1) The MPI test for prime generation missed a return value
check for a call to `mpi_shift_r`. This is neither
critical nor new but should be fixed.
2) The RSA keygeneration example program contained code
initializing an RSA context after a potentially failing
call to CTR DRBG initialization, leaving the corresponding
RSA context free call in the cleanup section orphaned.
The commit fixes this by moving the initializtion of the
RSA context prior to the first potentially failing call.
Print some not-very-nice-looking but helpful diagnosis information if
the timing selftest fails. Since the failures tend to be due to heavy
system load that's hard to reproduce, this information is necessary to
understand what's going on.
get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.
As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
The POSIX/Unix implementation of set_alarm did not set the
alarmed flag when called with 0, which was inconsistent
with what the documentation implied and with the Windows behavior.
Add --keep-going mode to all.sh. In this mode, if a test fails, keep
running the subsequent tests. If a build fails, skip any tests of this
build and move on to the next tests. Errors in infrastructure, such as
git or cmake runs, remain fatal. Print an error summary at the end of
the run, and return a nonzero code if there was any failure.
In known terminal types, use color to highlight errors.
On a fatal signal, interrupt the run and report the errors so far.
Port wait_server_start from ssl-opt.sh to compat.sh, instead of just
using "sleep 1". This solves the problem that on a heavily loaded
machine, sleep 1 is sometimes not enough (we had CI failures because
of this). This is also faster on a lightly-loaded machine.
In wait_server_start, fork less. When lsof is present, call it on the
expected process. This saves a few percent of execution time on a
lightly loaded machine. Also, sleep for a short duration rather than
using a tight loop.
Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is
disabled in the configuration.
Introduced by e298532394
Merge remote-tracking branch 'upstream-public/pr/1113' into mbedtls-1.3
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing. Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
Previously, if `POLARSSL_SSL_RENEGOTIATION` was disabled, incoming handshake
messages in `ssl_read` (expecting application data) lead to the connection being
closed. This commit fixes this, restricting the
`POLARSSL_SSL_RENEGOTIATION`-guard to the code-paths responsible for accepting
renegotiation requests and aborting renegotiation attempts after too many
unexpected records have been received.
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)
The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.
A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.