From 95b68ef5aeb836c331e0ab31c87dbd806d1ed6ed Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Mon, 16 Sep 2019 12:21:00 +0200 Subject: [PATCH 01/67] Improve clarity of a memory operation call --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a7facb81a2..59307e76ce 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6802,7 +6802,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, if( peer_crt->raw.len != crt_buf_len ) return( -1 ); - return( memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) ); + return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) ); } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, From 82a1fe5fccb541e19f44be5babdd071b059f726b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Sep 2019 11:20:11 +0100 Subject: [PATCH 02/67] X.509: Remove CRT policy parsing test 'bool len missing' Judging from its name, the purpose of the test TBSCertificate v3, ext CertificatePolicies tag, bool len missing in test_suite_x509parse.data is to exercise the X.509 parsing stack's behaviour when parsing a CertificatePolicy extension which lacks the length field of the boolean 'Criticality' value. However, the test fails at an earlier stage due to a mismatch of inner and outer length of the explicit ASN.1 extensions structure. Since we already have tests exercising - mismatch of inner and outer length in the extensions structure, namely 'X509 CRT ASN1 (TBS, inv v3Ext, inner tag invalid)' - missing length of the 'Criticality' field in an extension, namely 'X509 CRT ASN1 (TBS, inv v3Ext, critical length missing)' and since for both tests there's no relevance to the use of the policy extension OID, the test 'TBSCertificate v3, ext CertificatePolicies tag, bool len missing' can be dropped. --- tests/suites/test_suite_x509parse.data | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index ce49ff0fc1..738026bb97 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1569,10 +1569,6 @@ X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, bool len missing) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300730050603551d2001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH - X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data missing) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30b300930070603551d20040001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA From 7b8330a9c7e8644499a2d6213f11d1f34b329382 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Sep 2019 14:06:33 +0100 Subject: [PATCH 03/67] X.509: Move negative tests for CertificatePolicy parsing This commit moves the X.509 negative parsing tests for the CertificatePolicy extension to the place where negative testing of other extensions happens. --- tests/suites/test_suite_x509parse.data | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 738026bb97..c9f9b0f984 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1569,18 +1569,6 @@ X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data missing) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30b300930070603551d20040001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA - -X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data not oid) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509parse_crt:"3081bc3081b9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba32e302c30290603551d2004223020301ea01c06082b06010505070804a010300e06082b060104010901030402022201010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG - -X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, qualifier not complete) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a301f0603551d2004183020301f0603551d200418301630140604551d2000300c300a06082b0601050507020101010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA - X509 CRT ASN1 (TBSCertificate v3, ext SubjectAlternativeName malformed) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509parse_crt:"30820220308201ffa0030201020209202020202020202020300d06092a864886f70d01010505003045310b30090603202020130220203113301106032020200c0a202020202020202020203121301f06032020200c18202020202020202020202020202020202020202020202020301e170d3134303432333230353034305a170d3137303432323230353034305a3045310b30090603202020130220203113301106032020200c0a202020202020202020203121301f06032020200c1820202020202020202020202020202020202020202020202030819f300d06092a864886f70d010101050003818d003081890281812020202020202020ff20202020202020202020202020202020202020ff202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020ff020320ffffa350304e301d0603202020041620202020202020202020202020202020202020202020301f0603551d11041830169104202020208000be002020202020202020202020202020202020202020202020202020202020202020ff20202020202020202020202020202020202020ff2020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020ff2020ff202020202020202020202020202020ff2020202020202020202020202020202020202020202020202020":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA @@ -1729,6 +1717,18 @@ X509 CRT ASN1 (TBS, inv v3Ext, data remaining after extnValue) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, data missing) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30b300930070603551d20040001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data not oid) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081bc3081b9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba32e302c30290603551d2004223020301ea01c06082b06010505070804a010300e06082b060104010901030402022201010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, qualifier not complete) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a301f0603551d2004183020301f0603551d200418301630140604551d2000300c300a06082b0601050507020101010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + X509 CRT ASN1 (TBS, inv extBasicConstraint, no pathlen length) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA From c15ff98455e57b32661470efedc9768989e1ec9e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Sep 2019 14:21:57 +0100 Subject: [PATCH 04/67] X.509: Adapt negative parsing test for no data in CrtPolicy ext This commit modifies the test X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, data missing) which exercises the behaviour of the X.509 CRT parser when facing a CertificatePolicy extension with empty data field. The following adaptations are made: - The subject ID and issuer ID are modified to have length 0. The previous values `aa` and `bb` are OK, but a generic ASN.1 parser will try to interpret them as ASN.1 tags and fail. For maintainability, it's therefore better to use something that can be parsed as ASN.1, and an empty ID is the easiest solution here. - The TBS part of the certificate wasn't followed by signature algorithm and signature fields, which makes the test incompatible with future changes swapping to breadth-first parsing of certificates. --- tests/suites/test_suite_x509parse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index c9f9b0f984..ed0ed16efb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1719,7 +1719,7 @@ x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b05003 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, data missing) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30b300930070603551d20040001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data not oid) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C From 6dfa665398b83a7d7bccde8d71285b75b7708ae5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Sep 2019 16:03:08 +0100 Subject: [PATCH 05/67] X.509: Add numerous negative parsing tests for CertificatePolicy ext This commit adds multiple test cases to the X.509 CRT parsing test suite exercising the stack's behaviour when facing CertificatePolicy extensions that are malformed for a variety of reasons. It follows the same scheme as in other negative parsing tests: For each ASN.1 component, have test cases for (a) unexpected tag, (b) missing length, (c) invalid length encoding, (d) length out of bounds. --- tests/suites/test_suite_x509parse.data | 76 ++++++++++++++++++++++++-- 1 file changed, 72 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index ed0ed16efb..840628628c 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1721,13 +1721,81 @@ X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, data missing) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA -X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data not oid) +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, invalid outer tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509parse_crt:"3081bc3081b9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba32e302c30290603551d2004223020301ea01c06082b06010505070804a010300e06082b060104010901030402022201010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, qualifier not complete) +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length missing) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a301f0603551d2004183020301f0603551d200418301630140604551d2000300c300a06082b0601050507020101010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length inv encoding) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length out of bounds) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, no policies) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid tag) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length missing) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length inv encoding) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length out of bounds) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, empty policy) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid OID tag) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy no OID length) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length inv encoding) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length out of bounds) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, unknown critical policy) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier invalid tag) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier no length) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier inv length encoding) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH + +X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier length out of bounds) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRT ASN1 (TBS, inv extBasicConstraint, no pathlen length) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C From 20935ebd34850989acfc2356bcf53389db2b8188 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Thu, 26 Sep 2019 11:22:02 +0200 Subject: [PATCH 06/67] Fix buffer size in an AES example --- programs/aes/aescrypt2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 8242ea7c9e..048028df09 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -96,7 +96,7 @@ int main( int argc, char *argv[] ) unsigned char IV[16]; unsigned char tmp[16]; unsigned char key[512]; - unsigned char digest[32]; + unsigned char digest[64]; unsigned char buffer[1024]; unsigned char diff; From bbc1c699fc02b3e123fae5c0cbf1a693e2ebca53 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Thu, 26 Sep 2019 13:36:54 +0200 Subject: [PATCH 07/67] Fix potential resource leak in sslserver2 example --- programs/ssl/ssl_server2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e27bbc678d..27ffbb930e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -721,6 +721,7 @@ static int nss_keylog_export( void *p_expkey, if( fwrite( nss_keylog_line, 1, len, f ) != len ) { ret = -1; + fclose( f ); goto exit; } From 40883e91a6881ef151ca5084394c17630711d775 Mon Sep 17 00:00:00 2001 From: irwir Date: Sat, 21 Sep 2019 17:55:33 +0300 Subject: [PATCH 08/67] Resolve #2717 - remove erroneous sizeof (the operator was applied to constant integer number) --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a7facb81a2..ae369b24cc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7264,7 +7264,7 @@ static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl, if( ssl->session_negotiate->peer_cert_digest == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", - sizeof( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) ) ); + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); From 734f0cf65e630dce5180aa1f08c621f30a10f5c4 Mon Sep 17 00:00:00 2001 From: irwir Date: Thu, 26 Sep 2019 21:03:24 +0300 Subject: [PATCH 09/67] Resolve #2800 - move declaration to avoid unused variable warning in case MBEDTLS_SSL_PROTO_DTLS was undefined --- library/ssl_tls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ae369b24cc..9577b35100 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -120,7 +120,6 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, size_t buflen ) { int ret = 0; - mbedtls_record rec; MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen ); @@ -137,6 +136,8 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_PROTO_DTLS) else { + mbedtls_record rec; + ret = ssl_parse_record_header( ssl, buf, buflen, &rec ); if( ret != 0 ) { From 89af51ff39d1efb6c1ffd6ef323cbd254b4ada6e Mon Sep 17 00:00:00 2001 From: irwir Date: Thu, 26 Sep 2019 21:04:56 +0300 Subject: [PATCH 10/67] Resolve #2801 - remove repetitive assignment to ssl->in_msg (the first value was never used) --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9577b35100..48c433e672 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6414,7 +6414,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->in_len = ssl->in_cid + rec.cid_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->in_iv = ssl->in_msg = ssl->in_len + 2; + ssl->in_iv = ssl->in_len + 2; /* The record content type may change during decryption, * so re-read it. */ From 6c0da64094f5118db8e006301ca67bfde1c8f9fc Mon Sep 17 00:00:00 2001 From: irwir Date: Thu, 26 Sep 2019 21:07:41 +0300 Subject: [PATCH 11/67] Shorter version of mbedtls_ssl_send_fatal_handshake_failure --- ChangeLog | 10 ++++++++++ library/ssl_tls.c | 13 +++---------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 973f21300e..0ba2adbee6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.19.2 branch released xxxx-xx-xx + +Bugfix + * Fix an incorrect size in a debugging message. Reported and fix + submitted by irwir. Fixes #2717. + * Fix an unused variable warning when compiling without DTLS. + Reported and fix submitted by irwir. Fixes #2800. + * Remove a useless assignment. Reported and fix submitted by irwir. + Fixes #2801. + = mbed TLS 2.19.1 branch released 2019-09-16 Features diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 48c433e672..cf5b1cbf12 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6568,16 +6568,9 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ) { - int ret; - - if( ( ret = mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 ) - { - return( ret ); - } - - return( 0 ); + return( mbedtls_ssl_send_alert_message( ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ); } int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, From 9926eaf69525e13a08dbd26cb54b93cb142dc001 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Wed, 20 Nov 2019 14:54:36 +0100 Subject: [PATCH 12/67] Do not allow configuring zero-length PSK fix error when calloc is called with size 0 --- library/ssl_tls.c | 7 ++++++- programs/ssl/ssl_client2.c | 18 +++++++++++------- programs/ssl/ssl_server2.c | 17 +++++++++++------ 3 files changed, 28 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 69a46b9d58..e4502071a8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9171,8 +9171,13 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, ssl_conf_remove_psk( conf ); /* Check and set raw PSK */ - if( psk == NULL || psk_len > MBEDTLS_PSK_MAX_LEN ) + if( psk == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if( psk_len == 0 ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if( psk_len > MBEDTLS_PSK_MAX_LEN ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); conf->psk_len = psk_len; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 558fa28218..cbda4d1091 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -194,7 +194,8 @@ int main( void ) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #define USAGE_PSK_RAW \ - " psk=%%s default: \"\" (in hex, without 0x)\n" \ + " psk=%%s default: \"\" (disabled)\n" \ + " The PSK values are in hex, without 0x.\n" \ " psk_identity=%%s default: \"Client_identity\"\n" #if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ @@ -2374,13 +2375,16 @@ int main( int argc, char *argv[] ) } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len, - (const unsigned char *) opt.psk_identity, - strlen( opt.psk_identity ) ) ) != 0 ) + if( psk_len > 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", - ret ); - goto exit; + ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len, + (const unsigned char *) opt.psk_identity, + strlen( opt.psk_identity ) ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret ); + goto exit; + } } #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 27ffbb930e..27f2312305 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -259,7 +259,8 @@ int main( void ) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #define USAGE_PSK_RAW \ - " psk=%%s default: \"\" (in hex, without 0x)\n" \ + " psk=%%s default: \"\" (disabled)\n" \ + " The PSK values are in hex, without 0x.\n" \ " psk_list=%%s default: \"\"\n" \ " A list of (PSK identity, PSK value) pairs.\n" \ " The PSK values are in hex, without 0x.\n" \ @@ -3364,12 +3365,16 @@ int main( int argc, char *argv[] ) } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len, - (const unsigned char *) opt.psk_identity, - strlen( opt.psk_identity ) ) ) != 0 ) + if( psk_len > 0 ) { - mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret ); - goto exit; + ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len, + (const unsigned char *) opt.psk_identity, + strlen( opt.psk_identity ) ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret ); + goto exit; + } } } From 7d01ef6562b7a9a8b13ac26934cc3d1f7b703e33 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Wed, 20 Nov 2019 15:00:17 +0100 Subject: [PATCH 13/67] Added buffer-based mbedtls allocator support to ssl_client2 --- programs/ssl/ssl_client2.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cbda4d1091..8f0d3b501c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -54,6 +54,10 @@ int main( void ) } #else +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +#include "mbedtls/memory_buffer_alloc.h" +#endif + #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" @@ -73,6 +77,10 @@ int main( void ) #include #include +/* Size of memory to be allocated for the heap, when using the library's memory + * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ +#define MEMORY_HEAP_SIZE 120000 + #define MAX_REQUEST_SIZE 20000 #define MAX_REQUEST_SIZE_STR "20000" @@ -1130,6 +1138,11 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif + +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) + unsigned char alloc_buf[MEMORY_HEAP_SIZE]; +#endif + #if defined(MBEDTLS_ECP_C) mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE]; const mbedtls_ecp_curve_info *curve_cur; @@ -1179,6 +1192,10 @@ int main( int argc, char *argv[] ) eap_tls_keys eap_tls_keying; #endif +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) + mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) ); +#endif + /* * Make sure memory references are valid. */ @@ -3291,6 +3308,13 @@ exit: #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +#if defined(MBEDTLS_MEMORY_DEBUG) + mbedtls_memory_buffer_alloc_status(); +#endif + mbedtls_memory_buffer_alloc_free(); +#endif + #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); From df78e496b7acc17b9552e66df153e7d31f910537 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Nov 2019 13:30:00 +0100 Subject: [PATCH 14/67] Error out rather than call python on the perl script --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index 95e31913a2..a303d2f866 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -19,7 +19,7 @@ ## This file is part of Mbed TLS (https://tls.mbed.org) my $py = $0; -$py =~ s/\.pl$/.py/; +$py =~ s/\.pl$/.py/ or die "Unable to determine the name of the Python script"; exec 'python3', $py, @ARGV; print STDERR "$0: python3: $!\n"; exec 'python', $py, @ARGV; From 987e271b16ab66bc1b610399b7d5a2bf32158104 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Nov 2019 13:30:16 +0100 Subject: [PATCH 15/67] If python3 fails, make it clear that this isn't fatal --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index a303d2f866..c836b37af5 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -21,7 +21,7 @@ my $py = $0; $py =~ s/\.pl$/.py/ or die "Unable to determine the name of the Python script"; exec 'python3', $py, @ARGV; -print STDERR "$0: python3: $!\n"; +print STDERR "$0: python3: $!. Trying python instead.\n"; exec 'python', $py, @ARGV; print STDERR "$0: python: $!\n"; exit 127; From 28405300ee34e644f06a0542228e7cc03de5b8cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 13:52:16 +0200 Subject: [PATCH 16/67] New macro ASSERT_ALLOC to allocate memory in tests The new macro ASSERT_ALLOC allocates memory with mbedtls_calloc and fails the test if the allocation fails. It outputs a null pointer if the requested size is 0. It is meant to replace existing calls to mbedtls_calloc. --- tests/suites/helpers.function | 37 ++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 5d0a3906d4..686f0acf75 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -230,13 +230,44 @@ typedef enum #define TEST_VALID_PARAM( TEST ) \ TEST_ASSERT( ( TEST, 1 ) ); -#define TEST_HELPER_ASSERT(a) if( !( a ) ) \ +#define TEST_HELPER_ASSERT(a) if( !( a ) ) \ { \ - mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ + mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ __FILE__, __LINE__, #a ); \ - mbedtls_exit( 1 ); \ + mbedtls_exit( 1 ); \ } +/** Allocate memory dynamically and fail the test case if this fails. + * + * You must set \p pointer to \c NULL before calling this macro and + * put `mbedtls_free( pointer )` in the test's cleanup code. + * + * If \p size is zero, the resulting \p pointer will be \c NULL. + * This is usually what we want in tests since API functions are + * supposed to accept null pointers when a buffer size is zero. + * + * This macro expands to an instruction, not an expression. + * It may jump to the \c exit label. + * + * \param pointer An lvalue where the address of the allocated buffer + * will be stored. + * This expression may be evaluated multiple times. + * \param size Buffer size to allocate in bytes. + * This expression may be evaluated multiple times. + * + */ +#define ASSERT_ALLOC( pointer, size ) \ + do \ + { \ + TEST_ASSERT( ( pointer ) == NULL ); \ + if( ( size ) != 0 ) \ + { \ + ( pointer ) = mbedtls_calloc( 1, ( size ) ); \ + TEST_ASSERT( ( pointer ) != NULL ); \ + } \ + } \ + while( 0 ) + /* * 32-bit integer manipulation macros (big endian) */ From 6608e71032af628eb86bdade4df2baed0fbae5f3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 30 Nov 2018 18:51:45 +0100 Subject: [PATCH 17/67] Change ASSERT_ALLOC to take a size in elements, not bytes `ASSERT_ALLOC(p, length)` now allocates `length` elements, i.e. `length * sizeof(*p)` bytes. --- tests/suites/helpers.function | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 686f0acf75..7cc9c09da6 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -242,7 +242,7 @@ typedef enum * You must set \p pointer to \c NULL before calling this macro and * put `mbedtls_free( pointer )` in the test's cleanup code. * - * If \p size is zero, the resulting \p pointer will be \c NULL. + * If \p length is zero, the resulting \p pointer will be \c NULL. * This is usually what we want in tests since API functions are * supposed to accept null pointers when a buffer size is zero. * @@ -252,20 +252,21 @@ typedef enum * \param pointer An lvalue where the address of the allocated buffer * will be stored. * This expression may be evaluated multiple times. - * \param size Buffer size to allocate in bytes. + * \param length Number of elements to allocate. * This expression may be evaluated multiple times. * */ -#define ASSERT_ALLOC( pointer, size ) \ - do \ - { \ - TEST_ASSERT( ( pointer ) == NULL ); \ - if( ( size ) != 0 ) \ - { \ - ( pointer ) = mbedtls_calloc( 1, ( size ) ); \ - TEST_ASSERT( ( pointer ) != NULL ); \ - } \ - } \ +#define ASSERT_ALLOC( pointer, length ) \ + do \ + { \ + TEST_ASSERT( ( pointer ) == NULL ); \ + if( ( length ) != 0 ) \ + { \ + ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \ + ( length ) ); \ + TEST_ASSERT( ( pointer ) != NULL ); \ + } \ + } \ while( 0 ) /* From 512fe9673f2c3a62ca2b5bed00350f344d33770a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 29 Nov 2019 09:16:07 +0000 Subject: [PATCH 18/67] Fix test assert macro calls The assert() macro in test is not available anymore. It is superseeded by TEST_HELPER_ASSERT(). --- tests/suites/target_test.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function index d430d9d5d9..b097589a55 100644 --- a/tests/suites/target_test.function +++ b/tests/suites/target_test.function @@ -75,7 +75,7 @@ uint8_t receive_byte() c[1] = greentea_getc(); c[2] = '\0'; - assert( unhexify( &byte, c ) != 2 ); + TEST_HELPER_ASSERT( unhexify( &byte, c ) != 2 ); return( byte ); } @@ -100,7 +100,7 @@ uint32_t receive_uint32() greentea_getc(), '\0' }; - assert( unhexify( &value, c ) != 8 ); + TEST_HELPER_ASSERT( unhexify( &value, c ) != 8 ); return( (uint32_t)value ); } From 2347a34b752c18add1a2a10a907e0e414886d4e7 Mon Sep 17 00:00:00 2001 From: "Zachary J. Fields" Date: Tue, 3 Dec 2019 16:19:53 -0600 Subject: [PATCH 19/67] Propagate public headers Declare include headers as `PUBLIC` to propagate to project consumers --- include/CMakeLists.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index c2f2bd4e6f..a3ee3e438c 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -1,5 +1,11 @@ option(INSTALL_MBEDTLS_HEADERS "Install mbed TLS headers." ON) +# Declare include headers as PUBLIC to propogate to project consumers +target_include_directories( + mbedtls + PUBLIC ${CMAKE_CURRENT_LIST_DIR} +) + if(INSTALL_MBEDTLS_HEADERS) file(GLOB headers "mbedtls/*.h") From 6264e66ba4a8cbc74c468fd33b3666753c76b92e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 26 Nov 2019 11:11:15 +0000 Subject: [PATCH 20/67] Add mbedtls_test_buffer to SSL unit tests In a unit test we want to avoid accessing the network. To test the handshake in the unit test suite we need to implement a connection between the server and the client. This ring buffer implementation will serve as the said connection. --- tests/suites/test_suite_ssl.data | 33 +++ tests/suites/test_suite_ssl.function | 304 +++++++++++++++++++++++++++ 2 files changed, 337 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 45765deeba..8e43852c89 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -1,3 +1,36 @@ +Test calback buffer sanity +test_callback_buffer_sanity: + +Callback buffer test: Exercise simple write/read +test_callback_buffer:50:25:25:25:25:0:0:0:0 + +Callback buffer test: Filling up the buffer +test_callback_buffer:50:50:50:50:50:0:0:0:0 + +Callback buffer test: Filling up the buffer in two steps +test_callback_buffer:50:20:20:0:0:30:30:50:50 + +Callback buffer test: Reading out the buffer in two steps +test_callback_buffer:50:50:50:30:30:0:0:20:20 + +Callback buffer test: Data wraps in buffer +test_callback_buffer:50:45:45:10:10:10:10:45:45 + +Callback buffer test: Data starts at the end +test_callback_buffer:50:50:50:49:49:10:10:11:11 + +Callback buffer test: Can write less than requested +test_callback_buffer:50:75:50:30:30:25:25:45:45 + +Callback buffer test: Can read less than requested +test_callback_buffer:50:25:25:30:25:5:5:5:5 + +Callback buffer test: Writing to full buffer +test_callback_buffer:50:50:50:0:0:10:0:60:50 + +Callback buffer test: Reading from empty buffer +test_callback_buffer:50:0:0:10:0:0:0:0:0 + SSL DTLS replay: initial state, seqnum 0 ssl_dtls_replay:"":"000000000000":0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 2fa716b4b0..ea81a8b3c5 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2,6 +2,141 @@ #include #include + +/* + * Buffer structure for custom I/O callbacks. + */ + +typedef struct mbedtls_test_buffer +{ + size_t start; + size_t content_length; + size_t capacity; + unsigned char *buffer; +} mbedtls_test_buffer; + +/* + * Initialises \p buf. After calling this function it is safe to call + * `mbedtls_test_buffer_free()` on \p buf. + */ +void mbedtls_test_buffer_init( mbedtls_test_buffer *buf ) +{ + memset( buf, 0, sizeof( *buf ) ); +} + +/* + * Sets up \p buf. After calling this function it is safe to call + * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf. + */ +int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity ) +{ + buf->buffer = (unsigned char*) mbedtls_calloc( capacity, + sizeof(unsigned char) ); + if( NULL == buf->buffer ) + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + buf->capacity = capacity; + + return 0; +} + +void mbedtls_test_buffer_free( mbedtls_test_buffer *buf ) +{ + if( buf->buffer != NULL ) + mbedtls_free( buf->buffer ); + + memset( buf, 0, sizeof( *buf ) ); +} + +/* + * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`. + * + * \retval \p input_len, if the data fits. + * \retval 0 <= value < \p input_len, if the data does not fit. + * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not + * zero and \p input is NULL. + */ +int mbedtls_test_buffer_put( mbedtls_test_buffer *buf, + const unsigned char* input, size_t input_len ) +{ + size_t overflow = 0; + + if( ( buf == NULL ) || ( buf->buffer == NULL ) ) + return -1; + + /* Reduce input_len to a number that fits in the buffer. */ + if ( ( buf->content_length + input_len ) > buf->capacity ) + { + input_len = buf->capacity - buf->content_length; + } + + if( input == NULL ) + { + return ( input_len == 0 ) ? 0 : -1; + } + + /* Calculate the number of bytes that need to be placed at lower memory + * address */ + if( buf->start + buf->content_length + input_len + > buf->capacity ) + { + overflow = ( buf->start + buf->content_length + input_len ) + % buf->capacity; + } + + memcpy( buf->buffer + buf->start + buf->content_length, input, + input_len - overflow ); + memcpy( buf->buffer, input + input_len - overflow, overflow ); + buf->content_length += input_len; + + return input_len; +} + +/* + * Gets \p output_len bytes from the \p output buffer into the ring buffer + * \p buf. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`. + * + * \retval \p output_len, if the data is available. + * \retval 0 <= value < \p output_len, if the data is not available. + * \retval -1, if \buf is NULL, it hasn't been set up or \p output_len is not + * zero and \p output is NULL + */ +int mbedtls_test_buffer_get( mbedtls_test_buffer *buf, + unsigned char* output, size_t output_len ) +{ + size_t overflow = 0; + + if( ( buf == NULL ) || ( buf->buffer == NULL ) ) + return -1; + + if( output == NULL ) + { + return ( output_len == 0 ) ? 0 : -1; + } + + if( buf->content_length < output_len ) + output_len = buf->content_length; + + /* Calculate the number of bytes that need to be drawn from lower memory + * address */ + if( buf->start + output_len > buf->capacity ) + { + overflow = ( buf->start + output_len ) % buf->capacity; + } + + memcpy( output, buf->buffer + buf->start, output_len - overflow ); + memcpy( output + output_len - overflow, buf->buffer, overflow ); + buf->content_length -= output_len; + buf->start = ( buf->start + output_len ) % buf->capacity; + + return output_len; +} + /* * Helper function setting up inverse record transformations * using given cipher, hash, EtM mode, authentication tag length, @@ -361,6 +496,175 @@ static int ssl_populate_session( mbedtls_ssl_session *session, * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void test_callback_buffer_sanity() +{ + enum { MSGLEN = 10 }; + mbedtls_test_buffer buf; + unsigned char input[MSGLEN]; + unsigned char output[MSGLEN]; + + memset( input, 0, sizeof(input) ); + + /* Make sure calling put and get on NULL buffer results in error. */ + TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) ) + == -1 ); + TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) ) + == -1 ); + TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 ); + TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, sizeof( output ) ) + == -1 ); + TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 ); + TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 ); + + /* Make sure calling put and get on a buffer that hasn't been set up results + * in eror. */ + mbedtls_test_buffer_init( &buf ); + + TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 ); + TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) ) + == -1 ); + TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 ); + TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) ) + == -1 ); + TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 ); + TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 ); + + /* Make sure calling put end get on NULL input and output only results in + * error if the length is not zero. */ + + TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 ); + + TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 ); + TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) ) + == -1 ); + TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 ); + TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 ); + +exit: + + mbedtls_test_buffer_free( &buf ); +} +/* END_CASE */ + +/* + * Test if the implementation of `mbedtls_test_buffer` related functions is + * correct and works as expected. + * + * That is + * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes. + * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. + * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret + * bytes. + * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. + * - All of the bytes we got match the bytes we put in in a FIFO manner. + */ + +/* BEGIN_CASE */ +void test_callback_buffer( int size, int put1, int put1_ret, + int get1, int get1_ret, int put2, int put2_ret, + int get2, int get2_ret ) +{ + enum { ROUNDS = 2 }; + size_t put[ROUNDS]; + int put_ret[ROUNDS]; + size_t get[ROUNDS]; + int get_ret[ROUNDS]; + mbedtls_test_buffer buf; + unsigned char* input = NULL; + size_t input_len; + unsigned char* output = NULL; + size_t output_len; + size_t i, written, read; + int j; + + mbedtls_test_buffer_init( &buf ); + TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 ); + + /* Check the sanity of input parameters and initialise local variables. That + * is, ensure that the amount of data is not negative and that we are not + * expecting more to put or get than we actually asked for. */ + TEST_ASSERT( put1 >= 0 ); + put[0] = put1; + put_ret[0] = put1_ret; + TEST_ASSERT( put1_ret <= put1 ); + TEST_ASSERT( put2 >= 0 ); + put[1] = put2; + put_ret[1] = put2_ret; + TEST_ASSERT( put2_ret <= put2 ); + + TEST_ASSERT( get1 >= 0 ); + get[0] = get1; + get_ret[0] = get1_ret; + TEST_ASSERT( get1_ret <= get1 ); + TEST_ASSERT( get2 >= 0 ); + get[1] = get2; + get_ret[1] = get2_ret; + TEST_ASSERT( get2_ret <= get2 ); + + input_len = 0; + /* Calculate actual input and output lengths */ + for( j = 0; j < ROUNDS; j++ ) + { + if( put_ret[j] > 0 ) + { + input_len += put_ret[j]; + } + } + /* In order to always have a valid pointer we always allocate at least 1 + * byte. */ + if( input_len == 0 ) + input_len = 1; + ASSERT_ALLOC( input, input_len ); + + output_len = 0; + for( j = 0; j < ROUNDS; j++ ) + { + if( get_ret[j] > 0 ) + { + output_len += get_ret[j]; + } + } + TEST_ASSERT( output_len <= input_len ); + /* In order to always have a valid pointer we always allocate at least 1 + * byte. */ + if( output_len == 0 ) + output_len = 1; + ASSERT_ALLOC( output, output_len ); + + /* Fill up the buffer with structured data so that unwanted changes + * can be detected */ + for( i = 0; i < input_len; i++ ) + { + input[i] = i & 0xFF; + } + + written = read = 0; + for( j = 0; j < ROUNDS; j++ ) + { + TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf, + input + written, put[j] ) ); + written += put_ret[j]; + TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf, + output + read, get[j] ) ); + read += get_ret[j]; + TEST_ASSERT( read <= written ); + if( get_ret[j] > 0 ) + { + TEST_ASSERT( memcmp( output + read - get_ret[j], + input + read - get_ret[j], get_ret[j] ) + == 0 ); + } + } + +exit: + + mbedtls_free( input ); + mbedtls_free( output ); + mbedtls_test_buffer_free( &buf ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */ void ssl_dtls_replay( data_t * prevs, data_t * new, int ret ) { From 5af2941fff23402106ca90f4a3c5ef3f5ec15b07 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Dec 2019 20:30:42 +0100 Subject: [PATCH 21/67] Update crypto submodule * #321: Replace config.pl by config.py * #322: Update Mbed Crypto with latest Mbed TLS changes as of 2019-11-15 * #308: Small performance improvement of mbedtls_mpi_div_mpi() * #324: test_psa_constant_names: support key agreement, better code structure * #320: Link to the PSA crypto portal page from README.md * #293: Always gather MBEDTLS_ENTROPY_BLOCK_SIZE bytes of entropy * #310: Clarify test descriptions in test_suite_memory_buffer_alloc * #307: Add ASN.1 ENUMERATED tag support * #328: Remove dependency of crypto_values.h on crypto_extra.h * #325: Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash Missed listing in the previous submodule update: * #304: Make sure Asan failures are detected in 'make test' --- crypto | 2 +- visualc/VS2010/mbedTLS.vcxproj | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto b/crypto index 0b3dd8d024..81f7909497 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 0b3dd8d0249adb54abc7ad46303f3c22e44aefb7 +Subproject commit 81f7909497c12f637ab4f45d16bdab5cf91f2e43 diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 45ae103b93..2903363a82 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -176,6 +176,7 @@ + From 031827feba0c4e81e9d9175319a8a4393c0f21fe Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 27 Nov 2019 11:12:14 +0000 Subject: [PATCH 22/67] Add mbedtls_mock_socket to SSL unit tests In a unit test we want to avoid accessing the network. To test the handshake in the unit test suite we need to implement a connection between the server and the client. This socket implementation uses two ring buffers to mock the transport layer. --- tests/suites/test_suite_ssl.data | 3 + tests/suites/test_suite_ssl.function | 269 ++++++++++++++++++++++++++- 2 files changed, 270 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 8e43852c89..5b670f9e0d 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -31,6 +31,9 @@ test_callback_buffer:50:50:50:0:0:10:0:60:50 Callback buffer test: Reading from empty buffer test_callback_buffer:50:0:0:10:0:0:0:0:0 +Test mock TCP connection +ssl_mock_tcp: + SSL DTLS replay: initial state, seqnum 0 ssl_dtls_replay:"":"000000000000":0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ea81a8b3c5..67ddd063ed 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -137,6 +137,147 @@ int mbedtls_test_buffer_get( mbedtls_test_buffer *buf, return output_len; } +/* + * Context for the I/O callbacks simulating network connection. + */ + +#define MBEDTLS_MOCK_SOCKET_CONNECTED 1 + +typedef struct mbedtls_mock_socket +{ + int status; + mbedtls_test_buffer *input; + mbedtls_test_buffer *output; + struct mbedtls_mock_socket *peer; +} mbedtls_mock_socket; + +/* + * Setup and teardown functions for mock sockets. + */ +void mbedtls_mock_socket_init( mbedtls_mock_socket *socket ) +{ + memset( socket, 0, sizeof( *socket ) ); +} + +/* + * Closes the socket \p socket. + * + * \p socket must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * This function frees all allocated resources and both sockets are aware of the + * new connection state. + * + * That is, this function does not simulate half-open TCP connections and the + * phenomenon that when closing a UDP connection the peer is not aware of the + * connection having been closed. + */ +void mbedtls_mock_socket_close( mbedtls_mock_socket* socket ) +{ + if( socket == NULL ) + return; + + if( socket->input != NULL ) + { + mbedtls_test_buffer_free( socket->input ); + mbedtls_free( socket->input ); + } + + if( socket->output != NULL ) + { + mbedtls_test_buffer_free( socket->output ); + mbedtls_free( socket->output ); + } + + if( socket->peer != NULL ) + memset( socket->peer, 0, sizeof( *socket->peer ) ); + + memset( socket, 0, sizeof( *socket ) ); +} + +/* + * Establishes a connection between \p peer1 and \p peer2. + * + * \p peer1 and \p peer2 must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * The capacites of the internal buffers are set to \p bufsize. Setting this to + * the correct value allows for simulation of MTU, sanity testing the mock + * implementation and mocking TCP connections with lower memory cost. + */ +int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1, + mbedtls_mock_socket* peer2, + size_t bufsize ) +{ + int ret = -1; + + peer1->input = peer2->output = + (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) ); + if( peer1->input == NULL ) + { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + mbedtls_test_buffer_init( peer1->input ); + if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->input, bufsize ) ) ) + { + goto exit; + } + + peer1->output = peer2->input = + (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) ); + if( peer1->output == NULL ) + { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + mbedtls_test_buffer_init( peer1->output ); + if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) ) + { + goto exit; + } + + peer1->peer = peer2; + peer2->peer = peer1; + + peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; + ret = 0; + +exit: + + if( ret != 0 ) + { + mbedtls_mock_socket_close( peer1 ); + mbedtls_mock_socket_close( peer2 ); + } + + return ret; +} + +/* + * Callbacks for simulating blocking I/O over connection-oriented transport. + */ + +int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len ) +{ + mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx; + + if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED ) + return -1; + + return mbedtls_test_buffer_put( socket->output, buf, len ); +} + +int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len ) +{ + mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx; + + if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED ) + return -1; + + return mbedtls_test_buffer_get( socket->input, buf, len ); +} + /* * Helper function setting up inverse record transformations * using given cipher, hash, EtM mode, authentication tag length, @@ -575,8 +716,7 @@ void test_callback_buffer( int size, int put1, int put1_ret, size_t input_len; unsigned char* output = NULL; size_t output_len; - size_t i, written, read; - int j; + size_t i, j, written, read; mbedtls_test_buffer_init( &buf ); TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 ); @@ -665,6 +805,131 @@ exit: } /* END_CASE */ +/* + * Test if the implementation of `mbedtls_mock_socket` related functions is + * correct and works as expected. + */ + +/* BEGIN_CASE */ +void ssl_mock_tcp() +{ + enum { ROUNDS = 2 }; + enum { MSGLEN = 105 }; + unsigned char message[ROUNDS][MSGLEN]; + unsigned char received[ROUNDS][MSGLEN]; + mbedtls_mock_socket client; + mbedtls_mock_socket server; + size_t written[ROUNDS]; + size_t read[ROUNDS]; + int send_ret[ROUNDS]; + int recv_ret[ROUNDS]; + unsigned i, j, progress; + + mbedtls_mock_socket_init( &client ); + mbedtls_mock_socket_init( &server ); + + /* Fill up the buffers with structured data so that unwanted changes + * can be detected */ + for( i = 0; i < ROUNDS; i++ ) + { + for( j = 0; j < MSGLEN; j++ ) + { + message[i][j] = ( i * MSGLEN + j ) & 0xFF; + } + } + + /* Try sending or receiving on an unconnected socket */ + TEST_ASSERT( mbedtls_mock_tcp_send_b( &client, message[0], MSGLEN ) < 0 ); + TEST_ASSERT( mbedtls_mock_tcp_recv_b( &client, received[0], MSGLEN ) < 0 ); + + /* Make sure that sending a message takes a few iterations. */ + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, + MSGLEN / 5 ) ); + + /* Send the message to the server */ + send_ret[0] = recv_ret[0] = 1; + written[0] = read[0] = 0; + while( send_ret[0] != 0 || recv_ret[0] != 0 ) + { + send_ret[0] = mbedtls_mock_tcp_send_b( &client, + message[0] + written[0], + MSGLEN - written[0] ); + TEST_ASSERT( send_ret[0] >= 0 ); + written[0] += send_ret[0]; + + recv_ret[0] = mbedtls_mock_tcp_recv_b( &server, + received[0] + read[0], + MSGLEN - read[0] ); + TEST_ASSERT( recv_ret[0] >= 0 ); + read[0] += recv_ret[0]; + } + TEST_ASSERT( memcmp( message[0], received[0], MSGLEN ) == 0 ); + + /* Reset connection for the next test */ + mbedtls_mock_socket_close( &client ); + mbedtls_mock_socket_close( &server ); + mbedtls_mock_socket_init( &client ); + mbedtls_mock_socket_init( &server ); + /* Make sure that sending a message takes a few iterations. */ + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, + MSGLEN / 5 ) ); + + /* Send the message from both sides, interleaving. */ + progress = 1; + for( i = 0; i < ROUNDS; i++ ) + { + written[i] = 0; + read[i] = 0; + } + /* This loop does not stop as long as there was a successful write or read + * of at least one byte on either side. */ + while( progress != 0 ) + { + send_ret[0] = mbedtls_mock_tcp_send_b( &client, + message[0] + written[0], + MSGLEN - written[0] ); + TEST_ASSERT( send_ret[0] >= 0 ); + written[0] += send_ret[0]; + + send_ret[1] = mbedtls_mock_tcp_send_b( &server, + message[1] + written[1], + MSGLEN - written[1] ); + TEST_ASSERT( send_ret[1] >= 0 ); + written[1] += send_ret[1]; + + recv_ret[0] = mbedtls_mock_tcp_recv_b( &server, + received[0] + read[0], + MSGLEN - read[0] ); + TEST_ASSERT( recv_ret[0] >= 0 ); + read[0] += recv_ret[0]; + + recv_ret[1] = mbedtls_mock_tcp_recv_b( &client, + received[1] + read[1], + MSGLEN - read[1] ); + TEST_ASSERT( recv_ret[1] >= 0 ); + read[1] += recv_ret[1]; + + progress = 0; + for( i = 0; i < ROUNDS; i++ ) + { + if( send_ret[i] > 0 ) + progress++; + + if( recv_ret[i] > 0 ) + progress++; + } + } + + for( i = 0; i < ROUNDS; i++ ) + TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 ); + +exit: + + mbedtls_mock_socket_close( &client ); + mbedtls_mock_socket_close( &server ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */ void ssl_dtls_replay( data_t * prevs, data_t * new, int ret ) { From 3766ba50de0684214a14e8ceb430e01afebda35d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 27 Nov 2019 13:31:42 +0000 Subject: [PATCH 23/67] Add non-blocking mock TCP callbacks to SSL tests --- tests/suites/test_suite_ssl.data | 16 ++- tests/suites/test_suite_ssl.function | 189 +++++++++++++++++++++++---- 2 files changed, 174 insertions(+), 31 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 5b670f9e0d..14c04a804f 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -31,8 +31,20 @@ test_callback_buffer:50:50:50:0:0:10:0:60:50 Callback buffer test: Reading from empty buffer test_callback_buffer:50:0:0:10:0:0:0:0:0 -Test mock TCP connection -ssl_mock_tcp: +Test mock blocking TCP connection +ssl_mock_tcp:1:0:0 + +Test mock non-blocking TCP connection: would not block +ssl_mock_tcp:0:0:0 + +Test mock non-blocking TCP connection: client would block +ssl_mock_tcp:0:0xB509:0 + +Test mock non-blocking TCP connection: server would block +ssl_mock_tcp:0:0x0FB1:0 + +Test mock non-blocking TCP connection: both peers would block +ssl_mock_tcp:0:0x1111:0xEEEE SSL DTLS replay: initial state, seqnum 0 ssl_dtls_replay:"":"000000000000":0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 67ddd063ed..0ee6652b09 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -146,6 +146,7 @@ int mbedtls_test_buffer_get( mbedtls_test_buffer *buf, typedef struct mbedtls_mock_socket { int status; + uint32_t blocking_pattern; mbedtls_test_buffer *input; mbedtls_test_buffer *output; struct mbedtls_mock_socket *peer; @@ -254,6 +255,26 @@ exit: return ret; } +/* + * Set the blocking pattern for the socket. + * + * For every bit of \p blocking_pattern set to one the socket will simulate a + * "would block" event. The bits are processed starting with the least + * significant bit and every call to a non-blocking I/O function consumes one. + * + * The behaviour of blocking I/O functions remains unchanged. + */ +int mbedtls_mock_socket_set_block( mbedtls_mock_socket* socket, + uint32_t blocking_pattern ) +{ + if( socket == NULL ) + return -1; + + socket->blocking_pattern = blocking_pattern; + + return 0; +} + /* * Callbacks for simulating blocking I/O over connection-oriented transport. */ @@ -278,6 +299,46 @@ int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len ) return mbedtls_test_buffer_get( socket->input, buf, len ); } +/* + * Callbacks for simulating non-blocking I/O over connection-oriented transport. + */ + +int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len ) +{ + mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx; + + if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED ) + return -1; + + if( socket->blocking_pattern & 1 ) + { + socket->blocking_pattern >>= 1; + return MBEDTLS_ERR_SSL_WANT_WRITE; + } + + socket->blocking_pattern >>= 1; + + return mbedtls_test_buffer_put( socket->output, buf, len ); +} + +int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len ) +{ + mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx; + + if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED ) + return -1; + + if( socket->blocking_pattern & 1 ) + { + socket->blocking_pattern >>= 1; + return MBEDTLS_ERR_SSL_WANT_READ; + } + + socket->blocking_pattern >>= 1; + + return mbedtls_test_buffer_get( socket->input, buf, len ); +} + /* * Helper function setting up inverse record transformations * using given cipher, hash, EtM mode, authentication tag length, @@ -811,7 +872,7 @@ exit: */ /* BEGIN_CASE */ -void ssl_mock_tcp() +void ssl_mock_tcp( int blocking, int client_pattern, int server_pattern ) { enum { ROUNDS = 2 }; enum { MSGLEN = 105 }; @@ -824,6 +885,21 @@ void ssl_mock_tcp() int send_ret[ROUNDS]; int recv_ret[ROUNDS]; unsigned i, j, progress; + mbedtls_ssl_send_t *send; + mbedtls_ssl_recv_t *recv; + uint32_t client_block = client_pattern; + uint32_t server_block = server_pattern; + + if( blocking == 0 ) + { + send = mbedtls_mock_tcp_send_nb; + recv = mbedtls_mock_tcp_recv_nb; + } + else + { + send = mbedtls_mock_tcp_send_b; + recv = mbedtls_mock_tcp_recv_b; + } mbedtls_mock_socket_init( &client ); mbedtls_mock_socket_init( &server ); @@ -839,29 +915,46 @@ void ssl_mock_tcp() } /* Try sending or receiving on an unconnected socket */ - TEST_ASSERT( mbedtls_mock_tcp_send_b( &client, message[0], MSGLEN ) < 0 ); - TEST_ASSERT( mbedtls_mock_tcp_recv_b( &client, received[0], MSGLEN ) < 0 ); + TEST_ASSERT( send( &client, message[0], MSGLEN ) < 0 ); + TEST_ASSERT( recv( &client, received[0], MSGLEN ) < 0 ); /* Make sure that sending a message takes a few iterations. */ TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, MSGLEN / 5 ) ); + TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &client, client_block ) ); + TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &server, server_block ) ); /* Send the message to the server */ send_ret[0] = recv_ret[0] = 1; written[0] = read[0] = 0; while( send_ret[0] != 0 || recv_ret[0] != 0 ) { - send_ret[0] = mbedtls_mock_tcp_send_b( &client, - message[0] + written[0], + send_ret[0] = send( &client, message[0] + written[0], MSGLEN - written[0] ); - TEST_ASSERT( send_ret[0] >= 0 ); - written[0] += send_ret[0]; - recv_ret[0] = mbedtls_mock_tcp_recv_b( &server, - received[0] + read[0], + if( ( blocking == 0 ) && ( client_block & 1 ) ) + { + TEST_ASSERT( send_ret[0] == MBEDTLS_ERR_SSL_WANT_WRITE ); + } + else + { + TEST_ASSERT( send_ret[0] >= 0 ); + written[0] += send_ret[0]; + } + client_block >>= 1; + + recv_ret[0] = recv( &server, received[0] + read[0], MSGLEN - read[0] ); - TEST_ASSERT( recv_ret[0] >= 0 ); - read[0] += recv_ret[0]; + if( ( blocking == 0 ) && ( server_block & 1 ) ) + { + TEST_ASSERT( recv_ret[0] == MBEDTLS_ERR_SSL_WANT_READ ); + } + else + { + TEST_ASSERT( recv_ret[0] >= 0 ); + read[0] += recv_ret[0]; + } + server_block >>= 1; } TEST_ASSERT( memcmp( message[0], received[0], MSGLEN ) == 0 ); @@ -873,6 +966,10 @@ void ssl_mock_tcp() /* Make sure that sending a message takes a few iterations. */ TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, MSGLEN / 5 ) ); + client_block = client_pattern; + server_block = server_pattern; + TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &client, client_block ) ); + TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &server, server_block ) ); /* Send the message from both sides, interleaving. */ progress = 1; @@ -885,38 +982,72 @@ void ssl_mock_tcp() * of at least one byte on either side. */ while( progress != 0 ) { - send_ret[0] = mbedtls_mock_tcp_send_b( &client, - message[0] + written[0], + send_ret[0] = send( &client, message[0] + written[0], MSGLEN - written[0] ); - TEST_ASSERT( send_ret[0] >= 0 ); - written[0] += send_ret[0]; + if( ( blocking == 0 ) && ( client_block & 1 ) ) + { + TEST_ASSERT( send_ret[0] == MBEDTLS_ERR_SSL_WANT_WRITE ); + } + else + { + TEST_ASSERT( send_ret[0] >= 0 ); + written[0] += send_ret[0]; + } + client_block >>= 1; - send_ret[1] = mbedtls_mock_tcp_send_b( &server, - message[1] + written[1], + send_ret[1] = send( &server, message[1] + written[1], MSGLEN - written[1] ); - TEST_ASSERT( send_ret[1] >= 0 ); - written[1] += send_ret[1]; + if( ( blocking == 0 ) && ( server_block & 1 ) ) + { + TEST_ASSERT( send_ret[1] == MBEDTLS_ERR_SSL_WANT_WRITE ); + } + else + { + TEST_ASSERT( send_ret[1] >= 0 ); + written[1] += send_ret[1]; + } + server_block >>= 1; - recv_ret[0] = mbedtls_mock_tcp_recv_b( &server, - received[0] + read[0], + recv_ret[0] = recv( &server, received[0] + read[0], MSGLEN - read[0] ); - TEST_ASSERT( recv_ret[0] >= 0 ); - read[0] += recv_ret[0]; + if( ( blocking == 0 ) && ( server_block & 1 ) ) + { + TEST_ASSERT( recv_ret[0] == MBEDTLS_ERR_SSL_WANT_READ ); + } + else + { + TEST_ASSERT( recv_ret[0] >= 0 ); + read[0] += recv_ret[0]; + } + server_block >>= 1; - recv_ret[1] = mbedtls_mock_tcp_recv_b( &client, - received[1] + read[1], + recv_ret[1] = recv( &client, received[1] + read[1], MSGLEN - read[1] ); - TEST_ASSERT( recv_ret[1] >= 0 ); - read[1] += recv_ret[1]; + if( ( blocking == 0 ) && ( client_block & 1 ) ) + { + TEST_ASSERT( recv_ret[1] == MBEDTLS_ERR_SSL_WANT_READ ); + } + else + { + TEST_ASSERT( recv_ret[1] >= 0 ); + read[1] += recv_ret[1]; + } + client_block >>= 1; progress = 0; for( i = 0; i < ROUNDS; i++ ) { - if( send_ret[i] > 0 ) + if( ( send_ret[i] > 0 ) || + ( send_ret[i] == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + { progress++; + } - if( recv_ret[i] > 0 ) + if( ( recv_ret[i] > 0 ) || + ( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ ) ) + { progress++; + } } } From c673c2cd447b6d79d799ed67b618b4be185c5418 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 2 Dec 2019 15:47:26 +0000 Subject: [PATCH 24/67] Break up the ssl_mock_tcp unit test Break the test up to three different tests for the sake of better readability and maintainability. --- tests/suites/test_suite_ssl.data | 18 +++ tests/suites/test_suite_ssl.function | 177 +++++++++++++++++++-------- 2 files changed, 142 insertions(+), 53 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 14c04a804f..83ef691c72 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -31,6 +31,9 @@ test_callback_buffer:50:50:50:0:0:10:0:60:50 Callback buffer test: Reading from empty buffer test_callback_buffer:50:0:0:10:0:0:0:0:0 +Test mock socket sanity +ssl_mock_sanity: + Test mock blocking TCP connection ssl_mock_tcp:1:0:0 @@ -46,6 +49,21 @@ ssl_mock_tcp:0:0x0FB1:0 Test mock non-blocking TCP connection: both peers would block ssl_mock_tcp:0:0x1111:0xEEEE +Test mock blocking TCP connection (interleaving) +ssl_mock_tcp_interleaving:1:0:0 + +Test mock non-blocking TCP connection: would not block (interleaving) +ssl_mock_tcp_interleaving:0:0:0 + +Test mock non-blocking TCP connection: client would block (interleaving) +ssl_mock_tcp_interleaving:0:0xB509:0 + +Test mock non-blocking TCP connection: server would block (interleaving) +ssl_mock_tcp_interleaving:0:0x0FB1:0 + +Test mock non-blocking TCP connection: both peers would block (interleaving) +ssl_mock_tcp_interleaving:0:0x1111:0xEEEE + SSL DTLS replay: initial state, seqnum 0 ssl_dtls_replay:"":"000000000000":0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 0ee6652b09..a57e256544 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -867,12 +867,134 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_mock_socket` related functions is - * correct and works as expected. + * Test if the implementation of `mbedtls_mock_socket` related I/O functions is + * correct and works as expected on unconnected sockets. + */ + +/* BEGIN_CASE */ +void ssl_mock_sanity( ) +{ + enum { MSGLEN = 105 }; + unsigned char message[MSGLEN]; + unsigned char received[MSGLEN]; + mbedtls_mock_socket socket; + + mbedtls_mock_socket_init( &socket ); + TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 ); + mbedtls_mock_socket_close( &socket ); + mbedtls_mock_socket_init( &socket ); + TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 ); + mbedtls_mock_socket_close( &socket ); + + mbedtls_mock_socket_init( &socket ); + TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 ); + mbedtls_mock_socket_close( &socket ); + mbedtls_mock_socket_init( &socket ); + TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 ); + mbedtls_mock_socket_close( &socket ); + +exit: + + mbedtls_mock_socket_close( &socket ); +} +/* END_CASE */ + +/* + * Test if the implementation of `mbedtls_mock_socket` related functions can + * send a single message from the client to the server. */ /* BEGIN_CASE */ void ssl_mock_tcp( int blocking, int client_pattern, int server_pattern ) +{ + enum { MSGLEN = 105 }; + unsigned char message[MSGLEN]; + unsigned char received[MSGLEN]; + mbedtls_mock_socket client; + mbedtls_mock_socket server; + size_t written, read; + int send_ret, recv_ret; + mbedtls_ssl_send_t *send; + mbedtls_ssl_recv_t *recv; + uint32_t client_block = client_pattern; + uint32_t server_block = server_pattern; + unsigned i; + + if( blocking == 0 ) + { + send = mbedtls_mock_tcp_send_nb; + recv = mbedtls_mock_tcp_recv_nb; + } + else + { + send = mbedtls_mock_tcp_send_b; + recv = mbedtls_mock_tcp_recv_b; + } + + mbedtls_mock_socket_init( &client ); + mbedtls_mock_socket_init( &server ); + + /* Fill up the buffer with structured data so that unwanted changes + * can be detected */ + for( i = 0; i < MSGLEN; i++ ) + { + message[i] = i & 0xFF; + } + + /* Make sure that sending a message takes a few iterations. */ + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, + MSGLEN / 5 ) ); + TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &client, client_block ) ); + TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &server, server_block ) ); + + /* Send the message to the server */ + send_ret = recv_ret = 1; + written = read = 0; + while( send_ret != 0 || recv_ret != 0 ) + { + send_ret = send( &client, message + written, MSGLEN - written ); + + if( ( blocking == 0 ) && ( client_block & 1 ) ) + { + TEST_ASSERT( send_ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + } + else + { + TEST_ASSERT( send_ret >= 0 ); + written += send_ret; + } + client_block >>= 1; + + recv_ret = recv( &server, received + read, MSGLEN - read ); + if( ( blocking == 0 ) && ( server_block & 1 ) ) + { + TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ ); + } + else + { + TEST_ASSERT( recv_ret >= 0 ); + read += recv_ret; + } + server_block >>= 1; + } + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + +exit: + + mbedtls_mock_socket_close( &client ); + mbedtls_mock_socket_close( &server ); +} +/* END_CASE */ + +/* + * Test if the implementation of `mbedtls_mock_socket` related functions can + * send messages in both direction at the same time (with the I/O calls + * interleaving). + */ + +/* BEGIN_CASE */ +void ssl_mock_tcp_interleaving( int blocking, + int client_pattern, int server_pattern ) { enum { ROUNDS = 2 }; enum { MSGLEN = 105 }; @@ -914,63 +1036,12 @@ void ssl_mock_tcp( int blocking, int client_pattern, int server_pattern ) } } - /* Try sending or receiving on an unconnected socket */ - TEST_ASSERT( send( &client, message[0], MSGLEN ) < 0 ); - TEST_ASSERT( recv( &client, received[0], MSGLEN ) < 0 ); - /* Make sure that sending a message takes a few iterations. */ TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, MSGLEN / 5 ) ); TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &client, client_block ) ); TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &server, server_block ) ); - /* Send the message to the server */ - send_ret[0] = recv_ret[0] = 1; - written[0] = read[0] = 0; - while( send_ret[0] != 0 || recv_ret[0] != 0 ) - { - send_ret[0] = send( &client, message[0] + written[0], - MSGLEN - written[0] ); - - if( ( blocking == 0 ) && ( client_block & 1 ) ) - { - TEST_ASSERT( send_ret[0] == MBEDTLS_ERR_SSL_WANT_WRITE ); - } - else - { - TEST_ASSERT( send_ret[0] >= 0 ); - written[0] += send_ret[0]; - } - client_block >>= 1; - - recv_ret[0] = recv( &server, received[0] + read[0], - MSGLEN - read[0] ); - if( ( blocking == 0 ) && ( server_block & 1 ) ) - { - TEST_ASSERT( recv_ret[0] == MBEDTLS_ERR_SSL_WANT_READ ); - } - else - { - TEST_ASSERT( recv_ret[0] >= 0 ); - read[0] += recv_ret[0]; - } - server_block >>= 1; - } - TEST_ASSERT( memcmp( message[0], received[0], MSGLEN ) == 0 ); - - /* Reset connection for the next test */ - mbedtls_mock_socket_close( &client ); - mbedtls_mock_socket_close( &server ); - mbedtls_mock_socket_init( &client ); - mbedtls_mock_socket_init( &server ); - /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, - MSGLEN / 5 ) ); - client_block = client_pattern; - server_block = server_pattern; - TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &client, client_block ) ); - TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &server, server_block ) ); - /* Send the message from both sides, interleaving. */ progress = 1; for( i = 0; i < ROUNDS; i++ ) From ab534cfd6288340567913bcea6853fe05cec4a1f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 3 Dec 2019 15:52:31 +0000 Subject: [PATCH 25/67] Fix number of allocated errors in Platform --- include/mbedtls/error.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 06bb1c9cac..3fff9a0540 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -86,7 +86,7 @@ * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B * CHACHAPOLY 2 0x0054-0x0056 - * PLATFORM 1 0x0070-0x0072 + * PLATFORM 2 0x0070-0x0072 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors From 2d20567122e4c1e7295ac7aba77df33d46d04993 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 3 Dec 2019 15:55:56 +0000 Subject: [PATCH 26/67] Add two error codes to the Error module One of the error codes was already reserved, this commit just makes it explicit. The other one is a new error code for initializing return values in the library: `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` should not be returned by the library. If it is returned, then it is surely a bug in the library or somebody is tampering with the device. --- include/mbedtls/error.h | 6 +++++- library/error.c | 11 +++++++++++ scripts/generate_errors.pl | 2 +- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 3fff9a0540..82b018813e 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -52,9 +52,10 @@ * For historical reasons, low-level error codes are divided in even and odd, * even codes were assigned first, and -1 is reserved for other errors. * - * Low-level module errors (0x0002-0x007E, 0x0003-0x007F) + * Low-level module errors (0x0002-0x007E, 0x0001-0x007F) * * Module Nr Codes assigned + * ERROR 2 0x006E 0x0001 * MPI 7 0x0002-0x0010 * GCM 3 0x0012-0x0014 0x0013-0x0013 * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 @@ -112,6 +113,9 @@ extern "C" { #endif +#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */ +#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */ + /** * \brief Translate a mbed TLS error code into a string representation, * Result is truncated if necessary and always includes a terminating diff --git a/library/error.c b/library/error.c index d8b5780483..53b3a26b5c 100644 --- a/library/error.c +++ b/library/error.c @@ -109,6 +109,10 @@ #include "mbedtls/entropy.h" #endif +#if defined(MBEDTLS_ERROR_C) +#include "mbedtls/error.h" +#endif + #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" #endif @@ -754,6 +758,13 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "ENTROPY - Read/write error in file" ); #endif /* MBEDTLS_ENTROPY_C */ +#if defined(MBEDTLS_ERROR_C) + if( use_ret == -(MBEDTLS_ERR_ERROR_GENERIC_ERROR) ) + mbedtls_snprintf( buf, buflen, "ERROR - Generic error" ); + if( use_ret == -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED) ) + mbedtls_snprintf( buf, buflen, "ERROR - This is a bug in the library" ); +#endif /* MBEDTLS_ERROR_C */ + #if defined(MBEDTLS_GCM_C) if( use_ret == -(MBEDTLS_ERR_GCM_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "GCM - Authenticated decryption failed" ); diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 2fe202e8d4..7b66ecacb8 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -38,7 +38,7 @@ my $error_format_file = $data_dir.'/error.fmt'; my @low_level_modules = qw( AES ARC4 ARIA ASN1 BASE64 BIGNUM BLOWFISH CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES - ENTROPY GCM HKDF HMAC_DRBG MD2 MD4 MD5 + ENTROPY ERROR GCM HKDF HMAC_DRBG MD2 MD4 MD5 NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160 SHA1 SHA256 SHA512 THREADING XTEA ); my @high_level_modules = qw( CIPHER DHM ECP MD From 865b3ebf8498cf4124c2ca68d5a27db5237da969 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 16 Dec 2019 11:46:15 +0000 Subject: [PATCH 27/67] Initialize return values to an error Initializing the return values to an error is best practice and makes the library more robust against programmer errors. --- library/debug.c | 4 +- library/net_sockets.c | 14 +++--- library/ssl_cli.c | 25 ++++++----- library/ssl_cookie.c | 5 ++- library/ssl_srv.c | 35 +++++++-------- library/ssl_ticket.c | 9 ++-- library/ssl_tls.c | 97 +++++++++++++++++++++-------------------- library/x509.c | 34 ++++++++------- library/x509_create.c | 11 ++--- library/x509_crl.c | 18 ++++---- library/x509_crt.c | 54 ++++++++++++----------- library/x509_csr.c | 12 ++--- library/x509write_crt.c | 20 +++++---- library/x509write_csr.c | 10 +++-- 14 files changed, 185 insertions(+), 163 deletions(-) diff --git a/library/debug.c b/library/debug.c index 0c46c0690d..1f7c2a0903 100644 --- a/library/debug.c +++ b/library/debug.c @@ -44,6 +44,8 @@ #include #include +#include "mbedtls/error.h" + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline @@ -85,7 +87,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, { va_list argp; char str[DEBUG_BUF_SIZE]; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( NULL == ssl || NULL == ssl->conf || diff --git a/library/net_sockets.c b/library/net_sockets.c index c7b358d057..1a88c223d4 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -48,6 +48,8 @@ #include +#include "mbedtls/error.h" + #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) @@ -147,7 +149,7 @@ void mbedtls_net_init( mbedtls_net_context *ctx ) int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; struct addrinfo hints, *addr_list, *cur; if( ( ret = net_prepare() ) != 0 ) @@ -313,7 +315,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, mbedtls_net_context *client_ctx, void *client_ip, size_t buf_size, size_t *ip_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int type; struct sockaddr_storage client_addr; @@ -455,7 +457,7 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; struct timeval tv; fd_set read_fds; @@ -540,7 +542,7 @@ void mbedtls_net_usleep( unsigned long usec ) */ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int fd = ((mbedtls_net_context *) ctx)->fd; if( fd < 0 ) @@ -577,7 +579,7 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, uint32_t timeout ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; struct timeval tv; fd_set read_fds; int fd = ((mbedtls_net_context *) ctx)->fd; @@ -620,7 +622,7 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, */ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int fd = ((mbedtls_net_context *) ctx)->fd; if( fd < 0 ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 57e5d8ab97..b632998465 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -35,6 +35,7 @@ #define mbedtls_free free #endif +#include "mbedtls/error.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" @@ -402,7 +403,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t kkpp_len; @@ -766,7 +767,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, */ static int ssl_generate_random( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = ssl->handshake->randbytes; #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t t; @@ -858,7 +859,7 @@ static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_inf static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n, olen, ext_len = 0; unsigned char *buf; unsigned char *p, *q; @@ -1470,7 +1471,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ssl->handshake->ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECJPAKE ) @@ -2384,7 +2385,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, size_t offset, size_t *olen, size_t pms_offset ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2; unsigned char *p = ssl->handshake->premaster + pms_offset; mbedtls_pk_context * peer_pk; @@ -2531,7 +2532,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ecp_keypair *peer_key; mbedtls_pk_context * peer_pk; @@ -2582,7 +2583,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; unsigned char *p = NULL, *end = NULL; @@ -2971,7 +2972,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #else /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *buf; size_t n = 0; size_t cert_type_len = 0, dn_len = 0; @@ -3135,7 +3136,7 @@ exit: static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) ); @@ -3174,7 +3175,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t header_len; size_t content_len; @@ -3595,7 +3596,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); @@ -3790,7 +3791,7 @@ sign: #if defined(MBEDTLS_SSL_SESSION_TICKETS) static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t lifetime; size_t ticket_len; unsigned char *ticket; diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 56e9bdd2bf..1635832668 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -38,6 +38,7 @@ #define mbedtls_free free #endif +#include "mbedtls/error.h" #include "mbedtls/ssl_cookie.h" #include "mbedtls/ssl_internal.h" #include "mbedtls/platform_util.h" @@ -104,7 +105,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char key[COOKIE_MD_OUTLEN]; if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 ) @@ -157,7 +158,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx, unsigned char **p, unsigned char *end, const unsigned char *cli_id, size_t cli_id_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; unsigned long t; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b1da073ece..ec65058bf8 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -35,6 +35,7 @@ #define mbedtls_free free #endif +#include "mbedtls/error.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" @@ -85,7 +86,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t servername_list_size, hostname_len; const unsigned char *p; @@ -432,7 +433,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) { @@ -624,7 +625,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_session session; mbedtls_ssl_session_init( &session ); @@ -2428,7 +2429,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t kkpp_len; @@ -2506,7 +2507,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = ssl->out_msg + 4; unsigned char *cookie_len_byte; @@ -2580,7 +2581,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t t; #endif - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen, ext_len = 0, n; unsigned char *buf, *p; @@ -3007,7 +3008,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) ) { @@ -3088,7 +3089,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; ret = mbedtls_ecjpake_write_round_two( @@ -3128,7 +3129,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) if( mbedtls_ssl_ciphersuite_uses_dhe( ciphersuite_info ) ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL ) @@ -3193,7 +3194,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, */ const mbedtls_ecp_curve_info **curve = NULL; const mbedtls_ecp_group_id *gid; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; /* Match our preference list against the offered curves */ @@ -3251,7 +3252,7 @@ curve_matching_done: size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; size_t hashlen = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* * 2.1: Choose hash algorithm: @@ -3424,7 +3425,7 @@ curve_matching_done: * machine. */ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t signature_len = 0; #if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -3521,7 +3522,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello done" ) ); @@ -3625,7 +3626,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, size_t *peer_pmslen, size_t peer_pmssize ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl ); mbedtls_pk_context *public_key = &mbedtls_ssl_own_cert( ssl )->pk; size_t len = mbedtls_pk_get_len( public_key ); @@ -3714,7 +3715,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, const unsigned char *end, size_t pms_offset ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *pms = ssl->handshake->premaster + pms_offset; unsigned char ver[2]; unsigned char fake_pms[48], peer_pms[48]; @@ -3868,7 +3869,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; unsigned char *p, *end; @@ -4385,7 +4386,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_SESSION_TICKETS) static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t tlen; uint32_t lifetime; diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 6dad5d1b29..a00dd4a28b 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -37,6 +37,7 @@ #include "mbedtls/ssl_ticket.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -73,7 +74,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, unsigned char index ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MAX_KEY_BYTES]; mbedtls_ssl_ticket_key *key = ctx->keys + index; @@ -133,7 +134,7 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, mbedtls_cipher_type_t cipher, uint32_t lifetime ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; ctx->f_rng = f_rng; @@ -206,7 +207,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket, size_t *tlen, uint32_t *ticket_lifetime ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_ticket_context *ctx = p_ticket; mbedtls_ssl_ticket_key *key; unsigned char *key_name = start; @@ -306,7 +307,7 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_ticket_context *ctx = p_ticket; mbedtls_ssl_ticket_key *key; unsigned char *key_name = buf; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index afbaca4747..d42c2224e0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -43,6 +43,7 @@ #define mbedtls_free free #endif +#include "mbedtls/error.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" @@ -314,7 +315,7 @@ static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl ) static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t remaining, expansion; size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; @@ -446,7 +447,7 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) if( src->peer_cert != NULL ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) ); if( dst->peer_cert == NULL ) @@ -586,7 +587,7 @@ static int tls1_prf( const unsigned char *secret, size_t slen, unsigned char h_i[20]; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_init( &md_ctx ); @@ -832,7 +833,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_init( &md_ctx ); @@ -1683,7 +1684,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, unsigned char *master, const mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* cf. RFC 5246, Section 8.1: * "The master secret is always exactly 48 bytes in length." */ @@ -1810,7 +1811,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = ssl->handshake->ciphersuite_info; @@ -2140,7 +2141,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; /* Write length only when we know the actual value */ @@ -2162,7 +2163,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t zlen; if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, @@ -2559,7 +2560,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) if( mode == MBEDTLS_MODE_STREAM ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " "including %d bytes of padding", @@ -2590,7 +2591,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_MODE_CHACHAPOLY ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char iv[12]; size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen; @@ -2673,7 +2674,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) ) if( mode == MBEDTLS_MODE_CBC ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t padlen, i; size_t olen; @@ -3462,7 +3463,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, */ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *msg_post = ssl->out_msg; ptrdiff_t bytes_written = ssl->out_msg - ssl->out_buf; size_t len_pre = ssl->out_msglen; @@ -3509,7 +3510,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *msg_post = ssl->in_msg; ptrdiff_t header_bytes = ssl->in_msg - ssl->in_buf; size_t len_pre = ssl->in_msglen; @@ -3604,7 +3605,7 @@ static int ssl_resend_hello_request( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) ); @@ -3823,7 +3824,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) */ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *buf; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); @@ -4022,7 +4023,7 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) ); if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) @@ -4251,7 +4252,7 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const size_t hs_len = ssl->out_msglen - 4; const unsigned char hs_type = ssl->out_msg[0]; @@ -4737,7 +4738,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; if( ssl_check_hs_header( ssl ) != 0 ) @@ -4881,7 +4882,7 @@ static inline uint64_t ssl_load_six_bytes( unsigned char *buf ) static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *original_in_ctr; // save original in_ctr @@ -5107,7 +5108,7 @@ static int ssl_check_dtls_clihlo_cookie( */ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; if( ssl->conf->f_cookie_write == NULL || @@ -5619,7 +5620,7 @@ static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ); int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, unsigned update_hs_digest ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) ); @@ -6265,7 +6266,7 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, static int ssl_get_next_record( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_record rec; #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -6473,7 +6474,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* * Handle particular types of records @@ -6616,7 +6617,7 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, unsigned char level, unsigned char message ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ssl == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -6842,7 +6843,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, unsigned char *crt_buf, size_t crt_buf_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char const * const peer_cert_digest = ssl->session->peer_cert_digest; mbedtls_md_type_t const peer_cert_digest_type = @@ -6875,7 +6876,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, mbedtls_x509_crt *chain ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) int crt_cnt=0; #endif @@ -7290,7 +7291,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl, unsigned char *start, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Remember digest of the peer's end-CRT. */ ssl->session_negotiate->peer_cert_digest = mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ); @@ -7322,7 +7323,7 @@ static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl, unsigned char *start, size_t len ) { unsigned char *end = start + len; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Make a copy of the peer's raw public key. */ mbedtls_pk_init( &ssl->handshake->peer_pubkey ); @@ -7492,7 +7493,7 @@ exit: int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); @@ -7515,7 +7516,7 @@ int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); @@ -8214,7 +8215,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned int hash_len; unsigned char buf[SSL_MAX_HASH_LEN]; @@ -8607,7 +8608,7 @@ static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ) int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ssl->conf = conf; @@ -8674,7 +8675,7 @@ error: */ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || \ !defined(MBEDTLS_SSL_SRV_C) @@ -8922,7 +8923,7 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_CLI_C) int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ssl == NULL || session == NULL || @@ -9166,7 +9167,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, const unsigned char *psk, size_t psk_len, const unsigned char *psk_identity, size_t psk_identity_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Remove opaque/raw PSK + PSK Identity */ ssl_conf_remove_psk( conf ); @@ -9235,7 +9236,7 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, const unsigned char *psk_identity, size_t psk_identity_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Clear opaque/raw PSK + PSK Identity, if present. */ ssl_conf_remove_psk( conf ); @@ -9280,7 +9281,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, #if !defined(MBEDTLS_DEPRECATED_REMOVED) int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 || ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 ) @@ -9298,7 +9299,7 @@ int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, const unsigned char *dhm_P, size_t P_len, const unsigned char *dhm_G, size_t G_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 || ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 ) @@ -9313,7 +9314,7 @@ int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) @@ -10361,7 +10362,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( cert_len != 0 ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( cert_len > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -10549,7 +10550,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) */ static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) ); @@ -10580,7 +10581,7 @@ static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) */ static int ssl_start_renegotiation( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) ); @@ -10707,7 +10708,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; if( ssl == NULL || ssl->conf == NULL ) @@ -11091,7 +11092,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, static int ssl_write_split( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ssl->conf->cbc_record_splitting == MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || @@ -11123,7 +11124,7 @@ static int ssl_write_split( mbedtls_ssl_context *ssl, */ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) ); @@ -11163,7 +11164,7 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_ */ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ssl == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -11746,7 +11747,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, const unsigned char *p = buf; const unsigned char * const end = buf + len; size_t session_len; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* * The context should have been freshly setup or reset. @@ -12167,7 +12168,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, int endpoint, int transport, int preset ) { #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #endif /* Use the functions here so that they are covered in tests, diff --git a/library/x509.c b/library/x509.c index 2e0b0e8f6c..f0d268ac69 100644 --- a/library/x509.c +++ b/library/x509.c @@ -35,6 +35,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include "mbedtls/error.h" + #if defined(MBEDTLS_X509_USE_C) #include "mbedtls/x509.h" @@ -83,7 +85,7 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( end - *p ) < 1 ) return( MBEDTLS_ERR_X509_INVALID_SERIAL + @@ -114,7 +116,7 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); @@ -128,7 +130,7 @@ int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); @@ -148,7 +150,7 @@ int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, */ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p; const unsigned char *end; mbedtls_x509_buf md_oid; @@ -209,7 +211,7 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, int *salt_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p; const unsigned char *end, *end2; size_t len; @@ -352,7 +354,7 @@ static int x509_get_attr_type_value( unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; mbedtls_x509_buf *oid; mbedtls_x509_buf *val; @@ -433,7 +435,7 @@ static int x509_get_attr_type_value( unsigned char **p, int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t set_len; const unsigned char *end_set; @@ -539,7 +541,7 @@ static int x509_date_is_valid(const mbedtls_x509_time *t ) static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, mbedtls_x509_time *tm ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* * Minimum length is 10 or 12 depending on yearlen @@ -604,7 +606,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, mbedtls_x509_time *tm ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len, year_len; unsigned char tag; @@ -633,7 +635,7 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; int tag_type; @@ -662,7 +664,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50 mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( *sig_opts != NULL ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); @@ -710,7 +712,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50 int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; /* Extension structure use EXPLICIT tagging. That is, the actual @@ -745,7 +747,7 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, */ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n; unsigned char c, merge = 0; const mbedtls_x509_name *name; @@ -807,7 +809,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) */ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n, nr; char *p; @@ -843,7 +845,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; char *p = buf; size_t n = size; const char *desc = NULL; @@ -888,7 +890,7 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) { char *p = buf; size_t n = buf_size; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ret = mbedtls_snprintf( p, n, "%s key size", name ); MBEDTLS_X509_SAFE_SNPRINTF; diff --git a/library/x509_create.c b/library/x509_create.c index 546e8fa1a9..661d1049d7 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -27,6 +27,7 @@ #if defined(MBEDTLS_X509_CREATE_C) +#include "mbedtls/error.h" #include "mbedtls/x509.h" #include "mbedtls/asn1write.h" #include "mbedtls/oid.h" @@ -241,7 +242,7 @@ int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, */ static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data* cur_name) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; const char *oid = (const char*)cur_name->oid.p; size_t oid_len = cur_name->oid.len; @@ -274,7 +275,7 @@ static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn int mbedtls_x509_write_names( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_asn1_named_data *cur = first; @@ -295,7 +296,7 @@ int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; if( *p < start || (size_t)( *p - start ) < size ) @@ -325,7 +326,7 @@ int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start, static int x509_write_extension( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *ext ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->val.p + 1, @@ -363,7 +364,7 @@ static int x509_write_extension( unsigned char **p, unsigned char *start, int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_asn1_named_data *cur_ext = first; diff --git a/library/x509_crl.c b/library/x509_crl.c index 00f8545d7c..8ff1be85cb 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -35,6 +35,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include "mbedtls/error.h" + #if defined(MBEDTLS_X509_CRL_PARSE_C) #include "mbedtls/x509_crl.h" @@ -74,7 +76,7 @@ static int x509_crl_get_version( unsigned char **p, const unsigned char *end, int *ver ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) { @@ -101,7 +103,7 @@ static int x509_get_crl_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( *p == end ) return( 0 ); @@ -181,7 +183,7 @@ static int x509_get_crl_entry_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; /* OPTIONAL */ @@ -235,7 +237,7 @@ static int x509_get_entries( unsigned char **p, const unsigned char *end, mbedtls_x509_crl_entry *entry ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t entry_len; mbedtls_x509_crl_entry *cur_entry = entry; @@ -300,7 +302,7 @@ static int x509_get_entries( unsigned char **p, int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *p = NULL, *end = NULL; mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; @@ -539,7 +541,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ) { #if defined(MBEDTLS_PEM_PARSE_C) - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t use_len; mbedtls_pem_context pem; int is_pem = 0; @@ -603,7 +605,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s */ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; @@ -630,7 +632,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_crl *crl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; const mbedtls_x509_crl_entry *entry; diff --git a/library/x509_crt.c b/library/x509_crt.c index 48f244e2e8..191c8868db 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -37,6 +37,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include "mbedtls/error.h" + #if defined(MBEDTLS_X509_CRT_PARSE_C) #include "mbedtls/x509_crt.h" @@ -390,7 +392,7 @@ static int x509_get_version( unsigned char **p, const unsigned char *end, int *ver ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, @@ -427,7 +429,7 @@ static int x509_get_dates( unsigned char **p, mbedtls_x509_time *from, mbedtls_x509_time *to ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, @@ -456,7 +458,7 @@ static int x509_get_uid( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *uid, int n ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( *p == end ) return( 0 ); @@ -483,7 +485,7 @@ static int x509_get_basic_constraints( unsigned char **p, int *ca_istrue, int *max_pathlen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; /* @@ -532,7 +534,7 @@ static int x509_get_ns_cert_type( unsigned char **p, const unsigned char *end, unsigned char *ns_cert_type) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_bitstring bs = { 0, 0, NULL }; if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) @@ -551,7 +553,7 @@ static int x509_get_key_usage( unsigned char **p, const unsigned char *end, unsigned int *key_usage) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_x509_bitstring bs = { 0, 0, NULL }; @@ -581,7 +583,7 @@ static int x509_get_ext_key_usage( unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *ext_key_usage) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); @@ -625,7 +627,7 @@ static int x509_get_subject_alt_name( unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *subject_alt_name ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len, tag_len; mbedtls_asn1_buf *buf; unsigned char tag; @@ -887,7 +889,7 @@ static int x509_get_crt_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_crt *crt ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *end_ext_data, *end_ext_octet; @@ -1056,7 +1058,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, size_t buflen, int make_copy ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *p, *end, *crt_end; mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; @@ -1318,7 +1320,7 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, size_t buflen, int make_copy ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *crt = chain, *prev = NULL; /* @@ -1415,7 +1417,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, #if defined(MBEDTLS_PEM_PARSE_C) if( buf_format == MBEDTLS_X509_FORMAT_PEM ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_pem_context pem; /* 1 rather than 0 since the terminating NULL byte is counted in */ @@ -1499,7 +1501,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, */ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; @@ -1737,7 +1739,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, *subject_alt_name, const char *prefix ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n = *size; char *p = *buf; const mbedtls_x509_sequence *cur = subject_alt_name; @@ -1848,7 +1850,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, mbedtls_x509_subject_alternative_name *san ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; switch( san_buf->tag & ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) @@ -1909,7 +1911,7 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, static int x509_info_cert_type( char **buf, size_t *size, unsigned char ns_cert_type ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n = *size; char *p = *buf; const char *sep = ""; @@ -1936,7 +1938,7 @@ static int x509_info_cert_type( char **buf, size_t *size, static int x509_info_key_usage( char **buf, size_t *size, unsigned int key_usage ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n = *size; char *p = *buf; const char *sep = ""; @@ -1960,7 +1962,7 @@ static int x509_info_key_usage( char **buf, size_t *size, static int x509_info_ext_key_usage( char **buf, size_t *size, const mbedtls_x509_sequence *extended_key_usage ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *desc; size_t n = *size; char *p = *buf; @@ -1989,7 +1991,7 @@ static int x509_info_ext_key_usage( char **buf, size_t *size, static int x509_info_cert_policies( char **buf, size_t *size, const mbedtls_x509_sequence *certificate_policies ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *desc; size_t n = *size; char *p = *buf; @@ -2023,7 +2025,7 @@ static int x509_info_cert_policies( char **buf, size_t *size, int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; char key_size_str[BEFORE_COLON]; @@ -2195,7 +2197,7 @@ static const struct x509_crt_verify_string x509_crt_verify_strings[] = { int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, uint32_t flags ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const struct x509_crt_verify_string *cur; char *p = buf; size_t n = size; @@ -2535,7 +2537,7 @@ static int x509_crt_find_parent_in( unsigned self_cnt, mbedtls_x509_crt_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *parent, *fallback_parent; int signature_is_good, fallback_signature_is_good; @@ -2658,7 +2660,7 @@ static int x509_crt_find_parent( unsigned self_cnt, mbedtls_x509_crt_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *search_list; *parent_is_trusted = 1; @@ -2791,7 +2793,7 @@ static int x509_crt_verify_chain( { /* Don't initialize any of those variables here, so that the compiler can * catch potential issues with jumping ahead when restarting */ - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t *flags; mbedtls_x509_crt_verify_chain_item *cur; mbedtls_x509_crt *child; @@ -3020,7 +3022,7 @@ static int x509_crt_merge_flags_with_cb( int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned i; uint32_t cur_flags; const mbedtls_x509_crt_verify_chain_item *cur; @@ -3068,7 +3070,7 @@ static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt, void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_pk_type_t pk_type; mbedtls_x509_crt_verify_chain ver_chain; uint32_t ee_flags; diff --git a/library/x509_csr.c b/library/x509_csr.c index c8c08c87b2..d49fa1297a 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -35,6 +35,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include "mbedtls/error.h" + #if defined(MBEDTLS_X509_CSR_PARSE_C) #include "mbedtls/x509_csr.h" @@ -68,7 +70,7 @@ static int x509_csr_get_version( unsigned char **p, const unsigned char *end, int *ver ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) { @@ -90,7 +92,7 @@ static int x509_csr_get_version( unsigned char **p, int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *p, *end; mbedtls_x509_buf sig_params; @@ -262,7 +264,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) { #if defined(MBEDTLS_PEM_PARSE_C) - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t use_len; mbedtls_pem_context pem; #endif @@ -312,7 +314,7 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz */ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; @@ -336,7 +338,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_csr *csr ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; char key_size_str[BEFORE_COLON]; diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 0a2357a58d..d844662934 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -31,6 +31,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include "mbedtls/error.h" + #if defined(MBEDTLS_X509_CRT_WRITE_C) #include "mbedtls/x509_crt.h" @@ -103,7 +105,7 @@ int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_mpi_copy( &ctx->serial, serial ) ) != 0 ) return( ret ); @@ -140,7 +142,7 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[9]; unsigned char *c = buf + sizeof(buf); size_t len = 0; @@ -174,7 +176,7 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, #if defined(MBEDTLS_SHA1_C) int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof(buf); size_t len = 0; @@ -202,7 +204,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof( buf ); size_t len = 0; @@ -240,7 +242,7 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, { unsigned char buf[5], ku[2]; unsigned char *c; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT | @@ -279,7 +281,7 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, { unsigned char buf[4]; unsigned char *c; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; c = buf + 4; @@ -299,7 +301,7 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, static int x509_write_time( unsigned char **p, unsigned char *start, const char *t, size_t size ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; /* @@ -332,7 +334,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; @@ -526,7 +528,7 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; if( ( ret = mbedtls_x509write_crt_der( crt, buf, size, diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 23e3f78d27..c93e4b44d7 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -30,6 +30,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include "mbedtls/error.h" + #if defined(MBEDTLS_X509_CSR_WRITE_C) #include "mbedtls/x509_csr.h" @@ -90,7 +92,7 @@ int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned ch { unsigned char buf[4]; unsigned char *c; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; c = buf + 4; @@ -112,7 +114,7 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, { unsigned char buf[4]; unsigned char *c; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; c = buf + 4; @@ -133,7 +135,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; @@ -263,7 +265,7 @@ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, s int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen = 0; if( ( ret = mbedtls_x509write_csr_der( ctx, buf, size, From c5074be0cef07ba39a794f705a0480b66fc38b26 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 18 Dec 2019 13:49:21 +0200 Subject: [PATCH 28/67] Update the VS version in the Readme file Update the VS version in the README file to 2012, as this is the minimal version supported. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 43065b17d1..add87d242b 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ There are currently three active build systems used within Mbed TLS releases: - GNU Make - CMake -- Microsoft Visual Studio (Microsoft Visual Studio 2010 or later) +- Microsoft Visual Studio (Microsoft Visual Studio 2012 or later) The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. @@ -154,7 +154,7 @@ subproject. ### Microsoft Visual Studio -The build files for Microsoft Visual Studio are generated for Visual Studio 2010. +The build files for Microsoft Visual Studio are generated for Visual Studio 2012. The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available. From 05b44892c084311db86e7a861cabc2d45c325e53 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 18 Dec 2019 14:28:18 +0200 Subject: [PATCH 29/67] Change the version of VS Change the miniaml version to the correct one - 2013. Revet the VS version in the tests to 2010, since the solution file hasn't been updated yet. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index add87d242b..16ba188a56 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ There are currently three active build systems used within Mbed TLS releases: - GNU Make - CMake -- Microsoft Visual Studio (Microsoft Visual Studio 2012 or later) +- Microsoft Visual Studio (Microsoft Visual Studio 2013 or later) The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. @@ -154,7 +154,7 @@ subproject. ### Microsoft Visual Studio -The build files for Microsoft Visual Studio are generated for Visual Studio 2012. +The build files for Microsoft Visual Studio are generated for Visual Studio 2010. The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available. From d8752858fc22fa3ee4be21bc27e04d8fedaeaea4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 12 Dec 2019 14:53:35 +0000 Subject: [PATCH 30/67] Update crypto submodule --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index 81f7909497..795c6bab62 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 81f7909497c12f637ab4f45d16bdab5cf91f2e43 +Subproject commit 795c6bab62177f48f1457c1ffac93d0a1245beb0 From df587ee6d6abdfd12a4e2c417c797eeca99742e0 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 18 Dec 2019 13:16:46 +0000 Subject: [PATCH 31/67] Remove duplicate include statement Now that the Error module has error codes as well and is processed by the generate_errors script like any other module, we don't need to include the header manually. --- library/error.c | 3 +-- scripts/data_files/error.fmt | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/library/error.c b/library/error.c index 53b3a26b5c..c451f4ddff 100644 --- a/library/error.c +++ b/library/error.c @@ -25,8 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) -#include "mbedtls/error.h" +#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) #include #endif diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index a08742c83b..63607054ed 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -25,8 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) -#include "mbedtls/error.h" +#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) #include #endif From 73c616bdc19412144a4c47b923d95bc8c1540be5 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 18 Dec 2019 15:07:04 +0000 Subject: [PATCH 32/67] Put includes in alphabetical order The library style is to start with the includes corresponding to the current module and then the rest in alphabetical order. Some modules have several header files (eg. ssl_internal.h). The recently added error.h includes did not respect this convention and this commit restores it. In some cases this is not possible just by moving the error.h declarations. This commit fixes the pre-existing order in these instances too. --- library/debug.c | 3 +-- library/net_sockets.c | 3 +-- library/ssl_cli.c | 4 ++-- library/ssl_cookie.c | 2 +- library/ssl_srv.c | 4 ++-- library/ssl_ticket.c | 2 +- library/ssl_tls.c | 4 ++-- library/x509.c | 3 +-- library/x509_create.c | 2 +- library/x509_crl.c | 3 +-- library/x509_crt.c | 3 +-- library/x509_csr.c | 3 +-- library/x509write_crt.c | 7 +++---- library/x509write_csr.c | 5 ++--- 14 files changed, 20 insertions(+), 28 deletions(-) diff --git a/library/debug.c b/library/debug.c index 1f7c2a0903..ae78a697a4 100644 --- a/library/debug.c +++ b/library/debug.c @@ -39,13 +39,12 @@ #endif #include "mbedtls/debug.h" +#include "mbedtls/error.h" #include #include #include -#include "mbedtls/error.h" - #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/library/net_sockets.c b/library/net_sockets.c index 1a88c223d4..dbde510db8 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -45,11 +45,10 @@ #endif #include "mbedtls/net_sockets.h" +#include "mbedtls/error.h" #include -#include "mbedtls/error.h" - #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index b632998465..1005bd97fa 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -35,10 +35,10 @@ #define mbedtls_free free #endif -#include "mbedtls/error.h" -#include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/debug.h" +#include "mbedtls/error.h" #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 1635832668..4bf9058af4 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -38,9 +38,9 @@ #define mbedtls_free free #endif -#include "mbedtls/error.h" #include "mbedtls/ssl_cookie.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include diff --git a/library/ssl_srv.c b/library/ssl_srv.c index ec65058bf8..b0b09cd97f 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -35,10 +35,10 @@ #define mbedtls_free free #endif -#include "mbedtls/error.h" -#include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/debug.h" +#include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index a00dd4a28b..8a76b42b6b 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -36,8 +36,8 @@ #endif #include "mbedtls/ssl_ticket.h" -#include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "mbedtls/platform_util.h" #include diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d42c2224e0..6cf7781f2a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -43,10 +43,10 @@ #define mbedtls_free free #endif -#include "mbedtls/error.h" -#include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/debug.h" +#include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "mbedtls/version.h" diff --git a/library/x509.c b/library/x509.c index f0d268ac69..7f8181be27 100644 --- a/library/x509.c +++ b/library/x509.c @@ -35,12 +35,11 @@ #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/error.h" - #if defined(MBEDTLS_X509_USE_C) #include "mbedtls/x509.h" #include "mbedtls/asn1.h" +#include "mbedtls/error.h" #include "mbedtls/oid.h" #include diff --git a/library/x509_create.c b/library/x509_create.c index 661d1049d7..7df2f0ed56 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -27,9 +27,9 @@ #if defined(MBEDTLS_X509_CREATE_C) -#include "mbedtls/error.h" #include "mbedtls/x509.h" #include "mbedtls/asn1write.h" +#include "mbedtls/error.h" #include "mbedtls/oid.h" #include diff --git a/library/x509_crl.c b/library/x509_crl.c index 8ff1be85cb..d1176fcef3 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -35,11 +35,10 @@ #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/error.h" - #if defined(MBEDTLS_X509_CRL_PARSE_C) #include "mbedtls/x509_crl.h" +#include "mbedtls/error.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_crt.c b/library/x509_crt.c index 191c8868db..38e69cc550 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -37,11 +37,10 @@ #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/error.h" - #if defined(MBEDTLS_X509_CRT_PARSE_C) #include "mbedtls/x509_crt.h" +#include "mbedtls/error.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_csr.c b/library/x509_csr.c index d49fa1297a..7e2cfba2ae 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -35,11 +35,10 @@ #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/error.h" - #if defined(MBEDTLS_X509_CSR_PARSE_C) #include "mbedtls/x509_csr.h" +#include "mbedtls/error.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index d844662934..5947e439de 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -31,15 +31,14 @@ #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/error.h" - #if defined(MBEDTLS_X509_CRT_WRITE_C) #include "mbedtls/x509_crt.h" -#include "mbedtls/oid.h" #include "mbedtls/asn1write.h" -#include "mbedtls/sha1.h" +#include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "mbedtls/platform_util.h" +#include "mbedtls/sha1.h" #include diff --git a/library/x509write_csr.c b/library/x509write_csr.c index c93e4b44d7..0c3c39672d 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -30,13 +30,12 @@ #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/error.h" - #if defined(MBEDTLS_X509_CSR_WRITE_C) #include "mbedtls/x509_csr.h" -#include "mbedtls/oid.h" #include "mbedtls/asn1write.h" +#include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "mbedtls/platform_util.h" #if defined(MBEDTLS_USE_PSA_CRYPTO) From fb5faa258229df222bdd10cc4b29488676e973ab Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Tue, 17 Dec 2019 10:17:20 +0000 Subject: [PATCH 33/67] Fix some pylint warnings Add docstrings where they were missing and fix a too-long line --- tests/scripts/check-test-cases.py | 3 +++ tests/scripts/mbedtls_test.py | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/scripts/check-test-cases.py b/tests/scripts/check-test-cases.py index 87a35e47ed..939ca2314d 100755 --- a/tests/scripts/check-test-cases.py +++ b/tests/scripts/check-test-cases.py @@ -26,6 +26,7 @@ import re import sys class Results: + """Store file and line information about errors or warnings in test suites.""" def __init__(self): self.errors = 0 self.warnings = 0 @@ -41,6 +42,7 @@ class Results: self.warnings += 1 def collect_test_directories(): + """Get the relative path for the TLS and Crypto test directories.""" if os.path.isdir('tests'): tests_dir = 'tests' elif os.path.isdir('suites'): @@ -55,6 +57,7 @@ def collect_test_directories(): return directories def check_description(results, seen, file_name, line_number, description): + """Check test case descriptions for errors.""" if description in seen: results.error(file_name, line_number, 'Duplicate description (also line {})', diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py index 6ac68a4fb3..8f24435bfe 100755 --- a/tests/scripts/mbedtls_test.py +++ b/tests/scripts/mbedtls_test.py @@ -310,7 +310,10 @@ class MbedTlsTest(BaseHostTest): param_bytes, length = self.test_vector_to_bytes(function_id, dependencies, args) - self.send_kv(''.join('{:02x}'.format(x) for x in length), ''.join('{:02x}'.format(x) for x in param_bytes)) + self.send_kv( + ''.join('{:02x}'.format(x) for x in length), + ''.join('{:02x}'.format(x) for x in param_bytes) + ) @staticmethod def get_result(value): From d56a2af3f8ebcde1f1c5e328fb1a4f9051679d54 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 15 Jan 2020 18:07:20 +0000 Subject: [PATCH 34/67] Add date to ChangeLog for 2.20.0 release --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ab8267f420..1d39172216 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.20.0 branch released xxxx-xx-xx += mbed TLS 2.20.0 branch released 2020-01-15 Bugfix * Fix an incorrect size in a debugging message. Reported and fix From dbcb44202c9b67184a72afd21c7191c17eee352e Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 15 Jan 2020 18:08:44 +0000 Subject: [PATCH 35/67] Update Mbed Crypto to 3.0.0 --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index 795c6bab62..d27a88438f 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 795c6bab62177f48f1457c1ffac93d0a1245beb0 +Subproject commit d27a88438fe785f0906c01e3216044d1c98be875 From 83f33d33eb4e6f66081c6084084e1796dbe3d108 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 20 Jan 2020 14:52:29 +0000 Subject: [PATCH 36/67] Bump version to Mbed TLS 2.20.0 --- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 10 +++++----- library/CMakeLists.txt | 4 ++-- tests/suites/test_suite_version.data | 4 ++-- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index d5ead3712a..5b5aefbcfe 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.19.1 source code documentation + * @mainpage mbed TLS v2.20.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index eb2d96e8bc..47a9740f67 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.19.1" +PROJECT_NAME = "mbed TLS v2.20.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index ae694eeda2..d4e5d54103 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,17 +39,17 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 19 -#define MBEDTLS_VERSION_PATCH 1 +#define MBEDTLS_VERSION_MINOR 20 +#define MBEDTLS_VERSION_PATCH 0 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02130100 -#define MBEDTLS_VERSION_STRING "2.19.1" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.19.1" +#define MBEDTLS_VERSION_NUMBER 0x02140000 +#define MBEDTLS_VERSION_STRING "2.20.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.20.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 5e36a5b0c0..d990d43206 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -174,14 +174,14 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.19.1 SOVERSION 1) + set_target_properties(mbedx509 PROPERTIES VERSION 2.20.0 SOVERSION 1) target_link_libraries(mbedx509 ${libs} mbedcrypto) target_include_directories(mbedx509 PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${MBEDTLS_DIR}/crypto/include/) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.19.1 SOVERSION 13) + set_target_properties(mbedtls PROPERTIES VERSION 2.20.0 SOVERSION 13) target_link_libraries(mbedtls ${libs} mbedx509) target_include_directories(mbedtls PUBLIC ${MBEDTLS_DIR}/include/ diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index b6dca233b7..ff0612b3b6 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.19.1" +check_compiletime_version:"2.20.0" Check runtime library version -check_runtime_version:"2.19.1" +check_runtime_version:"2.20.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From b08e44fda7263c0393507ac0a3ce075db11a79da Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Jan 2020 16:56:03 +0100 Subject: [PATCH 37/67] Add missing return code check on call to mbedtls_md() --- library/x509write_csr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 0c3c39672d..7c5179862c 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -214,7 +214,9 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s return( MBEDTLS_ERR_X509_FATAL_ERROR ); } #else /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); + ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); + if( ret != 0 ) + return( ret ); #endif if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, f_rng, p_rng ) ) != 0 ) From 2ac4d86040e0fa78e49f096f0880900912bd49d3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Jan 2020 17:39:52 +0100 Subject: [PATCH 38/67] Fix file leak in test program A similar bug was fixed earlier in ssl_server2, but we missed the fix in ssl_client2. --- programs/ssl/ssl_client2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 8f0d3b501c..c188900b4c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -619,6 +619,7 @@ static int nss_keylog_export( void *p_expkey, if( fwrite( nss_keylog_line, 1, len, f ) != len ) { ret = -1; + fclose( f ); goto exit; } From 9c673233bc4257d21694603f5b146ad0669b5e6a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Jan 2020 18:03:56 +0100 Subject: [PATCH 39/67] Fix outcome file leak if execute_tests exits early If there was a fatal error (bizarre behavior from the standard library, or missing test data file), execute_tests did not close the outcome file. Fix this. --- tests/suites/host_test.function | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 9e56ca3ed2..b956c0c982 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -525,15 +525,6 @@ int execute_tests( int argc , const char ** argv ) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) ); #endif - if( outcome_file_name != NULL ) - { - outcome_file = fopen( outcome_file_name, "a" ); - if( outcome_file == NULL ) - { - mbedtls_fprintf( stderr, "Unable to open outcome file. Continuing anyway.\n" ); - } - } - /* * The C standard doesn't guarantee that all-bits-0 is the representation * of a NULL pointer. We do however use that in our code for initializing @@ -555,6 +546,15 @@ int execute_tests( int argc , const char ** argv ) return( 1 ); } + if( outcome_file_name != NULL ) + { + outcome_file = fopen( outcome_file_name, "a" ); + if( outcome_file == NULL ) + { + mbedtls_fprintf( stderr, "Unable to open outcome file. Continuing anyway.\n" ); + } + } + while( arg_index < argc ) { next_arg = argv[arg_index]; @@ -607,6 +607,8 @@ int execute_tests( int argc , const char ** argv ) { mbedtls_fprintf( stderr, "Failed to open test file: %s\n", test_filename ); + if( outcome_file != NULL ) + fclose( outcome_file ); return( 1 ); } From f7774146b6303a7be5e2b5c14146fdab3254b8d7 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 22 Jan 2020 06:34:59 -0500 Subject: [PATCH 40/67] ssl test suite: enable dropping bytes from buffer Add an option to not pass any buffer to mbedtls_test_buffer_get to drop data. --- tests/suites/test_suite_ssl.function | 36 +++++++++++++++------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a57e256544..cc6797c943 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -95,16 +95,16 @@ int mbedtls_test_buffer_put( mbedtls_test_buffer *buf, } /* - * Gets \p output_len bytes from the \p output buffer into the ring buffer - * \p buf. + * Gets \p output_len bytes from the ring buffer \p buf into the + * \p output buffer. The output buffer can be NULL, in this case a part of the + * ring buffer will be dropped, if the requested length is available. * * \p buf must have been initialized and set up by calling * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`. * * \retval \p output_len, if the data is available. * \retval 0 <= value < \p output_len, if the data is not available. - * \retval -1, if \buf is NULL, it hasn't been set up or \p output_len is not - * zero and \p output is NULL + * \retval -1, if \buf is NULL or it hasn't been set up. */ int mbedtls_test_buffer_get( mbedtls_test_buffer *buf, unsigned char* output, size_t output_len ) @@ -114,10 +114,8 @@ int mbedtls_test_buffer_get( mbedtls_test_buffer *buf, if( ( buf == NULL ) || ( buf->buffer == NULL ) ) return -1; - if( output == NULL ) - { - return ( output_len == 0 ) ? 0 : -1; - } + if( output == NULL && output_len == 0 ) + return 0; if( buf->content_length < output_len ) output_len = buf->content_length; @@ -129,8 +127,12 @@ int mbedtls_test_buffer_get( mbedtls_test_buffer *buf, overflow = ( buf->start + output_len ) % buf->capacity; } - memcpy( output, buf->buffer + buf->start, output_len - overflow ); - memcpy( output + output_len - overflow, buf->buffer, overflow ); + if( output != NULL ) + { + memcpy( output, buf->buffer + buf->start, output_len - overflow ); + memcpy( output + output_len - overflow, buf->buffer, overflow ); + } + buf->content_length -= output_len; buf->start = ( buf->start + output_len ) % buf->capacity; @@ -714,8 +716,7 @@ void test_callback_buffer_sanity() TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) ) == -1 ); TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 ); - TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, sizeof( output ) ) - == -1 ); + TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 ); TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 ); @@ -727,19 +728,20 @@ void test_callback_buffer_sanity() TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) ) == -1 ); TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 ); - TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) ) - == -1 ); + TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 ); TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 ); - /* Make sure calling put end get on NULL input and output only results in - * error if the length is not zero. */ + /* Make sure calling put and get on NULL input only results in + * error if the length is not zero, and that a NULL output is valid for data + * dropping. + */ TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 ); TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 ); TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) ) - == -1 ); + == 0 ); TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 ); TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 ); From 13719cdae493c3f65e8960be683cb10938d98a1f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 22 Jan 2020 06:36:39 -0500 Subject: [PATCH 41/67] Add a message metadata queue in ssl tests Add a metadata queue that will be used on top of the ring buffer callbacks. Add normal and negative tests. --- tests/suites/test_suite_ssl.data | 15 ++ tests/suites/test_suite_ssl.function | 256 +++++++++++++++++++++++++++ 2 files changed, 271 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 83ef691c72..5aa2d0f7f1 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -64,6 +64,21 @@ ssl_mock_tcp_interleaving:0:0x0FB1:0 Test mock non-blocking TCP connection: both peers would block (interleaving) ssl_mock_tcp_interleaving:0:0x1111:0xEEEE +Message queue - sanity +ssl_message_queue_sanity: + +Message queue - basic test +ssl_message_queue_basic: + +Message queue - overflow/underflow +ssl_message_queue_overflow_underflow: + +Message queue - interleaved +ssl_message_queue_interleaved: + +Message queue - insufficient buffer +ssl_message_queue_insufficient_buffer: + SSL DTLS replay: initial state, seqnum 0 ssl_dtls_replay:"":"000000000000":0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index cc6797c943..76f2edca4b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -139,6 +139,136 @@ int mbedtls_test_buffer_get( mbedtls_test_buffer *buf, return output_len; } +/* + * Errors used in the message transport mock tests + */ + #define MBEDTLS_TEST_ERROR_ARG_NULL -11 + #define MBEDTLS_TEST_ERROR_QUEUE_FULL -22 + #define MBEDTLS_TEST_ERROR_QUEUE_EMPTY -33 + #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 + +/* + * Context for a message metadata queue (fifo) that is on top of the ring buffer. + */ +typedef struct mbedtls_test_message_queue +{ + size_t *messages; + int pos; + int num; + int capacity; +} mbedtls_test_message_queue; + +/* + * Setup and free functions for the message metadata queue. + * + * \p capacity describes the number of message metadata chunks that can be held + * within the queue. + * + * \retval 0, if a metadata queue of a given length can be allocated. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. + */ +int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue, + size_t capacity ) +{ + queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) ); + if( NULL == queue->messages ) + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + + queue->capacity = capacity; + queue->pos = 0; + queue->num = 0; + + return 0; +} + +void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue ) +{ + if( queue == NULL ) + return; + + if( queue->messages != NULL ) + mbedtls_free( queue->messages ); + + memset( queue, 0, sizeof( *queue ) ); +} + +/* + * Push message length information onto the message metadata queue. + * This will become the last element to leave it (fifo). + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_TEST_ERROR_QUEUE_FULL, if the queue is full. + * \retval \p len, if the push was successful. + */ +int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue, + size_t len ) +{ + int place; + if( queue == NULL ) + return MBEDTLS_TEST_ERROR_ARG_NULL; + + if( queue->num >= queue->capacity ) + return MBEDTLS_TEST_ERROR_QUEUE_FULL; + + place = ( queue->pos + queue->num ) % queue->capacity; + queue->messages[place] = len; + queue->num++; + return len; +} + +/* + * Pop information about the next message length from the queue. This will be + * the oldest inserted message length(fifo). \p msg_len can be null, in which + * case the data will be popped from the queue but not copied anywhere. + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_TEST_ERROR_QUEUE_EMPTY, if the queue is empty. + * \retval message length, if the pop was successful, up to the given + \p buf_len. + */ +int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue, + size_t buf_len ) +{ + size_t message_length; + if( queue == NULL ) + return MBEDTLS_TEST_ERROR_ARG_NULL; + if( queue->num == 0 ) + return MBEDTLS_TEST_ERROR_QUEUE_EMPTY; + + message_length = queue->messages[queue->pos]; + queue->messages[queue->pos] = 0; + queue->num--; + queue->pos++; + queue->pos %= queue->capacity; + if( queue->pos < 0 ) + queue->pos += queue->capacity; + + return ( message_length > buf_len ) ? buf_len : message_length; +} + +/* + * Take a peek on the info about the next message length from the queue. + * This will be the oldest inserted message length(fifo). + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_TEST_ERROR_QUEUE_EMPTY, if the queue is empty. + * \retval 0, if the peek was successful. + * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is + * too small to fit the message. In this case the \p msg_len will be + * set to the full message length so that the + * caller knows what portion of the message can be dropped. + */ +int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue, + size_t buf_len, size_t* msg_len ) +{ + if( queue == NULL || msg_len == NULL ) + return MBEDTLS_TEST_ERROR_ARG_NULL; + if( queue->num == 0 ) + return MBEDTLS_TEST_ERROR_QUEUE_EMPTY; + + *msg_len = queue->messages[queue->pos]; + return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; +} /* * Context for the I/O callbacks simulating network connection. */ @@ -1134,6 +1264,132 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ssl_message_queue_sanity( ) +{ + mbedtls_test_message_queue queue; + + /* Trying to push/pull to an empty queue */ + TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 ) + == MBEDTLS_TEST_ERROR_ARG_NULL ); + TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 ) + == MBEDTLS_TEST_ERROR_ARG_NULL ); + + mbedtls_test_message_queue_setup( &queue, 3 ); + TEST_ASSERT( queue.capacity == 3 ); + TEST_ASSERT( queue.num == 0 ); + +exit: + mbedtls_test_message_queue_free( &queue ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ssl_message_queue_basic( ) +{ + mbedtls_test_message_queue queue; + + mbedtls_test_message_queue_setup( &queue, 3 ); + + /* Sanity test - 3 pushes and 3 pops with sufficient space */ + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 ); + TEST_ASSERT( queue.capacity == 3 ); + TEST_ASSERT( queue.num == 1 ); + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 ); + TEST_ASSERT( queue.capacity == 3 ); + TEST_ASSERT( queue.num == 2 ); + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 ); + TEST_ASSERT( queue.capacity == 3 ); + TEST_ASSERT( queue.num == 3 ); + + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 ); + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 ); + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 ); + +exit: + mbedtls_test_message_queue_free( &queue ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ssl_message_queue_overflow_underflow( ) +{ + mbedtls_test_message_queue queue; + + mbedtls_test_message_queue_setup( &queue, 3 ); + + /* 4 pushes (last one with an error), 4 pops (last one with an error) */ + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 ); + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 ); + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 ); + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) + == MBEDTLS_TEST_ERROR_QUEUE_FULL ); + + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 ); + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 ); + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 ); + + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) + == MBEDTLS_TEST_ERROR_QUEUE_EMPTY ); + +exit: + mbedtls_test_message_queue_free( &queue ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ssl_message_queue_interleaved( ) +{ + mbedtls_test_message_queue queue; + + mbedtls_test_message_queue_setup( &queue, 3 ); + + /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops + * (to wrap around the buffer) */ + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 ); + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 ); + + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 ); + + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 ); + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 ); + + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 ); + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 ); + + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 ); + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 ); + + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 ); + + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 ); + + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 ); + +exit: + mbedtls_test_message_queue_free( &queue ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ssl_message_queue_insufficient_buffer( ) +{ + mbedtls_test_message_queue queue; + size_t message_len = 10; + size_t buffer_len = 5; + + mbedtls_test_message_queue_setup( &queue, 1 ); + + /* Popping without a sufficient buffer */ + TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len ) + == (int) message_len ); + TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len ) + == (int) buffer_len ); +exit: + mbedtls_test_message_queue_free( &queue ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */ void ssl_dtls_replay( data_t * prevs, data_t * new, int ret ) { From bc483dea846d27fbfeaa8daa07d1dcbd8f9d0b52 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 22 Jan 2020 03:40:00 -0500 Subject: [PATCH 42/67] Add a message-based socket mock connection to the ssl tests The connection will send/receive full messages. --- tests/suites/test_suite_ssl.data | 24 ++ tests/suites/test_suite_ssl.function | 610 +++++++++++++++++++++++++++ 2 files changed, 634 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 5aa2d0f7f1..65c9cd86c9 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -79,6 +79,30 @@ ssl_message_queue_interleaved: Message queue - insufficient buffer ssl_message_queue_insufficient_buffer: +Message transport mock - uninitialized structures +ssl_message_mock_uninitialized: + +Message transport mock - basic test +ssl_message_mock_basic: + +Message transport mock - queue overflow/underflow +ssl_message_mock_queue_overflow_underflow: + +Message transport mock - socket overflow +ssl_message_mock_socket_overflow: + +Message transport mock - truncated message +ssl_message_mock_truncated: + +Message transport mock - socket read error +ssl_message_mock_socket_read_error: + +Message transport mock - one-way interleaved sends/reads +ssl_message_mock_interleaved_one_way: + +Message transport mock - two-way interleaved sends/reads +ssl_message_mock_interleaved_two_ways: + SSL DTLS replay: initial state, seqnum 0 ssl_dtls_replay:"":"000000000000":0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 76f2edca4b..349035d1c5 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -471,6 +471,165 @@ int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len ) return mbedtls_test_buffer_get( socket->input, buf, len ); } +/* Errors used in the message socket mocks */ + +#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55 +#define MBEDTLS_TEST_ERROR_SEND_FAILED -66 +#define MBEDTLS_TEST_ERROR_RECV_FAILED -77 + +/* + * Structure used as an addon, or a wrapper, around the mocked sockets. + * Contains an input queue, to which the other socket pushes metadata, + * and an output queue, to which this one pushes metadata. This context is + * considered as an owner of the input queue only, which is initialized and + * freed in the respective setup and free calls. + */ +typedef struct mbedtls_test_message_socket_context +{ + mbedtls_test_message_queue* queue_input; + mbedtls_test_message_queue* queue_output; + mbedtls_mock_socket* socket; +} mbedtls_test_message_socket_context; + +/* + * Setup a given mesasge socket context including initialization of + * input/output queues to a chosen capacity of messages. Also set the + * corresponding mock socket. + * + * \retval 0, if everything succeeds. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message + * queue failed. + */ +int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input, + mbedtls_test_message_queue* queue_output, + size_t queue_capacity, + mbedtls_mock_socket* socket, + mbedtls_test_message_socket_context* ctx ) +{ + int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity ); + if( ret != 0 ) + return ret; + ctx->queue_input = queue_input; + ctx->queue_output = queue_output; + ctx->socket = socket; + mbedtls_mock_socket_init( socket ); + + return 0; +} + +/* + * Close a given message socket context, along with the socket itself. Free the + * memory allocated by the input queue. + */ +void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx ) +{ + if( ctx == NULL ) + return; + + mbedtls_test_message_queue_free( ctx->queue_input ); + mbedtls_mock_socket_close( ctx->socket ); + memset( ctx, 0, sizeof( *ctx ) ); +} + +/* + * Send one message through a given message socket context. + * + * \retval \p len, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed. + * \retval MBEDTLS_TEST_ERROR_QUEUE_FULL, if the output queue is full. + * + * This function will also return any error from + * mbedtls_test_message_queue_push_info. + */ +int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len ) +{ + mbedtls_test_message_queue* queue; + mbedtls_mock_socket* socket; + mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx; + + if( context == NULL || context->socket == NULL + || context->queue_output == NULL ) + { + return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; + } + + queue = context->queue_output; + socket = context->socket; + + if( queue->num >= queue->capacity ) + return MBEDTLS_TEST_ERROR_QUEUE_FULL; + + if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len ) + return MBEDTLS_TEST_ERROR_SEND_FAILED; + + return mbedtls_test_message_queue_push_info( queue, len ); +} + +/* + * Receive one message from a given message socket context and return message + * length or an error. + * + * \retval message length, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed. + * + * This function will also return any error other than + * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info. + */ +int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len ) +{ + mbedtls_test_message_queue* queue; + mbedtls_mock_socket* socket; + mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx; + size_t drop_len; + size_t msg_len; + int ret; + + if( context == NULL || context->socket == NULL + || context->queue_input == NULL ) + { + return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; + } + + queue = context->queue_input; + socket = context->socket; + + /* Peek first, so that in case of a socket error the data remains in + * the queue. */ + ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len ); + if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED ) + { + /* Calculate how much to drop */ + drop_len = msg_len - buf_len; + + /* Set the requested message len to be buffer length */ + msg_len = buf_len; + } else if( ret != 0 ) + { + return ret; + } + + if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len ) + return MBEDTLS_TEST_ERROR_RECV_FAILED; + + if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED ) + { + /* Drop the remaining part of the message */ + if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len ) + { + /* Inconsistent state - part of the message was read, + * and a part couldn't. Not much we can do here, but it should not + * happen in test environment, unless forced manually. */ + } + } + mbedtls_test_message_queue_pop_info( queue, buf_len ); + + return msg_len; +} + /* * Helper function setting up inverse record transformations * using given cipher, hash, EtM mode, authentication tag length, @@ -1390,6 +1549,457 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ssl_message_mock_uninitialized( ) +{ + enum { MSGLEN = 10 }; + unsigned char message[MSGLEN], received[MSGLEN]; + mbedtls_mock_socket client, server; + mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_message_socket_context server_context, client_context; + + /* Send with a NULL context */ + TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN ) + == MBEDTLS_TEST_ERROR_CONTEXT_ERROR ); + + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN ) + == MBEDTLS_TEST_ERROR_CONTEXT_ERROR ); + + TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1, + &server, + &server_context ) == 0 ); + + TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1, + &client, + &client_context ) == 0 ); + + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN ) + == MBEDTLS_TEST_ERROR_SEND_FAILED ); + + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN ) + == MBEDTLS_TEST_ERROR_QUEUE_EMPTY ); + + /* Push directly to a queue to later simulate a disconnected behavior */ + TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN ) + == MSGLEN ); + + /* Test if there's an error when trying to read from a disconnected + * socket */ + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN ) + == MBEDTLS_TEST_ERROR_RECV_FAILED ); + exit: + mbedtls_message_socket_close( &server_context ); + mbedtls_message_socket_close( &client_context ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ssl_message_mock_basic( ) +{ + enum { MSGLEN = 10 }; + unsigned char message[MSGLEN], received[MSGLEN]; + mbedtls_mock_socket client, server; + unsigned i; + mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_message_socket_context server_context, client_context; + + TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1, + &server, + &server_context ) == 0 ); + + TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1, + &client, + &client_context ) == 0 ); + + /* Fill up the buffer with structured data so that unwanted changes + * can be detected */ + for( i = 0; i < MSGLEN; i++ ) + { + message[i] = i & 0xFF; + } + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, + MSGLEN ) ); + + /* Send the message to the server */ + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN ) == MSGLEN ); + + /* Read from the server */ + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN ) + == MSGLEN ); + + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + memset( received, 0, MSGLEN ); + + /* Send the message to the client */ + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message, + MSGLEN ) == MSGLEN ); + + /* Read from the client */ + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN ) + == MSGLEN ); + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + + exit: + mbedtls_message_socket_close( &server_context ); + mbedtls_message_socket_close( &client_context ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ssl_message_mock_queue_overflow_underflow( ) +{ + enum { MSGLEN = 10 }; + unsigned char message[MSGLEN], received[MSGLEN]; + mbedtls_mock_socket client, server; + unsigned i; + mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_message_socket_context server_context, client_context; + + TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2, + &server, + &server_context ) == 0 ); + + TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2, + &client, + &client_context ) == 0 ); + + /* Fill up the buffer with structured data so that unwanted changes + * can be detected */ + for( i = 0; i < MSGLEN; i++ ) + { + message[i] = i & 0xFF; + } + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, + MSGLEN*2 ) ); + + /* Send three message to the server, last one with an error */ + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN - 1 ) == MSGLEN - 1 ); + + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN ) + == MBEDTLS_TEST_ERROR_QUEUE_FULL ); + + /* Read three messages from the server, last one with an error */ + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, + MSGLEN - 1 ) == MSGLEN - 1 ); + + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN ) + == MSGLEN ); + + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN ) + == MBEDTLS_TEST_ERROR_QUEUE_EMPTY ); + + exit: + mbedtls_message_socket_close( &server_context ); + mbedtls_message_socket_close( &client_context ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ssl_message_mock_socket_overflow( ) +{ + enum { MSGLEN = 10 }; + unsigned char message[MSGLEN], received[MSGLEN]; + mbedtls_mock_socket client, server; + unsigned i; + mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_message_socket_context server_context, client_context; + + TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2, + &server, + &server_context ) == 0 ); + + TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2, + &client, + &client_context ) == 0 ); + + /* Fill up the buffer with structured data so that unwanted changes + * can be detected */ + for( i = 0; i < MSGLEN; i++ ) + { + message[i] = i & 0xFF; + } + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, + MSGLEN ) ); + + /* Send two message to the server, second one with an error */ + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN ) + == MBEDTLS_TEST_ERROR_SEND_FAILED ); + + /* Read the only message from the server */ + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN ) + == MSGLEN ); + + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + + exit: + mbedtls_message_socket_close( &server_context ); + mbedtls_message_socket_close( &client_context ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ssl_message_mock_truncated( ) +{ + enum { MSGLEN = 10 }; + unsigned char message[MSGLEN], received[MSGLEN]; + mbedtls_mock_socket client, server; + unsigned i; + mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_message_socket_context server_context, client_context; + + TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2, + &server, + &server_context ) == 0 ); + + TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2, + &client, + &client_context ) == 0 ); + + memset( received, 0, MSGLEN ); + /* Fill up the buffer with structured data so that unwanted changes + * can be detected */ + for( i = 0; i < MSGLEN; i++ ) + { + message[i] = i & 0xFF; + } + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, + 2 * MSGLEN ) ); + + /* Send two messages to the server, the second one small enough to fit in the + * receiver's buffer. */ + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN ) == MSGLEN ); + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN / 2 ) == MSGLEN / 2 ); + /* Read a truncated message from the server */ + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 ) + == MSGLEN/2 ); + + /* Test that the first half of the message is valid, and second one isn't */ + TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 ); + TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 ) + != 0 ); + memset( received, 0, MSGLEN ); + + /* Read a full message from the server */ + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 ) + == MSGLEN / 2 ); + + /* Test that the first half of the message is valid */ + TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 ); + + exit: + mbedtls_message_socket_close( &server_context ); + mbedtls_message_socket_close( &client_context ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ssl_message_mock_socket_read_error( ) +{ + enum { MSGLEN = 10 }; + unsigned char message[MSGLEN], received[MSGLEN]; + mbedtls_mock_socket client, server; + unsigned i; + mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_message_socket_context server_context, client_context; + + TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1, + &server, + &server_context ) == 0 ); + + TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1, + &client, + &client_context ) == 0 ); + + /* Fill up the buffer with structured data so that unwanted changes + * can be detected */ + for( i = 0; i < MSGLEN; i++ ) + { + message[i] = i & 0xFF; + } + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, + MSGLEN ) ); + + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN ) == MSGLEN ); + + /* Force a read error by disconnecting the socket by hand */ + server.status = 0; + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN ) + == MBEDTLS_TEST_ERROR_RECV_FAILED ); + /* Return to a valid state */ + server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; + + memset( received, 0, sizeof( received ) ); + + /* Test that even though the server tried to read once disconnected, the + * continuity is preserved */ + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN ) + == MSGLEN ); + + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + + exit: + mbedtls_message_socket_close( &server_context ); + mbedtls_message_socket_close( &client_context ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ssl_message_mock_interleaved_one_way( ) +{ + enum { MSGLEN = 10 }; + unsigned char message[MSGLEN], received[MSGLEN]; + mbedtls_mock_socket client, server; + unsigned i; + mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_message_socket_context server_context, client_context; + + TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3, + &server, + &server_context ) == 0 ); + + TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3, + &client, + &client_context ) == 0 ); + + /* Fill up the buffer with structured data so that unwanted changes + * can be detected */ + for( i = 0; i < MSGLEN; i++ ) + { + message[i] = i & 0xFF; + } + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, + MSGLEN*3 ) ); + + /* Interleaved test - [2 sends, 1 read] twice, and then two reads + * (to wrap around the buffer) */ + for( i = 0; i < 2; i++ ) + { + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, + MSGLEN ) == MSGLEN ); + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + memset( received, 0, sizeof( received ) ); + } + + for( i = 0; i < 2; i++ ) + { + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + } + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN ) + == MBEDTLS_TEST_ERROR_QUEUE_EMPTY ); + exit: + mbedtls_message_socket_close( &server_context ); + mbedtls_message_socket_close( &client_context ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ssl_message_mock_interleaved_two_ways( ) +{ + enum { MSGLEN = 10 }; + unsigned char message[MSGLEN], received[MSGLEN]; + mbedtls_mock_socket client, server; + unsigned i; + mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_message_socket_context server_context, client_context; + + TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3, + &server, + &server_context ) == 0 ); + + TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3, + &client, + &client_context ) == 0 ); + + /* Fill up the buffer with structured data so that unwanted changes + * can be detected */ + for( i = 0; i < MSGLEN; i++ ) + { + message[i] = i & 0xFF; + } + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, + MSGLEN*3 ) ); + + /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads + * (to wrap around the buffer) both ways. */ + for( i = 0; i < 2; i++ ) + { + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + + memset( received, 0, sizeof( received ) ); + + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + + memset( received, 0, sizeof( received ) ); + } + + for( i = 0; i < 2; i++ ) + { + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + memset( received, 0, sizeof( received ) ); + + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, + MSGLEN ) == MSGLEN ); + + TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); + memset( received, 0, sizeof( received ) ); + } + + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN ) + == MBEDTLS_TEST_ERROR_QUEUE_EMPTY ); + + TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN ) + == MBEDTLS_TEST_ERROR_QUEUE_EMPTY ); + exit: + mbedtls_message_socket_close( &server_context ); + mbedtls_message_socket_close( &client_context ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */ void ssl_dtls_replay( data_t * prevs, data_t * new, int ret ) { From fb437d72ef1a87c02219ec10debebcbbbb844a87 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Mon, 13 Jan 2020 16:59:12 +0100 Subject: [PATCH 43/67] Fix segmentation fault in mbedtls_test_buffer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This error occurs when free space in the buffer is in the middle (the buffer has come full circle) and function mbedtls_test_buffer_put is called. Then the arguments for memcpy are calculated incorrectly and program ends with segmentation fault  --- tests/suites/test_suite_ssl.function | 43 +++++++++++++++++++++------- 1 file changed, 33 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a57e256544..250fbe0471 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -77,20 +77,33 @@ int mbedtls_test_buffer_put( mbedtls_test_buffer *buf, return ( input_len == 0 ) ? 0 : -1; } - /* Calculate the number of bytes that need to be placed at lower memory - * address */ - if( buf->start + buf->content_length + input_len - > buf->capacity ) + /* Check if the buffer has not come full circle and free space is not in + * the middle */ + if( buf->start + buf->content_length < buf->capacity ) { - overflow = ( buf->start + buf->content_length + input_len ) - % buf->capacity; + + /* Calculate the number of bytes that need to be placed at lower memory + * address */ + if( buf->start + buf->content_length + input_len + > buf->capacity ) + { + overflow = ( buf->start + buf->content_length + input_len ) + % buf->capacity; + } + + memcpy( buf->buffer + buf->start + buf->content_length, input, + input_len - overflow ); + memcpy( buf->buffer, input + input_len - overflow, overflow ); + + } + else + { + /* The buffer has come full circle and free space is in the middle */ + memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity, + input, input_len ); } - memcpy( buf->buffer + buf->start + buf->content_length, input, - input_len - overflow ); - memcpy( buf->buffer, input + input_len - overflow, overflow ); buf->content_length += input_len; - return input_len; } @@ -743,6 +756,16 @@ void test_callback_buffer_sanity() TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 ); TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 ); + /* Make sure calling put several times in the row is safe */ + + TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) + == sizeof( input ) ); + TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 ); + TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 ); + TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 ); + TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 ); + + exit: mbedtls_test_buffer_free( &buf ); From 66070bc19d510fbe1164666c7cc949fb6a7bc965 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 22 Jan 2020 13:54:56 +0100 Subject: [PATCH 44/67] Checks mbedtls_rsa_export return in fuzz targets --- programs/fuzz/fuzz_privkey.c | 4 +++- programs/fuzz/fuzz_pubkey.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index 533a647dc8..3685592f35 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -29,7 +29,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); rsa = mbedtls_pk_rsa( pk ); - mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ); + if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != 0 ) { + abort(); + } mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index df42f7d53b..3a59125bdb 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -20,7 +20,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); rsa = mbedtls_pk_rsa( pk ); - ret = mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ); + if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != 0 ) { + abort(); + } ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); From 7d4bd6f15f801c8eabda769f3793335388ebd5ab Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 22 Jan 2020 14:13:08 +0100 Subject: [PATCH 45/67] Checks mbedtls_rsa_export_crt return in fuzz targets --- programs/fuzz/fuzz_privkey.c | 4 +++- programs/fuzz/fuzz_pubkey.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index 3685592f35..ce5e7c43af 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -32,7 +32,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != 0 ) { abort(); } - mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ); + if ( mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) != 0 ) { + abort(); + } mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 3a59125bdb..e5149586c9 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -23,7 +23,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != 0 ) { abort(); } - ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ); + if ( mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) { + abort(); + } mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); From 890b5ca33060a23131fe08fef18f11accd52d7c3 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Wed, 15 Jan 2020 16:19:07 +0100 Subject: [PATCH 46/67] Change non-blocking read/write in TCP mock socket MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously mocked non-blocking read/write was returning 0 when buffer was empty/full. That was causing ERR_SSL_CONN_EOF error in tests which was using these mocked callbacks. Beside that non-blocking read/write was returning ERR_SSL_WANT_READ/_WRITE depending on block pattern set by test design. Such behavior forced to redesign of these functions so that they could be used in other tests  --- tests/suites/test_suite_ssl.data | 30 +--- tests/suites/test_suite_ssl.function | 224 +++++++++++++-------------- 2 files changed, 118 insertions(+), 136 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 83ef691c72..59b4769660 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -35,34 +35,16 @@ Test mock socket sanity ssl_mock_sanity: Test mock blocking TCP connection -ssl_mock_tcp:1:0:0 +ssl_mock_tcp:1 -Test mock non-blocking TCP connection: would not block -ssl_mock_tcp:0:0:0 - -Test mock non-blocking TCP connection: client would block -ssl_mock_tcp:0:0xB509:0 - -Test mock non-blocking TCP connection: server would block -ssl_mock_tcp:0:0x0FB1:0 - -Test mock non-blocking TCP connection: both peers would block -ssl_mock_tcp:0:0x1111:0xEEEE +Test mock non-blocking TCP connection +ssl_mock_tcp:0 Test mock blocking TCP connection (interleaving) -ssl_mock_tcp_interleaving:1:0:0 +ssl_mock_tcp_interleaving:1 -Test mock non-blocking TCP connection: would not block (interleaving) -ssl_mock_tcp_interleaving:0:0:0 - -Test mock non-blocking TCP connection: client would block (interleaving) -ssl_mock_tcp_interleaving:0:0xB509:0 - -Test mock non-blocking TCP connection: server would block (interleaving) -ssl_mock_tcp_interleaving:0:0x0FB1:0 - -Test mock non-blocking TCP connection: both peers would block (interleaving) -ssl_mock_tcp_interleaving:0:0x1111:0xEEEE +Test mock non-blocking TCP connection (interleaving) +ssl_mock_tcp_interleaving:0 SSL DTLS replay: initial state, seqnum 0 ssl_dtls_replay:"":"000000000000":0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 250fbe0471..8816048c4f 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -159,7 +159,6 @@ int mbedtls_test_buffer_get( mbedtls_test_buffer *buf, typedef struct mbedtls_mock_socket { int status; - uint32_t blocking_pattern; mbedtls_test_buffer *input; mbedtls_test_buffer *output; struct mbedtls_mock_socket *peer; @@ -268,26 +267,6 @@ exit: return ret; } -/* - * Set the blocking pattern for the socket. - * - * For every bit of \p blocking_pattern set to one the socket will simulate a - * "would block" event. The bits are processed starting with the least - * significant bit and every call to a non-blocking I/O function consumes one. - * - * The behaviour of blocking I/O functions remains unchanged. - */ -int mbedtls_mock_socket_set_block( mbedtls_mock_socket* socket, - uint32_t blocking_pattern ) -{ - if( socket == NULL ) - return -1; - - socket->blocking_pattern = blocking_pattern; - - return 0; -} - /* * Callbacks for simulating blocking I/O over connection-oriented transport. */ @@ -323,14 +302,11 @@ int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len ) if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED ) return -1; - if( socket->blocking_pattern & 1 ) + if( socket->output->capacity == socket->output->content_length ) { - socket->blocking_pattern >>= 1; return MBEDTLS_ERR_SSL_WANT_WRITE; } - socket->blocking_pattern >>= 1; - return mbedtls_test_buffer_put( socket->output, buf, len ); } @@ -341,14 +317,11 @@ int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len ) if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED ) return -1; - if( socket->blocking_pattern & 1 ) + if( socket->input->content_length == 0) { - socket->blocking_pattern >>= 1; return MBEDTLS_ERR_SSL_WANT_READ; } - socket->blocking_pattern >>= 1; - return mbedtls_test_buffer_get( socket->input, buf, len ); } @@ -928,9 +901,10 @@ exit: */ /* BEGIN_CASE */ -void ssl_mock_tcp( int blocking, int client_pattern, int server_pattern ) +void ssl_mock_tcp( int blocking ) { enum { MSGLEN = 105 }; + enum { BUFLEN = MSGLEN / 5 }; unsigned char message[MSGLEN]; unsigned char received[MSGLEN]; mbedtls_mock_socket client; @@ -939,8 +913,6 @@ void ssl_mock_tcp( int blocking, int client_pattern, int server_pattern ) int send_ret, recv_ret; mbedtls_ssl_send_t *send; mbedtls_ssl_recv_t *recv; - uint32_t client_block = client_pattern; - uint32_t server_block = server_pattern; unsigned i; if( blocking == 0 ) @@ -965,10 +937,7 @@ void ssl_mock_tcp( int blocking, int client_pattern, int server_pattern ) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, - MSGLEN / 5 ) ); - TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &client, client_block ) ); - TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &server, server_block ) ); + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) ); /* Send the message to the server */ send_ret = recv_ret = 1; @@ -977,28 +946,56 @@ void ssl_mock_tcp( int blocking, int client_pattern, int server_pattern ) { send_ret = send( &client, message + written, MSGLEN - written ); - if( ( blocking == 0 ) && ( client_block & 1 ) ) + TEST_ASSERT( send_ret >= 0 ); + TEST_ASSERT( send_ret <= BUFLEN ); + written += send_ret; + + /* If the buffer is full we can test blocking and non-blocking send */ + if ( send_ret == BUFLEN ) { - TEST_ASSERT( send_ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + int blocking_ret = send( &client, message , 1 ); + if ( blocking ) + { + TEST_ASSERT( blocking_ret == 0 ); + } + else + { + TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + } } - else - { - TEST_ASSERT( send_ret >= 0 ); - written += send_ret; - } - client_block >>= 1; recv_ret = recv( &server, received + read, MSGLEN - read ); - if( ( blocking == 0 ) && ( server_block & 1 ) ) + + /* The result depends on whether any data was sent */ + if ( send_ret > 0 ) { - TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ ); + TEST_ASSERT( recv_ret > 0 ); + TEST_ASSERT( recv_ret <= BUFLEN ); + read += recv_ret; + } + else if( blocking ) + { + TEST_ASSERT( recv_ret == 0 ); } else { - TEST_ASSERT( recv_ret >= 0 ); - read += recv_ret; + TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ ); + recv_ret = 0; + } + + /* If the buffer is empty we can test blocking and non-blocking read */ + if ( recv_ret == BUFLEN ) + { + int blocking_ret = recv( &server, received, 1 ); + if ( blocking ) + { + TEST_ASSERT( blocking_ret == 0 ); + } + else + { + TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ ); + } } - server_block >>= 1; } TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 ); @@ -1016,11 +1013,11 @@ exit: */ /* BEGIN_CASE */ -void ssl_mock_tcp_interleaving( int blocking, - int client_pattern, int server_pattern ) +void ssl_mock_tcp_interleaving( int blocking ) { enum { ROUNDS = 2 }; enum { MSGLEN = 105 }; + enum { BUFLEN = MSGLEN / 5 }; unsigned char message[ROUNDS][MSGLEN]; unsigned char received[ROUNDS][MSGLEN]; mbedtls_mock_socket client; @@ -1032,8 +1029,6 @@ void ssl_mock_tcp_interleaving( int blocking, unsigned i, j, progress; mbedtls_ssl_send_t *send; mbedtls_ssl_recv_t *recv; - uint32_t client_block = client_pattern; - uint32_t server_block = server_pattern; if( blocking == 0 ) { @@ -1060,10 +1055,7 @@ void ssl_mock_tcp_interleaving( int blocking, } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, - MSGLEN / 5 ) ); - TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &client, client_block ) ); - TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &server, server_block ) ); + TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) ); /* Send the message from both sides, interleaving. */ progress = 1; @@ -1076,72 +1068,80 @@ void ssl_mock_tcp_interleaving( int blocking, * of at least one byte on either side. */ while( progress != 0 ) { - send_ret[0] = send( &client, message[0] + written[0], - MSGLEN - written[0] ); - if( ( blocking == 0 ) && ( client_block & 1 ) ) - { - TEST_ASSERT( send_ret[0] == MBEDTLS_ERR_SSL_WANT_WRITE ); - } - else - { - TEST_ASSERT( send_ret[0] >= 0 ); - written[0] += send_ret[0]; - } - client_block >>= 1; + mbedtls_mock_socket *socket; - send_ret[1] = send( &server, message[1] + written[1], - MSGLEN - written[1] ); - if( ( blocking == 0 ) && ( server_block & 1 ) ) + for( i = 0; i < ROUNDS; i++ ) { - TEST_ASSERT( send_ret[1] == MBEDTLS_ERR_SSL_WANT_WRITE ); - } - else - { - TEST_ASSERT( send_ret[1] >= 0 ); - written[1] += send_ret[1]; - } - server_block >>= 1; + /* First sending is from the client */ + socket = ( i % 2 == 0 ) ? ( &client ) : ( &server ); - recv_ret[0] = recv( &server, received[0] + read[0], - MSGLEN - read[0] ); - if( ( blocking == 0 ) && ( server_block & 1 ) ) - { - TEST_ASSERT( recv_ret[0] == MBEDTLS_ERR_SSL_WANT_READ ); - } - else - { - TEST_ASSERT( recv_ret[0] >= 0 ); - read[0] += recv_ret[0]; - } - server_block >>= 1; + send_ret[i] = send( socket, message[i] + written[i], + MSGLEN - written[i] ); + TEST_ASSERT( send_ret[i] >= 0 ); + TEST_ASSERT( send_ret[i] <= BUFLEN ); + written[i] += send_ret[i]; - recv_ret[1] = recv( &client, received[1] + read[1], - MSGLEN - read[1] ); - if( ( blocking == 0 ) && ( client_block & 1 ) ) - { - TEST_ASSERT( recv_ret[1] == MBEDTLS_ERR_SSL_WANT_READ ); + /* If the buffer is full we can test blocking and non-blocking + * send */ + if ( send_ret[i] == BUFLEN ) + { + int blocking_ret = send( socket, message[i] , 1 ); + if ( blocking ) + { + TEST_ASSERT( blocking_ret == 0 ); + } + else + { + TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + } + } } - else + + for( i = 0; i < ROUNDS; i++ ) { - TEST_ASSERT( recv_ret[1] >= 0 ); - read[1] += recv_ret[1]; + /* First receiving is from the server */ + socket = ( i % 2 == 0 ) ? ( &server ) : ( &client ); + + recv_ret[i] = recv( socket, received[i] + read[i], + MSGLEN - read[i] ); + + /* The result depends on whether any data was sent */ + if ( send_ret[i] > 0 ) + { + TEST_ASSERT( recv_ret[i] > 0 ); + TEST_ASSERT( recv_ret[i] <= BUFLEN ); + read[i] += recv_ret[i]; + } + else if( blocking ) + { + TEST_ASSERT( recv_ret[i] == 0 ); + } + else + { + TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ ); + recv_ret[i] = 0; + } + + /* If the buffer is empty we can test blocking and non-blocking + * read */ + if ( recv_ret[i] == BUFLEN ) + { + int blocking_ret = recv( socket, received[i], 1 ); + if ( blocking ) + { + TEST_ASSERT( blocking_ret == 0 ); + } + else + { + TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ ); + } + } } - client_block >>= 1; progress = 0; for( i = 0; i < ROUNDS; i++ ) { - if( ( send_ret[i] > 0 ) || - ( send_ret[i] == MBEDTLS_ERR_SSL_WANT_WRITE ) ) - { - progress++; - } - - if( ( recv_ret[i] > 0 ) || - ( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ ) ) - { - progress++; - } + progress += send_ret[i] + recv_ret[i]; } } From 8b1ed1cf0eabbf737d2eaf4bcf5cc91fc78372d5 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 22 Jan 2020 16:22:36 +0100 Subject: [PATCH 47/67] Adds explicit include to stdlib.h for abort --- programs/fuzz/fuzz_privkey.c | 1 + programs/fuzz/fuzz_pubkey.c | 1 + 2 files changed, 2 insertions(+) diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index ce5e7c43af..178d17bbc7 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -1,4 +1,5 @@ #include +#include #include "mbedtls/pk.h" //4 Kb should be enough for every bug ;-) diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index e5149586c9..38eacfb616 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -1,4 +1,5 @@ #include +#include #include "mbedtls/pk.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { From 6a4c340c3626ec4c0947ef64b724e47f80aa8253 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 18:28:24 +0100 Subject: [PATCH 48/67] Add changelog entries for the crypto changes in 2.20.0 Describe changes between mbedcrypto-2.0.0 (version in Mbed TLS 2.19.0) and mbedcrypto-3.0.0 (version in Mbed TLS 2.20.0). --- ChangeLog | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1d39172216..a03d223b23 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,38 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.20.0 branch released 2020-01-15 +Default behavior changes + * The initial seeding of a CTR\_DRBG instance makes a second call to the + entropy function to obtain entropy for a nonce if the entropy size is less + than 3/2 times the key size. In case you want to disable the extra call to + grab entropy, you can call `mbedtls_ctr_drbg_set_nonce_len()` to force the + nonce length to 0. + +Security + * Enforce that `mbedtls_entropy_func()` gathers a total of + `MBEDTLS_ENTROPY_BLOCK_SIZE` bytes or more from strong sources. In the + default configuration, on a platform with a single entropy source, the + entropy module formerly only grabbed 32 bytes, which is good enough for + security if the source is genuinely strong, but less than the expected 64 + bytes (size of the entropy accumulator). + +Features + * Key derivation inputs in the PSA API can now either come from a key object + or from a buffer regardless of the step type. + * The CTR_DRBG module can grab a nonce from the entropy source during the + initial seeding. The default nonce length is chosen based on the key size + to achieve the security strength defined by NIST SP 800-90A. You can + change it with `mbedtls_ctr_drbg_set_nonce_len()`. + * Add ENUMERATED tag support to the ASN.1 module. Contributed by + msopiha-linaro in #307. + +API changes + * In the PSA API, forbid zero-length keys. To pass a zero-length input to a + key derivation function, use a buffer instead (this is now always + possible). + * Rename `psa_asymmetric_sign()` to `psa_sign_hash()` and + `psa_asymmetric_verify()` to `psa_verify_hash()`. + Bugfix * Fix an incorrect size in a debugging message. Reported and fix submitted by irwir. Fixes #2717. @@ -9,6 +41,34 @@ Bugfix Reported and fix submitted by irwir. Fixes #2800. * Remove a useless assignment. Reported and fix submitted by irwir. Fixes #2801. + * Fix a buffer overflow in the PSA HMAC code when using a long key with an + unsupported algorithm. Fixes #254. + * Fix `mbedtls_asn1_get_int` to support any number of leading zeros. Credit + to OSS-Fuzz for finding a bug in an intermediate version of the fix. + * Fix `mbedtls_asn1_get_bitstring_null` to correctly parse bitstrings of at + most 2 bytes. + * `mbedtls_ctr_drbg_set_entropy_len()` and + `mbedtls_hmac_drbg_set_entropy_len()` now work if you call them before + `mbedtls_ctr_drbg_seed()` or `mbedtls_hmac_drbg_seed()`. + * Fix some false-positive uninitialized variable warnings. Fix contributed + by apple-ihack-geek in ARMmbed/mbedtls#2663. + +Changes + * Remove the technical possibility to define custom `mbedtls_md_info` + structures, which was exposed only in an internal header. + * `psa_close_key(0)` and `psa_destroy_key(0)` now succeed (doing nothing, as + before). + * Variables containing error codes are now initialized to an error code + rather than success, so that coding mistakes or memory corruption tends to + cause functions to return this error code rather than a success. There are + no known instances where this changes the behavior of the library: this is + merely a robustness improvement. #323 + * Remove a useless call to `mbedtls_ecp_group_free()`. Contributed by + Alexander Krizhanovsky in #210. + * Speed up PBKDF2 by caching the digest calculation. Contributed by Jack + Lloyd and Fortanix Inc in #277. + * Small performance improvement of `mbedtls_mpi_div_mpi()`. Contributed by + Alexander Krizhanovsky in #308. = mbed TLS 2.19.1 branch released 2019-09-16 From 4073d4e5293627912881bbd6442a721b14839645 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 18:58:20 +0100 Subject: [PATCH 49/67] Add changelog entry for the unchecked mbedtls_md call --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1d39172216..c80be5a45b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix an unchecked call to mbedtls_md() in the x509write module. + = mbed TLS 2.20.0 branch released 2020-01-15 Bugfix From 8c7d2c25a4e42890f6e898db47e30d8ddb3a0c8a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 19:02:09 +0100 Subject: [PATCH 50/67] Remove markdown artifacts --- ChangeLog | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index a03d223b23..2335eabc83 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,15 +3,15 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.20.0 branch released 2020-01-15 Default behavior changes - * The initial seeding of a CTR\_DRBG instance makes a second call to the + * The initial seeding of a CTR_DRBG instance makes a second call to the entropy function to obtain entropy for a nonce if the entropy size is less than 3/2 times the key size. In case you want to disable the extra call to - grab entropy, you can call `mbedtls_ctr_drbg_set_nonce_len()` to force the + grab entropy, you can call mbedtls_ctr_drbg_set_nonce_len() to force the nonce length to 0. Security - * Enforce that `mbedtls_entropy_func()` gathers a total of - `MBEDTLS_ENTROPY_BLOCK_SIZE` bytes or more from strong sources. In the + * Enforce that mbedtls_entropy_func() gathers a total of + MBEDTLS_ENTROPY_BLOCK_SIZE bytes or more from strong sources. In the default configuration, on a platform with a single entropy source, the entropy module formerly only grabbed 32 bytes, which is good enough for security if the source is genuinely strong, but less than the expected 64 @@ -23,7 +23,7 @@ Features * The CTR_DRBG module can grab a nonce from the entropy source during the initial seeding. The default nonce length is chosen based on the key size to achieve the security strength defined by NIST SP 800-90A. You can - change it with `mbedtls_ctr_drbg_set_nonce_len()`. + change it with mbedtls_ctr_drbg_set_nonce_len(). * Add ENUMERATED tag support to the ASN.1 module. Contributed by msopiha-linaro in #307. @@ -31,8 +31,8 @@ API changes * In the PSA API, forbid zero-length keys. To pass a zero-length input to a key derivation function, use a buffer instead (this is now always possible). - * Rename `psa_asymmetric_sign()` to `psa_sign_hash()` and - `psa_asymmetric_verify()` to `psa_verify_hash()`. + * Rename psa_asymmetric_sign() to psa_sign_hash() and + psa_asymmetric_verify() to psa_verify_hash(). Bugfix * Fix an incorrect size in a debugging message. Reported and fix @@ -43,31 +43,31 @@ Bugfix Fixes #2801. * Fix a buffer overflow in the PSA HMAC code when using a long key with an unsupported algorithm. Fixes #254. - * Fix `mbedtls_asn1_get_int` to support any number of leading zeros. Credit + * Fix mbedtls_asn1_get_int to support any number of leading zeros. Credit to OSS-Fuzz for finding a bug in an intermediate version of the fix. - * Fix `mbedtls_asn1_get_bitstring_null` to correctly parse bitstrings of at + * Fix mbedtls_asn1_get_bitstring_null to correctly parse bitstrings of at most 2 bytes. - * `mbedtls_ctr_drbg_set_entropy_len()` and - `mbedtls_hmac_drbg_set_entropy_len()` now work if you call them before - `mbedtls_ctr_drbg_seed()` or `mbedtls_hmac_drbg_seed()`. + * mbedtls_ctr_drbg_set_entropy_len() and + mbedtls_hmac_drbg_set_entropy_len() now work if you call them before + mbedtls_ctr_drbg_seed() or mbedtls_hmac_drbg_seed(). * Fix some false-positive uninitialized variable warnings. Fix contributed by apple-ihack-geek in ARMmbed/mbedtls#2663. Changes - * Remove the technical possibility to define custom `mbedtls_md_info` + * Remove the technical possibility to define custom mbedtls_md_info structures, which was exposed only in an internal header. - * `psa_close_key(0)` and `psa_destroy_key(0)` now succeed (doing nothing, as + * psa_close_key(0) and psa_destroy_key(0) now succeed (doing nothing, as before). * Variables containing error codes are now initialized to an error code rather than success, so that coding mistakes or memory corruption tends to cause functions to return this error code rather than a success. There are no known instances where this changes the behavior of the library: this is merely a robustness improvement. #323 - * Remove a useless call to `mbedtls_ecp_group_free()`. Contributed by + * Remove a useless call to mbedtls_ecp_group_free(). Contributed by Alexander Krizhanovsky in #210. * Speed up PBKDF2 by caching the digest calculation. Contributed by Jack Lloyd and Fortanix Inc in #277. - * Small performance improvement of `mbedtls_mpi_div_mpi()`. Contributed by + * Small performance improvement of mbedtls_mpi_div_mpi(). Contributed by Alexander Krizhanovsky in #308. = mbed TLS 2.19.1 branch released 2019-09-16 From 50f577067c2f224ad0182c223635d80b6d05738f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 19:02:59 +0100 Subject: [PATCH 51/67] Fix GitHub repository indications for crypto changes in 2.20 The content was originally written for mbed-crypto. Change pull request references to be relative to mbedtls instead. --- ChangeLog | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2335eabc83..4a043cca65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,7 +25,7 @@ Features to achieve the security strength defined by NIST SP 800-90A. You can change it with mbedtls_ctr_drbg_set_nonce_len(). * Add ENUMERATED tag support to the ASN.1 module. Contributed by - msopiha-linaro in #307. + msopiha-linaro in ARMmbed/mbed-crypto#307. API changes * In the PSA API, forbid zero-length keys. To pass a zero-length input to a @@ -42,7 +42,7 @@ Bugfix * Remove a useless assignment. Reported and fix submitted by irwir. Fixes #2801. * Fix a buffer overflow in the PSA HMAC code when using a long key with an - unsupported algorithm. Fixes #254. + unsupported algorithm. Fixes ARMmbed/mbed-crypto#254. * Fix mbedtls_asn1_get_int to support any number of leading zeros. Credit to OSS-Fuzz for finding a bug in an intermediate version of the fix. * Fix mbedtls_asn1_get_bitstring_null to correctly parse bitstrings of at @@ -51,7 +51,7 @@ Bugfix mbedtls_hmac_drbg_set_entropy_len() now work if you call them before mbedtls_ctr_drbg_seed() or mbedtls_hmac_drbg_seed(). * Fix some false-positive uninitialized variable warnings. Fix contributed - by apple-ihack-geek in ARMmbed/mbedtls#2663. + by apple-ihack-geek in #2663. Changes * Remove the technical possibility to define custom mbedtls_md_info @@ -62,13 +62,13 @@ Changes rather than success, so that coding mistakes or memory corruption tends to cause functions to return this error code rather than a success. There are no known instances where this changes the behavior of the library: this is - merely a robustness improvement. #323 + merely a robustness improvement. ARMmbed/mbed-crypto#323 * Remove a useless call to mbedtls_ecp_group_free(). Contributed by - Alexander Krizhanovsky in #210. + Alexander Krizhanovsky in ARMmbed/mbed-crypto#210. * Speed up PBKDF2 by caching the digest calculation. Contributed by Jack - Lloyd and Fortanix Inc in #277. + Lloyd and Fortanix Inc in ARMmbed/mbed-crypto#277. * Small performance improvement of mbedtls_mpi_div_mpi(). Contributed by - Alexander Krizhanovsky in #308. + Alexander Krizhanovsky in ARMmbed/mbed-crypto#308. = mbed TLS 2.19.1 branch released 2019-09-16 From 9f25b8deff8e5b8fad8493db421b4639f14d2e5d Mon Sep 17 00:00:00 2001 From: jiblime <47689567+jiblime@users.noreply.github.com> Date: Wed, 18 Dec 2019 21:40:01 -0800 Subject: [PATCH 52/67] Fixes definition error when the deprecated MBEDTLS_ZLIB_SUPPORT and ENABLE_ZLIB_SUPPORT macro are defined/enabled for zlib support in mbedtls 100% tests passed, 0 tests failed out of 85 https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1842 https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1862 --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6cf7781f2a..51ae9da3c6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1880,7 +1880,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) /* Allocate compression buffer */ #if defined(MBEDTLS_ZLIB_SUPPORT) - if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE && + if( ssl->session_negotiate->compression == MBEDTLS_SSL_COMPRESS_DEFLATE && ssl->compress_buf == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) ); From 80fcacebdbf5ce48484f7336c8513ca0d00f3234 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 19:18:35 +0100 Subject: [PATCH 53/67] Add changelog entry for the zlib support fix --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1d39172216..58f0e72d54 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix build failure with MBEDTLS_ZLIB_SUPPORT enabled. Reported by + Jack Lloyd in #2859. Fix submitted by jiblime in #2963. + = mbed TLS 2.20.0 branch released 2020-01-15 Bugfix From 95e04490fa57e1b7d1e4ab8310e58818831fcc43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 2 Jan 2020 11:45:12 +0100 Subject: [PATCH 54/67] Add all.sh components with ZLIB enabled ZLIB support is deprecated, but until it's removed it should still be tested. --- tests/scripts/all.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e76b9d422d..2030122380 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -697,6 +697,31 @@ component_test_full_cmake_gcc_asan () { if_build_succeeded tests/compat.sh } +component_test_zlib_make() { + msg "build: zlib enabled, make" + scripts/config.py set MBEDTLS_ZLIB_SUPPORT + make ZLIB=1 CFLAGS='-Werror -O1' + + msg "test: main suites (zlib, make)" + make test + + msg "test: ssl-opt.sh (zlib, make)" + if_build_succeeded tests/ssl-opt.sh +} + +component_test_zlib_cmake() { + msg "build: zlib enabled, cmake" + scripts/config.py set MBEDTLS_ZLIB_SUPPORT + cmake -D ENABLE_ZLIB_SUPPORT=On -D CMAKE_BUILD_TYPE:String=Check . + make + + msg "test: main suites (zlib, cmake)" + make test + + msg "test: ssl-opt.sh (zlib, cmake)" + if_build_succeeded tests/ssl-opt.sh +} + component_test_ref_configs () { msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . From 342d2ca9ab2e88a0169b724112403b6c3a495826 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 2 Jan 2020 11:58:00 +0100 Subject: [PATCH 55/67] Add test for record compression in ssl-opt.sh Deprecated but still needs to be tested. --- tests/ssl-opt.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index afaae69d8a..3d0ca876bf 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -996,6 +996,18 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" +requires_config_enabled MBEDTLS_ZLIB_SUPPORT +run_test "Default (compression enabled)" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3" \ + 0 \ + -s "Allocating compression buffer" \ + -c "Allocating compression buffer" \ + -s "Record expansion is unknown (compression)" \ + -c "Record expansion is unknown (compression)" \ + -S "error" \ + -C "error" + requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "CA callback on client" \ "$P_SRV debug_level=3" \ From c40b685837211aa9d66f2a9f15348c1bfbe35055 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 3 Jan 2020 12:18:49 +0100 Subject: [PATCH 56/67] Fix bug in record decompression ssl_decompress_buf() was operating on data from the ssl context, but called at a point where this data is actually in the rec structure. Call it later so that the data is back to the ssl structure. --- library/ssl_tls.c | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 51ae9da3c6..4f219a3ad2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5446,7 +5446,7 @@ static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ /* - * If applicable, decrypt (and decompress) record content + * If applicable, decrypt record content */ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, mbedtls_record *rec ) @@ -5572,18 +5572,6 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, } -#if defined(MBEDTLS_ZLIB_SUPPORT) - if( ssl->transform_in != NULL && - ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) - { - if( ( ret = ssl_decompress_buf( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); - return( ret ); - } - } -#endif /* MBEDTLS_ZLIB_SUPPORT */ - #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { @@ -6469,6 +6457,26 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 ); ssl->in_len[1] = (unsigned char)( rec.data_len ); +#if defined(MBEDTLS_ZLIB_SUPPORT) + if( ssl->transform_in != NULL && + ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) + { + if( ( ret = ssl_decompress_buf( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); + return( ret ); + } + + /* Check actual (decompress) record content length against + * configured maximum. */ + if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } + } +#endif /* MBEDTLS_ZLIB_SUPPORT */ + return( 0 ); } From f2e2902c5a373c34090026314640d6b72c52e73d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Jan 2020 10:17:20 +0100 Subject: [PATCH 57/67] Add detection for zlib headers to all.sh --- tests/scripts/all.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2030122380..1ad11ffb5c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -708,6 +708,17 @@ component_test_zlib_make() { msg "test: ssl-opt.sh (zlib, make)" if_build_succeeded tests/ssl-opt.sh } +support_test_zlib_make () { + base=support_test_zlib_$$ + cat <<'EOF' > ${base}.c +#include "zlib.h" +int main(void) { return 0; } +EOF + gcc -o ${base}.exe ${base}.c -lz 2>/dev/null + ret=$? + rm -f ${base}.* + return $ret +} component_test_zlib_cmake() { msg "build: zlib enabled, cmake" @@ -721,6 +732,9 @@ component_test_zlib_cmake() { msg "test: ssl-opt.sh (zlib, cmake)" if_build_succeeded tests/ssl-opt.sh } +support_test_zlib_cmake () { + support_test_zlib_make "$@" +} component_test_ref_configs () { msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s From fdc16f36b4c8b1dfb9d21ee2080c8eac6f5b2cea Mon Sep 17 00:00:00 2001 From: Jonathan Bennett Date: Fri, 24 Jan 2020 09:12:03 -0600 Subject: [PATCH 58/67] Allow loading symlinked certificates When mbedtls_x509_crt_parse_path() checks each object in the supplied path, it only processes regular files. This change makes it also accept a symlink to a file. Fixes #3005. This was observed to be a problem on Fedora/CentOS/RHEL systems, where the ca-bundle in the default location is actually a symlink. --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 38e69cc550..ca60011f7c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1613,7 +1613,7 @@ cleanup: goto cleanup; } - if( !S_ISREG( sb.st_mode ) ) + if( !( S_ISREG( sb.st_mode ) || S_ISLNK( sb.st_mode ) ) ) continue; // Ignore parse errors From 62236d7651b4993a09a487996de2db22c63420bb Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 24 Jan 2020 18:20:22 +0000 Subject: [PATCH 59/67] Add ChangeLog entry Add a ChangeLog entry for Jonathan Bennett's contribution which allows loading symlinked certificates. --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1d39172216..4a4d628ac2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS X.X.X branch released XXXX-XX-XX + +Bugfix + * Allow loading symlinked certificates. Fixes #3005. Reported and fixed + by Jonathan Bennett via #3008. + = mbed TLS 2.20.0 branch released 2020-01-15 Bugfix From e3b285d2c85a31d8445c9195de41bfd055f2028c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 27 Jan 2020 14:01:42 +0100 Subject: [PATCH 60/67] Add crypto security fixes merged after mbedcrypto-3.0.0 --- ChangeLog | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4a043cca65..be6b5d7ae9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,27 @@ Security entropy module formerly only grabbed 32 bytes, which is good enough for security if the source is genuinely strong, but less than the expected 64 bytes (size of the entropy accumulator). + * Zeroize local variables in mbedtls_internal_aes_encrypt() and + mbedtls_internal_aes_decrypt() before exiting the function. The value of + these variables can be used to recover the last round key. To follow best + practice and to limit the impact of buffer overread vulnerabilities (like + Heartbleed) we need to zeroize them before exiting the function. + Issue reported by Tuba Yavuz, Farhaan Fowze, Ken (Yihang) Bai, + Grant Hernandez, and Kevin Butler (University of Florida) and + Dave Tian (Purdue University). + * Fix side channel vulnerability in ECDSA. Our bignum implementation is not + constant time/constant trace, so side channel attacks can retrieve the + blinded value, factor it (as it is smaller than RSA keys and not guaranteed + to have only large prime factors), and then, by brute force, recover the + key. Reported by Alejandro Cabrera Aldaya and Billy Brumley. + * Fix side channel vulnerability in ECDSA key generation. Obtaining precise + timings on the comparison in the key generation enabled the attacker to + learn leading bits of the ephemeral key used during ECDSA signatures and to + recover the private key. Reported by Jeremy Dubeuf. + * Catch failure of AES functions in mbedtls_ctr_drbg_random(). Uncaught + failures could happen with alternative implementations of AES. Bug + reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri, + Sectra. Features * Key derivation inputs in the PSA API can now either come from a key object From ceceedb532a4bc9e569f02261ab841b102a8c167 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 27 Jan 2020 16:23:55 +0000 Subject: [PATCH 61/67] Update Mbed Crypto to 3.0.1 --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index d27a88438f..1146b4e060 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit d27a88438fe785f0906c01e3216044d1c98be875 +Subproject commit 1146b4e06011b69a6437e6b728f2af043a06ec19 From 4c736fb6a8ecb2be8943c98deef62d7780b033b7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 27 Jan 2020 16:37:14 +0000 Subject: [PATCH 62/67] Update Mbed Crypto SO version The recent update changed the Mbed Crypto SO version, get Mbed TLS in sync. --- library/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/Makefile b/library/Makefile index bc9363db22..6fc110ceea 100644 --- a/library/Makefile +++ b/library/Makefile @@ -37,7 +37,7 @@ endif SOEXT_TLS=so.13 SOEXT_X509=so.1 -SOEXT_CRYPTO=so.3 +SOEXT_CRYPTO=so.4 # Set AR_DASH= (empty string) to use an ar implementation that does not accept # the - prefix for command line options (e.g. llvm-ar) From 96134effeadb9ca16ea2be16d0033d6ecdfa8885 Mon Sep 17 00:00:00 2001 From: "Zachary J. Fields" Date: Mon, 27 Jan 2020 16:12:02 -0600 Subject: [PATCH 63/67] Update ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index ab8267f420..c6210d1390 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ Bugfix = mbed TLS 2.19.1 branch released 2019-09-16 Features + * Declare include headers as PUBLIC to propagate to CMake project consumers + Contributed by Zachary J. Fields in PR #2949. * Add nss_keylog to ssl_client2 and ssl_server2, enabling easier analysis of TLS sessions with tools like Wireshark. From d796e19d3b3ebca2652ccb561f3130ef18f9afac Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Tue, 28 Jan 2020 12:09:47 +0100 Subject: [PATCH 64/67] Fix memory allocation fail in TCP mock socket MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Because two buffers were aliased too early in the code, it was possible that after an allocation failure, free() would be called twice for the same pointer.  --- tests/suites/test_suite_ssl.function | 30 +++++++++++++++------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8816048c4f..a936d83a34 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -224,20 +224,7 @@ int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1, { int ret = -1; - peer1->input = peer2->output = - (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) ); - if( peer1->input == NULL ) - { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_test_buffer_init( peer1->input ); - if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->input, bufsize ) ) ) - { - goto exit; - } - - peer1->output = peer2->input = + peer1->output = (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) ); if( peer1->output == NULL ) { @@ -250,8 +237,23 @@ int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1, goto exit; } + peer2->output = + (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) ); + if( peer2->output == NULL ) + { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + mbedtls_test_buffer_init( peer2->output ); + if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) ) + { + goto exit; + } + peer1->peer = peer2; peer2->peer = peer1; + peer1->input = peer2->output; + peer2->input = peer1->output; peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; ret = 0; From 2a1f178d7c6bb137bdcdf518e20b53ddd1b22fe3 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Mon, 13 Jan 2020 09:42:10 +0100 Subject: [PATCH 65/67] Add test for prescribed states of handshake with the custom IO callbacks --- tests/suites/test_suite_ssl.data | 114 +++++++++ tests/suites/test_suite_ssl.function | 332 ++++++++++++++++++++++++++- 2 files changed, 444 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 3326b43a94..5f4dc67405 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -85,6 +85,120 @@ ssl_message_mock_interleaved_one_way: Message transport mock - two-way interleaved sends/reads ssl_message_mock_interleaved_two_ways: +Test mbedtls_endpoint sanity for the client +mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_CLIENT + +Test mbedtls_endpoint sanity for the server +mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER + +Test moving clients handshake to state: HELLO_REQUEST +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1 + +Test moving clients handshake to state: CLIENT_HELLO +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1 + +Test moving clients handshake to state: SERVER_HELLO +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1 + +Test moving clients handshake to state: SERVER_CERTIFICATE +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1 + +Test moving clients handshake to state: SERVER_KEY_EXCHANGE +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 + +Test moving clients handshake to state: CERTIFICATE_REQUEST +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 + +Test moving clients handshake to state: SERVER_HELLO_DONE +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1 + +Test moving clients handshake to state: CLIENT_CERTIFICATE +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 + +Test moving clients handshake to state: CLIENT_KEY_EXCHANGE +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 + +Test moving clients handshake to state: CERTIFICATE_VERIFY +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 + +Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 + +Test moving clients handshake to state: CLIENT_FINISHED +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1 + +Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 + +Test moving clients handshake to state: SERVER_FINISHED +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1 + +Test moving clients handshake to state: FLUSH_BUFFERS +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1 + +Test moving clients handshake to state: HANDSHAKE_WRAPUP +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 + +Test moving clients handshake to state: HANDSHAKE_OVER +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1 + +Test moving servers handshake to state: HELLO_REQUEST +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HELLO_REQUEST:1 + +Test moving servers handshake to state: CLIENT_HELLO +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1 + +Test moving servers handshake to state: SERVER_HELLO +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1 + +Test moving servers handshake to state: SERVER_CERTIFICATE +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1 + +Test moving servers handshake to state: SERVER_KEY_EXCHANGE +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 + +Test moving servers handshake to state: CERTIFICATE_REQUEST +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 + +Test moving servers handshake to state: SERVER_HELLO_DONE +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1 + +Test moving servers handshake to state: CLIENT_CERTIFICATE +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 + +Test moving servers handshake to state: CLIENT_KEY_EXCHANGE +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 + +Test moving servers handshake to state: CERTIFICATE_VERIFY +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 + +Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 + +Test moving servers handshake to state: CLIENT_FINISHED +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1 + +Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 + +Test moving servers handshake to state: SERVER_FINISHED +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1 + +Test moving servers handshake to state: FLUSH_BUFFERS +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1 + +Test moving servers handshake to state: HANDSHAKE_WRAPUP +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 + +Test moving servers handshake to state: HANDSHAKE_OVER +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1 + +Negative test moving clients ssl to state: VERIFY_REQUEST_SENT +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:0 + +Negative test moving servers ssl to state: NEW_SESSION_TICKET +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 + SSL DTLS replay: initial state, seqnum 0 ssl_dtls_replay:"":"000000000000":0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 2d080c7ace..4fba1f187a 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1,7 +1,9 @@ /* BEGIN_HEADER */ #include #include - +#include +#include +#include /* * Buffer structure for custom I/O callbacks. @@ -59,7 +61,7 @@ void mbedtls_test_buffer_free( mbedtls_test_buffer *buf ) * zero and \p input is NULL. */ int mbedtls_test_buffer_put( mbedtls_test_buffer *buf, - const unsigned char* input, size_t input_len ) + const unsigned char *input, size_t input_len ) { size_t overflow = 0; @@ -618,6 +620,271 @@ int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len ) return msg_len; } +#if defined(MBEDTLS_X509_CRT_PARSE_C) + +/* + * Structure with endpoint's certificates for SSL communication tests. + */ +typedef struct mbedtls_endpoint_certificate +{ + mbedtls_x509_crt ca_cert; + mbedtls_x509_crt cert; + mbedtls_x509_crt cert2; + mbedtls_pk_context pkey; + mbedtls_pk_context pkey2; +} mbedtls_endpoint_certificate; + +/* + * Endpoint structure for SSL communication tests. + */ +typedef struct mbedtls_endpoint +{ + const char *name; + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_entropy_context entropy; + mbedtls_mock_socket socket; + mbedtls_endpoint_certificate cert; +} mbedtls_endpoint; + +/* + * Initializes \p ep_cert structure and assigns it to endpoint + * represented by \p ep. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep ) +{ + int i = 0; + int ret = -1; + mbedtls_endpoint_certificate *cert; + + if( ep == NULL ) + { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + cert = &( ep->cert ); + mbedtls_x509_crt_init( &( cert->ca_cert ) ); + mbedtls_x509_crt_init( &( cert->cert ) ); + mbedtls_x509_crt_init( &( cert->cert2 ) ); + mbedtls_pk_init( &( cert->pkey ) ); + mbedtls_pk_init( &( cert->pkey2 ) ); + + /* Load the trusted CA */ + + for( i = 0; mbedtls_test_cas[i] != NULL; i++ ) + { + ret = mbedtls_x509_crt_parse( &( cert->ca_cert ), + (const unsigned char *) mbedtls_test_cas[i], + mbedtls_test_cas_len[i] ); + TEST_ASSERT( ret == 0 ); + } + + for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ ) + { + ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ), + (const unsigned char *) mbedtls_test_cas_der[i], + mbedtls_test_cas_der_len[i] ); + TEST_ASSERT( ret == 0 ); + } + + /* Load own certificate and private key */ + + if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER ) + { + ret = mbedtls_x509_crt_parse( &( cert->cert ), + (const unsigned char *) mbedtls_test_srv_crt_rsa, + mbedtls_test_srv_crt_rsa_len ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_pk_parse_key( &( cert->pkey ), + (const unsigned char *) mbedtls_test_srv_key_rsa, + mbedtls_test_srv_key_rsa_len, NULL, 0 ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_x509_crt_parse( &( cert->cert2 ), + (const unsigned char *) mbedtls_test_srv_crt_ec, + mbedtls_test_srv_crt_ec_len ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_pk_parse_key( &( cert->pkey2 ), + (const unsigned char *) mbedtls_test_srv_key_ec, + mbedtls_test_srv_key_ec_len, NULL, 0 ); + TEST_ASSERT( ret == 0 ); + } + else + { + ret = mbedtls_x509_crt_parse( &( cert->cert ), + (const unsigned char *) mbedtls_test_cli_crt, + mbedtls_test_cli_crt_len ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_pk_parse_key( &( cert->pkey ), + (const unsigned char *) mbedtls_test_cli_key, + mbedtls_test_cli_key_len, NULL, 0 ); + TEST_ASSERT( ret == 0 ); + } + + mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL ); + + ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ), &( cert->pkey ) ); + TEST_ASSERT( ret == 0 ); + + if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER ) + { + ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert2 ), &( cert->pkey2 ) ); + TEST_ASSERT( ret == 0 ); + } + +exit: + if( ret != 0 ) + { + mbedtls_x509_crt_free( &( cert->ca_cert ) ); + mbedtls_x509_crt_free( &( cert->cert ) ); + mbedtls_x509_crt_free( &( cert->cert2 ) ); + mbedtls_pk_free( &( cert->pkey ) ); + mbedtls_pk_free( &( cert->pkey2 ) ); + } + + return ret; +} + +/* + * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()` + * after calling this function even if it fails. + * + * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or + * MBEDTLS_SSL_IS_CLIENT. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type ) +{ + int ret = -1; + + if( ep == NULL ) + { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + memset( ep, 0, sizeof( *ep ) ); + + ep->name = ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? "Server" : "Client"; + + mbedtls_ssl_init( &( ep->ssl ) ); + mbedtls_ssl_config_init( &( ep->conf ) ); + mbedtls_ctr_drbg_init( &( ep->ctr_drbg ) ); + mbedtls_ssl_conf_rng( &( ep->conf ), + mbedtls_ctr_drbg_random, + &( ep->ctr_drbg ) ); + mbedtls_entropy_init( &( ep->entropy ) ); + mbedtls_mock_socket_init( &( ep->socket ) ); + + ret = mbedtls_ctr_drbg_seed( &( ep->ctr_drbg ), mbedtls_entropy_func, + &( ep->entropy ), (const unsigned char *) ( ep->name ), + strlen( ep->name ) ); + TEST_ASSERT( ret == 0 ); + + /* Non-blocking callbacks without timeout */ + mbedtls_ssl_set_bio( &( ep->ssl ), &( ep->socket ), + mbedtls_mock_tcp_send_nb, + mbedtls_mock_tcp_recv_nb, + NULL ); + + ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_ssl_config_defaults( &( ep->conf ), endpoint_type, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_endpoint_certificate_init( ep ); + TEST_ASSERT( ret == 0 ); + +exit: + return ret; +} + +/* + * Deinitializes certificates from endpoint represented by \p ep. + */ +void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep ) +{ + mbedtls_endpoint_certificate *cert = &( ep->cert ); + mbedtls_x509_crt_free( &( cert->ca_cert ) ); + mbedtls_x509_crt_free( &( cert->cert ) ); + mbedtls_x509_crt_free( &( cert->cert2 ) ); + mbedtls_pk_free( &( cert->pkey ) ); + mbedtls_pk_free( &( cert->pkey2 ) ); +} + +/* + * Deinitializes endpoint represented by \p ep. + */ +void mbedtls_endpoint_free( mbedtls_endpoint *ep ) +{ + mbedtls_endpoint_certificate_free( ep ); + + mbedtls_ssl_free( &( ep->ssl ) ); + mbedtls_ssl_config_free( &( ep->conf ) ); + mbedtls_ctr_drbg_free( &( ep->ctr_drbg ) ); + mbedtls_entropy_free( &( ep->entropy ) ); + mbedtls_mock_socket_close( &( ep->socket ) ); +} + +/* + * This function moves ssl handshake from \p ssl to prescribed \p state. + * /p second_ssl is used as second endpoint and their sockets have to be + * connected before calling this function. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl, + mbedtls_ssl_context *second_ssl, + int state ) +{ + enum { BUFFSIZE = 1024 }; + int max_steps = 1000; + int ret = 0; + + if( ssl == NULL || second_ssl == NULL ) + { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + /* Perform communication via connected sockets */ + while( ( ssl->state != state ) && ( --max_steps >= 0 ) ) + { + /* If /p second_ssl ends the handshake procedure before /p ssl then + * there is no need to call the next step */ + if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + { + ret = mbedtls_ssl_handshake_step( second_ssl ); + if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + return ret; + } + } + + /* We only care about the \p ssl state and returns, so we call it last, + * to leave the iteration as soon as the state is as expected. */ + ret = mbedtls_ssl_handshake_step( ssl ); + if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + return ret; + } + } + + return ( max_steps >= 0 ) ? ret : -1; +} + +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + /* * Helper function setting up inverse record transformations * using given cipher, hash, EtM mode, authentication tag length, @@ -2648,3 +2915,64 @@ void ssl_session_serialize_version_check( int corrupt_major, } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO */ +void mbedtls_endpoint_sanity( int endpoint_type ) +{ + enum { BUFFSIZE = 1024 }; + mbedtls_endpoint ep; + int ret = -1; + + ret = mbedtls_endpoint_init( NULL, endpoint_type ); + TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret ); + + ret = mbedtls_endpoint_certificate_init( NULL ); + TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret ); + + ret = mbedtls_endpoint_init( &ep, endpoint_type ); + TEST_ASSERT( ret == 0 ); + +exit: + mbedtls_endpoint_free( &ep ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO */ +void move_handshake_to_state(int endpoint_type, int state, int need_pass) +{ + enum { BUFFSIZE = 1024 }; + mbedtls_endpoint base_ep, second_ep; + int ret = -1; + + ret = mbedtls_endpoint_init( &base_ep, endpoint_type ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_endpoint_init( &second_ep, + ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? + MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_mock_socket_connect( &(base_ep.socket), + &(second_ep.socket), + BUFFSIZE ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_move_handshake_to_state( &(base_ep.ssl), + &(second_ep.ssl), + state ); + if( need_pass ) + { + TEST_ASSERT( ret == 0 ); + TEST_ASSERT( base_ep.ssl.state == state ); + } + else + { + TEST_ASSERT( ret != 0 ); + TEST_ASSERT( base_ep.ssl.state != state ); + } + +exit: + mbedtls_endpoint_free( &base_ep ); + mbedtls_endpoint_free( &second_ep ); +} +/* END_CASE */ From 81d31002503f0cdc735176279e913106155666c4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Jan 2020 20:12:03 +0100 Subject: [PATCH 66/67] Update crypto submodule Previously in d8752858fc22fa3ee4be21bc27e04d8fedaeaea4: * #333: Streamline PSA key type encodings: prepare * #323: Initialise return values to an error Previously in dbcb44202c9b67184a72afd21c7191c17eee352e: * #291: Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY * #334: Fix some pylint warnings Previously in ceceedb532a4bc9e569f02261ab841b102a8c167: * #348: Bump version to Mbed TLS 2.20.0 and crypto SO version to 4 * #354: Fix incrementing pointer instead of value In this commit: * #349: Fix minor defects found by Coverity * #179: Add option to build SHA-512 without SHA-384 * #327: Implement psa_hash_compute and psa_hash_compare * #330: Streamline PSA key type and curve encodings --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index 1146b4e060..819799cfc6 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 1146b4e06011b69a6437e6b728f2af043a06ec19 +Subproject commit 819799cfc68e4c4381673a8a27af19802c8263f2 From 42459805ce18c7dfe4e3ddefa777210fc0cba411 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Dec 2019 13:31:53 +0100 Subject: [PATCH 67/67] USE_PSA_CRYPTO: don't rely on the curve encoding Adapt to the change of encoding of elliptic curve key types in PSA crypto. Before, an EC key type encoded the TLS curve identifier. Now the EC key type only includes an ad hoc curve family identifier, and determining the exact curve requires both the key type and size. This commit moves from the old encoding and old definitions from crypto/include/mbedtls/psa_util.h to the new encoding and definitions from the immediately preceding crypto submodule update. --- include/mbedtls/ssl_internal.h | 3 ++- library/ssl_cli.c | 17 +++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index f703da99b4..b8c7f0a77a 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -319,7 +319,8 @@ struct mbedtls_ssl_handshake_params mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_ecc_curve_t ecdh_psa_curve; + psa_key_type_t ecdh_psa_type; + uint16_t ecdh_bits; psa_key_handle_t ecdh_psa_privkey; unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t ecdh_psa_peerkey_len; diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 1005bd97fa..0f6a26b184 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2244,6 +2244,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, unsigned char *end ) { uint16_t tls_id; + size_t ecdh_bits = 0; uint8_t ecpoint_len; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -2264,11 +2265,14 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, tls_id |= *(*p)++; /* Convert EC group to PSA key type. */ - if( ( handshake->ecdh_psa_curve = - mbedtls_psa_parse_tls_ecc_group( tls_id ) ) == 0 ) + if( ( handshake->ecdh_psa_type = + mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 ) { return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } + if( ecdh_bits > 0xffff ) + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + handshake->ecdh_bits = (uint16_t) ecdh_bits; /* * Put peer's ECDH public key in the format understood by PSA. @@ -2278,7 +2282,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, if( (size_t)( end - *p ) < ecpoint_len ) return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - if( mbedtls_psa_tls_ecpoint_to_psa_ec( handshake->ecdh_psa_curve, + if( mbedtls_psa_tls_ecpoint_to_psa_ec( *p, ecpoint_len, handshake->ecdh_psa_peerkey, sizeof( handshake->ecdh_psa_peerkey ), @@ -3257,11 +3261,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH ); - psa_set_key_type( &key_attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR( handshake->ecdh_psa_curve ) - ); - psa_set_key_bits( &key_attributes, - PSA_ECC_CURVE_BITS( handshake->ecdh_psa_curve ) ); + psa_set_key_type( &key_attributes, handshake->ecdh_psa_type ); + psa_set_key_bits( &key_attributes, handshake->ecdh_bits ); /* Generate ECDH private key. */ status = psa_generate_key( &key_attributes,