Commit Graph

4562 Commits

Author SHA1 Message Date
Simon Butcher
04d42111f4 Reverted the INPUT in doxygen to .
Previous change to include excluded the content in doxygen/input
2016-01-12 00:59:15 +00:00
Manuel Pégourié-Gonnard
35d07bfb45 Exclude more things from doxygen inputs 2016-01-08 17:01:59 +01:00
Manuel Pégourié-Gonnard
de7ae7b2e9 Exclude some warnings from the doxygen test
Apparently travis has an old version of doxygen that doesn't know all tags in
our config. That's not something we care about, we only want to know about
warnings in our doxygen content
2016-01-08 17:01:59 +01:00
Manuel Pégourié-Gonnard
259b08a5d2 Add -s (short) option to all.sh
On my machine, that reduces running time from about 30 minutes to less than 10
minutes, while maintaining a good probability of catching the most likely
issues in practice.
2016-01-08 16:49:17 +01:00
Manuel Pégourié-Gonnard
695e0ba014 Add new doxygen test to travis 2016-01-08 16:49:17 +01:00
Manuel Pégourié-Gonnard
1d552e7583 Add test script for doxygen warnings 2016-01-08 16:49:17 +01:00
Manuel Pégourié-Gonnard
b873f7ac98 Fix doxygen warnings about deprecated tags
Doxygen 1.8.10 warns that those tags are obsolete. Since we're not generating
XML anyway, it seems harmless to remove them even for earlier versions.
2016-01-08 16:49:17 +01:00
Manuel Pégourié-Gonnard
d2655ac2dc Add test for yotta debug build 2016-01-08 15:05:11 +01:00
Manuel Pégourié-Gonnard
365f325e03 Make check-names.sh happy 2016-01-08 15:05:11 +01:00
Manuel Pégourié-Gonnard
25caaf36a6 Avoid build errors with -O0 due to assembly 2016-01-08 14:29:11 +01:00
Manuel Pégourié-Gonnard
3551901cd1 Make ar invocation more portable
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.

fixes #386
2016-01-07 13:55:05 +01:00
Manuel Pégourié-Gonnard
afbb3101ce Update ChangeLog for latest PR merged
fixes #309
2016-01-07 13:26:11 +01:00
Manuel Pégourié-Gonnard
e9c1b1a3bf Merge remote-tracking branch 'yanesca/iss309' into development
* yanesca/iss309:
  Improved on the previous fix and added a test case to cover both types of carries.
  Removed recursion from fix #309.
  Improved on the fix of #309 and extended the test to cover subroutines.
  Tests and fix added for #309 (inplace mpi doubling).
2016-01-07 13:22:27 +01:00
Manuel Pégourié-Gonnard
f92c86e44d Update reference to attack in ChangeLog
We couldn't do that before the attack was public
2016-01-07 13:18:01 +01:00
Simon Butcher
bfafadb45d Change version number to 2.2.1
Changed version for library files and yotta module
2016-01-04 22:26:36 +00:00
Manuel Pégourié-Gonnard
7f88b8ec86 Tune description of a change/bugfix in ChangeLog 2016-01-04 17:36:44 +01:00
Simon Butcher
6e7d3d5462 Corrected naming and text in doxygen rng module
Doxygen input file had incorrect function name for rng function
mbedtls_ctr_drbg_random(), and formatting was fixed.
2016-01-04 16:09:23 +00:00
Manuel Pégourié-Gonnard
76da60c56e Fix doxygen warnings for generic names in config.h
When we use the same documentation for a list of #defines, we used to use a
generic name in the \def command. Use the first name of the list instead so
that doxygen stops complaining, and mention the generic name in the longer
description.

This is not entirely satisfactory as the full list of macros will not be
included in the generated doc, but it's still an improvement as at least the
first macro is documented now, with a hint that there are others.
2016-01-04 13:51:01 +01:00
Manuel Pégourié-Gonnard
1989caf71c Use a full config.h with doxygen
Otherwise we get warnings that some documentation items don't have
corresponding #define, and more importantly the corresponding snippets are not
included in the output.

For that we need a modified version of the "full" argument for config.pl.

Also, the new CMakeLists.txt target only works on Unix (which was already the
case of the Makefile target). Hopefully this is not an issue as people are
unlikely to need that target on Windows.
2016-01-04 12:57:32 +01:00
Manuel Pégourié-Gonnard
ddbb166041 Reintroduce line deleted by accident 2016-01-04 12:40:15 +01:00
Simon Butcher
5b331b9d48 Various fixes to doxygen API generation
* Fixed incorrect file definitions
 * Fixed accidental tag problems in ecjpake.h
 * Corrected function naming in X.509 module definition
2016-01-03 16:14:14 +00:00
Simon Butcher
9803d07a63 Fix for MPI divide on MSVC
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
2016-01-03 00:24:34 +00:00
Simon Butcher
1285ab5dc2 Fix for memory leak in RSA-SSA signing
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c
2016-01-01 21:42:47 +00:00
Simon Butcher
c4a6ce6a4c Merge branch 'origin/iotssl-541-pathlen-bugfix' 2015-12-30 07:52:54 +00:00
Simon Butcher
c97b697939 Fix for unused variable warning 2015-12-27 23:48:17 +00:00
Simon Butcher
f5ba04541e Fix for compiler warnings and style
Changes for C90 compliance, and style following review
2015-12-27 23:01:55 +00:00
Simon Butcher
c42350125e Clarification in ChangeLog 2015-12-23 18:36:16 +00:00
Simon Butcher
4c2bfdbff6 Merge 'iotssl-558-md5-tls-sigs-restricted' 2015-12-23 18:33:54 +00:00
Simon Butcher
9c2626c641 Merge 'iotssl-566-double-free-restricted' 2015-12-23 16:42:03 +00:00
Simon Butcher
00923c1897 Fix typo in Changelog 2015-12-22 19:04:24 +00:00
Simon Butcher
fabce5e137 Merge branch 'misc' into development
Fixes github #358, #362 and IOTSSL-536
2015-12-22 18:56:56 +00:00
James Cowgill
21e402a3ae Fix segfault on x32 by using better register constraints in bn_mul.h
On x32, pointers are only 4-bytes wide and need to be loaded using the "movl"
instruction instead of "movq" to avoid loading garbage into the register.

The MULADDC routines for x86-64 are adjusted to work on x32 as well by getting
gcc to load all the registers for us in advance (and storing them later) by
using better register constraints. The b, c, D and S constraints correspond to
the rbx, rcx, rdi and rsi registers respectively.
2015-12-17 13:08:47 +00:00
James Cowgill
6c8edca2d4 Fix build errors on x32 by using the generic 'add' instruction
On x32 systems, pointers are 4-bytes wide and are therefore stored in %e?x
registers (instead of %r?x registers). These registers must be accessed using
"addl" instead of "addq", however the GNU assembler will acccept the generic
"add" instruction and determine the correct opcode based on the registers
passed to it.
2015-12-17 01:40:26 +00:00
Simon Butcher
207990dcf5 Added description of change to the Changelog
Also clarified some comments following review.
2015-12-16 01:51:30 +00:00
Manuel Pégourié-Gonnard
1e07562da4 Fix wrong length limit in GCM
See for example page 8 of
http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf

The previous constant probably came from a typo as it was 2^26 - 2^5 instead
of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than
2^32 as the ull suffix and cast to uint64_t show.

fixes #362
2015-12-10 14:54:21 +01:00
Manuel Pégourié-Gonnard
7f17155ac6 Avoid seemingly-possible overflow
By looking just at that test, it looks like 2 + dn_size could overflow. In
fact that can't happen as that would mean we've read a CA cert of size is too
big to be represented by a size_t.

However, it's best for code to be more obviously free of overflow without
having to reason about the bigger picture.
2015-12-10 14:36:25 +01:00
Manuel Pégourié-Gonnard
acbb050118 Make documentation more explicit on TLS errors
fixes #358
2015-12-10 13:57:27 +01:00
Manuel Pégourié-Gonnard
97b5209bc0 Fix potential double free in cert writing code
In case an entry with the given OID already exists in the list passed to
mbedtls_asn1_store_named_data() and there is not enough memory to allocate
room for the new value, the existing entry will be freed but the preceding
entry in the list will sill hold a pointer to it. (And the following entries
in the list are no longer reachable.) This results in memory leak or a double
free.

The issue is we want to leave the list in a consistent state on allocation
failure. (We could add a warning that the list is left in inconsistent state
when the function returns NULL, but behaviour changes that require more care
from the user are undesirable, especially in a stable branch.)

The chosen solution is a bit inefficient in that there is a time where both
blocks are allocated, but at least it's safe and this should trump efficiency
here: this code is only used for generating certificates, which is unlikely to
be done on very constrained devices, or to be in the critical loop of
anything. Also, the sizes involved should be fairly small anyway.

fixes #367
2015-12-10 11:23:55 +01:00
Manuel Pégourié-Gonnard
c5892ca50c Add credits to ChangeLog 2015-12-08 16:14:58 +01:00
Manuel Pégourié-Gonnard
d80532481a Fix levels of some debug messages
Messages about returning an error code that will be propagated all the way up
to the user should always be level 1.
2015-12-08 09:55:44 +01:00
Manuel Pégourié-Gonnard
47229c7cbb Disable MD5 in handshake signatures by default 2015-12-04 15:02:56 +01:00
Manuel Pégourié-Gonnard
e2e25e7427 DTLS: avoid dropping too many records
When the peer retransmits a flight with many record in the same datagram, and
we already saw one of the records in that datagram, we used to drop the whole
datagram, resulting in interoperability failure (spurious handshake timeouts,
due to ignoring record retransmitted by the peer) with some implementations
(issues with Chrome were reported).

So in those cases, we want to only drop the current record, and look at the
following records (if any) in the same datagram. OTOH, this is not something
we always want to do, as sometime the header of the current record is not
reliable enough.

This commit introduces a new return code for ssl_parse_header() that allows to
distinguish if we should drop only the current record or the whole datagram,
and uses it in mbedtls_ssl_read_record()

fixes #345
2015-12-03 16:13:17 +01:00
Manuel Pégourié-Gonnard
1630888aa0 Fix two more compiler warnings
- declaration after statement
- always true comparison due to limited range of operand
2015-12-01 10:27:00 +01:00
Manuel Pégourié-Gonnard
e3e8edfa51 Fix potential integer overflow in prev. commit
Found by Clang's -Wshift-count-overflow
2015-12-01 09:34:36 +01:00
Simon Butcher
15b15d1361 Added integer divide by as separate function
Added 64bit integer divided by 32bit integer, with remainder
2015-11-26 19:35:03 +00:00
Manuel Pégourié-Gonnard
3134ef0504 footprint.sh: tune output again 2015-11-25 10:50:27 +00:00
Manuel Pégourié-Gonnard
4553a6cdcf footprint.sh: improve printed output 2015-11-25 10:39:54 +00:00
Manuel Pégourié-Gonnard
f4569b14c4 Fix bug checking pathlen on first intermediate
Remove check on the pathLenConstraint value when looking for a parent to the
EE cert, as the constraint is on the number of intermediate certs below the
parent, and that number is always 0 at that point, so the constraint is always
satisfied.

The check was actually off-by-one, which caused valid chains to be rejected
under the following conditions:
- the parent certificate is not a trusted root, and
- it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)

fixes #280
2015-11-19 11:10:38 +01:00
Manuel Pégourié-Gonnard
8b4331aa56 Add test case for root with max_pathlen=0
This was already working but not tested so far

(Test case from previous commit still failing.)

Test certificates generated with:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key

programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"

mv cert9?.crt tests/data_files/dir4
rm cert9?.key
2015-11-19 11:10:33 +01:00
Manuel Pégourié-Gonnard
a3aa43da5f Add test case for first intermediate max_pathlen=0
!!! This test case is currently failing !!!
(See fix in next-next commit.)

Test certificates generated with the following script:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key

programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
    max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
    issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
    subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"

mv cert8?.crt tests/data_files/dir4
rm cert8?.key
2015-11-19 10:56:30 +01:00