Merge branch 'mbedtls-1.3'
diff --git a/ChangeLog b/ChangeLog
index 26e296e..f23aee6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,16 +1,27 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS 1.3.x
+= mbed TLS 1.3.x branch 2016-xx-xx
+
+Security
+ * Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
+ with RFC-5116 and could lead to session key recovery in very long TLS
+ sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in
+ TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic.
+ https://eprint.iacr.org/2016/475.pdf
+ * Fixed potential stack corruption in mbedtls_x509write_crt_der() and
+ mbedtls_x509write_csr_der() when the signature is copied to the buffer
+ without checking whether there is enough space in the destination. The
+ issue cannot be triggered remotely. Found by Jethro Beekman.
Bugfix
* Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
- * Fix incorrect handling of block lengths in crypt_and_hash sample program,
- when GCM is used. #441
+ * Fix incorrect handling of block lengths in crypt_and_hash.c sample program,
+ when GCM is used. Found by udf2457. #441
* Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
enabled unless others were also present. Found by David Fernandez. #428
- * Fixed cert_app sample program for debug output and for use when no root
+ * Fixed cert_app.c sample program for debug output and for use when no root
certificates are provided.
* Fix conditional statement that would cause a 1 byte overread in
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
@@ -25,6 +36,15 @@
* Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
* Fix check for validity of date when parsing in mbedtls_x509_get_time().
Found by subramanyam-c. #626
+ * Fix missing return code check after call to md_init_ctx() that could
+ result in usage of invalid md_ctx in rsa_rsaes_oaep_encrypt(),
+ rsa_rsaes_oaep_decrypt(), rsa_rsassa_pss_sign() and
+ rsa_rsassa_pss_verify_ext(). Fixed by Brian J. Murray. #502
+
+Changes
+ * Add compile time option for relaxed X.509 time verification to enable
+ accepting certificates with non-standard time format (that is without
+ seconds or with a time zone). Patch provided by James Yonan of OpenVPN.
= mbed TLS 1.3.17 branch 2016-06-28
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 8fdf36e..498fc5b 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -839,18 +839,6 @@
#define POLARSSL_SELF_TEST
/**
- * \def POLARSSL_SSL_AEAD_RANDOM_IV
- *
- * Generate a random IV rather than using the record sequence number as a
- * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
- *
- * Using the sequence number is generally recommended.
- *
- * Uncomment this macro to always use random IVs with AEAD ciphersuites.
- */
-//#define POLARSSL_SSL_AEAD_RANDOM_IV
-
-/**
* \def POLARSSL_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
@@ -1177,6 +1165,17 @@
//#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
/**
+ * \def POLARSSL_X509_ALLOW_RELAXED_DATE
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering ASN.1 UTCTime or ASN.1 GeneralizedTime without seconds or
+ * with a time zone.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define POLARSSL_X509_ALLOW_RELAXED_DATE
+
+/**
* \def POLARSSL_X509_CHECK_KEY_USAGE
*
* Enable verification of the keyUsage extension (CA and leaf certificates).
diff --git a/library/rsa.c b/library/rsa.c
index bf77cb5..79726c1 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -547,7 +547,11 @@
memcpy( p, input, ilen );
md_init( &md_ctx );
- md_init_ctx( &md_ctx, md_info );
+ if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+ {
+ md_free( &md_ctx );
+ return( ret );
+ }
// maskedDB: Apply dbMask to DB
//
@@ -728,7 +732,11 @@
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
md_init( &md_ctx );
- md_init_ctx( &md_ctx, md_info );
+ if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+ {
+ md_free( &md_ctx );
+ return( ret );
+ }
/* Generate lHash */
md( md_info, label, label_len, lhash );
@@ -974,7 +982,11 @@
p += slen;
md_init( &md_ctx );
- md_init_ctx( &md_ctx, md_info );
+ if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+ {
+ md_free( &md_ctx );
+ return( ret );
+ }
// Generate H = Hash( M' )
//
@@ -1247,7 +1259,11 @@
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
md_init( &md_ctx );
- md_init_ctx( &md_ctx, md_info );
+ if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+ {
+ md_free( &md_ctx );
+ return( ret );
+ }
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d9eb0a9..0dd4a6c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -83,6 +83,7 @@
};
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_CLI_C)
static int ssl_session_copy( ssl_session *dst, const ssl_session *src )
{
ssl_session_free( dst );
@@ -122,6 +123,7 @@
return( 0 );
}
+#endif /* POLARSSL_SSL_CLI_C */
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
int (*ssl_hw_record_init)( ssl_context *ssl,
@@ -1217,17 +1219,6 @@
/*
* Generate IV
*/
-#if defined(POLARSSL_SSL_AEAD_RANDOM_IV)
- ret = ssl->f_rng( ssl->p_rng,
- ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
- ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
- if( ret != 0 )
- return( ret );
-
- memcpy( ssl->out_iv,
- ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
- ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
-#else
if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
{
/* Reminder if we ever add an AEAD mode with a different size */
@@ -1238,7 +1229,6 @@
memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
ssl->out_ctr, 8 );
memcpy( ssl->out_iv, ssl->out_ctr, 8 );
-#endif
SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
@@ -2649,7 +2639,7 @@
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = SSL_HS_CERTIFICATE;
-#if defined(POLARSSL_SSL_PROTO_SSL3)
+#if defined(POLARSSL_SSL_PROTO_SSL3) && defined(POLARSSL_SSL_CLI_C)
write_msg:
#endif
diff --git a/library/version_features.c b/library/version_features.c
index d5f4468..08bdfe2 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -285,9 +285,6 @@
#if defined(POLARSSL_SELF_TEST)
"POLARSSL_SELF_TEST",
#endif /* POLARSSL_SELF_TEST */
-#if defined(POLARSSL_SSL_AEAD_RANDOM_IV)
- "POLARSSL_SSL_AEAD_RANDOM_IV",
-#endif /* POLARSSL_SSL_AEAD_RANDOM_IV */
#if defined(POLARSSL_SSL_ALERT_MESSAGES)
"POLARSSL_SSL_ALERT_MESSAGES",
#endif /* POLARSSL_SSL_ALERT_MESSAGES */
@@ -366,6 +363,9 @@
#if defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
"POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION",
#endif /* POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */
+#if defined(POLARSSL_X509_ALLOW_RELAXED_DATE)
+ "POLARSSL_X509_ALLOW_RELAXED_DATE",
+#endif /* POLARSSL_X509_ALLOW_RELAXED_DATE */
#if defined(POLARSSL_X509_CHECK_KEY_USAGE)
"POLARSSL_X509_CHECK_KEY_USAGE",
#endif /* POLARSSL_X509_CHECK_KEY_USAGE */
diff --git a/library/x509.c b/library/x509.c
index 5aea375..e671fab 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -518,6 +518,88 @@
}
/*
+ * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) field.
+ */
+static int x509_parse_time( unsigned char **p, size_t len, unsigned int yearlen, x509_time *time )
+{
+ int ret;
+
+ /*
+ * minimum length is 10 or 12 depending on yearlen
+ */
+ if ( len < yearlen + 8 )
+ return POLARSSL_ERR_X509_INVALID_DATE;
+ len -= yearlen + 8;
+
+ /*
+ * parse year, month, day, hour, minute
+ */
+ CHECK( x509_parse_int( p, yearlen, &time->year ) );
+ if ( 2 == yearlen )
+ {
+ if ( time->year < 50 )
+ time->year += 100;
+
+ time->year += 1900;
+ }
+
+ CHECK( x509_parse_int( p, 2, &time->mon ) );
+ CHECK( x509_parse_int( p, 2, &time->day ) );
+ CHECK( x509_parse_int( p, 2, &time->hour ) );
+ CHECK( x509_parse_int( p, 2, &time->min ) );
+
+ /*
+ * parse seconds if present
+ */
+ if ( len >= 2 && **p >= '0' && **p <= '9' )
+ {
+ CHECK( x509_parse_int( p, 2, &time->sec ) );
+ len -= 2;
+ }
+ else
+ {
+#if defined(POLARSSL_X509_ALLOW_RELAXED_DATE)
+ /*
+ * if relaxed mode, allow seconds to be absent
+ */
+ time->sec = 0;
+#else
+ return POLARSSL_ERR_X509_INVALID_DATE;
+#endif
+ }
+
+ /*
+ * parse trailing 'Z' if present
+ */
+ if ( 1 == len && 'Z' == **p )
+ {
+ (*p)++;
+ return 0;
+ }
+#if defined(POLARSSL_X509_ALLOW_RELAXED_DATE)
+ /*
+ * if relaxed mode, allow timezone to be present
+ */
+ else if ( 5 == len && ( '+' == **p || '-' == **p ) )
+ {
+ int tz; /* throwaway timezone */
+
+ (*p)++;
+ CHECK( x509_parse_int( p, 4, &tz ) );
+
+ return 0;
+ }
+#endif
+ /*
+ * okay if no trailing 'Z' or timezone specified
+ */
+ else if ( 0 == len )
+ return 0;
+ else
+ return POLARSSL_ERR_X509_INVALID_DATE;
+}
+
+/*
* Time ::= CHOICE {
* utcTime UTCTime,
* generalTime GeneralizedTime }
@@ -543,22 +625,7 @@
if( ret != 0 )
return( POLARSSL_ERR_X509_INVALID_DATE + ret );
- CHECK( x509_parse_int( p, 2, &time->year ) );
- CHECK( x509_parse_int( p, 2, &time->mon ) );
- CHECK( x509_parse_int( p, 2, &time->day ) );
- CHECK( x509_parse_int( p, 2, &time->hour ) );
- CHECK( x509_parse_int( p, 2, &time->min ) );
- if( len > 10 )
- CHECK( x509_parse_int( p, 2, &time->sec ) );
- if( len > 12 && *(*p)++ != 'Z' )
- return( POLARSSL_ERR_X509_INVALID_DATE );
-
- time->year += 100 * ( time->year < 50 );
- time->year += 1900;
-
- CHECK( x509_date_is_valid( time ) );
-
- return( 0 );
+ return x509_parse_time( p, len, 2, time );
}
else if( tag == ASN1_GENERALIZED_TIME )
{
@@ -568,19 +635,7 @@
if( ret != 0 )
return( POLARSSL_ERR_X509_INVALID_DATE + ret );
- CHECK( x509_parse_int( p, 4, &time->year ) );
- CHECK( x509_parse_int( p, 2, &time->mon ) );
- CHECK( x509_parse_int( p, 2, &time->day ) );
- CHECK( x509_parse_int( p, 2, &time->hour ) );
- CHECK( x509_parse_int( p, 2, &time->min ) );
- if( len > 12 )
- CHECK( x509_parse_int( p, 2, &time->sec ) );
- if( len > 14 && *(*p)++ != 'Z' )
- return( POLARSSL_ERR_X509_INVALID_DATE );
-
- CHECK( x509_date_is_valid( time ) );
-
- return( 0 );
+ return x509_parse_time( p, len, 4, time );
}
else
return( POLARSSL_ERR_X509_INVALID_DATE +
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 80913ec..23d46ee 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -408,6 +408,9 @@
ASN1_CHK_ADD( sig_and_oid_len, x509_write_sig( &c2, buf,
sig_oid, sig_oid_len, sig, sig_len ) );
+ if( len > (size_t)( c2 - buf ) )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
c2 -= len;
memcpy( c2, c, len );
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index c5a5875..1b3d2f5 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -214,6 +214,9 @@
ASN1_CHK_ADD( sig_and_oid_len, x509_write_sig( &c2, buf,
sig_oid, sig_oid_len, sig, sig_len ) );
+ if( len > (size_t)( c2 - buf ) )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
c2 -= len;
memcpy( c2, c, len );
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 602da2c..133d986 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1,19 +1,29 @@
#!/bin/sh
-# Run all available tests (mostly).
+# all.sh
#
-# Warning: includes various build modes, so it will mess with the current
-# CMake configuration. After this script is run, the CMake cache is lost and
-# CMake is not initialised any more!
+# This file is part of mbed TLS (https://tls.mbed.org)
#
-# Assumes gcc and clang (recent enough for using ASan with gcc and MemSan with
-# clang, or valgrind) are available, as well as cmake and a "good" find.
+# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# To run all tests possible or available on the platform.
+#
+# Warning: the test is destructive. It includes various build modes and
+# configurations, and can and will arbitrarily change the current CMake
+# configuration. After this script has been run, the CMake cache will be lost
+# and CMake will no longer be initialised.
+#
+# The script assumes the presence of gcc and clang (recent enough for using
+# ASan with gcc and MemSan with clang, or valgrind) are available, as well as
+# cmake and a "good" find.
-# Abort on errors (and uninitiliased variables)
+# Abort on errors (and uninitialised variables)
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ err_msg "Must be run from mbed TLS root"
exit 1
fi
@@ -21,20 +31,34 @@
CONFIG_BAK="$CONFIG_H.bak"
MEMORY=0
+FORCE=0
+RELEASE=0
-while [ $# -gt 0 ]; do
- case "$1" in
- -m*)
- MEMORY=${1#-m}
- ;;
- *)
- echo "Unknown argument: '$1'" >&2
- echo "Use the source, Luke!" >&2
- exit 1
- ;;
- esac
- shift
-done
+# Default commands, can be overriden by the environment
+: ${OPENSSL:="openssl"}
+: ${OPENSSL_LEGACY:="$OPENSSL"}
+: ${GNUTLS_CLI:="gnutls-cli"}
+: ${GNUTLS_SERV:="gnutls-serv"}
+: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
+: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
+: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
+
+usage()
+{
+ printf "Usage: $0\n"
+ printf " -h|--help\t\tPrint this help.\n"
+ printf " -m|--memory\t\tAdditional optional memory tests.\n"
+ printf " -f|--force\t\tForce the tests to overwrite any modified files.\n"
+ printf " -s|--seed\t\tInteger seed value to use for this test run.\n"
+ printf " -r|--release-test\t\tRun this script in release mode. This fixes the seed value to 1.\n"
+ printf " --out-of-source-dir=<path>\t\tDirectory used for CMake out-of-source build tests."
+ printf " --openssl=<OpenSSL_path>\t\tPath to OpenSSL executable to use for most tests.\n"
+ printf " --openssl-legacy=<OpenSSL_path>\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n"
+ printf " --gnutls-cli=<GnuTLS_cli_path>\t\tPath to GnuTLS client executable to use for most tests.\n"
+ printf " --gnutls-serv=<GnuTLS_serv_path>\t\tPath to GnuTLS server executable to use for most tests.\n"
+ printf " --gnutls-legacy-cli=<GnuTLS_cli_path>\t\tPath to GnuTLS client executable to use for legacy tests.\n"
+ printf " --gnutls-legacy-serv=<GnuTLS_serv_path>\t\tPath to GnuTLS server executable to use for legacy tests.\n"
+}
# remove built files as well as the cmake cache/config
cleanup()
@@ -62,6 +86,126 @@
echo "******************************************************************"
}
+err_msg()
+{
+ echo "$1" >&2
+}
+
+check_tools()
+{
+ for TOOL in "$@"; do
+ if ! `hash "$TOOL" >/dev/null 2>&1`; then
+ err_msg "$TOOL not found!"
+ exit 1
+ fi
+ done
+}
+
+while [ $# -gt 0 ]; do
+ case "$1" in
+ --memory|-m*)
+ MEMORY=${1#-m}
+ ;;
+ --force|-f)
+ FORCE=1
+ ;;
+ --seed|-s)
+ shift
+ SEED="$1"
+ ;;
+ --release-test|-r)
+ RELEASE=1
+ ;;
+ --out-of-source-dir)
+ shift
+ OUT_OF_SOURCE_DIR="$1"
+ ;;
+ --openssl)
+ shift
+ OPENSSL="$1"
+ ;;
+ --openssl-legacy)
+ shift
+ OPENSSL_LEGACY="$1"
+ ;;
+ --gnutls-cli)
+ shift
+ GNUTLS_CLI="$1"
+ ;;
+ --gnutls-serv)
+ shift
+ GNUTLS_SERV="$1"
+ ;;
+ --gnutls-legacy-cli)
+ shift
+ GNUTLS_LEGACY_CLI="$1"
+ ;;
+ --gnutls-legacy-serv)
+ shift
+ GNUTLS_LEGACY_SERV="$1"
+ ;;
+ --help|-h|*)
+ usage
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+if [ $FORCE -eq 1 ]; then
+ git checkout-index -f -q $CONFIG_H
+ cleanup
+else
+
+ if [ -d "$OUT_OF_SOURCE_DIR" ]; then
+ echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
+ echo "You can either delete this directory manually, or force the test by rerunning"
+ echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
+ exit 1
+ fi
+
+ if ! git diff-files --quiet include/polarssl/config.h; then
+ echo $?
+ err_msg "Warning - the configuration file 'include/polarssl/config.h' has been edited. "
+ echo "You can either delete or preserve your work, or force the test by rerunning the"
+ echo "script as: $0 --force"
+ exit 1
+ fi
+fi
+
+if [ $RELEASE -eq 1 ]; then
+ # Fix the seed value to 1 to ensure that the tests are deterministic.
+ SEED=1
+fi
+
+msg "info: $0 configuration"
+echo "MEMORY: $MEMORY"
+echo "FORCE: $FORCE"
+echo "SEED: ${SEED-"UNSET"}"
+echo "OPENSSL: $OPENSSL"
+echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
+echo "GNUTLS_CLI: $GNUTLS_CLI"
+echo "GNUTLS_SERV: $GNUTLS_SERV"
+echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
+echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
+
+# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
+# we just export the variables they require
+export OPENSSL_CMD="$OPENSSL"
+export GNUTLS_CLI="$GNUTLS_CLI"
+export GNUTLS_SERV="$GNUTLS_SERV"
+
+# Avoid passing --seed flag in every call to ssl-opt.sh
+[ ! -z ${SEED+set} ] && export SEED
+
+# Make sure the tools we need are available.
+check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \
+ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \
+ "arm-none-eabi-gcc" "armcc"
+
+#
+# Test Suites to be executed
+#
# The test ordering tries to optimize for the following criteria:
# 1. Catch possible problems early, by running first tests that run quickly
# and/or are more likely to fail than others (eg I use Clang most of the
@@ -81,27 +225,21 @@
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
-msg "test: main suites and selftest (ASan build)" # ~ 50s
+msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
make test
programs/test/selftest
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
-cd tests
-./ssl-opt.sh
-cd ..
+tests/ssl-opt.sh
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
tests/scripts/test-ref-configs.pl
-# Most frequent issues are likely to be caught at this point
-
msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min
make
msg "test: compat.sh (ASan build)" # ~ 6 min
-cd tests
-./compat.sh
-cd ..
+tests/compat.sh
msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
cleanup
@@ -110,19 +248,16 @@
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
-msg "test: SSLv3 - main suites and selftest (ASan build)" # ~ 50s
+msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
programs/test/selftest
msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
-cd tests
-./compat.sh -m 'ssl3 tls1 tls1_1 tls1_2'
-cd ..
+tests/compat.sh -m 'tls1 tls1_1 tls1_2'
+OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
-cd tests
-./ssl-opt.sh
-cd ..
+tests/ssl-opt.sh
msg "build: cmake, full config, clang" # ~ 50s
cleanup
@@ -138,16 +273,13 @@
make test
msg "test: ssl-opt.sh default (full config)" # ~ 1s
-cd tests
-./ssl-opt.sh -f Default
-cd ..
+tests/ssl-opt.sh -f Default
-msg "test: compat.sh DES & NULL (full config)" # ~ 2 min
-cd tests
-./compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3'
-cd ..
+msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
+OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3'
-msg "test/build: curves.pl (gcc)" # ~ 5 min (?)
+
+msg "test/build: curves.pl (gcc)" # ~ 4 min
cleanup
cmake -D CMAKE_BUILD_TYPE:String=Debug .
tests/scripts/curves.pl
@@ -185,6 +317,24 @@
scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated
CC=gcc CFLAGS='-Werror -O0' make
+msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl full
+scripts/config.pl unset POLARSSL_ERROR_STRERROR_BC # deprecated
+scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated
+scripts/config.pl unset POLARSSL_SSL_SRV_C
+CC=gcc CFLAGS='-Werror -O0' make
+
+msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl full
+scripts/config.pl unset POLARSSL_SSL_CLI_C
+scripts/config.pl unset POLARSSL_ERROR_STRERROR_BC # deprecated
+scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated
+CC=gcc CFLAGS='-Werror -O0' make
+
if uname -a | grep -F Linux >/dev/null; then
msg "build/test: make shared" # ~ 40s
cleanup
@@ -197,7 +347,6 @@
CC=gcc CFLAGS='-Werror -m32' make
fi # x86_64
-if which arm-none-eabi-gcc >/dev/null; then
msg "build: arm-none-eabi-gcc, make" # ~ 10s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
@@ -207,16 +356,15 @@
scripts/config.pl unset POLARSSL_FS_IO
scripts/config.pl unset POLARSSL_ERROR_STRERROR_BC # deprecated
scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated
+scripts/config.pl set POLARSSL_NO_PLATFORM_ENTROPY
# following things are not in the default config
scripts/config.pl unset POLARSSL_HAVEGE_C # depends on timing.c
scripts/config.pl unset POLARSSL_THREADING_PTHREAD
scripts/config.pl unset POLARSSL_THREADING_C
scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset POLARSSL_MEMORY_BUFFER_ALLOC_C # calls exit
-CC=arm-none-eabi-gcc CFLAGS=-Werror make lib
-fi # arm-gcc
+CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS=-Werror make lib
-if which armcc >/dev/null; then
msg "build: armcc, make"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
@@ -227,6 +375,7 @@
scripts/config.pl unset POLARSSL_HAVE_TIME
scripts/config.pl unset POLARSSL_ERROR_STRERROR_BC # deprecated
scripts/config.pl unset POLARSSL_PBKDF2_C # deprecated
+scripts/config.pl set POLARSSL_NO_PLATFORM_ENTROPY
# following things are not in the default config
scripts/config.pl unset POLARSSL_DEPRECATED_WARNING
scripts/config.pl unset POLARSSL_HAVEGE_C # depends on timing.c
@@ -234,14 +383,7 @@
scripts/config.pl unset POLARSSL_THREADING_C
scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset POLARSSL_MEMORY_BUFFER_ALLOC_C # calls exit
-CC=armcc AR=armar WARNING_CFLAGS=
-make lib 2> armcc.stderr
-if [ -s armcc.stderr ]; then
- cat armcc.stderr
- exit 1;
-fi
-rm armcc.stderr
-fi # armcc
+CC=armcc AR=armar WARNING_CFLAGS= make lib
if which i686-w64-mingw32-gcc >/dev/null; then
msg "build: cross-mingw64, make" # ~ 30s
@@ -267,17 +409,13 @@
make test
msg "test: ssl-opt.sh (MSan)" # ~ 1 min
-cd tests
-./ssl-opt.sh
-cd ..
+tests/ssl-opt.sh
# Optional part(s)
if [ "$MEMORY" -gt 0 ]; then
msg "test: compat.sh (MSan)" # ~ 6 min 20s
- cd tests
- ./compat.sh
- cd ..
+ tests/compat.sh
fi
else # no MemSan
@@ -296,20 +434,29 @@
if [ "$MEMORY" -gt 0 ]; then
msg "test: ssl-opt.sh --memcheck (Release)"
- cd tests
- ./ssl-opt.sh --memcheck
- cd ..
+ tests/ssl-opt.sh --memcheck
fi
if [ "$MEMORY" -gt 1 ]; then
msg "test: compat.sh --memcheck (Release)"
- cd tests
- ./compat.sh --memcheck
- cd ..
+ tests/compat.sh --memcheck
fi
fi # MemSan
+msg "build: cmake 'out-of-source' build"
+cleanup
+MBEDTLS_ROOT_DIR="$PWD"
+mkdir "$OUT_OF_SOURCE_DIR"
+cd "$OUT_OF_SOURCE_DIR"
+cmake "$MBEDTLS_ROOT_DIR"
+make
+
+msg "test: cmake 'out-of-source' build"
+make test
+cd "$MBEDTLS_ROOT_DIR"
+rm -rf "$OUT_OF_SOURCE_DIR"
+
msg "Done, cleaning up"
cleanup
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d0a2106..a018f64 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -204,8 +204,10 @@
# Usage: run_test name srv_cmd cli_cmd cli_exit [option [...]]
# Options: -s pattern pattern that must be present in server output
# -c pattern pattern that must be present in client output
+# -u pattern lines after pattern must be unique in client output
# -S pattern pattern that must be absent in server output
# -C pattern pattern that must be absent in client output
+# -U pattern lines after pattern must be unique in server output
run_test() {
NAME="$1"
SRV_CMD="$2"
@@ -291,29 +293,50 @@
do
case $1 in
"-s")
- if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then :; else
- fail "-s $2"
+ if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
+ fail "pattern '$2' MUST be present in the Server output"
return
fi
;;
"-c")
- if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then :; else
- fail "-c $2"
+ if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
+ fail "pattern '$2' MUST be present in the Client output"
return
fi
;;
"-S")
- if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then
- fail "-S $2"
+ if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
+ fail "pattern '$2' MUST NOT be present in the Server output"
return
fi
;;
"-C")
- if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then
- fail "-C $2"
+ if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
+ fail "pattern '$2' MUST NOT be present in the Client output"
+ return
+ fi
+ ;;
+
+ # The filtering in the following two options (-u and -U) do the following
+ # - ignore valgrind output
+ # - filter out everything but lines right after the pattern occurances
+ # - keep one of each non-unique line
+ # - count how many lines remain
+ # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
+ # if there were no duplicates.
+ "-U")
+ if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
+ fail "lines following pattern '$2' must be unique in Server output"
+ return
+ fi
+ ;;
+
+ "-u")
+ if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
+ fail "lines following pattern '$2' must be unique in Client output"
return
fi
;;
@@ -424,6 +447,14 @@
-S "error" \
-C "error"
+# Test for uniqueness of IVs in AEAD ciphersuites
+run_test "Unique IV in GCM" \
+ "$P_SRV exchanges=20 debug_level=4" \
+ "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
+ 0 \
+ -u "IV used" \
+ -U "IV used"
+
# Tests for rc4 option
run_test "RC4: server disabled, client enabled" \
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 63f35a6..825a593 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -16,10 +16,11 @@
{
pk_context key;
x509write_csr req;
- unsigned char buf[4000];
+ unsigned char buf[4096];
unsigned char check_buf[4000];
int ret;
size_t olen = 0, pem_len = 0;
+ int der_len = -1;
FILE *f;
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
rnd_pseudo_info rnd_info;
@@ -52,6 +53,17 @@
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ der_len = x509write_csr_der( &req, buf, sizeof( buf ),
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( der_len >= 0 );
+
+ if( der_len == 0 )
+ goto exit;
+
+ ret = x509write_csr_der( &req, buf, (size_t)( der_len - 1 ),
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( ret == POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
exit:
x509write_csr_free( &req );
pk_free( &key );
@@ -68,11 +80,12 @@
{
pk_context subject_key, issuer_key;
x509write_cert crt;
- unsigned char buf[4000];
+ unsigned char buf[4096];
unsigned char check_buf[5000];
mpi serial;
int ret;
size_t olen = 0, pem_len = 0;
+ int der_len = -1;
FILE *f;
rnd_pseudo_info rnd_info;
@@ -125,6 +138,17 @@
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ der_len = x509write_crt_der( &crt, buf, sizeof( buf ),
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( der_len >= 0 );
+
+ if( der_len == 0 )
+ goto exit;
+
+ ret = x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( ret == POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
exit:
x509write_crt_free( &crt );
pk_free( &issuer_key );