Commit Graph

5203 Commits

Author SHA1 Message Date
Hanno Becker
25422e1f02 Improve documentation of mbedtls_ssl_get_verify_result()
Fixes #517.
2018-10-30 09:35:43 +00:00
Simon Butcher
4acdf6dea8 Merge remote-tracking branch 'public/pr/1298' into mbedtls-2.1-proposed 2018-10-28 18:17:00 +00:00
Simon Butcher
1238a2fd03 Merge remote-tracking branch 'public/pr/1762' into mbedtls-2.1-proposed 2018-10-28 18:15:26 +00:00
Simon Butcher
a1f11cfc38 Merge remote-tracking branch 'public/pr/2058' into mbedtls-2.1-proposed 2018-10-28 17:25:16 +00:00
Simon Butcher
c84f5c937d Merge remote-tracking branch 'public/pr/2072' into mbedtls-2.1-proposed 2018-10-28 16:58:29 +00:00
Simon Butcher
351c4f15f4 Merge remote-tracking branch 'public/pr/2113' into mbedtls-2.1-proposed 2018-10-28 16:32:05 +00:00
Simon Butcher
34f32fa93c Merge remote-tracking branch 'public/pr/2110' into mbedtls-2.1-proposed 2018-10-28 16:17:28 +00:00
Simon Butcher
d10c8ed6d0 Merge remote-tracking branch 'public/pr/2033' into mbedtls-2.1 2018-10-27 18:34:57 +01:00
Simon Butcher
a4441430b7 Merge remote-tracking branch 'public/pr/2042' into mbedtls-2.1 2018-10-27 18:29:08 +01:00
Simon Butcher
945dfe6f0e Update the ChangeLog for PR #2011
The Changelog merged the PR #2011 entry under the wrong version. This corrects
that merge error, and also clarifies the entry.
2018-10-25 16:18:13 +01:00
Simon Butcher
fc0524ceb9 Merge remote-tracking branch 'public/pr/2011' into mbedtls-2.1 2018-10-24 13:36:58 +01:00
Simon Butcher
b001e08585
Merge pull request #2123 from dgreen-arm/mbedtls-2.1-jenkinsfile
Backport 2.1: Add Jenkinsfile for PR job
2018-10-19 17:01:03 +01:00
Darryl Green
e45e63cbbc Add Jenkinsfile for PR job 2018-10-19 15:26:49 +01:00
Hanno Becker
c2a1dd98d5 Adapt ChangeLog 2018-10-17 14:55:03 +01:00
Hanno Becker
3aab4cc486 Fail when encountering invalid CBC padding in EtM records
This commit changes the behavior of the record decryption routine
`ssl_decrypt_buf()` in the following situation:
1. A CBC ciphersuite with Encrypt-then-MAC is used.
2. A record with valid MAC but invalid CBC padding is received.
In this situation, the previous code would not raise and error but
instead forward the decrypted packet, including the wrong padding,
to the user.

This commit changes this behavior to return the error
MBEDTLS_ERR_SSL_INVALID_MAC instead.

While erroneous, the previous behavior does not constitute a
security flaw since it can only happen for properly authenticated
records, that is, if the peer makes a mistake while preparing the
padded plaintext.
2018-10-17 14:54:50 +01:00
Hanno Becker
a966e6ff47 Add missing return value check in ECDSA test suite
The test case `ecdsa_det_test_vectors` from the ECDSA test suite
called `mbedtls_md()` without checking its return value.
2018-10-17 14:01:31 +01:00
Hanno Becker
d6a0ed169f Adapt ChangeLog 2018-10-09 13:09:41 +01:00
Hanno Becker
7c2f2f3266 Fix ordering of free()ing of internal structures in ssl_server2
If `MBEDTLS_MEMORY_BUFFER_ALLOC_C` is configured and Mbed TLS'
custom buffer allocator is used for calloc() and free(), the
read buffer used by the server example application is allocated
from the buffer allocator, but freed after the buffer allocator
has been destroyed. If memory backtracing is enabled, this leaves
a memory leak in the backtracing structure allocated for the buffer,
as found by valgrind.

Fixes #2069.
2018-10-09 12:46:32 +01:00
Hanno Becker
db0579334e Adapt ChangeLog 2018-10-05 09:57:24 +01:00
Hanno Becker
b0d59a1084 Fix memory leak and freeing without initialization in cert_write
* The variables `csr` and `issuer_crt` are initialized but not freed.
* The variable `entropy` is unconditionally freed in the cleanup section
  but there's a conditional jump to that section before its initialization.
  This cmmot Moves it to the other initializations happening before the
  first conditional jump to the cleanup section.

Fixes #1422.
2018-10-05 09:56:17 +01:00
Gilles Peskine
1e4c705414 check-files: exclude .git and third-party files
Exclude ".git" directories anywhere. This avoids spurious errors in git
checkouts that contain branch names that look like a file
check-files.py would check. Fix #1713

Exclude "mbed-os" anywhere and "examples" from the root. Switch to the
new mechanism to exclude "yotta/module". These are directories where
we store third-party files that do not need to match our preferences.

Exclude "cov-int" from the root. Fix #1691
2018-10-02 13:18:16 +02:00
Gilles Peskine
a2710dc094 Look for documentation only in specific directories
Generate the documentation from include and doxygen/input only. Don't
get snared by files containing Doxygen comments that lie in other
directories such as tests, yotta, crypto/include, ...

The only difference this makes in a fresh checkout is that the
documentation no longer lists target_config.h. This file is from
yotta, does not contain any Doxygen comment, and its inclusion in the
rendered documentation was clearly an oversight.
2018-10-02 10:45:22 +02:00
Simon Butcher
948dcee619 Update ChangeLog with dtls sample IPv6 change 2018-09-30 16:23:37 +01:00
Simon Butcher
714b7c60b1 Change the default IP addresses for DTLS samples
Changes the IP address to bind to for dtls_server.c to be "::" or optionally
"0.0.0.0" if the preprocessor symbol FORCE_IPV4 is defined.

Also changes the destinaton IP address for dtls_client.c to be "::1" or if
FORCE_IPV4 symbol is defined "127.0.0.1".

This change allows on compilation dtls_server.c and dtls_client.c to both be
compiled to use either IPv4 or IPv6 so out of the box they will work together
without problem, and to avoid dtls_server.c binding to IPv6 and dtls_client.c
binding to IPv4.
2018-09-30 16:20:04 +01:00
Gilles Peskine
c4859b0b37 In keep-going mode, don't hard-fail on some tests
Add if_build_succeeded in front of the invocation of some test runs
where it was missing.
2018-09-27 10:19:00 +02:00
Gilles Peskine
665ca23032 In keep-going mode, don't hard-fail on some auxiliary script
Add record_status in front of the invocation of several scripts where
it was missing.
2018-09-27 10:17:40 +02:00
Simon Butcher
5bcbd4e7f4 Add ChangeLog entry for PR #1811 2018-09-26 23:03:56 +01:00
Simon Butcher
6a5ced41f2 Merge remote-tracking branch 'public/pr/1811' into mbedtls-2.1 2018-09-26 23:02:07 +01:00
Simon Butcher
86d32e690c Merge remote-tracking branch 'public/pr/1973' into mbedtls-2.1 2018-09-26 22:40:09 +01:00
Simon Butcher
0624b76361 Merge remote-tracking branch 'public/pr/1898' into mbedtls-2.1 2018-09-26 22:01:33 +01:00
Simon Butcher
96e0d8ebfc Clarified ChangeLog entry
ChangeLog entry for backport of #1890 was misleading, so corrected it.
2018-09-13 12:05:40 +01:00
Gilles Peskine
3ccce199a2 Document the behavior change of make apidoc 2018-09-10 12:21:04 +02:00
Manuel Pégourié-Gonnard
b82d09b6a2 Add scripts/apidoc_full.sh
This re-introduces the apidoc with full config.h, but hopefully with the race
conditions and other issues that the previous implementation had.

Adapt doxygen test script to use that new script, and also check for errors
in addition to warnings while at it.
2018-09-10 12:16:58 +02:00
Manuel Pégourié-Gonnard
85c379d6d1 Revert changes done to 'make apidoc' target
This partially reverts 1989caf71c (only the changes to Makefile and
CMakeLists, the addition to scripts/config.pl is kept).

Modifying config.h in the apidoc target creates a race condition with

    make -j4 all apidoc

where some parts of the library, tests or programs could be built with the
wrong config.h, resulting in all kinds of (semi-random) errors. Recent
versions of CMake mitigate this by adding a .NOTPARALLEL target to the
generated Makefile, but people would still get errors with older CMake
versions that are still in use (eg in RHEL 5), and with plain make.

An additional issue is that, by failing to use cp -p, the apidoc target was
updating the timestamp on config.h, which seems to cause further build issues.

Let's get back to the previous, safe, situation. The improved apidoc building
will be resurrected in a script in the next commit.

fixes #390
fixes #391
2018-09-10 12:16:47 +02:00
Simon Butcher
71d5c58a1f Reverted the INPUT in doxygen to .
Previous change to include excluded the content in doxygen/input
2018-09-10 12:16:38 +02:00
Manuel Pégourié-Gonnard
b8a78d9112 Exclude more things from doxygen inputs 2018-09-10 12:16:27 +02:00
Manuel Pégourié-Gonnard
43e015a4cf Exclude some warnings from the doxygen test
Apparently travis has an old version of doxygen that doesn't know all tags in
our config. That's not something we care about, we only want to know about
warnings in our doxygen content
2018-09-10 12:15:43 +02:00
Manuel Pégourié-Gonnard
dec65c27ee Add new doxygen test to travis 2018-09-10 12:15:19 +02:00
Manuel Pégourié-Gonnard
9c81d0101d Add test script for doxygen warnings 2018-09-10 12:13:40 +02:00
Manuel Pégourié-Gonnard
5642833345 Fix doxygen warnings about deprecated tags
Doxygen 1.8.10 warns that those tags are obsolete. Since we're not generating
XML anyway, it seems harmless to remove them even for earlier versions.
2018-09-10 12:11:48 +02:00
Simon Butcher
c4a33d54cf
Merge pull request #507 from sbutcher-arm/mbedtls-version-2.1.15
Update library version number to 2.1.15
2018-08-31 17:29:47 +01:00
Simon Butcher
d3a5393a38 Update library version number to 2.1.15 2018-08-31 16:10:48 +01:00
Simon Butcher
cb9f70e23d Fix misclassification of bug in Changelog 2018-08-31 12:01:43 +01:00
Andrzej Kurek
10108318e8 ssl-opt.sh: change expected output for large srv packet test with SSLv3
This test also exercises a protection against BEAST
and should expect message splitting.
2018-08-29 06:46:50 -04:00
Andrzej Kurek
9b89e3664f Remove trailing whitespace 2018-08-29 06:46:27 -04:00
Andrzej Kurek
85e411f813 ssl_server2: add buffer overhead for a termination character
Switch to mbedtls style of memory allocation
2018-08-29 06:46:27 -04:00
Andrzej Kurek
4115a8cf47 Add missing large and small packet tests for ssl_server2 2018-08-29 06:46:27 -04:00
Andrzej Kurek
f4f59c0429 Added buffer_size and response_size options for ssl-server2.
Added appropriate tests.
2018-08-29 06:46:27 -04:00
Simon Butcher
8d408fac1d Merge remote-tracking branch 'restricted/pr/438' into mbedtls-2.1-restricted 2018-08-28 15:35:41 +01:00
Simon Butcher
9add36bbcb Merge remote-tracking branch 'restricted/pr/497' into mbedtls-2.1-restricted 2018-08-28 15:31:41 +01:00