Commit Graph

3526 Commits

Author SHA1 Message Date
Gilles Peskine
2484ffeb81 get_timer: don't use uninitialized memory
get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.

As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
2017-12-20 22:12:19 +01:00
Gilles Peskine
de896ebd26 Timing: fix set_alarm(0) on Unix/POSIX
The POSIX/Unix implementation of set_alarm did not set the
alarmed flag when called with 0, which was inconsistent
with what the documentation implied and with the Windows behavior.
2017-12-20 22:04:48 +01:00
Gilles Peskine
605c2284bc Merge branch 'pr_998' into mbedtls-1.3 2017-12-19 18:10:51 +01:00
Gilles Peskine
5a0bc7f142 Added ChangeLog entry 2017-12-19 18:09:34 +01:00
Manuel Pégourié-Gonnard
b9c40b3157 Merge remote-tracking branch 'public/pr/1119' into mbedtls-1.3
* public/pr/1119:
  Allow comments in test data files
2017-12-19 12:21:07 +01:00
Manuel Pégourié-Gonnard
cc3e3b0ace Merge remote-tracking branch 'public/pr/1161' into mbedtls-1.3
* public/pr/1161:
  Address PR review comments
  Backport 1.3:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:43:57 +01:00
Manuel Pégourié-Gonnard
ccbbfdf0d8 Merge remote-tracking branch 'public/pr/1186' into mbedtls-1.3
* public/pr/1186:
  Fix build without MBEDTLS_FS_IO
2017-12-18 11:44:48 +01:00
Gilles Peskine
4905e6c4e7 Merge branch 'pr_1045' into mbedtls-1.3 2017-12-04 17:29:13 +01:00
Gilles Peskine
046fff12fa Added ChangeLog entry 2017-12-04 17:26:40 +01:00
Gilles Peskine
6e206364d9 Merge remote-tracking branch 'upstream-public/pr/1175' into mbedtls-1.3 2017-12-04 17:21:09 +01:00
Gilles Peskine
bb709d7483 Fix build without MBEDTLS_FS_IO
Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is
disabled in the configuration.

Introduced by e298532394
    Merge remote-tracking branch 'upstream-public/pr/1113' into mbedtls-1.3
2017-11-30 12:14:59 +01:00
Gilles Peskine
3a3228cf90 Merge remote-tracking branch 'upstream-public/pr/1155' into mbedtls-1.3 2017-11-29 20:55:11 +01:00
Gilles Peskine
9f423b18cb Merge remote-tracking branch 'upstream-public/pr/917' into mbedtls-1.3 2017-11-29 20:55:03 +01:00
Gilles Peskine
8c946113ba Merge branch 'pr_1083' into mbedtls-1.3
Merge PR #1083 plus ChangeLog entry.
2017-11-28 18:42:21 +01:00
Gilles Peskine
f15cbdab67 Merge remote-tracking branch 'upstream-public/pr/1109' into mbedtls-1.3 2017-11-28 18:41:31 +01:00
Gilles Peskine
43a6b83419 Merge remote-tracking branch 'upstream-public/pr/1081' into mbedtls-1.3 2017-11-28 18:41:02 +01:00
Gilles Peskine
f945a2245e Merge remote-tracking branch 'upstream-public/pr/944' into mbedtls-1.3 2017-11-28 18:38:17 +01:00
Gilles Peskine
d2e8affa66 Add ChangeLog entry 2017-11-28 18:37:53 +01:00
Gilles Peskine
c22c8a2797 Merge branch 'win-tests-1.3' into mbedtls-1.3
Backport of PR #353
2017-11-28 15:28:47 +01:00
Gilles Peskine
8083849575 Add ChangeLog entry 2017-11-28 15:27:48 +01:00
Nicholas Wilson
25f762d248 Allow test suites to be run on Windows
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing.  Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2017-11-28 13:43:06 +00:00
Gilles Peskine
e298532394 Merge remote-tracking branch 'upstream-public/pr/1113' into mbedtls-1.3 2017-11-24 15:38:42 +01:00
Darryl Green
851111dc16 Add tests for invalid private parameters in ecdsa_sign() 2017-11-20 15:54:05 +00:00
Darryl Green
fdac76f330 Add checks for private parameter in ecdsa_sign() 2017-11-20 15:53:43 +00:00
Ron Eldor
9f60bc57ce Address PR review comments
set `cache->chain` to NULL,
instead of setting the whole structure to zero.
2017-10-30 18:18:09 +02:00
Ron Eldor
1f311ed587 Backport 1.3:Fix crash when calling mbedtls_ssl_cache_free twice
Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104
2017-10-30 18:16:51 +02:00
Hanno Becker
18710eb102 Adapt ChangeLog 2017-10-25 09:51:30 +01:00
Hanno Becker
be812f68c5 Add build and ssl-opt.sh run for SSL_DISABLE_RENEGOTIATION to all.sh 2017-10-25 09:51:30 +01:00
Hanno Becker
e8f3d933e9 Add dep'n on !DISABLE_RENEGOTIATION to renego tests in ssl-opt.sh 2017-10-25 09:51:13 +01:00
Hanno Becker
bfd0991daa Fix handling of HS msgs in ssl_read if renegotiation unused
Previously, if `POLARSSL_SSL_RENEGOTIATION` was disabled, incoming handshake
messages in `ssl_read` (expecting application data) lead to the connection being
closed. This commit fixes this, restricting the
`POLARSSL_SSL_RENEGOTIATION`-guard to the code-paths responsible for accepting
renegotiation requests and aborting renegotiation attempts after too many
unexpected records have been received.
2017-10-25 09:34:48 +01:00
Hanno Becker
268191a305 Swap branches accepting/refusing renegotiation in in ssl_read 2017-10-25 09:33:22 +01:00
Andres Amaya Garcia
75ea35eac8 Fix typo in asn1.h 2017-10-12 22:43:16 +01:00
Andres Amaya Garcia
8a6ba0b495 Improve leap year test names in x509parse.data 2017-10-12 21:18:21 +01:00
Andres AG
7c02d13746 Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 21:08:46 +01:00
Janos Follath
ea111c5501 Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-11 14:06:40 +01:00
Ron Eldor
4491a791be Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-11 14:06:26 +01:00
Andres Amaya Garcia
10345fbe2a Add ChangeLog entry 2017-10-07 22:24:07 +01:00
Andres Amaya Garcia
cf428733b8 Fix coding style in x509_parse_int() 2017-10-07 22:22:26 +01:00
Andres Amaya Garcia
876214cd9d Change param type for x509_parse_int() to fix warn 2017-10-07 22:22:15 +01:00
Andres Amaya Garcia
8388be3ec7 Add brackets around net.c macro arguments 2017-10-07 22:22:04 +01:00
Andres Amaya Garcia
86f76ea25c Add brackets around function macro arguments 2017-10-07 22:21:54 +01:00
Andres Amaya Garcia
a4d1857003 Fix type in net.c comment 2017-10-07 22:21:46 +01:00
Andres Amaya Garcia
6e5e9aaf7f Fix MSVC warning in net.c
The warning was caused because in MSVC some of the function parameters
for the socket APIs are int while the fields in struct addrinfo are
size_t e.g. possible data loss.
2017-10-07 22:21:38 +01:00
Andres Amaya Garcia
2d0a5840fe Fix MSVC warning in sample programs
The warning was caused because of conversions from size_t to int, which
can cause data loss. The files affected are:
* ssl_client2.c
* ssl_server2.c
* ssl_mail_client.c
2017-10-07 22:21:29 +01:00
Hanno Becker
c143653a19 Add tests for encrypted 2048 and 4096-bit RSA keys
This commit adds multiple RSA keys of various sizes and unifies their naming scheme.
2017-10-06 14:31:51 +01:00
Hanno Becker
a6cffa5edd Adapt ChangeLog 2017-10-05 08:58:00 +01:00
Hanno Becker
ef4acc569d Minor style and typo corrections 2017-10-05 08:37:56 +01:00
Hanno Becker
524f255c5b Extend x509write_crt suite by RSA_ALT signing test 2017-10-05 08:37:56 +01:00
Hanno Becker
e87e5f6c71 Extend cert_write example program by multiple cmd line options
This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
                                   authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
                                 subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
                                basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
                                      when creating the CRT.
2017-10-05 08:37:53 +01:00
Hanno Becker
7c3c97ac13 Don't add extensions for X.509 non-v3 certificates
This commit removes extension-writing code for X.509 non-v3 certificates from
x509write_crt_der. Previously, even if no extensions were present an
empty sequence would have been added.
2017-10-05 07:49:21 +01:00