Commit graph

6780 commits

Author SHA1 Message Date
Gilles Peskine 26cae71cbf Clarify comment mangled by an earlier refactoring 2019-04-10 18:49:42 +02:00
Gilles Peskine 1270d32b29 Add an "out-of-box" component
Just run `make` and `make test`. And `selftest` for good measure.
2019-04-10 18:49:42 +02:00
Gilles Peskine 110642993b Run ssl-opt.sh on 32-bit runtime
Run ssl-opt.sh on x86_32 with ASan. This may detect bugs that only
show up on 32-bit platforms, for example due to size_t overflow.

For this component, turn off some memory management features that are
not useful, potentially slow, and may reduce ASan's effectiveness at
catching buffer overflows.
2019-04-10 18:48:36 +02:00
Jaeden Amero 4ff2eb379c Merge remote-tracking branch 'origin/pr/2499' into mbedtls-2.7
* origin/pr/2499:
  Fix default port number information
2019-04-05 14:25:06 +01:00
Jaeden Amero 698f287e58 Merge remote-tracking branch 'origin/pr/2471' into mbedtls-2.7
* origin/pr/2471:
  check-files.py: readability improvement in permission check
  check-files.py: use class fields for class-wide constants
  check-files.py: clean up class structure
  check-files.py: document some classes and methods
2019-04-05 14:19:37 +01:00
Jaeden Amero f3df5b8552 Merge remote-tracking branch 'origin/pr/2519' into mbedtls-2.7
* origin/pr/2519:
  Fix errors in AEAD test function
2019-04-05 14:17:08 +01:00
Jaeden Amero 99b679f364 Merge remote-tracking branch 'origin/pr/2504' into mbedtls-2.7
* origin/pr/2504:
  Fix ChangeLog entry ordering
  Fix typo
  Add non-regression test for buffer overflow
  Improve documentation of mbedtls_mpi_write_string()
  Adapt ChangeLog
  Fix 1-byte buffer overflow in mbedtls_mpi_write_string()
2019-04-05 14:09:25 +01:00
Jaeden Amero e4b835d1dc Merge remote-tracking branch 'origin/pr/2511' into mbedtls-2.7
* origin/pr/2511:
  Remove Circle CI script
2019-04-05 13:51:38 +01:00
Jaeden Amero 415255f4a0 Merge remote-tracking branch 'origin/pr/2513' into mbedtls-2.7
* origin/pr/2513:
  x509.c: Fix potential memory leak in X.509 self test
2019-04-05 13:48:19 +01:00
Jaeden Amero a5f5ad3cf4 Merge remote-tracking branch 'restricted/pr/554' into mbedtls-2.7
* restricted/pr/554:
  Fix too small buffer in a test
  Add changelog entry for mbedtls_ecdh_get_params robustness
  Fix ecdh_get_params with mismatching group
  Add test case for ecdh_get_params with mismatching group
  Add test case for ecdh_calc_secret
2019-03-27 14:53:29 +00:00
Jaeden Amero 1beeeff394 Merge remote-tracking branch 'origin/pr/2527' into mbedtls-2.7
* origin/pr/2527:
  Update library version to 2.7.10
2019-03-26 14:53:56 +00:00
Jaeden Amero b4686b4f32 Update library version to 2.7.10 2019-03-19 16:18:43 +00:00
Jack Lloyd b17537558a Fix errors in AEAD test function
It was failing to set the key in the ENCRYPT direction before encrypting.
This just happened to work for GCM and CCM.

After re-encrypting, compare the length to the expected ciphertext
length not the plaintext length. Again this just happens to work for
GCM and CCM since they do not perform any kind of padding.
2019-03-14 11:00:58 +02:00
Junhwan Park e5d016356a x509.c: Fix potential memory leak in X.509 self test
Found and fixed by Junhwan Park in #2106.

Signed-off-by: Junhwan Park <semoking@naver.com>
2019-03-11 15:17:27 +02:00
Janos Follath 05bf39f246 Remove Circle CI script
We are running an equivalent set of test by other means and therefore
this script is no longer needed.
2019-03-11 11:20:46 +00:00
Janos Follath dc223cfdfa Fix ChangeLog entry ordering 2019-03-06 15:24:23 +00:00
Janos Follath 216e7385ef Fix typo 2019-03-06 14:00:44 +00:00
Janos Follath f56da14408 Add non-regression test for buffer overflow 2019-03-06 14:00:39 +00:00
Hanno Becker a277d4cc82 Improve documentation of mbedtls_mpi_write_string() 2019-03-06 14:00:33 +00:00
Hanno Becker 249958bdb8 Adapt ChangeLog 2019-03-06 13:59:55 +00:00
Hanno Becker eff335d575 Fix 1-byte buffer overflow in mbedtls_mpi_write_string()
This can only occur for negative numbers. Fixes #2404.
2019-03-06 13:56:31 +00:00
irwir c6f4539575 Fix default port number information 2019-03-06 15:10:40 +02:00
Jaeden Amero 3a70ab9319 Merge remote-tracking branch 'origin/pr/2390' into mbedtls-2.7
* origin/pr/2390:
  Correct length check for DTLS records from old epochs.
2019-03-05 16:38:00 +00:00
Jaeden Amero f337513bce Merge remote-tracking branch 'origin/pr/2400' into mbedtls-2.7
* origin/pr/2400:
  Add ChangeLog entry
  Fix private DER output shifted by one byte.
2019-03-05 16:36:21 +00:00
Jaeden Amero f921e8fa9f Merge remote-tracking branch 'origin/pr/2387' into mbedtls-2.7
* origin/pr/2387:
  Update change log
  all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1
  Fix DEADCODE in mbedtls_mpi_exp_mod()
2019-03-05 16:34:12 +00:00
Jaeden Amero b9f12dcfb1 Merge remote-tracking branch 'origin/pr/2255' into mbedtls-2.7
* origin/pr/2255:
  Add a facility to skip running some test suites
  run-test-suites: update the documentation
2019-03-05 16:31:22 +00:00
Jaeden Amero a47f32b9b9 Merge remote-tracking branch 'origin/pr/1976' into mbedtls-2.7
* origin/pr/1976:
  Move ChangeLog entry from Bugfix to Changes section
  Adapt ChangeLog
  Return from debugging functions if SSL context is unset
2019-03-05 16:28:59 +00:00
Jaeden Amero 6ee6f181ff Merge remote-tracking branch 'origin/pr/2435' into mbedtls-2.7
* origin/pr/2435:
  Use certificates from data_files and refer them
  Specify server certificate to use in SHA-1 test
  refactor CA and SRV certificates into separate blocks
  refactor SHA-1 certificate defintions and assignment
  refactor server SHA-1 certificate definition into a new block
  define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME
  server SHA-256 certificate now follows the same logic as CA SHA-256 certificate
  add entry to ChangeLog
2019-03-05 16:25:53 +00:00
Simon Butcher fb85576f05 Merge remote-tracking branch 'restricted/pr/529' into mbedtls-2.7
* restricted/pr/529:
  Fix order of sections in the ChangeLog
  Fix failure in SSLv3 per-version suites test
  Adjust DES exclude lists in test scripts
  Clarify 3DES changes in ChangeLog
  Fix documentation for 3DES removal
  Exclude 3DES tests in test scripts
  Fix wording of ChangeLog and 3DES_REMOVE docs
  Reduce priority of 3DES ciphersuites
2019-03-03 10:08:12 +00:00
Simon Butcher 6728797f02 Merge remote-tracking branch 'public/pr/2148' into mbedtls-2.7
* public/pr/2148:
  Add ChangeLog entry for unused bits in bitstrings
  Improve docs for ASN.1 bitstrings and their usage
  Add tests for (named) bitstring to suite_asn1write
  Fix ASN1 bitstring writing
2019-03-01 13:09:04 +00:00
Manuel Pégourié-Gonnard 47237346d4 Fix order of sections in the ChangeLog 2019-03-01 10:34:21 +01:00
Manuel Pégourié-Gonnard a82d38dc7c Fix failure in SSLv3 per-version suites test
The test used 3DES as the suite for SSLv3, which now makes the handshake fails
with "no ciphersuite in common", failing the test as well. Use Camellia
instead (as there are not enough AES ciphersuites before TLS 1.2 to
distinguish between the 3 versions).

Document some dependencies, but not all. Just trying to avoid introducing new
issues by using a new cipher here, not trying to make it perfect, which is a
much larger task out of scope of this commit.
2019-03-01 10:33:58 +01:00
Gilles Peskine de12823a18 check-files.py: readability improvement in permission check 2019-02-26 16:37:42 +01:00
Gilles Peskine fb8c373a15 check-files.py: use class fields for class-wide constants
In an issue tracker, heading and files_exemptions are class-wide
constants, so make them so instead of being per-instance fields.
2019-02-26 16:37:26 +01:00
Gilles Peskine 7194ecb3fb check-files.py: clean up class structure
Line issue trackers are conceptually a subclass of file issue
trackers: they're file issue trackers where issues arise from checking
each line independently. So make it an actual subclass.

Pylint pointed out the design smell: there was an abstract method that
wasn't always overridden in concrete child classes.
2019-02-26 16:35:35 +01:00
Gilles Peskine 4fb6678da5 check-files.py: document some classes and methods
Document all classes and longer methods.

Declare a static method as such. Pointed out by pylint.
2019-02-26 16:35:27 +01:00
Andres Amaya Garcia fea3d0a3d0 Adjust DES exclude lists in test scripts 2019-02-26 12:46:16 +01:00
Gilles Peskine b46f1bd451 Fix too small buffer in a test 2019-02-22 11:30:14 +01:00
Gilles Peskine 0efa8567d8 Add changelog entry for mbedtls_ecdh_get_params robustness 2019-02-21 18:17:05 +01:00
Gilles Peskine f58078c7c5 Fix ecdh_get_params with mismatching group
If mbedtls_ecdh_get_params is called with keys belonging to
different groups, make it return an error the second time, rather than
silently interpret the first key as being on the second curve.

This makes the non-regression test added by the previous commit pass.
2019-02-21 18:17:05 +01:00
Gilles Peskine 496c9e053d Add test case for ecdh_get_params with mismatching group
Add a test case for doing an ECDH calculation by calling
mbedtls_ecdh_get_params on both keys, with keys belonging to
different groups. This should fail, but currently passes.
2019-02-21 18:17:05 +01:00
Gilles Peskine 390bbd08f7 Add test case for ecdh_calc_secret
Add a test case for doing an ECDH calculation by calling
mbedtls_ecdh_get_params on both keys, then mbedtls_ecdh_calc_secret.
2019-02-21 18:16:55 +01:00
Jaeden Amero f054f8b3dc Merge remote-tracking branch 'origin/pr/2384' into mbedtls-2.7 2019-02-21 12:00:43 +00:00
Andres Amaya Garcia 493a0dc333 Clarify 3DES changes in ChangeLog 2019-02-19 21:07:03 +00:00
Ron Eldor de0c841b94 Use certificates from data_files and refer them
Use the server certificate from `data_files` folder, for formality,
and refer to the source, for easier reproduction.
2019-02-13 16:00:07 +02:00
Andres Amaya Garcia b7c22ecc74 Fix documentation for 3DES removal 2019-02-13 10:00:02 +00:00
Andres Amaya Garcia 0a0e5b12a9 Exclude 3DES tests in test scripts 2019-02-13 09:59:06 +00:00
Andres Amaya Garcia f9b2ed062f Fix wording of ChangeLog and 3DES_REMOVE docs 2019-02-13 09:53:59 +00:00
Andres Amaya Garcia 21ade06ef8 Reduce priority of 3DES ciphersuites 2019-02-13 09:52:46 +00:00
Ron Eldor 664623ebbc Specify server certificate to use in SHA-1 test
Specify the SHA-1 server certificate to use in the SHA-1 test,
because now the default certificates use SHA256 certificates.
2019-02-12 15:39:42 +02:00