Commit graph

6482 commits

Author SHA1 Message Date
Gilles Peskine 4e4be7cf62 Optimize unnecessary zeorizing in mbedtls_mpi_copy
Based on a contribution by Alexey Skalozub
(https://github.com/ARMmbed/mbedtls/pull/405).
2018-03-21 16:29:03 +01:00
Gilles Peskine 70ad839725 Clarify the behavior of bignum resize and copy functions 2018-03-21 16:28:41 +01:00
Gergely Budai 13f7fb372e Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:01:55 +00:00
Kevin Luty 1e7059fedd
Adding requested changes 2018-03-21 10:01:38 -05:00
Azim Khan 27e8a120b2 Assign NULL after freeing psk and psk_identity 2018-03-21 14:24:11 +00:00
junyeonLEE 316b162ac3 Separate psk and psk_identity buffers free
Sometimes, psk_identity buffer can't released because psk buffer is NULL.
So, separate it.
2018-03-21 14:15:28 +00:00
Andres Amaya Garcia 8e0e16032d Add ChangeLog entry for dylib builds using Makefile 2018-03-21 11:15:08 +00:00
Mitsuhiro Nakamura 5ff2ee51e9 Fix dylib linking 2018-03-21 11:10:59 +00:00
Gilles Peskine ea7dbbe0de Replace MBEDTLS_EINTR by IS_EINTR
check-names.sh reserves the prefix MBEDTLS_ for macros defined in
config.h so this name (or check-names.sh) had to change.

This is also more flexible because it allows for platforms that don't have
an EINTR equivalent or have multiple such values.
2018-03-19 17:10:31 +01:00
Hanno Becker c9f4d6d448 Correct error.c 2018-03-19 09:23:13 +00:00
Jaeden Amero 8be0e6db41 Update version to 2.8.0 2018-03-16 16:25:12 +00:00
Simon Butcher a4cbfa3ea2 Add clarity to use of the rsa_internal.h interface
Added additional clarification to the use of the rsa_internal.h interface and as
and when it can be used by whom. Policy hasn't changed, but it needed to be
clearer who can and can't use it and it's level of support.
2018-03-16 15:42:54 +00:00
Hanno Becker ef52796537 Fix missing return statement ssl_server2 idling
Also, introduce MBEDTLS_EINTR locally in net_sockets.c
for the platform-dependent return code macro used by
the `select` call to indicate that the poll was interrupted
by a signal handler: On Unix, the corresponding macro is EINTR,
while on Windows, it's WSAEINTR.
2018-03-15 15:52:31 +00:00
Hanno Becker 80e06d77d9 Use WSAEINTR instead of EINTR on Windows 2018-03-15 14:41:55 +00:00
Hanno Becker 9b2b66ebd2 Minor style corrections
Move function block brace outside conditional compilation
to not confuse some editors, and correct indentation.
2018-03-15 12:21:15 +00:00
Hanno Becker 9ac640326b Don't exit mbedtls_net_poll on interruption of select
If the select UNIX system call is interrupted by a signal handler,
it is not automatically restarted but returns EINTR. This commit
modifies the use of select in mbedtls_net_poll from net_sockets.c
to retry the select call in this case.
2018-03-15 12:19:31 +00:00
Hanno Becker adfa64f0c4 Abort idle-loop in ssl_server2 if sockets gets invalid
Previously, the idling loop in ssl_server2 didn't check whether
the underlying call to mbedtls_net_poll signalled that the socket
became invalid. This had the consequence that during idling, the
server couldn't be terminated through a SIGTERM, as the corresponding
handler would only close the sockets and expect the remainder of
the program to shutdown gracefully as a consequence of this.
This was subsequently attempted to be fixed through a change
in ssl-opt.sh by terminating the server through a KILL signal,
which however lead to other problems when the latter was run
under valgrind.

This commit changes the idling loop in ssl_server2 and ssl_client2
to obey the return code of mbedtls_net_poll and gracefully shutdown
if an error occurs, e.g. because the socket was closed.

As a consequence, the server termination via a KILL signal in
ssl-opt.sh is no longer necessary, with the previous `kill; wait`
pattern being sufficient. The commit reverts the corresponding
change.
2018-03-15 11:43:41 +00:00
Hanno Becker 8d83218b70 Increase UDP record packing time in ssl-opt.sh
The UDP tests involving the merging of multiple records into single
datagrams accumulate records for 10ms, which can be less than the
total flight preparation time if e.g. the tests are being run with
valgrind.

This commit increases the packing time for the relevant tests
from 10ms to 50ms.
2018-03-15 10:14:19 +00:00
Hanno Becker 7b6582b631 Kill server and proxy via SIGQUIT in ssl-opt.sh
SIGKILL interferes with memory checking in valgrind.
2018-03-15 09:37:27 +00:00
Jaeden Amero 79a5e72719 Merge remote-tracking branch 'upstream-restricted/pr/463' into development-restricted-proposed 2018-03-15 08:25:05 +00:00
Jaeden Amero 24b2d6fb6d Merge remote-tracking branch 'upstream-restricted/pr/459' into development-restricted-proposed 2018-03-15 08:24:44 +00:00
Jaeden Amero 8e4ff12909 Merge branch 'development-proposed' into development-restricted-proposed 2018-03-15 08:23:55 +00:00
Jaeden Amero ce183d994c Merge remote-tracking branch 'upstream-public/pr/1448' into development-proposed 2018-03-15 08:23:53 +00:00
Jaeden Amero d1fedc55d7 Merge remote-tracking branch 'upstream-public/pr/1440' into development-proposed 2018-03-15 08:23:35 +00:00
Jaeden Amero 95ad522ecc Merge remote-tracking branch 'upstream-public/pr/1439' into development-proposed 2018-03-15 08:23:10 +00:00
Jaeden Amero 64293777eb Merge remote-tracking branch 'upstream-public/pr/1423' into development-proposed 2018-03-15 08:22:48 +00:00
Jaeden Amero a53d9abfe8 Merge remote-tracking branch 'upstream-public/pr/1051' into development-proposed 2018-03-15 08:22:48 +00:00
Manuel Pégourié-Gonnard 47a98d4e2c fixup previous commit: add forgotten file 2018-03-14 14:08:57 +01:00
Manuel Pégourié-Gonnard a63305d134 x509: CRL: add tests for non-critical extension
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:44:54 +01:00
Manuel Pégourié-Gonnard 0bdb050b2d x509: CRL: add tests for malformed extensions
This covers all lines added in the previous commit. Coverage was tested using:

    make CFLAGS='--coverage -g3 -O0'
    (cd tests && ./test_suite_x509parse)
    make lcov
    firefox Coverage/index.html # then visual check

Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:00:55 +01:00
Krzysztof Stachowiak 7fa1ae70c8 Add Changelog entry 2018-03-14 11:57:37 +01:00
Krzysztof Stachowiak 00bbf572af Update change log 2018-03-14 11:14:13 +01:00
Manuel Pégourié-Gonnard fd3e4fbae7 x509: CRL: reject unsupported critical extensions 2018-03-14 09:15:02 +01:00
Gilles Peskine 5f1932817c Merge remote-tracking branch 'upstream-restricted/pr/398' into development-restricted-proposed 2018-03-13 17:18:06 +01:00
Gilles Peskine 553a06f08a Merge remote-tracking branch 'upstream-restricted/pr/351' into development-restricted-proposed
Move the added ChangeLog entry to the bottom so that the list remains
in merge order.
2018-03-13 17:15:34 +01:00
Hanno Becker b6f880b63b Revert whitespace change to ease merging 2018-03-13 12:48:50 +00:00
Manuel Pégourié-Gonnard 1ba8a3fc55 Yet another dependency issue (PKCS1_V15)
Found by running:

CC=clang cmake -D CMAKE_BUILD_TYPE="Check"
tests/scripts/depend-pkalgs.pl

(Also tested with same command but CC=gcc)

Another PR will address improving all.sh and/or the depend-xxx.pl scripts
themselves to catch this kind of thing.
2018-03-13 13:42:38 +01:00
Andrzej Kurek ccbd8a4bbb Add a missing bracket in ifdef for __cplusplus 2018-03-13 07:52:09 -04:00
Hanno Becker bc6c110139 Add test to ssl-opt.sh demonstrating the need for ssl_check_pending 2018-03-13 11:48:32 +00:00
Hanno Becker ddc3ebbc3f Exemplify use of mbedtls_ssl_check_pending in ssl_server2.c 2018-03-13 11:48:32 +00:00
Hanno Becker 6a33f59f76 Add tests for event-driven I/O in DTLS to ssl-opt.sh 2018-03-13 11:48:29 +00:00
Hanno Becker 62dcbaf567 Improve crediting in ChangeLog 2018-03-13 10:54:43 +00:00
Krzysztof Stachowiak 5224a7544c Prevent arithmetic overflow on bounds check 2018-03-13 11:31:38 +01:00
Krzysztof Stachowiak 740b218386 Add bounds check before length read 2018-03-13 11:31:14 +01:00
Krzysztof Stachowiak 027f84c69f Prevent arithmetic overflow on bounds check 2018-03-13 11:29:24 +01:00
Krzysztof Stachowiak a1098f81c2 Add bounds check before signature length read 2018-03-13 11:28:49 +01:00
Gilles Peskine f3ada4adb0 Merge branch 'pr_679' into development-proposed 2018-03-13 00:13:29 +01:00
Gilles Peskine 6dc4a31988 Add ChangeLog entry. Fixes #678 2018-03-13 00:13:06 +01:00
Gilles Peskine 13678d251f Merge remote-tracking branch 'upstream-public/pr/922' into development-proposed 2018-03-13 00:10:07 +01:00
Gilles Peskine d5f7d24e84 Merge branch 'pr_1064' into development-proposed 2018-03-13 00:08:05 +01:00