Commit graph

5455 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
784aee3366 Move other special case from top() to child() 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
b9983be73a Move one special case from verify_top() to child() 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
66fac75f8b Merge duplicated checks between child() and top() 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
58dcd2d9b2 Get rid of unused variables/arguments 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
8f8c282de9 Merge near-duplicated (grand)parent finding code
Besides avoiding near-duplication, this avoids having three generations of
certificate (child, parent, grandparent) in one function, with all the
off-by-one opportunities that come with it.

This also allows to simplify the signature of verify_child(), which will be
done in next commit.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
f82a4d5aba Factor duplicated code into function 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
32fdc60c7b Unnest code in verify_top()
We now know that trust_ca != NULL till the end of the function
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
6038cb6909 Remove duplicate parent-searching in verify_top() 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
2f09d59456 Add badkey-skipping to find_parent()
This is the last step towards removing the now-duplicated parent-searching
code in verify_top()
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
3e329b8e8d Add badtime-skipping feature to new function
This is from the morally 5th (and soon obsolete) invocation of this function
in verify_top().

Doing this badtime-skipping when we search for a parent in the provided chain
is a change of behaviour, but it's backwards-compatible: it can only cause us
to accept valid chains that we used to reject before. Eg if the peer has a
chain with two version of an intermediate certificate with different validity
periods, the first non valid and the second valid - such cases are probably
rare or users would have complained already, but it doesn't hurt to handle it
properly as it allows for more uniform code.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
9c6118c498 Factor one more occurrence of code into function
This may look like a behaviour change because one check has been added to the
function that was previously done in only one of the 3 call sites. However it
is not, because:
- for the 2 call sites in verify(), the test always succeeds as path_cnt is 0.
- for the call site in verify_child(), the same test was done later anyway in
  verify_top()
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
2f1c33dc33 Factor repeated code into function
There are 3 instance that were replaced, but 2 instances of variants of this
function exist and will be handled next (the extra parameter that isn't used
so far is in preparation for that):
- one in verify_child() where path_cnt constraint is handled too
- one in verify_top() where there is extra logic to skip parents that are
  expired or future, but only if there are better parents to be found
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
17f4a6a609 Take shortcut for directly trusted EE cert
This is a slight change of behaviour in that the previous condition was:
- same subject
- signature matches
while the new condition is:
- exact same certificate

However the documentation for mbedtls_x509_crt_verify() (note on trust_ca)
mentions the new condition, so code that respected the documentation will keep
working.

In addition, this is a bit faster as it doesn't check the self-signature
(which never needs to be checked for certs in the trusted list).
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
c61e5c9304 Don't search twice for a non-existing parent 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
b8acfd2ba8 Fix calls to check_parent()
When we're looking for a parent, in trusted CAs, 'top' should be 1.

This only impacted which call site for verify_top() was chosen, and the error
was then fixed inside verify_top() by iterating over CAs again, this time
correctly setting 'top' to 1.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
35407c7764 Add comments on chain verification cases
This is the beginning of a series of commits refactoring the chain
building/verification functions in order to:
- make it simpler to understand and work with
- prepare integration of restartable ECC
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
9bc860c3ad Add test for callback and bad signatures
Our current behaviour is a bit inconsistent here:
- when the bad signature is made by a trusted CA, we stop here and don't
  include the trusted CA in the chain (don't call vrfy on it)
- otherwise, we just add NOT_TRUSTED to the flags but keep building the chain
  and call vrfy on the upper certs
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
a656825aef Add test for bad name and callback
This ensures that the callback can actually clear that flag, and that it is
seen by the callback at the right level. This flag is not set at the same
place than others, and this difference will get bigger in the upcoming
refactor, so let's ensure we don't break anything here.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
2d825d42bb Add test for same CA with different keys
When a trusted CA is rolling its root keys, it could happen that for some
users the list of trusted roots contains two versions of the same CA with the
same name but different keys. Currently this is supported but wasn't tested.

Note: the intermediate file test-ca-alt.csr is commited on purpose, as not
commiting intermediate files causes make to regenerate files that we don't
want it to touch.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
c10afdb322 Add test for CA forgery attempt
As we accept EE certs that are explicitly trusted (in the list of trusted
roots) and usually look for parent by subject, and in the future we might want
to avoid checking the self-signature on trusted certs, there could a risk that we
incorrectly accept a cert that looks like a trusted root except it doesn't
have the same key. This test ensures this will never happen.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
d092277683 Add test for profile on trusted EE cert 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
bc313017a5 Add tests for flags passed to f_vrfy
The tests cover chains of length 0, 1 and 2, with one error, located at any of
the available levels in the chain. This exercises all three call sites of
f_vrfy (two in verify_top, one in verify_child). Chains of greater length
would not cover any new code path or behaviour that I can see.
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
ffa42efa1c Add ability to test flags value in vrfy callback
So far there was no test ensuring that the flags passed to the vrfy callback
are correct (ie the flags for the current certificate, not including those of
the parent).

Actual tests case making use of that test function will be added in the next
commit.
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
329e78c7fa Improve handling of md errors in X.509
md() already checks for md_info == NULL. Also, in the future it might also
return other errors (eg hardware errors if acceleration is used), so it make
more sense to check its return value than to check for NULL ourselves and then
assume no other error can occur.

Also, currently, md_info == NULL can never happen except if the MD and OID modules
get out of sync, or if the user messes with members of the x509_crt structure
directly.

This commit does not change the current behaviour, which is to treat MD errors
the same way as a bad signature or no trusted root.
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
a4a206e834 Clarify documentation for directly-trusted certs
The fact that self-signed end-entity certs can be explicitly trusted by
putting them in the CA list even if they don't have the CA bit was not
documented though it's intentional, and tested by "Certificate verification #73
(selfsigned trusted without CA bit)" in test_suite_x509parse.data

It is unclear to me whether the restriction that explicitly trusted end-entity
certs must be self-signed is a good one. However, it seems intentional as it is
tested in tests #42 and #43, so I'm not touching it for now.
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
602544e659 Fix usage of CFLAGS with cmake in all.sh
With cmake, CFLAGS has to be set when invoking cmake, not make (which totally
ignores the value of CFLAGS when it runs and only keeps the one from cmake).

Also, in that case the flags were either redundant (-Werror etc) or wrong
(-std=c99 -pedantic) as some parts of the library will not build with
-pedantic (see the other -pedantic tests, which are correct, for what needs to
be disabled).
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
43be6cda47 Fix depends_on:pk_alg in test suites 2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
902bb6a018 Add new test script depends-pkalgs.pl 2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
5be9533cdf Fix depends_on:curve in x509 tests 2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
9ba9dfb1c6 Fix usage of {curves,key-exchanges}.pl in all.sh 2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
1fe6bb9f25 Fix missing depends_on:SHA/MD in x509 tests 2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
42a4d30a04 Add new test script depends-hashes.pl
This is step 1 of a plan to get rid once and for all of missing depends_on in
the X509 test suite (step 2 will be RSA/ECDSA, and step 0 was curves.pl).
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
b341dd58c5 Add tests for spurious certs in the chain
We have code to skip them but didn't have explicit tests ensuring they are
(the corresponding branch was never taken).

While at it, remove extra copy of the chain in server10*.crt, which was
duplicated for no reason.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
4dfc04a66f Add test for bad signature with longer chain
This is one line that wasn't covered in verify_child()
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
29d60fb85f Add test for expired cert in longer chain
That's two lines that were not covered in verify_child()
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
41859786be Add tests for fatal error in vrfy callback
This shows inconsistencies in how flags are handled when callback fails:
- sometimes the flags set by the callback are transmitted, sometimes not
- when the cert if not trusted, sometimes BADCERT_NOT_TRUSTED is set,
  sometimes not

This adds coverage for 9 lines and 9 branches. Now all lines related to
callback failure are covered.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
6b9d53f6c8 Add ability to test failing vrfy callback 2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
6622fed524 Add tests for profile enforcement
Now all checks related to profile are covered in:
- verify_with_profile()
- verify_child()
- verify_top()
(that's 10 lines that were previously not covered)

Leaving aside profile enforcement in CRLs for now, as the focus is on
preparing to refactor cert verification.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
9832ceaa2a Set deterministic flags for NULL profile
Previously flags was left to whatever value it had before. It's cleaner to
make sure it has a definite value, and all bits set looks like the safest way
for when it went very wrong.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
e54931f489 Add "profile" arg to X.509 test function
Unused yet, tests using it will be added in the next commit
2017-08-08 11:00:46 +02:00
Hanno Becker
26b9f7d33b Fix get option in config.pl script 2017-07-28 18:18:29 +01:00
Simon Butcher
f145a9dac2 Fix the check for max CA intermediates in ssl-opt.sh
The tests only work for a specific number for MBEDTLS_X509_MAX_INTERMEDIATE_CA
so the check has been changed to confirm the default value, and to show an error
otherwise.
2017-07-28 18:18:29 +01:00
Simon Butcher
9e24b5184c Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA 2017-07-28 18:18:29 +01:00
Simon Butcher
bba1c29554 Merge branch 'development' of ssh://github.com/ARMmbed/mbedtls-restricted into development 2017-07-28 01:16:29 +01:00
Simon Butcher
85097c7c38 Merge branch 'development' 2017-07-28 01:12:38 +01:00
Simon Butcher
b060cc21b1 Reorder and group sections in the ChangeLog 2017-07-28 01:04:34 +01:00
Simon Butcher
06b786372c Change a ssl-opt.sh script sanity checks
Change the check in ssl-opt.sh for MBEDTLS_X509_MAX_INTERMEDIATE_CA to
check config.h instead of the x509 headers.
2017-07-28 01:00:17 +01:00
Simon Butcher
00d3cc61a6 Fix merge errors in ChangeLog 2017-07-27 21:44:34 +01:00
Andres AG
2e3ddfac5f Prevent signed integer overflow in CSR parsing
Modify the function mbedtls_x509_csr_parse_der() so that it checks the
parsed CSR version integer before it increments the value. This prevents
a potential signed integer overflow, as these have undefined behaviour
in the C standard.
2017-07-27 21:44:34 +01:00
Andres AG
80164741e1 Fix potential integer overflow parsing DER CRT
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-27 21:44:34 +01:00