From fd222da2e919953dafbf06ba860f60d7ce0a7669 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Feb 2022 15:26:13 +0100 Subject: [PATCH 01/32] Fix the build when MBEDTLS_PLATFORM_C is unset Signed-off-by: Gilles Peskine --- programs/test/dlopen.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 3b88df4cf3..c0836046a3 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -19,8 +19,9 @@ #include "mbedtls/build_info.h" +#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) +#else #include #include #define mbedtls_fprintf fprintf From 7451e5a1c61049e364d7e0f23e1329cb20c8806f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Feb 2022 19:20:36 +0100 Subject: [PATCH 02/32] Minimal TLS configuration: documentation improvements Some of the options have been moved around, but there are no semantic changes. Signed-off-by: Gilles Peskine --- configs/config-ccm-psk-tls1_2.h | 48 ++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index 475883702e..6ee7c40435 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -21,11 +21,15 @@ */ /* * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites + * * Distinguishing features: - * - no bignum, no PK, no X509 - * - fully modern and secure (provided the pre-shared keys have high entropy) - * - very low record overhead with CCM-8 - * - optimized for low RAM usage + * - Optimized for small code size, low bandwidth (on a reliable network), + * and low RAM usage. + * - No asymmetric cryptography (no certificates, no Diffie-Hellman key + * exchange). + * - Fully modern and secure (provided the pre-shared keys are generated and + * stored securely). + * - Very low record overhead with CCM-8. * * See README.txt for usage instructions. */ @@ -34,11 +38,7 @@ //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ -/* mbed TLS feature support */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/* mbed TLS modules */ +/* Mbed TLS modules */ #define MBEDTLS_AES_C #define MBEDTLS_CCM_C #define MBEDTLS_CIPHER_C @@ -55,18 +55,9 @@ #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save some RAM by adjusting to your exact needs */ -#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ - -/* - * You should adjust this to the exact number of sources you're using: default - * is the "platform_entropy_poll" source, but you may want to add other ones - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 +/* TLS protocol feature support */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_2 /* * Use only CCM_8 ciphersuites, and @@ -81,9 +72,22 @@ * both ends of the connection! (See comments in "mbedtls/ssl.h".) * The optimal size here depends on the typical size of records. */ -#define MBEDTLS_SSL_IN_CONTENT_LEN 1024 +#define MBEDTLS_SSL_IN_CONTENT_LEN 1024 #define MBEDTLS_SSL_OUT_CONTENT_LEN 1024 +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save some RAM by adjusting to your exact needs */ +#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ + +/* + * You should adjust this to the exact number of sources you're using: default + * is the "platform_entropy_poll" source, but you may want to add other ones + * Minimum is 2 for the entropy test suite. + */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 2 + /* These defines are present so that the config modifying scripts can enable * them during tests/scripts/test-ref-configs.pl */ //#define MBEDTLS_USE_PSA_CRYPTO From 168f17c2339db04da1e9daebc95b1dcdb2bb73c2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Feb 2022 19:28:00 +0100 Subject: [PATCH 03/32] New sample/test configuration: small DTLS 1.2 1. Copy config-ccm-psk-tls1_2.h 2. Add DTLS support 3. Add some TLS and DTLS features that are useful in low-bandwidth, low-reliability networks 4. Reduce the SSL buffer to a very small size Signed-off-by: Gilles Peskine --- configs/config-ccm-psk-dtls1_2.h | 103 ++++++++++++++++++++++++++++++ tests/scripts/test-ref-configs.pl | 4 ++ 2 files changed, 107 insertions(+) create mode 100644 configs/config-ccm-psk-dtls1_2.h diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h new file mode 100644 index 0000000000..df9301d2ea --- /dev/null +++ b/configs/config-ccm-psk-dtls1_2.h @@ -0,0 +1,103 @@ +/** + * \file config-ccm-psk-dtls1_2.h + * + * \brief Small configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites + * + * Distinguishing features: + * - Optimized for small code size, low bandwidth (on an unreliable network), + * and low RAM usage. + * - No asymmetric cryptography (no certificates, no Diffie-Hellman key + * exchange). + * - Fully modern and secure (provided the pre-shared keys are generated and + * stored securely). + * - Very low record overhead with CCM-8. + * - Includes several optional DTLS features typically used in IoT. + * + * See README.txt for usage instructions. + */ + +/* System support */ +//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ +/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ + +/* Mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_MD_C +#define MBEDTLS_NET_C +/* The library does not currently support enabling SHA-224 without SHA-256. + * A future version of the library will have this option disabled + * by default. */ +#define MBEDTLS_SHA224_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_COOKIE_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C +#define MBEDTLS_TIMING_C + +/* TLS protocol feature support */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_2 +#define MBEDTLS_SSL_PROTO_DTLS +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +#define MBEDTLS_SSL_DTLS_CONNECTION_ID +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + +/* + * Use only CCM_8 ciphersuites, and + * save ROM and a few bytes of RAM by specifying our own ciphersuite list + */ +#define MBEDTLS_SSL_CIPHERSUITES \ + MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ + MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 + +/* + * Save RAM at the expense of interoperability: do this only if you control + * both ends of the connection! (See comments in "mbedtls/ssl.h".) + * The optimal size here depends on the typical size of records. + */ +#define MBEDTLS_SSL_IN_CONTENT_LEN 256 +#define MBEDTLS_SSL_OUT_CONTENT_LEN 256 + +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save some RAM by adjusting to your exact needs */ +#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ + +/* + * You should adjust this to the exact number of sources you're using: default + * is the "platform_entropy_poll" source, but you may want to add other ones + * Minimum is 2 for the entropy test suite. + */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 2 + +/* These defines are present so that the config modifying scripts can enable + * them during tests/scripts/test-ref-configs.pl */ +//#define MBEDTLS_USE_PSA_CRYPTO +//#define MBEDTLS_PSA_CRYPTO_C diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index dc0f120e44..dc398c1622 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -32,6 +32,10 @@ my %configs = ( 'compat' => '-m tls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', 'test_again_with_use_psa' => 1 }, + 'config-ccm-psk-dtls1_2.h' => { + 'compat' => '-m dtls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', + 'test_again_with_use_psa' => 1 + }, 'config-no-entropy.h' => { }, 'config-suite-b.h' => { From 82a4ab24861841e2b222c3c4d4db3452898825dd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Feb 2022 19:46:30 +0100 Subject: [PATCH 04/32] ssl-opt: automatically skip DTLS tests in builds without DTLS Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2fe7a4016f..8c3f18ea2c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -839,11 +839,7 @@ skip_handshake_stage_check() { # # Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass # extra arguments or go through wrappers. -# Set $DTLS (0=TLS, 1=DTLS). analyze_test_commands() { - # update DTLS variable - detect_dtls "$SRV_CMD" - # if the test uses DTLS but no custom proxy, add a simple proxy # as it provides timing info that's useful to debug failures if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then @@ -1150,6 +1146,12 @@ run_test() { requires_config_enabled MBEDTLS_FS_IO;; esac + # Check if the test uses DTLS. + detect_dtls "$SRV_CMD" + if [ "$DTLS" -eq 1 ]; then + requires_config_enabled MBEDTLS_SSL_PROTO_DTLS + fi + # If the client or serve requires a ciphersuite, check that it's enabled. maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@" maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@" From a165b5ced6a6605b0e98b529a5e8e72410b2df23 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Feb 2022 19:47:04 +0100 Subject: [PATCH 05/32] Automatically skip tests for some absent features: tickets, ALPN Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8c3f18ea2c..09ebd42afa 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1152,6 +1152,16 @@ run_test() { requires_config_enabled MBEDTLS_SSL_PROTO_DTLS fi + # Check more TLS protocol features. + case "$SRV_CMD $CLI_CMD" in + *[-_\ =]tickets=[^0]*) + requires_config_enabled MBEDTLS_SSL_TICKET_C;; + esac + case "$SRV_CMD $CLI_CMD" in + *[-_\ =]alpn=*) + requires_config_enabled MBEDTLS_SSL_ALPN;; + esac + # If the client or serve requires a ciphersuite, check that it's enabled. maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@" maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@" From 3561526249be46eecb2322bc707adb59968e6b63 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Feb 2022 19:50:38 +0100 Subject: [PATCH 06/32] Only run "Default" tests if the expected ciphersuite is enabled These tests ensure that a certain cipher suite is in use, so they fail in builds that lack one of the corresponding algorithms. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 09ebd42afa..8cdb89220d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1460,6 +1460,7 @@ trap cleanup INT TERM HUP # - the expected parameters are selected # ("signature_algorithm ext: 6" means SHA-512 (highest common hash)) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 run_test "Default" \ "$P_SRV debug_level=3" \ "$P_CLI" \ @@ -1472,6 +1473,7 @@ run_test "Default" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 run_test "Default, DTLS" \ "$P_SRV dtls=1" \ "$P_CLI dtls=1" \ From 2fe796f1b751ed2412d3b6df84a165e930eeda65 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Feb 2022 19:51:52 +0100 Subject: [PATCH 07/32] Add some missing dependencies: EXTENDED_MASTER_SECRET, CACHE This commit is not necessarily complete, but it's a step forward. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8cdb89220d..bd442042d1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2729,6 +2729,7 @@ run_test "Encrypt then MAC: client disabled, server enabled" \ # Tests for Extended Master Secret extension requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET run_test "Extended Master Secret: default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ @@ -2741,6 +2742,7 @@ run_test "Extended Master Secret: default" \ -s "session hash for extended master secret" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET run_test "Extended Master Secret: client enabled, server disabled" \ "$P_SRV debug_level=3 extended_ms=0" \ "$P_CLI debug_level=3 extended_ms=1" \ @@ -2753,6 +2755,7 @@ run_test "Extended Master Secret: client enabled, server disabled" \ -S "session hash for extended master secret" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET run_test "Extended Master Secret: client disabled, server enabled" \ "$P_SRV debug_level=3 extended_ms=1" \ "$P_CLI debug_level=3 extended_ms=0" \ @@ -3214,6 +3217,7 @@ run_test "Session resume using tickets, DTLS: openssl client" \ # Tests for Session Resume based on session-ID and cache requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: tickets enabled on client" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -3229,6 +3233,7 @@ run_test "Session resume using cache: tickets enabled on client" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: tickets enabled on server" \ "$P_SRV debug_level=3 tickets=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3244,6 +3249,7 @@ run_test "Session resume using cache: tickets enabled on server" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: cache_max=0" \ "$P_SRV debug_level=3 tickets=0 cache_max=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3254,6 +3260,7 @@ run_test "Session resume using cache: cache_max=0" \ -C "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: cache_max=1" \ "$P_SRV debug_level=3 tickets=0 cache_max=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3264,6 +3271,7 @@ run_test "Session resume using cache: cache_max=1" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: timeout > delay" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ @@ -3274,6 +3282,7 @@ run_test "Session resume using cache: timeout > delay" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: timeout < delay" \ "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ @@ -3284,6 +3293,7 @@ run_test "Session resume using cache: timeout < delay" \ -C "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: no timeout" \ "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ @@ -3294,6 +3304,7 @@ run_test "Session resume using cache: no timeout" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: session copy" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ @@ -3304,6 +3315,7 @@ run_test "Session resume using cache: session copy" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: openssl client" \ "$P_SRV debug_level=3 tickets=0" \ "( $O_CLI -sess_out $SESSION; \ @@ -3317,6 +3329,7 @@ run_test "Session resume using cache: openssl client" \ -s "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: openssl server" \ "$O_SRV" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3328,6 +3341,7 @@ run_test "Session resume using cache: openssl server" \ # Tests for Session Resume based on session-ID and cache, DTLS requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: tickets enabled on client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \ @@ -3343,6 +3357,7 @@ run_test "Session resume using cache, DTLS: tickets enabled on client" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: tickets enabled on server" \ "$P_SRV dtls=1 debug_level=3 tickets=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ @@ -3358,6 +3373,7 @@ run_test "Session resume using cache, DTLS: tickets enabled on server" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: cache_max=0" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ @@ -3368,6 +3384,7 @@ run_test "Session resume using cache, DTLS: cache_max=0" \ -C "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: cache_max=1" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ @@ -3378,6 +3395,7 @@ run_test "Session resume using cache, DTLS: cache_max=1" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: timeout > delay" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \ @@ -3388,6 +3406,7 @@ run_test "Session resume using cache, DTLS: timeout > delay" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: timeout < delay" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ @@ -3398,6 +3417,7 @@ run_test "Session resume using cache, DTLS: timeout < delay" \ -C "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: no timeout" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ @@ -3408,6 +3428,7 @@ run_test "Session resume using cache, DTLS: no timeout" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: session copy" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_mode=0" \ @@ -3421,6 +3442,7 @@ run_test "Session resume using cache, DTLS: session copy" \ # probability with OpenSSL 1.0.2g on the CI, see #5012. requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ @@ -3434,6 +3456,7 @@ run_test "Session resume using cache, DTLS: openssl client" \ -s "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ @@ -9433,6 +9456,7 @@ run_test "DTLS proxy: 3d, max handshake, nbio" \ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "DTLS proxy: 3d, min handshake, resumption" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ @@ -9448,6 +9472,7 @@ run_test "DTLS proxy: 3d, min handshake, resumption" \ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ From 6e86e54abbea94b048905219da333e9124fe5bb9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Feb 2022 19:52:52 +0100 Subject: [PATCH 08/32] Adapt tests for PSK in PSK-only builds In a PSK-only build: * Skip tests that rely on a specific non-PSK cipher suite. * Skip tests that exercise a certificate authentication feature. * Pass a pre-shared key in tests that don't mind the key exchange type. This commit only considers PSK-only builds vs builds with certificates. It does not aim to do something useful for builds with an asymmetric key exchange and a pre-shared key for authentication. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 66 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index bd442042d1..d7db8abc70 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -293,6 +293,69 @@ maybe_requires_ciphersuite_enabled() { unset ciphersuite } +adapt_cmd_for_psk () { + case "$2" in + *openssl*) s='-psk abc123 -nocert';; + *gnutls-*) s='--pskkey=abc123';; + *) s='psk=abc123';; + esac + eval $1='"$2 $s"' + unset s +} + +# maybe_adapt_for_psk [RUN_TEST_OPTION...] +# If running in a PSK-only build, maybe adapt the test to use a pre-shared key. +# +# If not running in a PSK-only build, do nothing. +# If the test looks like it doesn't use a pre-shared key but can run with a +# pre-shared key, pass a pre-shared key. If the test looks like it can't run +# with a pre-shared key, skip it. If the test looks like it's already using +# a pre-shared key, do nothing. +# +# This code does not consider builds with ECDH-PSK or RSA-PSK. +# +# Inputs: +# * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands. +# * $PSK_ONLY: YES if running in a PSK-only build (no asymmetric key exchanges). +# * "$@": options passed to run_test. +# +# Outputs: +# * $CLI_CMD, $SRV_CMD: may be modified to add PSK-relevant arguments. +# * $SKIP_NEXT: set to YES if the test can't run with PSK. +maybe_adapt_for_psk() { + if [ "$PSK_ONLY" != "YES" ]; then + return + fi + if [ "$SKIP_NEXT" = "YES" ]; then + return + fi + case "$CLI_CMD $SRV_CMD" in + *[-_\ =]psk*|*[-_\ =]PSK*) + return;; + *force_ciphersuite*) + # The test case forces a non-PSK cipher suite. In some cases, a + # PSK cipher suite could be substituted, but we're not ready for + # that yet. + SKIP_NEXT="YES" + return;; + *\ auth_mode=*|*[-_\ =]crt[_=]*) + # The test case involves certificates. PSK won't do. + SKIP_NEXT="YES" + return;; + esac + adapt_cmd_for_psk CLI_CMD "$CLI_CMD" + adapt_cmd_for_psk SRV_CMD "$SRV_CMD" +} + +case " $CONFIGS_ENABLED " in + *\ MBEDTLS_KEY_EXCHANGE_[^P]*) PSK_ONLY="NO";; + *\ MBEDTLS_KEY_EXCHANGE_P[^S]*) PSK_ONLY="NO";; + *\ MBEDTLS_KEY_EXCHANGE_PS[^K]*) PSK_ONLY="NO";; + *\ MBEDTLS_KEY_EXCHANGE_PSK[^_]*) PSK_ONLY="NO";; + *\ MBEDTLS_KEY_EXCHANGE_PSK_ENABLED\ *) PSK_ONLY="YES";; + *) PSK_ONLY="NO";; +esac + # skip next test if OpenSSL doesn't support FALLBACK_SCSV requires_openssl_with_fallback_scsv() { if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then @@ -1166,6 +1229,9 @@ run_test() { maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@" maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@" + # If we're in a PSK-only build and the test can be adapted to PSK, do that. + maybe_adapt_for_psk "$@" + # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then SKIP_NEXT="NO" From c6d197b68a555b0cbabf25e1f551b788bdf50e89 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Feb 2022 21:00:16 +0100 Subject: [PATCH 09/32] ssl-opt needs debug messages Many test cases in ssl-opt.sh need error messages (MBEDTLS_ERROR_C) or SSL traces (MBEDTLS_DEBUG_C). Some sample configurations don't include these options. When running ssl-opt.sh on those configurations, enable the required options. They must be listed in the config*.h file, commented out. Run ssl-opt in the following configurations with debug options: ccm-psk-tls1_2, ccm-psk-dtls1_2, suite-b. Signed-off-by: Gilles Peskine --- configs/config-ccm-psk-dtls1_2.h | 5 +++++ configs/config-ccm-psk-tls1_2.h | 5 +++++ configs/config-suite-b.h | 5 +++++ tests/scripts/test-ref-configs.pl | 13 +++++++++++++ 4 files changed, 28 insertions(+) diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h index df9301d2ea..6134abc2e5 100644 --- a/configs/config-ccm-psk-dtls1_2.h +++ b/configs/config-ccm-psk-dtls1_2.h @@ -101,3 +101,8 @@ * them during tests/scripts/test-ref-configs.pl */ //#define MBEDTLS_USE_PSA_CRYPTO //#define MBEDTLS_PSA_CRYPTO_C + +/* Error messages and TLS debugging traces + * (huge code size increase, needed for tests/ssl-opt.sh) */ +//#define MBEDTLS_DEBUG_C +//#define MBEDTLS_ERROR_C diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index 6ee7c40435..ea1cac677d 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -92,3 +92,8 @@ * them during tests/scripts/test-ref-configs.pl */ //#define MBEDTLS_USE_PSA_CRYPTO //#define MBEDTLS_PSA_CRYPTO_C + +/* Error messages and TLS debugging traces + * (huge code size increase, needed for tests/ssl-opt.sh) */ +//#define MBEDTLS_DEBUG_C +//#define MBEDTLS_ERROR_C diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 95c40875f7..68ccf10cf1 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -115,3 +115,8 @@ * them during tests/scripts/test-ref-configs.pl */ //#define MBEDTLS_USE_PSA_CRYPTO //#define MBEDTLS_PSA_CRYPTO_C + +/* Error messages and TLS debugging traces + * (huge code size increase, needed for tests/ssl-opt.sh) */ +//#define MBEDTLS_DEBUG_C +//#define MBEDTLS_ERROR_C diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index dc398c1622..16fd4ecce3 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -34,6 +34,8 @@ my %configs = ( }, 'config-ccm-psk-dtls1_2.h' => { 'compat' => '-m dtls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', + 'opt' => ' ', + 'opt_needs_debug' => 1, 'test_again_with_use_psa' => 1 }, 'config-no-entropy.h' => { @@ -41,6 +43,8 @@ my %configs = ( 'config-suite-b.h' => { 'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", 'test_again_with_use_psa' => 1, + 'opt' => ' ', + 'opt_needs_debug' => 1, }, 'config-symmetric-only.h' => { 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice @@ -132,6 +136,15 @@ sub perform_test { my $opt = $data->{'opt'}; if( $opt ) { + if( $data->{'opt_needs_debug'} ) + { + print "\nrebuilding with debug traces for ssl-opt\n"; + system( "make clean" ); + system( "scripts/config.py set MBEDTLS_DEBUG_C" ); + system( "scripts/config.py set MBEDTLS_ERROR_C" ); + system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf +debug\n"; + } + print "\nrunning ssl-opt.sh $opt\n"; system( "tests/ssl-opt.sh $opt" ) and abort "Failed ssl-opt.sh: $conf\n"; From 588d7a75380c1890912baf79af5b7ffd724591d7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Feb 2022 21:02:28 +0100 Subject: [PATCH 10/32] Add a missing requires_max_content_len Slightly reduce the amount of data so that the test passes with 512. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d7db8abc70..64e6cad723 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6616,11 +6616,12 @@ run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ -s "Read from client: 100 bytes read$" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_max_content_len 474 run_test "mbedtls_ssl_get_bytes_avail: extra data" \ "$P_SRV" \ - "$P_CLI request_size=500" \ + "$P_CLI request_size=450" \ 0 \ - -s "Read from client: 500 bytes read (.*+.*)" + -s "Read from client: 450 bytes read (.*+.*)" # Tests for small client packets From d7df8771833f5ebf58116211d154bc2e559f608d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 26 Feb 2022 18:16:07 +0100 Subject: [PATCH 11/32] Simplify the logic to select configurations User-visible changes: * With no argument, configurations are now tested in a deterministic order. * When given arguments, configurations are now tested in the order given. * When given arguments, if the same configuration is passed multiple times, it will now be tested multiple times. Signed-off-by: Gilles Peskine --- tests/scripts/test-ref-configs.pl | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 16fd4ecce3..d519c8de60 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -57,17 +57,14 @@ my %configs = ( # If no config-name is provided, use all known configs. # Otherwise, use the provided names only. +my @configs_to_test = sort keys %configs; if ($#ARGV >= 0) { - my %configs_ori = ( %configs ); - %configs = (); - - foreach my $conf_name (@ARGV) { - if( ! exists $configs_ori{$conf_name} ) { + foreach my $conf_name ( @ARGV ) { + if( ! exists $configs{$conf_name} ) { die "Unknown configuration: $conf_name\n"; - } else { - $configs{$conf_name} = $configs_ori{$conf_name}; } } + @configs_to_test = @ARGV; } -d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; @@ -155,13 +152,13 @@ sub perform_test { } } -while( my ($conf, $data) = each %configs ) { - my $test_with_psa = $data->{'test_again_with_use_psa'}; +foreach my $conf ( @configs_to_test ) { + my $test_with_psa = $configs{$conf}{'test_again_with_use_psa'}; if ( $test_with_psa ) { - perform_test( $conf, $data, $test_with_psa ); + perform_test( $conf, $configs{$conf}, $test_with_psa ); } - perform_test( $conf, $data, 0 ); + perform_test( $conf, $configs{$conf}, 0 ); } system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; From a26654107245887ca5bba7b41141f5b729cf97f3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 14 Mar 2022 19:05:48 +0100 Subject: [PATCH 12/32] test-ref-configs: clarify configuration-related traces When doing builds with PSA enabled or with debug traces enabled, convey this in $MBEDTLS_TEST_CONFIGURATION and in the terminal logs. This fixes a bug that the outcome file did not distinguish entries from test cases run in a reference configuration with or without PSA. Signed-off-by: Gilles Peskine --- tests/scripts/test-ref-configs.pl | 42 +++++++++++++++++-------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index d519c8de60..15209b4a0d 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -89,25 +89,27 @@ if (!-e "tests/seedfile" || -s "tests/seedfile" < 64) { } sub perform_test { - my $conf = $_[0]; + my $conf_file = $_[0]; my $data = $_[1]; my $test_with_psa = $_[2]; + my $conf_name = $conf_file; + if ( $test_with_psa ) + { + $conf_name .= "+PSA"; + } + system( "cp $config_h.bak $config_h" ) and die; system( "make clean" ) and die; print "\n******************************************\n"; - print "* Testing configuration: $conf\n"; - if ( $test_with_psa ) - { - print "* ENABLING MBEDTLS_PSA_CRYPTO_C and MBEDTLS_USE_PSA_CRYPTO \n"; - } + print "* Testing configuration: $conf_name\n"; print "******************************************\n"; - $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf; + $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name; - system( "cp configs/$conf $config_h" ) - and abort "Failed to activate $conf\n"; + system( "cp configs/$conf_file $config_h" ) + and abort "Failed to activate $conf_file\n"; if ( $test_with_psa ) { @@ -115,19 +117,19 @@ sub perform_test { system( "scripts/config.py set MBEDTLS_USE_PSA_CRYPTO" ); } - system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n"; - system( "make test" ) and abort "Failed test suite: $conf\n"; + system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n"; + system( "make test" ) and abort "Failed test suite: $conf_name\n"; my $compat = $data->{'compat'}; if( $compat ) { - print "\nrunning compat.sh $compat\n"; + print "\nrunning compat.sh $compat ($conf_name)\n"; system( "tests/compat.sh $compat" ) - and abort "Failed compat.sh: $conf\n"; + and abort "Failed compat.sh: $conf_name\n"; } else { - print "\nskipping compat.sh\n"; + print "\nskipping compat.sh ($conf_name)\n"; } my $opt = $data->{'opt'}; @@ -135,20 +137,22 @@ sub perform_test { { if( $data->{'opt_needs_debug'} ) { - print "\nrebuilding with debug traces for ssl-opt\n"; + print "\nrebuilding with debug traces for ssl-opt ($conf_name)\n"; + $conf_name .= '+DEBUG'; + $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name; system( "make clean" ); system( "scripts/config.py set MBEDTLS_DEBUG_C" ); system( "scripts/config.py set MBEDTLS_ERROR_C" ); - system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf +debug\n"; + system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n"; } - print "\nrunning ssl-opt.sh $opt\n"; + print "\nrunning ssl-opt.sh $opt ($conf_name)\n"; system( "tests/ssl-opt.sh $opt" ) - and abort "Failed ssl-opt.sh: $conf\n"; + and abort "Failed ssl-opt.sh: $conf_name\n"; } else { - print "\nskipping ssl-opt.sh\n"; + print "\nskipping ssl-opt.sh ($conf_name)\n"; } } From aa162b5bea7664a23f7c2a44bb5717ef938103ff Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 26 Feb 2022 17:26:08 +0100 Subject: [PATCH 13/32] Remove negative check for a message that no longer exists The message was removed in 6be9cf542f3e5763371a347d199c6db6bdd96d06 without a replacement. A failure would cause the test case to fail anyway, so this negative check is not really useful. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 64e6cad723..2783aa2e86 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1280,8 +1280,6 @@ run_test_psa() { -c "calc PSA finished" \ -s "PSA calc verify" \ -s "calc PSA finished" \ - -C "Failed to setup PSA-based cipher context"\ - -S "Failed to setup PSA-based cipher context"\ -s "Protocol is TLSv1.2" \ -c "Perform PSA-based ECDH computation."\ -c "Perform PSA-based computation of digest of ServerKeyExchange" \ @@ -1300,8 +1298,6 @@ run_test_psa_force_curve() { -c "calc PSA finished" \ -s "PSA calc verify" \ -s "calc PSA finished" \ - -C "Failed to setup PSA-based cipher context"\ - -S "Failed to setup PSA-based cipher context"\ -s "Protocol is TLSv1.2" \ -c "Perform PSA-based ECDH computation."\ -c "Perform PSA-based computation of digest of ServerKeyExchange" \ From 4c3f24046a36dcfb6c0bb2e406f566f5aaeab7a4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 26 Feb 2022 19:55:58 +0100 Subject: [PATCH 14/32] Fix unused function warning Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4f5ee9762d..3831d4adf7 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1205,7 +1205,8 @@ int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl, #define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, @@ -1246,7 +1247,7 @@ static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform, iv, iv_len, input, ilen, output, olen ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && MBEDTLS_AES_C */ static int build_transforms( mbedtls_ssl_transform *t_in, mbedtls_ssl_transform *t_out, From 309ca65846020c531bca47f6d0977f2c3ff5f334 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 14 Mar 2022 17:55:04 +0100 Subject: [PATCH 15/32] calc_verify is only called in some configurations If MBEDTLS_SSL_EXTENDED_MASTER_SECRET is disabled or the feature is disabled at runtime, and if client authentication is not used, then calc_verify is not called, so don't require the corresponding debug trace. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 44 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2783aa2e86..7041a70f8b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -876,6 +876,38 @@ is_gnutls() { esac } +# Determine what calc_verify trace is to be expected, if any. +# +# calc_verify is only called for two things: to calculate the +# extended master secret, and to process client authentication. +# +# Warning: the current implementation assumes that extended_ms is not +# disabled on the client or on the server. +# +# Inputs: +# * $1: 'required' or 1 if client authentication is expected, +# 'none' or 0 or absent if not. +# * $CONFIGS_ENABLED +# +# Outputs: +# * $maybe_calc_verify: set to a trace expected in the debug logs +set_maybe_calc_verify() { + maybe_calc_verify= + case $CONFIGS_ENABLED in + *\ MBEDTLS_SSL_EXTENDED_MASTER_SECRET\ *) :;; + *) + case ${1-} in + ''|0|none) return;; + 1|required) :;; + *) echo "Bad parameter 1 to set_maybe_calc_verify: $1"; exit 1;; + esac + esac + case $CONFIGS_ENABLED in + *\ MBEDTLS_USE_PSA_CRYPTO\ *) maybe_calc_verify="PSA calc verify";; + *) maybe_calc_verify="<= calc verify";; + esac +} + # Compare file content # Usage: find_in_both pattern file1 file2 # extract from file1 the first line matching the pattern @@ -1272,37 +1304,41 @@ run_test() { run_test_psa() { requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO + set_maybe_calc_verify none run_test "PSA-supported ciphersuite: $1" \ "$P_SRV debug_level=3 force_version=tls12" \ "$P_CLI debug_level=3 force_version=tls12 force_ciphersuite=$1" \ 0 \ - -c "PSA calc verify" \ + -c "$maybe_calc_verify" \ -c "calc PSA finished" \ - -s "PSA calc verify" \ + -s "$maybe_calc_verify" \ -s "calc PSA finished" \ -s "Protocol is TLSv1.2" \ -c "Perform PSA-based ECDH computation."\ -c "Perform PSA-based computation of digest of ServerKeyExchange" \ -S "error" \ -C "error" + unset maybe_calc_verify } run_test_psa_force_curve() { requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO + set_maybe_calc_verify none run_test "PSA - ECDH with $1" \ "$P_SRV debug_level=4 force_version=tls12 curves=$1" \ "$P_CLI debug_level=4 force_version=tls12 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \ 0 \ - -c "PSA calc verify" \ + -c "$maybe_calc_verify" \ -c "calc PSA finished" \ - -s "PSA calc verify" \ + -s "$maybe_calc_verify" \ -s "calc PSA finished" \ -s "Protocol is TLSv1.2" \ -c "Perform PSA-based ECDH computation."\ -c "Perform PSA-based computation of digest of ServerKeyExchange" \ -S "error" \ -C "error" + unset maybe_calc_verify } # Test that the server's memory usage after a handshake is reduced when a client specifies From 6f160cab59897c23d49b8a6a704bcb834caf98ba Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 14 Mar 2022 18:21:24 +0100 Subject: [PATCH 16/32] Skip some DTLS reordering tests in PSK-only builds Some DTLS reordering tests rely on certificate authentication messages. It is probably possible to adapt them to rely on different messages, but for now, skip them in PSK-only builds. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7041a70f8b..876f302d8e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -293,6 +293,12 @@ maybe_requires_ciphersuite_enabled() { unset ciphersuite } +requires_certificate_authentication () { + if [ "$PSK_ONLY" = "YES" ]; then + SKIP_NEXT="YES" + fi +} + adapt_cmd_for_psk () { case "$2" in *openssl*) s='-psk abc123 -nocert';; @@ -9302,6 +9308,7 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \ # Tests for reordering support with DTLS +requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ -p "$P_PXY delay_srv=ServerHello" \ @@ -9319,6 +9326,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ -p "$P_PXY delay_srv=ServerHello" \ @@ -9342,6 +9350,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on # Certificate message; at the time of writing, together these are aroudn 1200b # in size, so that the bound below ensures that the certificate can be reassembled # while keeping the ServerKeyExchange. +requires_certificate_authentication requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ @@ -9364,6 +9373,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex # The size constraints ensure that the delayed certificate message can't # be reassembled while keeping the ServerKeyExchange message, but it can # when dropping it first. +requires_certificate_authentication requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9384,6 +9394,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ -p "$P_PXY delay_cli=Certificate" \ @@ -9401,6 +9412,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ -p "$P_PXY delay_srv=NewSessionTicket" \ @@ -9418,6 +9430,7 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ -p "$P_PXY delay_cli=ClientKeyExchange" \ From d725bf75d8ad4cb9ded144a6303397a786a9ac11 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Apr 2022 21:52:14 +0200 Subject: [PATCH 17/32] Minor documentation improvement Signed-off-by: Gilles Peskine --- configs/config-ccm-psk-dtls1_2.h | 2 +- configs/config-ccm-psk-tls1_2.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h index 6134abc2e5..183815deca 100644 --- a/configs/config-ccm-psk-dtls1_2.h +++ b/configs/config-ccm-psk-dtls1_2.h @@ -23,7 +23,7 @@ * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites * * Distinguishing features: - * - Optimized for small code size, low bandwidth (on an unreliable network), + * - Optimized for small code size, low bandwidth (on an unreliable transport), * and low RAM usage. * - No asymmetric cryptography (no certificates, no Diffie-Hellman key * exchange). diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index ea1cac677d..f935a33f25 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -23,7 +23,7 @@ * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites * * Distinguishing features: - * - Optimized for small code size, low bandwidth (on a reliable network), + * - Optimized for small code size, low bandwidth (on a reliable transport), * and low RAM usage. * - No asymmetric cryptography (no certificates, no Diffie-Hellman key * exchange). From 59601d76adf943f489ef89707b5156f58b766c12 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Apr 2022 22:00:17 +0200 Subject: [PATCH 18/32] Documentation improvements Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 876f302d8e..51b8e1b692 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -318,7 +318,7 @@ adapt_cmd_for_psk () { # with a pre-shared key, skip it. If the test looks like it's already using # a pre-shared key, do nothing. # -# This code does not consider builds with ECDH-PSK or RSA-PSK. +# This code does not consider builds with ECDHE-PSK or RSA-PSK. # # Inputs: # * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands. @@ -940,6 +940,14 @@ skip_handshake_stage_check() { # # Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass # extra arguments or go through wrappers. +# +# Inputs: +# * $@: supplemental options to run_test() (after the mandatory arguments). +# * $CLI_CMD, $PXY_CMD, $SRV_CMD: the client, proxy and server commands. +# * $DTLS: 1 if DTLS, otherwise 0. +# +# Outputs: +# * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked. analyze_test_commands() { # if the test uses DTLS but no custom proxy, add a simple proxy # as it provides timing info that's useful to debug failures From 1438e1620af1ae1b25d17bd93abff78b5d8d004a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Apr 2022 22:00:32 +0200 Subject: [PATCH 19/32] Add requirements of "Default" The log checks require a specific hash and a specific curve. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 51b8e1b692..df6230da6c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1570,9 +1570,10 @@ trap cleanup INT TERM HUP # Checks that: # - things work with all ciphersuites active (used with config-full in all.sh) # - the expected parameters are selected -# ("signature_algorithm ext: 6" means SHA-512 (highest common hash)) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 +requires_config_enabled MBEDTLS_SHA512_C # "signature_algorithm ext: 6" +requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED run_test "Default" \ "$P_SRV debug_level=3" \ "$P_CLI" \ From c8d242f625fa89b442f1c281faeef7b4bc5be73a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Apr 2022 22:23:45 +0200 Subject: [PATCH 20/32] set_maybe_calc_verify: $1 is intended to be auth_mode Document that this is what it is. Don't allow made-up numerical values. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index df6230da6c..06a1151741 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -891,8 +891,9 @@ is_gnutls() { # disabled on the client or on the server. # # Inputs: -# * $1: 'required' or 1 if client authentication is expected, -# 'none' or 0 or absent if not. +# * $1: the value of the server auth_mode parameter. +# 'required' if client authentication is expected, +# 'none' or absent if not. # * $CONFIGS_ENABLED # # Outputs: @@ -903,8 +904,8 @@ set_maybe_calc_verify() { *\ MBEDTLS_SSL_EXTENDED_MASTER_SECRET\ *) :;; *) case ${1-} in - ''|0|none) return;; - 1|required) :;; + ''|none) return;; + required) :;; *) echo "Bad parameter 1 to set_maybe_calc_verify: $1"; exit 1;; esac esac From 8bb96d96cdd327698e819ac9396d38a7bcbc8786 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Apr 2022 23:31:05 +0200 Subject: [PATCH 21/32] Fix buffer size calculation Make sure that buf always has enough room for what it will contain. Before, this was not the case if the buffer was smaller than the default response, leading to memory corruption in ssl_server2. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_server2.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 595300e855..b48965438d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -169,9 +169,6 @@ int main( void ) /* * Size of the basic I/O buffer. Able to hold our default response. - * - * You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh - * if you change this value to something outside the range <= 100 or > 500 */ #define DFL_IO_BUF_LEN 200 @@ -2068,10 +2065,26 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold( opt.debug_level ); #endif - buf = mbedtls_calloc( 1, opt.buffer_size + 1 ); + + /* buf will alternatively contain the input read from the client and the + * response that's about to be sent, plus a null byte in each case. */ + size_t buf_content_size = opt.buffer_size; + /* The default response contains the ciphersuite name. Leave enough + * room for that plus some margin. */ + if( buf_content_size < strlen( HTTP_RESPONSE ) + 80 ) + { + buf_content_size = strlen( HTTP_RESPONSE ) + 80; + } + if( opt.response_size != DFL_RESPONSE_SIZE && + buf_content_size < (size_t) opt.response_size ) + { + buf_content_size = opt.response_size; + } + buf = mbedtls_calloc( 1, buf_content_size + 1 ); if( buf == NULL ) { - mbedtls_printf( "Could not allocate %u bytes\n", opt.buffer_size ); + mbedtls_printf( "Could not allocate %lu bytes\n", + (unsigned long) buf_content_size + 1 ); ret = 3; goto exit; } @@ -3705,6 +3718,8 @@ data_exchange: mbedtls_printf( " > Write to client:" ); fflush( stdout ); + /* If the format of the response changes, make sure there is enough + * room in buf (buf_content_size calculation above). */ len = sprintf( (char *) buf, HTTP_RESPONSE, mbedtls_ssl_get_ciphersuite( &ssl ) ); From 99a732bf0c2e08e2a5463d3736a1a446b5502e97 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Apr 2022 23:34:36 +0200 Subject: [PATCH 22/32] Fix off-by-one in buffer_size usage The added null byte was accounted for twice, once by taking opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1 when filling the buffer. Make opt.buffer_size the size that is actually read, it's less confusing that way. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_server2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b48965438d..40d1a45150 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3515,7 +3515,7 @@ data_exchange: do { int terminated = 0; - len = opt.buffer_size - 1; + len = opt.buffer_size; memset( buf, 0, opt.buffer_size ); ret = mbedtls_ssl_read( &ssl, buf, len ); @@ -3616,7 +3616,7 @@ data_exchange: } else /* Not stream, so datagram */ { - len = opt.buffer_size - 1; + len = opt.buffer_size; memset( buf, 0, opt.buffer_size ); do From d2d90af7d9395c3cf5d2b13b25030c06c173e30d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Apr 2022 23:35:56 +0200 Subject: [PATCH 23/32] Make mbedtls_ssl_get_bytes_avail tests more independent Don't depend on the default sizes in the test programs: pass explicit request and buffer sizes. Don't depend on MAX_CONTENT_LEN (other than it not being extremely small: this commit assumes that it will never be less than 101). Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 06a1151741..946d7a1b56 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6656,20 +6656,35 @@ run_test "ClientHello without extensions" \ # Tests for mbedtls_ssl_get_bytes_avail() +# The server first reads buffer_size-1 bytes, then reads the remainder. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ - "$P_SRV" \ + "$P_SRV buffer_size=100" \ "$P_CLI request_size=100" \ 0 \ -s "Read from client: 100 bytes read$" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_max_content_len 474 -run_test "mbedtls_ssl_get_bytes_avail: extra data" \ - "$P_SRV" \ - "$P_CLI request_size=450" \ +run_test "mbedtls_ssl_get_bytes_avail: extra data (+1)" \ + "$P_SRV buffer_size=100" \ + "$P_CLI request_size=101" \ 0 \ - -s "Read from client: 450 bytes read (.*+.*)" + -s "Read from client: 101 bytes read (100 + 1)" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_max_content_len 200 +run_test "mbedtls_ssl_get_bytes_avail: extra data (*2)" \ + "$P_SRV buffer_size=100" \ + "$P_CLI request_size=200" \ + 0 \ + -s "Read from client: 200 bytes read (100 + 100)" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \ + "$P_SRV buffer_size=100" \ + "$P_CLI request_size=$MAX_CONTENT_LEN" \ + 0 \ + -s "Read from client: $MAX_CONTENT_LEN bytes read (100 + $((MAX_CONTENT_LEN - 100)))" # Tests for small client packets From b898b3df90d3523d1c5c14cb4b5ef6fb84cbda3e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Apr 2022 19:26:26 +0200 Subject: [PATCH 24/32] Prepare to generalize maybe_requires_ciphersuite_enabled Rename maybe_requires_ciphersuite_enabled() to detect_required_features() and refactor its code a little. No intended behavior change. In subsequent commits, this function will detect other requirements in a similar way. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 946d7a1b56..3d086a9347 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -275,22 +275,18 @@ requires_ciphersuite_enabled() { esac } -# maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...] -# If CMD (call to a TLS client or server program) requires a specific -# ciphersuite, arrange to only run the test case if this ciphersuite is -# enabled. -maybe_requires_ciphersuite_enabled() { +# detect_required_features CMD [RUN_TEST_OPTION...] +# If CMD (call to a TLS client or server program) requires certain features, +# arrange to only run the following test case if those features are enabled. +detect_required_features() { case "$1" in - *\ force_ciphersuite=*) :;; - *) return;; # No specific required ciphersuite + *\ force_ciphersuite=*) + tmp="${1##*\ force_ciphersuite=}" + tmp="${tmp%%[!-0-9A-Z_a-z]*}" + requires_ciphersuite_enabled "$tmp";; esac - ciphersuite="${1##*\ force_ciphersuite=}" - ciphersuite="${ciphersuite%%[!-0-9A-Z_a-z]*}" - shift - requires_ciphersuite_enabled "$ciphersuite" - - unset ciphersuite + unset tmp } requires_certificate_authentication () { @@ -1272,9 +1268,10 @@ run_test() { requires_config_enabled MBEDTLS_SSL_ALPN;; esac - # If the client or serve requires a ciphersuite, check that it's enabled. - maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@" - maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@" + # If the client or server requires certain features that can be detected + # from their command-line arguments, check that they're enabled. + detect_required_features "$SRV_CMD" "$@" + detect_required_features "$CLI_CMD" "$@" # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" From 740b734f25bd559a1bc39caa73d3e37b1108408a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Apr 2022 19:29:27 +0200 Subject: [PATCH 25/32] Move ticket, alpn detection into maybe_requires_ciphersuite_enabled No intended behavior change. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3d086a9347..2d6a6e76cd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -286,6 +286,15 @@ detect_required_features() { requires_ciphersuite_enabled "$tmp";; esac + case " $1 " in + *[-_\ =]tickets=[^0]*) + requires_config_enabled MBEDTLS_SSL_TICKET_C;; + esac + case " $1 " in + *[-_\ =]alpn=*) + requires_config_enabled MBEDTLS_SSL_ALPN;; + esac + unset tmp } @@ -1258,16 +1267,6 @@ run_test() { requires_config_enabled MBEDTLS_SSL_PROTO_DTLS fi - # Check more TLS protocol features. - case "$SRV_CMD $CLI_CMD" in - *[-_\ =]tickets=[^0]*) - requires_config_enabled MBEDTLS_SSL_TICKET_C;; - esac - case "$SRV_CMD $CLI_CMD" in - *[-_\ =]alpn=*) - requires_config_enabled MBEDTLS_SSL_ALPN;; - esac - # If the client or server requires certain features that can be detected # from their command-line arguments, check that they're enabled. detect_required_features "$SRV_CMD" "$@" From c912673f8dda77237ec74f6910682e17e8078a5e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Apr 2022 19:33:07 +0200 Subject: [PATCH 26/32] Automatically detect protocol version requirement from force_version When the client or server uses a specific protocol version, automatically require that version to be enabled at compile time. An explicit call is still needed in test cases that require a specific protocol version (due to analyzing version-specific behavior, or checking the version in logs), but do not force that specific protocol version, or that force a specific version only on the openssl/gnutls side. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 69 ++++++++++++++---------------------------------- 1 file changed, 20 insertions(+), 49 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2d6a6e76cd..0bb8ca2517 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -263,6 +263,19 @@ requires_config_value_equals() { fi } +# Require Mbed TLS to support the given protocol version. +# +# Inputs: +# * $1: protocol version in mbedtls syntax (argument to force_version=) +requires_protocol_version() { + # Support for DTLS is detected separately in detect_dtls(). + case "$1" in + tls12|dtls12) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2;; + tls13|dtls13) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3;; + *) echo "Unknown required protocol version: $1"; exit 1;; + esac +} + # Space-separated list of ciphersuites supported by this build of # Mbed TLS. P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null | @@ -279,6 +292,13 @@ requires_ciphersuite_enabled() { # If CMD (call to a TLS client or server program) requires certain features, # arrange to only run the following test case if those features are enabled. detect_required_features() { + case "$1" in + *\ force_version=*) + tmp="${1##*\ force_version=}" + tmp="${tmp%%[!-0-9A-Z_a-z]*}" + requires_protocol_version "$tmp";; + esac + case "$1" in *\ force_ciphersuite=*) tmp="${1##*\ force_ciphersuite=}" @@ -1313,7 +1333,6 @@ run_test() { } run_test_psa() { - requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO set_maybe_calc_verify none run_test "PSA-supported ciphersuite: $1" \ @@ -1333,7 +1352,6 @@ run_test_psa() { } run_test_psa_force_curve() { - requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO set_maybe_calc_verify none run_test "PSA - ECDH with $1" \ @@ -2915,7 +2933,6 @@ run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ # Tests for CBC 1/n-1 record splitting -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "CBC Record splitting: TLS 1.2, no splitting" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ @@ -5152,7 +5169,6 @@ run_test "Authentication, CA callback: client max_int chain, server required" # Tests for certificate selection based on SHA verson requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -6684,7 +6700,6 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \ # Tests for small client packets -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls12 \ @@ -6692,7 +6707,6 @@ run_test "Small client packet TLS 1.2 BlockCipher" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls12 \ @@ -6700,7 +6714,6 @@ run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls12 \ @@ -6708,7 +6721,6 @@ run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls12 \ @@ -6716,7 +6728,6 @@ run_test "Small client packet TLS 1.2 AEAD" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls12 \ @@ -6727,7 +6738,6 @@ run_test "Small client packet TLS 1.2 AEAD shorter tag" \ # Tests for small client packets in DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet DTLS 1.2" \ "$P_SRV dtls=1 force_version=dtls12" \ "$P_CLI dtls=1 request_size=1 \ @@ -6736,7 +6746,6 @@ run_test "Small client packet DTLS 1.2" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 force_version=dtls12 etm=0" \ "$P_CLI dtls=1 request_size=1 \ @@ -6746,7 +6755,6 @@ run_test "Small client packet DTLS 1.2, without EtM" \ # Tests for small server packets -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls12 \ @@ -6754,7 +6762,6 @@ run_test "Small server packet TLS 1.2 BlockCipher" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls12 \ @@ -6762,7 +6769,6 @@ run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls12 \ @@ -6770,7 +6776,6 @@ run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 AEAD" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls12 \ @@ -6778,7 +6783,6 @@ run_test "Small server packet TLS 1.2 AEAD" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls12 \ @@ -6789,7 +6793,6 @@ run_test "Small server packet TLS 1.2 AEAD shorter tag" \ # Tests for small server packets in DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet DTLS 1.2" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12" \ "$P_CLI dtls=1 \ @@ -6798,7 +6801,6 @@ run_test "Small server packet DTLS 1.2" \ -c "Read from server: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \ "$P_CLI dtls=1 \ @@ -6813,7 +6815,6 @@ fragments_for_write() { echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))" } -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls12 \ @@ -6822,7 +6823,6 @@ run_test "Large client packet TLS 1.2 BlockCipher" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls12 etm=0 \ @@ -6830,7 +6830,6 @@ run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ 0 \ -s "Read from client: $MAX_CONTENT_LEN bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls12 \ @@ -6839,7 +6838,6 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls12 \ @@ -6848,7 +6846,6 @@ run_test "Large client packet TLS 1.2 AEAD" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls12 \ @@ -6858,7 +6855,6 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" # The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls12 \ @@ -6866,7 +6862,6 @@ run_test "Large server packet TLS 1.2 BlockCipher" \ 0 \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls12 etm=0 \ @@ -6875,7 +6870,6 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls12 \ @@ -6883,7 +6877,6 @@ run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ "$P_SRV response_size=16384 trunc_hmac=1" \ "$P_CLI force_version=tls12 \ @@ -6892,7 +6885,6 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 AEAD" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls12 \ @@ -6900,7 +6892,6 @@ run_test "Large server packet TLS 1.2 AEAD" \ 0 \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls12 \ @@ -8472,10 +8463,8 @@ run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_gnutls requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ "$G_SRV -u" \ "$P_CLI dtls=1 debug_level=2 \ @@ -8496,11 +8485,9 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_gnutls requires_not_i686 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ @@ -8513,9 +8500,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ "$O_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ @@ -8529,9 +8514,7 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ @@ -8549,10 +8532,8 @@ requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$G_NEXT_SRV -u" \ @@ -8568,10 +8549,8 @@ requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 \ @@ -8591,10 +8570,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$O_SRV -dtls1_2 -verify 10" \ @@ -8610,10 +8587,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 \ @@ -9988,7 +9963,6 @@ run_test "TLS 1.3: CertificateRequest check - gnutls" \ -c "got a certificate request" \ -c "<= parse certificate request" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -10002,7 +9976,6 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_128_GCM_SHA25 -c "tls13 client state: MBEDTLS_SSL_CLIENT_HELLO" \ -c "HTTP/1.0 200 ok" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -10018,7 +9991,6 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_256_GCM_SHA38 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -10033,7 +10005,6 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_128_GCM_SHA25 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C From 70b8a69b202f969e3fd09c2dfa970cd01bc755f7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Apr 2022 15:19:16 +0200 Subject: [PATCH 27/32] Add changelog entry for #3998 fix The fix was in https://github.com/ARMmbed/mbedtls/pull/4989. We forgot to add a changelog entry. Signed-off-by: Gilles Peskine --- ChangeLog.d/dtls-cid-null.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/dtls-cid-null.txt diff --git a/ChangeLog.d/dtls-cid-null.txt b/ChangeLog.d/dtls-cid-null.txt new file mode 100644 index 0000000000..b0206164f3 --- /dev/null +++ b/ChangeLog.d/dtls-cid-null.txt @@ -0,0 +1,5 @@ +Bugfix + * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not + MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null + pointer dereference. Fix this. Fixes #3998. + The fix was released, but not announced, in Mbed TLS 3.1.0. From 2ecf4ff349d47d917c3f756a65e0ebaf9e82aad5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Apr 2022 19:08:38 +0200 Subject: [PATCH 28/32] Restore explicit version requirement on 1.3 HelloRetryRequest tests A concurrent branch changes the way the test cases run to no longer use force_version=tls13, so the automatic version requirement detection will no longer work after that branch is merged. Therefore, keep the manual requirement (at least until automatic detection gets smarter). Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0bb8ca2517..c0fae350e5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9963,6 +9963,7 @@ run_test "TLS 1.3: CertificateRequest check - gnutls" \ -c "got a certificate request" \ -c "<= parse certificate request" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -9976,6 +9977,7 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_128_GCM_SHA25 -c "tls13 client state: MBEDTLS_SSL_CLIENT_HELLO" \ -c "HTTP/1.0 200 ok" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -9989,6 +9991,7 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_256_GCM_SHA38 -c "tls13 client state: MBEDTLS_SSL_CLIENT_HELLO" \ -c "HTTP/1.0 200 ok" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE @@ -10003,6 +10006,7 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_128_GCM_SHA25 -c "tls13 client state: MBEDTLS_SSL_CLIENT_HELLO" \ -c "HTTP/1.0 200 OK" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE From 5417d480444e99e2c02a13bc28675f68815fc942 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Apr 2022 22:47:17 +0200 Subject: [PATCH 29/32] Remove mostly-redundant test build component_test_CID_no_debug was added specifically to be a non-regression test for https://github.com/Mbed-TLS/mbedtls/issues/3998. Running compat.sh in the newly introduced config-ccm-psk-dtls1_2.h is also a non-regression test for that bug. Therefore component_test_CID_no_debug is redundant for its primary purpose. Of course every configuration is different, but the additional coverage from component_test_CID_no_debug is minimal, unlike config-ccm-psk-dtls1_2.h which is a plausible real-world configuration. In mbedtls-2.28, component_test_CID_no_debug was never added, and running the unit tests in that configuration does not trigger the #3998 bug, only compat.sh does. So, rather than backport component_test_CID_no_debug to 2.28.2, I am removing it from 3.2. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0c2d9ddf6b..c31b3eec10 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2239,18 +2239,6 @@ component_test_variable_ssl_in_out_buffer_len_CID () { tests/compat.sh } -component_test_CID_no_debug() { - msg "build: Connection ID enabled, debug disabled" - scripts/config.py unset MBEDTLS_DEBUG_C - scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID - - CC=gcc cmake . - make - - msg "test: Connection ID enabled, debug disabled" - make test -} - component_test_ssl_alloc_buffer_and_mfl () { msg "build: default config with memory buffer allocator and MFL extension" scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C From 7393ec5ccf1a5734395db3478b369521c5ef4395 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 15 Apr 2022 22:43:38 +0200 Subject: [PATCH 30/32] test_cmake_out_of_source: validate that ssl-opt passed If the ssl-opt test case was skipped, the test was ineffective. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c31b3eec10..ac0b2e0a2e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2881,11 +2881,12 @@ component_test_cmake_out_of_source () { # "No such file or directory", which would indicate that some required # file is missing (ssl-opt.sh tolerates the absence of some files so # may exit with status 0 but emit errors). - ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err + ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' >ssl-opt.out 2>ssl-opt.err + grep PASS ssl-opt.out cat ssl-opt.err >&2 # If ssl-opt.err is non-empty, record an error and keep going. [ ! -s ssl-opt.err ] - rm ssl-opt.err + rm ssl-opt.out ssl-opt.err cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" } From a841c2a20f2e9905fec25f347c4593c6240db593 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 16 Apr 2022 11:31:25 +0200 Subject: [PATCH 31/32] test_cmake_out_of_source: run an ssl-opt test case that exists component_test_cmake_out_of_source was running the ssl-opt.sh test case "Fallback SCSV: beginning of list", but this test case was removed in Mbed TLS 3.0, so ssl-opt.sh was running nothing, which is not an effective test. In 2.x, the test case was chosen because it uses an additional auxiliary program tests/scripts/tcp_client.pl. This auxiliary program is no longer used. So instead, run at least one test case that's sure to exist. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ac0b2e0a2e..745fad3ad4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2876,12 +2876,12 @@ component_test_cmake_out_of_source () { msg "test: cmake 'out-of-source' build" make test - # Test an SSL option that requires an auxiliary script in test/scripts/. + # Check that ssl-opt.sh can find the test programs. # Also ensure that there are no error messages such as # "No such file or directory", which would indicate that some required # file is missing (ssl-opt.sh tolerates the absence of some files so # may exit with status 0 but emit errors). - ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' >ssl-opt.out 2>ssl-opt.err + ./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err grep PASS ssl-opt.out cat ssl-opt.err >&2 # If ssl-opt.err is non-empty, record an error and keep going. From 5bd0b510489ac8b1c549665c3bf3c3f7718647d5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 15 Apr 2022 22:53:18 +0200 Subject: [PATCH 32/32] Use terse output from lsof This both simplifies parsing a little, and suppresses warnings. Suppressing warnings is both good and bad: on the one hand it resolves problems such as https://github.com/Mbed-TLS/mbedtls/issues/5731, on the other hand it may hide clues as to why lsof wouldn't be working as expected. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c0fae350e5..b65e07096b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -760,13 +760,11 @@ if type lsof >/dev/null 2>/dev/null; then fi # Make a tight loop, server normally takes less than 1s to start. while true; do - SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -F p) + SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -t) # When we use a proxy, it will be listening on the same port we # are checking for as well as the server and lsof will list both. - # If multiple PIDs are returned, each one will be on a separate - # line, each prepended with 'p'. case ${newline}${SERVER_PIDS}${newline} in - *${newline}p${2}${newline}*) break;; + *${newline}${2}${newline}*) break;; esac if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then echo "$3 START TIMEOUT"