s...", name ); - fflush( stdout ); - - ret = mbedtls_pk_parse_keyfile( &pk, name, NULL ); - if( ret != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned %d\n\n", ret ); - goto exit; - } - - mbedtls_printf( " ok\n" ); - - /* - * 1.6. Verify certificate validity with private key - */ - mbedtls_printf( " . Verify the client certificate with private key..." ); - fflush( stdout ); - - - /* EC NOT IMPLEMENTED YET */ - if( ! mbedtls_pk_can_do( &clicert.pk, MBEDTLS_PK_RSA ) ) - { - mbedtls_printf( " failed\n ! certificate's key is not RSA\n\n" ); - goto exit; - } - - ret = mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa( pk )->N, &mbedtls_pk_rsa( clicert.pk )->N); - if( ret != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_mpi_cmp_mpi for N returned %d\n\n", ret ); - goto exit; - } - - ret = mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa( pk )->E, &mbedtls_pk_rsa( clicert.pk )->E); - if( ret != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_mpi_cmp_mpi for E returned %d\n\n", ret ); - goto exit; - } - - ret = mbedtls_rsa_check_privkey( mbedtls_pk_rsa( pk ) ); - if( ret != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey returned %d\n\n", ret ); - goto exit; - } - - mbedtls_printf( " ok\n" ); - - mbedtls_x509_crt_free( &clicert ); - mbedtls_pk_free( &pk ); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_x509_crt_free( &cacert ); - mbedtls_x509_crl_free( &crl ); - -#if defined(_WIN32) - mbedtls_printf( " + Press Enter to exit this program.\n" ); - fflush( stdout ); getchar(); -#endif - - return( exit_code ); -} -#endif /* MBEDTLS_RSA_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_X509_CRL_PARSE_C */ diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln index 85429b837..5d2c99cd3 100644 --- a/visualc/VS2010/mbedTLS.sln +++ b/visualc/VS2010/mbedTLS.sln @@ -183,11 +183,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_ctr_drbg", "gen_ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_cert_test", "ssl_cert_test.vcxproj", "{3FE0C0E1-D9BA-6A26-380C-F293E543B914}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "benchmark.vcxproj", "{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} @@ -552,14 +547,6 @@ Global {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.Build.0 = Release|Win32 {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.ActiveCfg = Release|x64 {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.Build.0 = Release|x64 - {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|Win32.ActiveCfg = Debug|Win32 - {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|Win32.Build.0 = Debug|Win32 - {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|x64.ActiveCfg = Debug|x64 - {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|x64.Build.0 = Debug|x64 - {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|Win32.ActiveCfg = Release|Win32 - {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|Win32.Build.0 = Release|Win32 - {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|x64.ActiveCfg = Release|x64 - {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|x64.Build.0 = Release|x64 {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.ActiveCfg = Debug|Win32 {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.Build.0 = Debug|Win32 {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|x64.ActiveCfg = Debug|x64 diff --git a/visualc/VS2010/ssl_cert_test.vcxproj b/visualc/VS2010/ssl_cert_test.vcxproj deleted file mode 100644 index b8f014e36..000000000 --- a/visualc/VS2010/ssl_cert_test.vcxproj +++ /dev/null @@ -1,174 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {3FE0C0E1-D9BA-6A26-380C-F293E543B914} - Win32Proj - ssl_cert_test - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - Windows7.1SDK - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - - - Level3 - Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - - - Level3 - Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - - - MaxSpeed - true - true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - - - MaxSpeed - true - true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - From cd9286f1ca16d6e31107e218663c0a6b4b820452 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 6 Mar 2019 08:26:52 -0500 Subject: [PATCH 74/87] Remove crypto-only related components from all.sh --- tests/scripts/all.sh | 82 -------------------------------------------- 1 file changed, 82 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d8374ccc1..f3e607f26 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1043,34 +1043,6 @@ component_test_platform_calloc_macro () { make test } -component_test_aes_fewer_tables () { - msg "build: default config with AES_FEWER_TABLES enabled" - scripts/config.pl set MBEDTLS_AES_FEWER_TABLES - make CC=gcc CFLAGS='-Werror -Wall -Wextra' - - msg "test: AES_FEWER_TABLES" - make test -} - -component_test_aes_rom_tables () { - msg "build: default config with AES_ROM_TABLES enabled" - scripts/config.pl set MBEDTLS_AES_ROM_TABLES - make CC=gcc CFLAGS='-Werror -Wall -Wextra' - - msg "test: AES_ROM_TABLES" - make test -} - -component_test_aes_fewer_tables_and_rom_tables () { - msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" - scripts/config.pl set MBEDTLS_AES_FEWER_TABLES - scripts/config.pl set MBEDTLS_AES_ROM_TABLES - make CC=gcc CFLAGS='-Werror -Wall -Wextra' - - msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" - make test -} - component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 all check @@ -1120,60 +1092,6 @@ support_test_mx32 () { esac } -component_test_min_mpi_window_size () { - msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s - scripts/config.pl set MBEDTLS_MPI_WINDOW_SIZE 1 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s - make test -} - -component_test_have_int32 () { - msg "build: gcc, force 32-bit bignum limbs" - scripts/config.pl unset MBEDTLS_HAVE_ASM - scripts/config.pl unset MBEDTLS_AESNI_C - scripts/config.pl unset MBEDTLS_PADLOCK_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' - - msg "test: gcc, force 32-bit bignum limbs" - make test -} - -component_test_have_int64 () { - msg "build: gcc, force 64-bit bignum limbs" - scripts/config.pl unset MBEDTLS_HAVE_ASM - scripts/config.pl unset MBEDTLS_AESNI_C - scripts/config.pl unset MBEDTLS_PADLOCK_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' - - msg "test: gcc, force 64-bit bignum limbs" - make test -} - -component_test_no_udbl_division () { - msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - scripts/config.pl full - scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests - scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION - make CFLAGS='-Werror -O1' - - msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - make test -} - -component_test_no_64bit_multiplication () { - msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - scripts/config.pl full - scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests - scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION - make CFLAGS='-Werror -O1' - - msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - make test -} - component_build_arm_none_eabi_gcc () { msg "build: arm-none-eabi-gcc, make" # ~ 10s scripts/config.pl full From 4a8d2dfdd6b4b606d028dcc91e53cb0c42096f43 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 8 Apr 2019 06:20:00 -0400 Subject: [PATCH 75/87] all.sh: remove component_test_new_ecdh_context Remove the ecdh_context component to have it only in the crypto repository --- tests/scripts/all.sh | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f3e607f26..9518421e5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -678,23 +678,6 @@ component_test_rsa_no_crt () { if_build_succeeded tests/compat.sh -t RSA } -component_test_new_ecdh_context () { - msg "build: new ECDH context (ASan build)" # ~ 6 min - scripts/config.pl unset MBEDTLS_ECDH_LEGACY_CONTEXT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: new ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: new ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s - if_build_succeeded tests/ssl-opt.sh -f ECDH - - msg "test: new ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min - # Exclude some symmetric ciphers that are redundant here to gain time. - if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' -} - component_test_small_ssl_out_content_len () { msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 From d037ad64717f2df715b572533b700d0ccc5d0860 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Mon, 8 Apr 2019 11:23:50 +0100 Subject: [PATCH 76/87] Give credit to OSS-Fuzz for #2404 Add "Credit to OSS-Fuzz", in addition to Guido Vranken, for identifying bug #2404. --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9ab0c03c6..6a3fed1ad 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,7 +17,8 @@ Bugfix Junhwan Park, #2106. * Reduce stack usage of hkdf tests. Fixes #2195. * Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when - used with negative inputs. Found by Guido Vranken in #2404. + used with negative inputs. Found by Guido Vranken in #2404. Credit to + OSS-Fuzz. * Fix bugs in the AEAD test suite which would be exposed by ciphers which either used both encrypt and decrypt key schedules, or which perform padding. GCM and CCM were not affected. Fixed by Jack Lloyd. From df48efa77a697ce44629eab5836649a9ab2966ff Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 8 Apr 2019 13:28:24 +0300 Subject: [PATCH 77/87] Skip uncritical unsupported extensions Skip extensions that have support in the `oid` layer`, but no parser found in the x509 layer, in case these are not critical. --- library/x509_crt.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5d82816f2..8024b51a0 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -820,7 +820,17 @@ static int x509_get_crt_ext( unsigned char **p, break; default: - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + /* + * If this is a non-critical extension, which the oid layer + * supports, but there isn't an x509 parser for it, + * skip the extension. + */ +#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) + if( is_critical ) + return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + else +#endif + *p = end_ext_octet; } } From 4c8c7aa95e15f9d443d412ec69f0388ca214be60 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Apr 2019 09:25:41 +0100 Subject: [PATCH 78/87] Don't use debug level 1 for informational messages --- library/ssl_tls.c | 8 ++++---- tests/ssl-opt.sh | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 660d548e4..8c6c6a9d7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1238,7 +1238,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ret == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Successfully setup PSA-based encryption cipher context" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) ); psa_fallthrough = 0; } else @@ -1281,7 +1281,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ret == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Successfully setup PSA-based decryption cipher context" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) ); psa_fallthrough = 0; } else @@ -10444,7 +10444,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg ); - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) ); if( ( status = psa_hash_setup( &hash_operation, hash_alg ) ) != PSA_SUCCESS ) @@ -10507,7 +10507,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); *hashlen = mbedtls_md_get_size( md_info ); - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) ); mbedtls_md_init( &ctx ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d952f33fd..d0ec777d9 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -767,8 +767,8 @@ run_test() { run_test_psa() { requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSA-supported ciphersuite: $1" \ - "$P_SRV debug_level=2 force_version=tls1_2" \ - "$P_CLI debug_level=2 force_version=tls1_2 force_ciphersuite=$1" \ + "$P_SRV debug_level=3 force_version=tls1_2" \ + "$P_CLI debug_level=3 force_version=tls1_2 force_ciphersuite=$1" \ 0 \ -c "Successfully setup PSA-based decryption cipher context" \ -c "Successfully setup PSA-based encryption cipher context" \ From 4b317616ebd03818747d768f27a7d8507b5de1b1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Apr 2019 16:58:02 +0200 Subject: [PATCH 79/87] Run ssl-opt.sh on 32-bit runtime Run ssl-opt.sh on x86_32 with ASan. This may detect bugs that only show up on 32-bit platforms, for example due to size_t overflow. For this component, turn off some memory management features that are not useful, potentially slow, and may reduce ASan's effectiveness at catching buffer overflows. --- tests/scripts/all.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d8374ccc1..ebd39f086 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1096,10 +1096,16 @@ component_test_m32_o1 () { # Build again with -O1, to compile in the i386 specific inline assembly msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl unset MBEDTLS_MEMORY_DEBUG make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' msg "test: i386, make, gcc -O1 (ASan build)" make test + + msg "test ssl-opt.sh, i386, make, gcc-O1" + if_build_succeeded tests/ssl-opt.sh } support_test_m32_o1 () { support_test_m32_o0 "$@" From 7832c9fc3da624aa69c3d7436a154010e0c58386 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Apr 2019 17:00:15 +0200 Subject: [PATCH 80/87] Add an "out-of-box" component Just run `make` and `make test`. And `selftest` for good measure. --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ebd39f086..c74e67a11 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -611,6 +611,17 @@ component_check_doxygen_warnings () { #### Build and test many configurations and targets ################################################################ +component_test_default_out_of_box () { + msg "build: make, default config (out-of-box)" # ~1min + make + + msg "test: main suites make, default config (out-of-box)" # ~10s + make test + + msg "selftest: make, default config (out-of-box)" # ~10s + programs/test/selftest +} + component_test_default_cmake_gcc_asan () { msg "build: cmake, gcc, ASan" # ~ 1 min 50s CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . From f1349e4bfef8d535588deda88c62634e31972284 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Apr 2019 17:00:56 +0200 Subject: [PATCH 81/87] Clarify comment mangled by an earlier refactoring --- tests/scripts/all.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c74e67a11..6765dc1bd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1337,10 +1337,8 @@ component_test_valgrind () { msg "test: main suites valgrind (Release)" make memcheck - # Optional part(s) - # Currently broken, programs don't seem to receive signals - # under valgrind on OS X - + # Optional parts (slow; currently broken on OS X because programs don't + # seem to receive signals under valgrind on OS X). if [ "$MEMORY" -gt 0 ]; then msg "test: ssl-opt.sh --memcheck (Release)" if_build_succeeded tests/ssl-opt.sh --memcheck From 2ae29ba444ff43983019e43dafb791dfa052e06e Mon Sep 17 00:00:00 2001 From: Peter Kolbus Date: Sun, 14 Apr 2019 14:01:13 -0500 Subject: [PATCH 82/87] cpp_dummy_build: Add missing header psa_util.h Add missing header to fix #2579. Change-Id: I038166b826534bac853be34a0281384e26675187 --- ChangeLog | 2 ++ programs/test/cpp_dummy_build.cpp | 1 + 2 files changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9ab0c03c6..a91c046c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,8 @@ Bugfix GCM and CCM were not affected. Fixed by Jack Lloyd. * Fix incorrect default port number in ssl_mail_client example's usage. Found and fixed by irwir. #2337 + * Add psa_util.h to test/cpp_dummy_build to fix build_default_make_gcc_and_cxx. + Fixed by Peter Kolbus (Garmin). #2579 Changes * Server's RSA certificate in certs.c was SHA-1 signed. In the default diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp index c65288404..9cd5090a3 100644 --- a/programs/test/cpp_dummy_build.cpp +++ b/programs/test/cpp_dummy_build.cpp @@ -81,6 +81,7 @@ #include "mbedtls/platform_time.h" #include "mbedtls/platform_util.h" #include "mbedtls/poly1305.h" +#include "mbedtls/psa_util.h" #include "mbedtls/ripemd160.h" #include "mbedtls/rsa.h" #include "mbedtls/rsa_internal.h" From e82341646a0e29c1066afba90434caeed558e57f Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 3 Apr 2019 09:45:07 +0300 Subject: [PATCH 83/87] Add certificate policy oid x509 extension Add the `MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES` to the list of supported x509 extensions, in `mbedtls_oid_get_x509_ext_type()`. --- ChangeLog | 1 + library/oid.c | 14 +++++++++----- tests/suites/test_suite_oid.data | 24 ++++++++++++++++++++++++ tests/suites/test_suite_oid.function | 23 +++++++++++++++++++++++ 4 files changed, 57 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9ab0c03c6..984de6a45 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ Features * It is now possible to use NIST key wrap mode via the mbedtls_cipher API. Contributed by Jack Lloyd and Fortanix Inc. * Add the Wi-SUN Field Area Network (FAN) device extended key usage. + * Add the oid certificate policy x509 extension. Bugfix * Fix private key DER output in the key_app_writer example. File contents diff --git a/library/oid.c b/library/oid.c index 8059a336c..2d22b11f2 100644 --- a/library/oid.c +++ b/library/oid.c @@ -254,25 +254,29 @@ typedef struct { static const oid_x509_ext_t oid_x509_ext[] = { { - { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" }, + { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" }, MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, }, { - { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" }, + { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" }, MBEDTLS_OID_X509_EXT_KEY_USAGE, }, { - { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" }, + { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" }, MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, }, { - { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" }, + { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" }, MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, }, { - { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" }, + { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" }, MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, }, + { + { ADD_LEN( MBEDTLS_OID_CERTIFICATE_POLICIES ), "id-ce-certificatePolicies", "Certificate Policies" }, + MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, + }, { { NULL, 0, NULL, NULL }, 0, diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index 625085f16..3d5d9db3f 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -33,3 +33,27 @@ oid_get_extended_key_usage:"5533445566":"" OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier oid_get_extended_key_usage:"551D23":"" + +OID get x509 extension - id-ce-basicConstraints +oid_get_x509_extension:"551D13":MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS + +OID get x509 extension - id-ce-keyUsage +oid_get_x509_extension:"551D0F":MBEDTLS_OID_X509_EXT_KEY_USAGE + +OID get x509 extension - id-ce-extKeyUsage +oid_get_x509_extension:"551D25":MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE + +OID get x509 extension - id-ce-subjectAltName +oid_get_x509_extension:"551D11":MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME + +OID get x509 extension - id-netscape-certtype +oid_get_x509_extension:"6086480186F8420101":MBEDTLS_OID_X509_EXT_NS_CERT_TYPE + +OID get x509 extension - id-ce-certificatePolicies +oid_get_x509_extension:"551D20":MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES + +OID get x509 extension - invalid oid +oid_get_x509_extension:"5533445566":0 + +OID get x509 extension - wrong oid - id-ce +oid_get_x509_extension:"551D":0 diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index 59e700e51..890ffecad 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -55,3 +55,26 @@ void oid_get_extended_key_usage( data_t *oid, char *result_str ) } } /* END_CASE */ + +/* BEGIN_CASE */ +void oid_get_x509_extension( data_t *oid, int exp_type ) +{ + mbedtls_asn1_buf ext_oid = { 0, 0, NULL }; + int ret; + int ext_type; + + ext_oid.tag = MBEDTLS_ASN1_OID; + ext_oid.p = oid->x; + ext_oid.len = oid->len; + + ret = mbedtls_oid_get_x509_ext_type( &ext_oid, &ext_type ); + if( exp_type == 0 ) + { + TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND ); + } + else + { + TEST_ASSERT( ext_type == exp_type ); + } +} +/* END_CASE */ From 685a398a6b0082f7fd16f3d9f6e70a9d616e41c8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 3 Apr 2019 09:46:27 +0300 Subject: [PATCH 84/87] Minor fixes in get certificate policies oid test 1. Remove irrelevant dependency on `MBEDTLS_ASN1_WRITE_C`. 2. Remove whitespace between `*` and parameter. --- tests/suites/test_suite_oid.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index 890ffecad..cb8abe638 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -10,8 +10,8 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C*/ -void oid_get_certificate_policies( data_t * oid, char * result_str ) +/* BEGIN_CASE */ +void oid_get_certificate_policies( data_t *oid, char *result_str ) { mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; int ret; From 3b4f9eac445f2eb971adb75e36444a3e24a8bdaf Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 16 Apr 2019 13:31:27 +0300 Subject: [PATCH 85/87] Update crypto submodule Update crypto submodule to latest commit --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index 82b3b83d5..125a1e980 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 82b3b83d540ec9611277ca3e9b645b335f80846a +Subproject commit 125a1e980e44a8b756ba3a9a3b7c4d1ce5cbf134 From 139ec3b913af7073c219137b7aef0607064631af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Apr 2019 15:25:20 +0200 Subject: [PATCH 86/87] Don't call mbedtls_cipher_setkey twice The documentation doesn't explicitly say whether it's allowed or not. This currently works with the default software implementation, but only by accident. It isn't guaranteed to work with new ciphers or with alternative implementations of individual ciphers, and it doesn't work with the PSA wrappers. So don't do it. --- tests/suites/test_suite_cipher.function | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 9a0637ee1..f35bbbf51 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1011,6 +1011,20 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 ); /* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */ + TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == 0 ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( use_psa == 1 ) + { + TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx, + mbedtls_cipher_info_from_type( cipher_id ), + tag->len ) ); + } + else +#endif + { + TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, + mbedtls_cipher_info_from_type( cipher_id ) ) ); + } TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, MBEDTLS_ENCRYPT ) ); From 424840e033e574199e270326e7091271936bb7ec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Apr 2019 15:56:36 +0200 Subject: [PATCH 87/87] Call mbedtls_cipher_free() to reset a cipher context mbedtls_cipher_reset() only restarts the operation, it doesn't dissociate the key from the context. --- tests/suites/test_suite_cipher.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index f35bbbf51..ca39937c2 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1011,7 +1011,7 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 ); /* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */ - TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == 0 ); + mbedtls_cipher_free( &ctx ); #if defined(MBEDTLS_USE_PSA_CRYPTO) if( use_psa == 1 ) {