Commit graph

3640 commits

Author SHA1 Message Date
Jaeden Amero 40334b814c Merge remote-tracking branch 'upstream-restricted/pr/450' into mbedtls-1.3-restricted 2018-02-05 11:39:08 +00:00
Jaeden Amero 2774c6746c Merge remote-tracking branch 'upstream-restricted/pr/454' into mbedtls-1.3-restricted 2018-02-05 08:54:08 +00:00
Simon Butcher 9dad18e29a Update ChangeLog with language and technical corrections
To clarify and correct the ChangeLog.
2018-02-05 08:44:42 +00:00
Jaeden Amero ea02d70e32 Update version to 1.3.22 2018-02-02 18:02:04 +00:00
Jaeden Amero abc3fe7942 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-30 17:34:56 +00:00
Jaeden Amero d7e371af88 Merge remote-tracking branch 'upstream-public/pr/1338' into mbedtls-1.3 2018-01-30 17:34:50 +00:00
Hanno Becker bf4b54be33 Adapt ChangeLog 2018-01-30 11:58:46 +00:00
Hanno Becker ce0c9dbeb6 Add documentation warnings for weak algorithms
MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
constitutes a security risk. If possible, we recommend avoiding
dependencies on them, and considering stronger message digests and
ciphers instead.
2018-01-30 10:38:40 +00:00
Jaeden Amero 8ae366f356 Merge remote-tracking branch 'upstream-restricted/pr/443' into mbedtls-1.3-restricted 2018-01-29 13:23:49 +00:00
Jaeden Amero 6564d7a904 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-29 12:51:26 +00:00
Jaeden Amero 8fdb9daa59 Merge remote-tracking branch 'upstream-public/pr/1330' into mbedtls-1.3 2018-01-29 12:51:20 +00:00
Jaeden Amero 575c1abda2 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-29 12:50:44 +00:00
Jaeden Amero 8c01acdd9e Merge remote-tracking branch 'upstream-public/pr/1291' into mbedtls-1.3 2018-01-29 12:50:39 +00:00
Jaeden Amero 9233be659d Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-29 12:50:23 +00:00
Jaeden Amero 5d4c2a0fd0 Merge remote-tracking branch 'upstream-public/pr/1289' into mbedtls-1.3 2018-01-29 12:50:18 +00:00
Manuel Pégourié-Gonnard f39f732c31 Fix alarm(0) failure on mingw32
A new test for mbedtls_timing_alarm(0) was introduced in PR 1136, which also
fixed it on Unix. Apparently test results on MinGW were not checked at that
point, so we missed that this new test was also failing on this platform.
2018-01-29 13:27:48 +01:00
Jaeden Amero d6b8ce467c Merge remote-tracking branch 'upstream-restricted/pr/413' into mbedtls-1.3-restricted 2018-01-26 17:53:40 +00:00
Jaeden Amero d480d5c3cd Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-26 15:14:33 +00:00
Jaeden Amero 3443744271 Merge remote-tracking branch 'upstream-public/pr/1053' into mbedtls-1.3 2018-01-26 15:14:29 +00:00
Jaeden Amero 9b5c470338 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-26 15:14:14 +00:00
Jaeden Amero c6b62d2086 Merge remote-tracking branch 'upstream-public/pr/1311' into mbedtls-1.3 2018-01-26 15:14:10 +00:00
Ron Eldor 08a1936031 Support verbose output of the test suites
generate add ctest test-suites, with the --verbose argument to be given
to the test suites.
The verbose output will be shown **only** if ctest is run with `-v` parameter
The verbose argument is to the test-suites, only when run through `ctest`
2018-01-25 18:30:55 +00:00
Manuel Pégourié-Gonnard e10d634856 Fix race condition in error printing in ssl_server2.c
The race goes this way:
1. ssl_recv() succeeds (ie no signal received yet)
2. processing the message leads to aborting handshake with ret != 0
3. reset ret if we were signaled
4. print error if ret is still non-zero
5. go back to net_accept() which can be interrupted by a signal
We print the error message only if the signal is received between steps 3 and
5, not when it arrives between steps 1 and 3.

This can cause failures in ssl-opt.sh where we check for the presence of "Last
error was..." in the server's output: if we perform step 2, the client will be
notified and exit, then ssl-opt.sh will send SIGTERM to the server, but if it
didn't get a chance to run and pass step 3 in the meantime, we're in trouble.

The purpose of step 3 was to avoid spurious "Last error" messages in the
output so that ssl-opt.sh can check for a successful run by the absence of
that message. However, it is enough to suppress that message when the last
error we get is the one we expect from being interrupted by a signal - doing
more could hide real errors.

Also, improve the messages printed when interrupted to make it easier to
distinguish the two cases - this could be used in a testing script wanted to
check that the server doesn't see the client as disconnecting unexpectedly.
2018-01-25 17:55:36 +01:00
Jaeden Amero 492d13dbcf Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-24 15:24:57 +00:00
Jaeden Amero 46624a91fc Merge remote-tracking branch 'upstream-public/pr/1279' into mbedtls-1.3 2018-01-24 10:56:13 +00:00
Gilles Peskine a9fc8c0b80 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-23 01:06:53 +01:00
Gilles Peskine 17f6477a1e Merge remote-tracking branch 'upstream-public/pr/1152' into mbedtls-1.3 2018-01-23 01:06:33 +01:00
Gilles Peskine 1446b8cbcb Add ChangeLog entry 2018-01-22 14:40:06 +01:00
Gilles Peskine 0870c21fdd wait_server_start: warn if lsof is not available
If lsof is not available, wait_server_start uses a fixed timeout,
which can trigger a race condition if the timeout turns out to be too
short. Emit a warning so that we know this is going on from the test
logs.
2018-01-22 11:41:01 +01:00
Manuel Pégourié-Gonnard 1bca5ef096 Increase waiting times compat.sh and ssl-opt.sh
- Some of the CI machines don't have lsof installed yet, so rely on an sleeping
an arbitrary number of seconds while the server starts. We're seeing
occasional failures with the current delay because the CI machines are highly
loaded, which seems to indicate the current delay is not quite enough, but
hopefully not to far either, so double it.

- While at it, also double the watchdog delay: while I don't remember seeing
  much failures due to client timeout, this change doesn't impact normal
running time of the script, so better err on the safe side.

These changes don't affect the test and should only affect the false positive
rate coming from the test framework in those scripts.
2018-01-22 11:40:46 +01:00
Micha Kraus f78adc5d90 fix bug in get_one_and_zeros_padding()
add test case (“0000000082”) which fails with the old implementation.
2018-01-18 00:01:42 +01:00
Jaeden Amero d3df16fc0a Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-10 13:15:28 +00:00
Jaeden Amero d3e3725dda Merge remote-tracking branch 'upstream-public/pr/1268' into mbedtls-1.3 2018-01-10 13:08:27 +00:00
Manuel Pégourié-Gonnard f472a829c6 Fix heap-buffer overread in ALPN ext parsing 2018-01-10 13:27:13 +01:00
Hanno Becker 78504c7833 Adapt ChangeLog 2018-01-10 11:25:14 +00:00
Hanno Becker 175668a8fd Address issues found by coverity
1) The MPI test for prime generation missed a return value
   check for a call to `mpi_shift_r`. This is neither
   critical nor new but should be fixed.

2) The RSA keygeneration example program contained code
   initializing an RSA context after a potentially failing
   call to CTR DRBG initialization, leaving the corresponding
   RSA context free call in the cleanup section orphaned.
   The commit fixes this by moving the initializtion of the
   RSA context prior to the first potentially failing call.
2018-01-10 11:24:43 +00:00
Manuel Pégourié-Gonnard ecd9f79edf Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  all.sh: add some documentation
  all.sh: new option --no-armcc
  all.sh: --keep-going mode
  all.sh: cleaned up usage output
  all.sh: indent
2017-12-26 10:59:47 +01:00
Manuel Pégourié-Gonnard 465c8b7827 Merge remote-tracking branch 'public/pr/1222' into mbedtls-1.3
* public/pr/1222:
  all.sh: add some documentation
  all.sh: new option --no-armcc
  all.sh: --keep-going mode
  all.sh: cleaned up usage output
  all.sh: indent
2017-12-26 10:59:35 +01:00
Manuel Pégourié-Gonnard 9872634ae8 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Timing self test: shorten redundant tests
  Timing self test: print some diagnosis information
  get_timer: don't use uninitialized memory
  Timing: fix set_alarm(0) on Unix/POSIX
2017-12-26 10:45:36 +01:00
Manuel Pégourié-Gonnard bf01b0c0fc Merge remote-tracking branch 'public/pr/1224' into mbedtls-1.3
* public/pr/1224:
  Timing self test: shorten redundant tests
  Timing self test: print some diagnosis information
  get_timer: don't use uninitialized memory
  Timing: fix set_alarm(0) on Unix/POSIX
2017-12-26 10:44:12 +01:00
Gilles Peskine 7d16f8a877 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-12-22 11:16:49 +01:00
Gilles Peskine 93c7b3aa27 Merge remote-tracking branch 'upstream-public/pr/1231' into mbedtls-1.3 2017-12-22 11:15:19 +01:00
Gilles Peskine e8be5e2571 all.sh: add some documentation 2017-12-22 11:02:13 +01:00
Azim Khan 2339966933 Backport: Add option to do baremetal configuration.
Aligned with development branch and added option 'baremetal' that sets configuration for bare metal builds.
2017-12-21 17:23:55 +00:00
Manuel Pégourié-Gonnard b76115a90a Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  compat.sh: use wait_server_start
  wait_server_start: minor efficiency improvement
2017-12-21 11:15:28 +01:00
Manuel Pégourié-Gonnard a15a41ce48 Merge remote-tracking branch 'public/pr/1217' into mbedtls-1.3
* public/pr/1217:
  compat.sh: use wait_server_start
  wait_server_start: minor efficiency improvement
2017-12-21 11:13:43 +01:00
Gilles Peskine 8833e86dcf Timing self test: shorten redundant tests
We don't need to test multiple delays in a self-test.
Save 10s of busy-wait.
2017-12-20 22:33:11 +01:00
Gilles Peskine e405069608 Timing self test: print some diagnosis information
Print some not-very-nice-looking but helpful diagnosis information if
the timing selftest fails. Since the failures tend to be due to heavy
system load that's hard to reproduce, this information is necessary to
understand what's going on.
2017-12-20 22:20:30 +01:00
Gilles Peskine 2484ffeb81 get_timer: don't use uninitialized memory
get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.

As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
2017-12-20 22:12:19 +01:00
Gilles Peskine de896ebd26 Timing: fix set_alarm(0) on Unix/POSIX
The POSIX/Unix implementation of set_alarm did not set the
alarmed flag when called with 0, which was inconsistent
with what the documentation implied and with the Windows behavior.
2017-12-20 22:04:48 +01:00