Commit graph

4565 commits

Author SHA1 Message Date
Gilles Peskine 892c1752f7 Merge remote-tracking branch 'upstream-public/pr/1233' into mbedtls-2.1 2017-12-22 11:20:23 +01:00
Mohammad Azim Khan 075dc853fe Backport: Add option to do baremetal configuration.
Aligned with development branch and added option 'baremetal' that sets configuration for bare metal builds.
2017-12-21 17:21:56 +00:00
Gilles Peskine 78493be3ee compat.sh: use wait_server_start
Port wait_server_start from ssl-opt.sh to compat.sh, instead of just
using "sleep 1". This solves the problem that on a heavily loaded
machine, sleep 1 is sometimes not enough (we had CI failures because
of this). This is also faster on a lightly-loaded machine (execution
time reduced from ~8min to ~6min on my machine).
2017-12-19 13:33:12 +01:00
Gilles Peskine 684a517220 wait_server_start: minor efficiency improvement
In wait_server_start, fork less. When lsof is present, call it on the
expected process. This saves a few percent of execution time on a
lightly loaded machine. Also, sleep for a short duration rather than
using a tight loop.
2017-12-19 13:33:08 +01:00
Manuel Pégourié-Gonnard 86bc448e75 Merge remote-tracking branch 'public/pr/1118' into mbedtls-2.1
* public/pr/1118:
  Allow comments in test data files
2017-12-19 12:19:52 +01:00
Manuel Pégourié-Gonnard 157393a2f4 Merge remote-tracking branch 'public/pr/1192' into mbedtls-2.1
* public/pr/1192:
  ssl-opt.sh: support fixed seed for random tests
2017-12-19 12:18:54 +01:00
Manuel Pégourié-Gonnard 227692a6b1 Merge remote-tracking branch 'public/pr/1160' into mbedtls-2.1
* public/pr/1160:
  Address PR review comments
  Backport 2.1:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:42:29 +01:00
Manuel Pégourié-Gonnard d1ededf4a3 Merge remote-tracking branch 'public/pr/1187' into mbedtls-2.1
* public/pr/1187:
  Fix build error with gcc -Werror=misleading-indentation
2017-12-18 11:46:10 +01:00
Manuel Pégourié-Gonnard 912e4471bb Merge remote-tracking branch 'public/pr/1185' into mbedtls-2.1
* public/pr/1185:
  Fix build without MBEDTLS_FS_IO
2017-12-18 11:44:07 +01:00
Gilles Peskine a15486a35f Merge branch 'pr_1044' into mbedtls-2.1 2017-12-04 17:29:28 +01:00
Gilles Peskine 45c8f6a38a Added ChangeLog entry 2017-12-04 17:28:09 +01:00
Gilles Peskine 4b36dfb820 Merge remote-tracking branch 'upstream-public/pr/1174' into mbedtls-2.1 2017-12-04 17:20:45 +01:00
Gilles Peskine bb4aaf1bbc ssl-opt.sh: support fixed seed for random tests
Support --seed and $SEED to set the seed for random tests.

Partial backport of commit 7770ea82d5
(the part applying to all.sh is already present).
2017-12-01 17:23:34 +01:00
Gilles Peskine 14ab4cff9f Fix build error with gcc -Werror=misleading-indentation
Fix misleading indentation. This was just bad indentation, the
behavior was correct. It was detected by gcc 6.
2017-12-01 11:45:21 +01:00
Gilles Peskine 6ddfa37084 Fix build without MBEDTLS_FS_IO
Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is
disabled in the configuration.

Introduced by d08ae68237
    Merge remote-tracking branch 'upstream-public/pr/1112' into mbedtls-2.1
2017-11-30 12:20:19 +01:00
Gilles Peskine 49349bacb9 Merge remote-tracking branch 'upstream-public/pr/1153' into mbedtls-2.1 2017-11-29 20:53:58 +01:00
Gilles Peskine f663c22ab7 Merge remote-tracking branch 'upstream-public/pr/916' into mbedtls-2.1 2017-11-29 20:53:44 +01:00
Gilles Peskine 25aa833ac3 Merge branch 'pr_1082' into mbedtls-2.1 2017-11-28 18:33:50 +01:00
Gilles Peskine 026d18aefa Add ChangeLog entry 2017-11-28 18:33:31 +01:00
Gilles Peskine 283a80d51f Merge remote-tracking branch 'upstream-public/pr/1108' into mbedtls-2.1 2017-11-28 18:31:28 +01:00
Gilles Peskine 31dce36364 Merge remote-tracking branch 'upstream-public/pr/1080' into mbedtls-2.1 2017-11-28 18:30:18 +01:00
Gilles Peskine a6f6947490 Merge remote-tracking branch 'upstream-public/pr/943' into mbedtls-2.1 2017-11-28 18:28:39 +01:00
Gilles Peskine dc89416ad9 Merge remote-tracking branch 'upstream-public/pr/996' into mbedtls-2.1 2017-11-28 17:10:10 +01:00
Gilles Peskine d08ae68237 Merge remote-tracking branch 'upstream-public/pr/1112' into mbedtls-2.1 2017-11-24 15:37:29 +01:00
Gilles Peskine 7aa24190b4 Merge remote-tracking branch 'upstream-public/pr/1107' into mbedtls-2.1 2017-11-23 20:09:48 +01:00
Darryl Green 67bfc5b46c Add tests for invalid private parameter in mbedtls_ecdsa_sign 2017-11-20 17:11:42 +00:00
Darryl Green 1b052e80aa Add checks for private parameter in mbedtls_ecdsa_sign() 2017-11-20 17:11:17 +00:00
Manuel Pégourié-Gonnard ea0aa655f6 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  Fix typo in asn1.h
  Improve leap year test names in x509parse.data
  Correctly handle leap year in x509_date_is_valid()
  Renegotiation: Add tests for SigAlg ext parsing
  Parse Signature Algorithm ext when renegotiating
  Fix changelog for ssl_server2.c usage fix
  Fix ssl_server2 sample application prompt
  Update ChangeLog for fix to #836
  Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
  Enhance documentation of mbedtls_ssl_set_hostname
  Add test case calling ssl_set_hostname twice
  Make mbedtls_ssl_set_hostname safe to be called multiple times
  Fix typo in configs/README.txt file
2017-11-14 08:38:52 +01:00
Ron Eldor be17ed59d6 Address PR review comments
set `cache->chain` to NULL,
instead of setting the whole structure to zero.
2017-10-30 18:11:38 +02:00
Ron Eldor 5bd272627b Backport 2.1:Fix crash when calling mbedtls_ssl_cache_free twice
Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104
2017-10-30 18:09:40 +02:00
Hanno Becker 489f80cbf5 Adapt ChangeLog 2017-10-24 11:56:58 +01:00
Hanno Becker 4f9973efb9 Add build and ssl-opt.sh run for !SSL_RENEGOTIATION to all.sh 2017-10-24 11:56:28 +01:00
Hanno Becker 7889113075 Add dependency on SSL_RENEGOTIATION to renego tests in ssl-opt.sh 2017-10-24 11:54:55 +01:00
Hanno Becker 3cd07be889 Fix handling of HS msgs in mbedtls_ssl_read if renegotiation unused
Previously, if `MBEDTLS_SSL_RENEGOTIATION` was disabled, incoming handshake
messages in `mbedtls_ssl_read` (expecting application data) lead to the
connection being closed. This commit fixes this, restricting the
`MBEDTLS_SSL_RENEGOTIATION`-guard to the code-paths responsible for accepting
renegotiation requests and aborting renegotiation attempts after too many
unexpected records have been received.
2017-10-24 11:49:19 +01:00
Hanno Becker e454d73cc0 Swap branches accepting/refusing renegotiation in in ssl_read 2017-10-24 11:47:37 +01:00
Hanno Becker 797c084394 Add tests for disabled MFL-extension to all.sh
This commit adds a build with default config except
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH to all.sh, as well as a run of the MFL-related
tests in ssl-opt.sh.
2017-10-19 15:49:21 +01:00
Hanno Becker 6ed76f74d2 Use a conservative excess of the maximum fragment length in tests
This leads to graceful test failure instead of crash when run on the previous
code.
2017-10-19 15:45:17 +01:00
Hanno Becker 64691dc3fc Let ssl-opt.sh gracefully fail is SSL_MAX_CONTENT_LEN is not 16384
Some tests in ssl-opt.sh require MBEDTLS_SSL_MAX_CONTENT_LEN to be set to its
default value of 16384 to succeed. While ideally such a dependency should not
exist, as a short-term remedy this commit adds a small check that will at least
lead to graceful exit if that assumption is violated.
2017-10-19 15:45:17 +01:00
Hanno Becker b658ee63c2 Adapt ChangeLog 2017-10-19 15:45:17 +01:00
Florin a360411e4f Fixed SIGSEGV problem when writing with ssl_write_real a buffer that is over MBEDTLS_SSL_MAX_CONTENT_LEN bytes
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-10-19 15:44:37 +01:00
Hanno Becker e298c8b46c Correct typo 2017-10-19 15:44:37 +01:00
Hanno Becker 0d885d3d8c Add expected number of fragments to 16384-byte packet tests 2017-10-19 15:44:37 +01:00
Hanno Becker 2fabe5fb70 Add tests for messages beyond 16384 bytes to ssl-opt.sh
This commit adds four tests to ssl-opt.sh testing the library's behavior when
`mbedtls_ssl_write` is called with messages beyond 16384 bytes. The combinations
tested are TLS vs. DTLS and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH enabled vs. disabled.
2017-10-19 15:44:37 +01:00
Hanno Becker 0560778fb0 Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
The tests for the maximum fragment length extension were lacking a dependency on
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config.
2017-10-19 15:44:37 +01:00
Hanno Becker 1a662eb928 Allow requests of size larger than 16384 in ssl_client2 2017-10-19 15:44:37 +01:00
Andres Amaya Garcia fe7fd6e8dc Fix typo in asn1.h 2017-10-12 22:42:04 +01:00
Andres Amaya Garcia b1d78fcf70 Improve leap year test names in x509parse.data 2017-10-12 21:03:15 +01:00
Andres Amaya Garcia bc041130b0 Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 21:03:01 +01:00
Janos Follath 5f1dd80eaf Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-11 13:58:17 +01:00
Ron Eldor bac9d4d90f Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-11 13:58:08 +01:00