Commit graph

5400 commits

Author SHA1 Message Date
Gilles Peskine 01f57e351c config.pl get: don't rewrite config.h; detect write errors
scripts/config.pl would always rewrite config.h if it was reading it.
This commit changes it to not modify the file when only reading is
required, i.e. for the get command.

Also, die if writing config.h fails (e.g. disk full).
2017-10-12 23:21:37 +01:00
Gilles Peskine f0f55ccb72 Fixed "config.pl get" for options with no value
Between 2.5.0 and 2.6.0, "scripts/config.pl get MBEDTLS_XXX" was fixed
for config.h lines with a comment at the end, but that broke the case
of macros with an empty expansion. Support all cases.
2017-10-12 23:21:37 +01:00
Andres Amaya Garcia bd9d42c236 Fix typo and bracketing in macro args 2017-10-12 23:21:37 +01:00
Gilles Peskine 4552bf7558 Allow comments in test data files 2017-10-12 23:20:56 +01:00
Andres Amaya Garcia 3f50f511de Ensure failed test_suite output is sent to stdout
The change modifies the template code in tests/suites/helpers.function
and tests/suites/main.function so that error messages are printed to
stdout instead of being discarded. This makes errors visible regardless
of the --verbose flag being passed or not to the test suite programs.
2017-10-07 18:15:28 +01:00
Andres Amaya Garcia 67d8da522f Remove use of GNU sed features from ssl-opt.sh 2017-10-06 11:59:13 +01:00
Andres Amaya Garcia 3b1bdff285 Fix typos in ssl-opt.sh comments 2017-10-06 11:59:13 +01:00
Andres Amaya Garcia b84c40b12f Add ssl-opt.sh test to check gmt_unix_time is good
Add a test to ssl-opt.sh that parses the client and server debug
output and then checks that the Unix timestamp in the ServerHello
message is within acceptable bounds.
2017-10-06 11:59:13 +01:00
Andres Amaya Garcia 93993defd1 Extend ssl-opt.h so that run_test takes function
Extend the run_test function in ssl-opt.sh so that it accepts the -f
and -F options. These parameters take an argument which is the name of
a shell function that will be called by run_test and will be given the
client input and output debug log. The idea is that these functions are
defined by each test and they can be used to do some custom check
beyon those allowed by the pattern matching capabilities of the
run_test function.
2017-10-06 11:59:13 +01:00
Andres Amaya Garcia 6bce9cb5ac Always print gmt_unix_time in TLS client
Change ssl_parse_server_hello() so that the parsed first four random
bytes from the ServerHello message are printed by the TLS client as
a Unix timestamp regardless of whether MBEDTLS_DEBUG_C is defined. The
debug message will only be printed if debug_level is 3 or higher.

Unconditionally enabling the debug print enabled testing of this value.
2017-10-06 11:59:13 +01:00
Gilles Peskine 470edd031f Restored note about using minimum functionality in makefiles 2017-10-06 11:59:13 +01:00
Gilles Peskine 11cb578fda Note in README that GNU make is required
Our README claims that we only use basic Make functionality, but in
fact GNU make is required for conditional compilation. Document this.

Addresses issue #967
2017-10-06 11:59:13 +01:00
Simon Butcher 16373a5933 Fix changelog for ssl_server2.c usage fix 2017-10-06 11:59:13 +01:00
Ron Eldor 71f68c4043 Fix ssl_server2 sample application prompt
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-06 11:59:13 +01:00
Simon Butcher 2c4f9460ea Update ChangeLog for fix to #836 2017-10-06 11:59:13 +01:00
Hanno Becker 1a9a51c7cf Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-10-06 11:58:50 +01:00
Hanno Becker 0446a39744 Enhance documentation of mbedtls_ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
2017-10-06 11:58:50 +01:00
Hanno Becker 947194e7cf Make mbedtls_ssl_set_hostname safe to be called multiple times
Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
2017-10-06 11:58:50 +01:00
Hanno Becker b25c0c78cf Add test case calling ssl_set_hostname twice
Add a test case calling ssl_set_hostname twice to test_suite_ssl.
When run in CMake build mode ASan, this catches the current leak,
but will hopefully be fine with the new version.
2017-10-06 11:58:50 +01:00
Ron Eldor cb8d54b22d Fix typo in configs/README.txt file
Fix typo in Readme file: ajust->adjust
2017-10-06 11:58:50 +01:00
Xinyu Chen e1a94a6404 Correct the printf message of the DTLS handshake.
Make it consistent with dtls_server.c
2017-10-06 11:58:50 +01:00
Gilles Peskine 964faeb6c4 Cleaned up get_line for test data files
Look, ma, a use for do...while!

Also removed 1-3 calls to strlen.
2017-10-06 11:58:50 +01:00
Gilles Peskine b04e2c3d81 Allow comments in test data files 2017-10-06 11:58:50 +01:00
Andres Amaya Garcia 01692531c6 Document code silently discarding invalid records 2017-09-14 20:20:31 +01:00
Andres Amaya Garcia f569f701c2 Fix ChangeLog entry 2017-09-14 20:20:21 +01:00
Andres Amaya Garcia 06fc6650f4 Add ChangeLog entry 2017-09-14 20:20:15 +01:00
Andres Amaya Garcia 2fad94b193 Dont send alert on invalid DTLS record type
Do not send fatal alerts when receiving a record with an invalid header
while running DTLS as this is not compliant behaviour.
2017-09-14 20:18:37 +01:00
Simon Butcher 72ea31b026 Update version number to 2.6.0 2017-08-10 11:51:16 +01:00
Simon Butcher 01971d094e Fix language in Changelog for clarity 2017-08-10 10:48:01 +01:00
Hanno Becker 85b602e5d0 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-08-01 22:48:41 +01:00
Simon Butcher 3f2557e6f1 Fix style and missing item in ChangeLog 2017-08-01 18:06:12 +01:00
Simon Butcher a418e82a35 Add credit to Changelog to fix for #666 2017-07-28 23:52:10 +01:00
Simon Butcher a55e084bce Fix naked call to time() with platform call
In ssl_cache.c a call to time() was being made instead of it's platform
equivalent.
2017-07-28 23:46:43 +01:00
Simon Butcher 9fae22269b Fix ChangeLog for duplication after merge 2017-07-28 22:32:23 +01:00
Hanno Becker 61937d4a83 Rename time and index parameter to avoid name conflict.
As noted in #557, several functions use 'index' resp. 'time'
as parameter names in their declaration and/or definition, causing name
conflicts with the functions in the C standard library of the same
name some compilers warn about.

This commit renames the arguments accordingly.
2017-07-28 22:28:08 +01:00
Hanno Becker 840bace417 Correct comment 2017-07-28 22:28:08 +01:00
Hanno Becker 7ec83df47f Adapt ChangeLog 2017-07-28 22:28:08 +01:00
Hanno Becker ce37e6269e Reliably zeroize sensitive data in AES sample application
The AES sample application programs/aes/aescrypt2 could miss zeroizing
the stack-based key buffer in case of an error during operation. This
commit fixes this and also clears another temporary buffer as well as
all command line arguments (one of which might be the key) before exit.
2017-07-28 22:28:08 +01:00
Hanno Becker f601ec5f34 Reliably zeroize sensitive data in Crypt-and-Hash sample application
The AES sample application programs/aes/crypt_and_hash could miss
zeroizing the stack-based key buffer in case of an error during
operation. This commit fixes this and also clears all command line
arguments (one of which might be the key) before exit.
2017-07-28 22:28:08 +01:00
Andres AG 6b171e4aec Fix potential integer overflow parsing DER CRT
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-28 22:28:04 +01:00
Andres AG ce49a25033 Fix potential integer overflow parsing DER CRL
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
2017-07-28 22:28:04 +01:00
Ron Eldor 2dfb02151d Move the git scripts to correct path
The git scripts were accidently put in `test` folder instead of `tests`.
Moved them to `tests` folder
2017-07-28 22:28:04 +01:00
Ron Eldor cf61d7d992 Update after @sbutcher-arm comments
1. Move the scripts to test/git-scripts folder
2. Support the script to run independant, not only with git
3. modify Readme accordingly
2017-07-28 22:28:04 +01:00
Ron Eldor 13067fca9d Fix slash direction for linux path
Update direction of the slash, for linux path, after @hanno-arm comments
2017-07-28 22:28:04 +01:00
Ron Eldor e9b3f7ea3f Add note for the git_hoos README file
Add a note to the git_hooks README.md file, to state that currently
they only work on GNU platforms
2017-07-28 22:28:04 +01:00
Ron Eldor f16ce1cfb7 Pre push hook script
Add git_hook folder, and pre-push script,
to be soft linked from .git/hooks/pre-push
2017-07-28 22:28:04 +01:00
Ron Eldor a207e75089 Check return code of mbedtls_mpi_fill_random
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-28 22:27:30 +01:00
Ron Eldor 7faf92a2fe Resource leak fix on windows platform
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-28 22:27:30 +01:00
Ron Eldor 368d55c549 Wrong preproccessor condition fix
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-28 22:27:30 +01:00
Ron Eldor d5a75f44a1 fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-28 22:27:29 +01:00