Commit graph

3640 commits

Author SHA1 Message Date
Gilles Peskine 273ac90383 all.sh: new option --no-armcc
With this option, don't run anything that requires armcc, so
the script can run offline.
2017-12-20 15:32:01 +01:00
Gilles Peskine ded50da458 all.sh: --keep-going mode
Add --keep-going mode to all.sh. In this mode, if a test fails, keep
running the subsequent tests. If a build fails, skip any tests of this
build and move on to the next tests. Errors in infrastructure, such as
git or cmake runs, remain fatal. Print an error summary at the end of
the run, and return a nonzero code if there was any failure.

In known terminal types, use color to highlight errors.

On a fatal signal, interrupt the run and report the errors so far.
2017-12-20 15:24:51 +01:00
Gilles Peskine 4d4872ae20 all.sh: cleaned up usage output 2017-12-20 14:00:38 +01:00
Gilles Peskine fb18b6ccd2 all.sh: indent 2017-12-20 14:00:06 +01:00
Gilles Peskine b2da79c108 Merge remote-tracking branch 'upstream-restricted/pr/435' into mbedtls-1.3-restricted 2017-12-19 19:39:59 +01:00
Gilles Peskine 3ac30e3f7d Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-12-19 19:01:56 +01:00
Gilles Peskine 605c2284bc Merge branch 'pr_998' into mbedtls-1.3 2017-12-19 18:10:51 +01:00
Gilles Peskine 5a0bc7f142 Added ChangeLog entry 2017-12-19 18:09:34 +01:00
Gilles Peskine 103299edb7 compat.sh: use wait_server_start
Port wait_server_start from ssl-opt.sh to compat.sh, instead of just
using "sleep 1". This solves the problem that on a heavily loaded
machine, sleep 1 is sometimes not enough (we had CI failures because
of this). This is also faster on a lightly-loaded machine.
2017-12-19 13:37:41 +01:00
Gilles Peskine 80f6be76e0 wait_server_start: minor efficiency improvement
In wait_server_start, fork less. When lsof is present, call it on the
expected process. This saves a few percent of execution time on a
lightly loaded machine. Also, sleep for a short duration rather than
using a tight loop.
2017-12-19 13:35:10 +01:00
Manuel Pégourié-Gonnard 90c5e396e0 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Allow comments in test data files
2017-12-19 12:21:26 +01:00
Manuel Pégourié-Gonnard b9c40b3157 Merge remote-tracking branch 'public/pr/1119' into mbedtls-1.3
* public/pr/1119:
  Allow comments in test data files
2017-12-19 12:21:07 +01:00
Manuel Pégourié-Gonnard ba110ba4d2 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Address PR review comments
  Backport 1.3:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:44:17 +01:00
Manuel Pégourié-Gonnard cc3e3b0ace Merge remote-tracking branch 'public/pr/1161' into mbedtls-1.3
* public/pr/1161:
  Address PR review comments
  Backport 1.3:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:43:57 +01:00
Manuel Pégourié-Gonnard 921eb599f6 Fix magic constant in previous commit 2017-12-19 10:25:51 +01:00
Manuel Pégourié-Gonnard 3ea75b3a9b Fix SSLv3 MAC computation
In a previous PR (Fix heap corruption in implementation of truncated HMAC
extension #425) the place where MAC is computed was changed from the end of
the SSL I/O buffer to a local buffer (then (part of) the content of the local
buffer is either copied to the output buffer of compare to the input buffer).

Unfortunately, this change was made only for TLS 1.0 and later, leaving SSL
3.0 in an inconsistent state due to ssl_mac() still writing to the old,
hard-coded location, which, for MAC verification, resulted in later comparing
the end of the input buffer (containing the computed MAC) to the local buffer
(uninitialised), most likely resulting in MAC verification failure, hence no
interop (even with ourselves).

This commit completes the move to using a local buffer by using this strategy
for SSL 3.0 too. Fortunately ssl_mac() was static so it's not a problem to
change its signature.
2017-12-19 10:25:22 +01:00
Manuel Pégourié-Gonnard 917969e533 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Fix build without MBEDTLS_FS_IO
2017-12-18 11:45:06 +01:00
Manuel Pégourié-Gonnard ccbbfdf0d8 Merge remote-tracking branch 'public/pr/1186' into mbedtls-1.3
* public/pr/1186:
  Fix build without MBEDTLS_FS_IO
2017-12-18 11:44:48 +01:00
Gilles Peskine 3790b4714d Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-12-04 18:01:40 +00:00
Gilles Peskine 4905e6c4e7 Merge branch 'pr_1045' into mbedtls-1.3 2017-12-04 17:29:13 +01:00
Gilles Peskine 046fff12fa Added ChangeLog entry 2017-12-04 17:26:40 +01:00
Gilles Peskine 6e206364d9 Merge remote-tracking branch 'upstream-public/pr/1175' into mbedtls-1.3 2017-12-04 17:21:09 +01:00
Gilles Peskine 258bf599d6 Merge remote-tracking branch 'upstream-restricted/pr/426' into mbedtls-1.3-restricted 2017-12-01 18:03:15 +01:00
Gilles Peskine bb709d7483 Fix build without MBEDTLS_FS_IO
Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is
disabled in the configuration.

Introduced by e298532394
    Merge remote-tracking branch 'upstream-public/pr/1113' into mbedtls-1.3
2017-11-30 12:14:59 +01:00
Gilles Peskine af86fb9ded Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-11-29 21:06:11 +01:00
Gilles Peskine 3a3228cf90 Merge remote-tracking branch 'upstream-public/pr/1155' into mbedtls-1.3 2017-11-29 20:55:11 +01:00
Gilles Peskine 9f423b18cb Merge remote-tracking branch 'upstream-public/pr/917' into mbedtls-1.3 2017-11-29 20:55:03 +01:00
Hanno Becker ad951d131d Correct dangerous typo in include/polarssl/ssl.h
The definition of SSL_MAC_ADD depends on the presence of the
configuration option POLARSSL_ARC4_C, which was misspelled as
POLARSSL_RC4_C in ssl.h, leading to a too small buffer and
subsequently to a buffer overflow during record processing.
This commit fixes the typo.
2017-11-29 18:02:49 +00:00
Gilles Peskine 2cd7c18f59 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-11-28 18:43:57 +01:00
Gilles Peskine 8c946113ba Merge branch 'pr_1083' into mbedtls-1.3
Merge PR #1083 plus ChangeLog entry.
2017-11-28 18:42:21 +01:00
Gilles Peskine f15cbdab67 Merge remote-tracking branch 'upstream-public/pr/1109' into mbedtls-1.3 2017-11-28 18:41:31 +01:00
Gilles Peskine 43a6b83419 Merge remote-tracking branch 'upstream-public/pr/1081' into mbedtls-1.3 2017-11-28 18:41:02 +01:00
Gilles Peskine f945a2245e Merge remote-tracking branch 'upstream-public/pr/944' into mbedtls-1.3 2017-11-28 18:38:17 +01:00
Gilles Peskine d2e8affa66 Add ChangeLog entry 2017-11-28 18:37:53 +01:00
Gilles Peskine 6f941d6c89 Merge remote-tracking branch 'upstream-restricted/pr/423' into mbedtls-1.3-restricted
Resolved simple conflicts caused by the independent addition of
calls to polarssl_zeroize with sometimes whitespace or comment
differences.
2017-11-28 16:23:28 +01:00
Gilles Peskine b087a88300 Merge remote-tracking branch 'upstream-restricted/pr/405' into mbedtls-1.3-restricted 2017-11-28 16:22:41 +01:00
Gilles Peskine c5cf89e1cc Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-11-28 15:32:00 +01:00
Gilles Peskine c22c8a2797 Merge branch 'win-tests-1.3' into mbedtls-1.3
Backport of PR #353
2017-11-28 15:28:47 +01:00
Gilles Peskine 8083849575 Add ChangeLog entry 2017-11-28 15:27:48 +01:00
Nicholas Wilson 25f762d248 Allow test suites to be run on Windows
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing.  Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2017-11-28 13:43:06 +00:00
Gilles Peskine 2bd6ca415b Merge remote-tracking branch 'upstream-restricted/pr/402' into mbedtls-1.3-restricted 2017-11-28 14:34:24 +01:00
Gilles Peskine d3dd8d2197 Merge remote-tracking branch 'upstream-restricted/pr/387' into mbedtls-1.3-restricted 2017-11-28 14:34:16 +01:00
Gilles Peskine c5926a7049 Merge branch 'iotssl-1419-safermemcmp-volatile_backport-1.3' into mbedtls-1.3-restricted 2017-11-28 13:50:05 +01:00
Gilles Peskine 1caad08610 add changelog entry 2017-11-28 13:35:09 +01:00
Gilles Peskine b662cc1f52 Avoid uninitialized variable warning in entropy_gather_internal
The variable ret was always initialized in entropy_gather_internal,
but `gcc -Werror=maybe-uninitialized` rightfully complained that it
was unable to determine this statically. Therefore, tweak the
problematic case (ctx->source_count == 0) to not use ret in that case.
2017-11-24 18:55:19 +01:00
Gilles Peskine 3036cbeb8e Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-11-24 16:07:43 +01:00
Gilles Peskine e298532394 Merge remote-tracking branch 'upstream-public/pr/1113' into mbedtls-1.3 2017-11-24 15:38:42 +01:00
Gilles Peskine 1dc344373a Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge-1.3' into mbedtls-1.3-restricted 2017-11-23 19:11:58 +01:00
Gilles Peskine feae81de91 ChangeLog entry for ssl_parse_client_psk_identity fix 2017-11-23 19:10:48 +01:00
Manuel Pégourié-Gonnard 408dfd1f6a Merge remote-tracking branch 'restricted/pr/418' into mbedtls-1.3-restricted
* restricted/pr/418:
  RSA PSS: remove redundant check; changelog
  RSA PSS: fix first byte check for keys of size 8N+1
  RSA PSS: fix minimum length check for keys of size 8N+1
  RSA: Fix another buffer overflow in PSS signature verification
  RSA: Fix buffer overflow in PSS signature verification
2017-11-23 12:16:05 +01:00