Some projects using Mbed TLS have migrated their configuration
file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS
2.x, and kept including check_config.h. This is unnecessary since Mbed TLS
3.0, and increasingly in 3.x it may report spurious errors because the
configuration adjustments have not been done yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some projects using Mbed TLS have migrated their configuration
file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS
2.x, and kept including check_config.h. This is unnecessary since Mbed TLS
3.0, and increasingly in 3.x it may report spurious errors because the
configuration adjustments have not been done yet. This has led some
projects to include configuration adjustment headers manually, but only
partially or in the wrong order, which can result in silent inconsistencies.
Error out if this happens, with a message mentioning check_config.h since
that's the likely root cause.
```
perl -i -pe '$name = $ARGV; $name =~ s!include/!!; $name =~ s!_adjust_.*!_adjust_*.h!; $_ .= "\n#if !defined(MBEDTLS_CONFIG_FILES_READ)\n#error \"Do not include $name manually! This can lead to problems, \" \\\n \"up to and including runtime errors such as buffer overflows. \" \\\n \"If you're trying to fix a complaint from check_config.h, just remove it \" \\\n \"from your configuration file: since Mbed TLS 3.0, it is included \" \\\n \"automatically at the right time.\"\n#endif /* !MBEDTLS_CONFIG_FILES_READ */\n" if /^#define .*_H$/' include/*/*adjust*.h
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Including *adjust*.h directly is likely to cause them to be applied at the
wrong time, resulting in an invalid or unintended configuration.
Including check_config.h at the wrong time is likely to cause spurious
errors.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The Mbed TLS implementations of ALG_TLS12_PRF,
ALG_TLS12_PSK_TO_MS, ALG_HKDF, ALG_HKDF_EXTRACT,
ALG_HKDF_EXPAND and ALG_PBKDF2 rely on HMAC
operations through the driver interface. Thus
if one of these algorithms is enabled and not
accelerated, we need ALG_HMAC to be enabled
(PSA_WANT_ALG_HMAC and PSA_WANT_KEY_TYPE_HMAC
defined). As HMAC operations occur through
the driver interface, HMAC operations can be
accelerated even if the caller algorithm
is not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Change the way we decide if for a given
configuration we need to run tests with
and without MBEDTLS_USE_PSA_CRYPTO enabled.
That makes the script suitable for 3.6 and
development branch.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Replace more sample PSK by longer (GnuTLS-compatible) strings, taking care
of keeping distinct PSK distinct for wrong-PSK tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This allows many tests to pass with the system openssl and gnutls-*. As
before, not all test cases will pass due to differences between versions and
build options.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some OpenSSL or GnuTLS interoperability test cases fail if the other
implementation is recent enough to support TLS 1.3. Force those test cases
to use TLS 1.2 so that the script works with more recent $OPENSSL or
$GNUTLS_CLI or $GNUTLS_SERV than our official CI versions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
ssl-opt.sh uses a 3-byte PSK in many test cases. Unfortunately GnuTLS >=3.4.0
rejects a PSK that is less than 4 bytes long:
> Error setting the PSK credentials: The request is invalid.
Use a longer PSK throughout ssl-opt. Only the test cases involving GnuTLS
need to change, but it's easier to do a global search-and-replace, and it's
easier to not have to worry about mismatches in constructed test cases
later, so replace everything.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When given a PSK key but no username, gnutls-cli prompts for a password.
Prevent that by passing --pskusername with the same identity that
ssl_server2 uses by default.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Only s_server has a -nocert option, s_client doesn't. Fixes OpenSSL client
test cases in PSK-only builds.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It isn't detected on the CI because we only test this with an ancient Clang
that doesn't warn. Old GCC, modern GCC and modern Clang do
warn (-Wunused-but-set-variable).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Tighten the matching when detecting which certificates are in use to
determine algorithm requirements. This fixes a bug whereby all tests were
skipped in configurations without RSA except for an Mbed TLS client against
a GnuTLS or OpenSSL server, due to *server2* matching ssl_server2.
Fixes#8366.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When trying to decrypt data with an invalid key, we found that `mbedtls`
returned `0x6200` (`-25088`), which means "_CIPHER - Input data contains
invalid padding and is rejected_" from `mbedtls_cipher_finish`, but it also
set the output len as `18446744073709551516`.
In case we detect an error with padding, we leave the output len zero'ed
and return `MBEDTLS_ERR_CIPHER_INVALID_PADDING`.
Here's a reference for the way `openssl` checks the padding length:
- 1848c561ec/crypto/evp/evp_enc.c (L1023)
- b554eef43b
So add a check ensuring output is set to the least-harmful value in the
error cases.
With the robustness fix:
`PASSED (125 suites, 26644 tests run)`
Without the robustness fix:
`FAILED (125 suites, 26644 tests run)`
Signed-off-by: Andre Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Andre Goddard Rosa <agoddardrosa@roku.com>
This name is more descriptive of its purpose, since it actually adds
framework/scripts to the path rather than just framework/
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since this python module resides in the framework submodule we must
add an extra explicit path to it for mypy.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This allows scripts in the scripts/ directory to get the path to the
mbedtls_framework module in framework/scripts/
Signed-off-by: David Horstmann <david.horstmann@arm.com>
