Commit Graph

867 Commits

Author SHA1 Message Date
Simon Butcher
5ca1f27bff Merge remote-tracking branch 'public/pr/2097' into mbedtls-2.1-proposed 2018-11-04 18:49:17 +00:00
Simon Butcher
ad95594acf Merge remote-tracking branch 'public/pr/2116' into mbedtls-2.1-proposed 2018-11-04 18:42:59 +00:00
Simon Butcher
4acdf6dea8 Merge remote-tracking branch 'public/pr/1298' into mbedtls-2.1-proposed 2018-10-28 18:17:00 +00:00
Simon Butcher
a1f11cfc38 Merge remote-tracking branch 'public/pr/2058' into mbedtls-2.1-proposed 2018-10-28 17:25:16 +00:00
Simon Butcher
c84f5c937d Merge remote-tracking branch 'public/pr/2072' into mbedtls-2.1-proposed 2018-10-28 16:58:29 +00:00
Simon Butcher
7458975805 Add a macro to define the memory size in ssl_server2.c
When MBEDTLS_MEMORY_BUFFER_ALLOC_C was defined, the sample ssl_server2.c was
using its own memory buffer for memory allocated by the library. The memory
used wasn't obvious, so this adds a macro for the memory buffer allocated to
make the allocated memory size more obvious and hence easier to configure.
2018-10-18 10:13:10 +01:00
Simon Butcher
e8c12f1ec9 Increase the memory buffer size for ssl_server2.c
Newer features in the library have increased the overall RAM usage of the
library, when all features are enabled. ssl_server2.c, with all features enabled
was running out of memory for the ssl-opt.sh test 'Authentication: client
max_int chain, server required'.

This commit increases the memory buffer allocation for ssl_server2.c to allow
the test to work with all features enabled.
2018-10-18 10:13:08 +01:00
Hanno Becker
6a74b2f687 Zeroize sensitive data in aescrypt2 and crypt_and_hash examples
This commit replaces multiple `memset()` calls in the example
programs aes/aescrypt2.c and aes/crypt_and_hash.c by calls to
the reliable zeroization function `mbedtls_zeroize()`.

While not a security issue because the code is in the example
programs, it's bad practice and should be fixed.
2018-10-15 13:28:08 +01:00
Hanno Becker
7c2f2f3266 Fix ordering of free()ing of internal structures in ssl_server2
If `MBEDTLS_MEMORY_BUFFER_ALLOC_C` is configured and Mbed TLS'
custom buffer allocator is used for calloc() and free(), the
read buffer used by the server example application is allocated
from the buffer allocator, but freed after the buffer allocator
has been destroyed. If memory backtracing is enabled, this leaves
a memory leak in the backtracing structure allocated for the buffer,
as found by valgrind.

Fixes #2069.
2018-10-09 12:46:32 +01:00
Hanno Becker
b0d59a1084 Fix memory leak and freeing without initialization in cert_write
* The variables `csr` and `issuer_crt` are initialized but not freed.
* The variable `entropy` is unconditionally freed in the cleanup section
  but there's a conditional jump to that section before its initialization.
  This cmmot Moves it to the other initializations happening before the
  first conditional jump to the cleanup section.

Fixes #1422.
2018-10-05 09:56:17 +01:00
Simon Butcher
714b7c60b1 Change the default IP addresses for DTLS samples
Changes the IP address to bind to for dtls_server.c to be "::" or optionally
"0.0.0.0" if the preprocessor symbol FORCE_IPV4 is defined.

Also changes the destinaton IP address for dtls_client.c to be "::1" or if
FORCE_IPV4 symbol is defined "127.0.0.1".

This change allows on compilation dtls_server.c and dtls_client.c to both be
compiled to use either IPv4 or IPv6 so out of the box they will work together
without problem, and to avoid dtls_server.c binding to IPv6 and dtls_client.c
binding to IPv4.
2018-09-30 16:20:04 +01:00
Simon Butcher
6a5ced41f2 Merge remote-tracking branch 'public/pr/1811' into mbedtls-2.1 2018-09-26 23:02:07 +01:00
Simon Butcher
0624b76361 Merge remote-tracking branch 'public/pr/1898' into mbedtls-2.1 2018-09-26 22:01:33 +01:00
Andrzej Kurek
9b89e3664f Remove trailing whitespace 2018-08-29 06:46:27 -04:00
Andrzej Kurek
85e411f813 ssl_server2: add buffer overhead for a termination character
Switch to mbedtls style of memory allocation
2018-08-29 06:46:27 -04:00
Andrzej Kurek
f4f59c0429 Added buffer_size and response_size options for ssl-server2.
Added appropriate tests.
2018-08-29 06:46:27 -04:00
Simon Butcher
7a47cbca16 Merge remote-tracking branch 'public/pr/1137' into mbedtls-2.1 2018-08-28 12:33:27 +01:00
Hanno Becker
badbe80c7f pk_encrypt: Uniformize debugging output 2018-08-23 15:56:55 +01:00
Hanno Becker
6b1b598c2f Fix typos in programs/x509/cert_write.c
Fixes #1922.
2018-08-23 15:26:55 +01:00
Hanno Becker
b31e9dad60 Minor formatting improvements in pk_encrypt and pk_decrypt examples 2018-08-23 15:13:12 +01:00
Hanno Becker
7cee15e967 Correct memory leak in pk_decrypt example program 2018-08-23 15:12:23 +01:00
Hanno Becker
34cbd7e536 Correct memory-leak in pk_encrypt example program 2018-08-23 15:12:22 +01:00
Mohammad Azim Khan
4c01904819 Fix Wformat-overflow warning in ssl_mail_client.c
sprintf( (char *) buf, "%s\r\n", base );
 Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
2018-08-16 14:33:03 +01:00
Ron Eldor
78e4cb967d Fix hmac_drbg failure in benchmark, with threading
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-30 11:01:37 +03:00
Simon Butcher
48776350b2 Merge remote-tracking branch 'public/pr/1799' into mbedtls-2.1 2018-07-24 13:31:12 +01:00
Andres Amaya Garcia
6aa5169c7a Fix ssl_client2 to send 0-length app data 2018-07-16 20:22:20 +01:00
Ron Eldor
c24108a8c8 Fix style issue
Add space before and after paranthesis.
2018-06-27 09:11:14 +03:00
Ron Eldor
45d23d62a1 Add check for return code of bignumber code
Add check for return code of `mbedtls_mpi_write_file`
as commented by @sbutcher-arm
2018-06-27 09:09:59 +03:00
Ron Eldor
eec77b5adf remove additional zero byte when writing pub der
Remove `- 1` for setting location of output buffer,
which added a leading zero which cause failure in ASN1 parsing.
Fixes #1257
2018-06-26 17:38:44 +03:00
AndrzejKurek
0de430678e pk_sign: fix overriding and ignoring return values 2018-04-03 19:38:45 +02:00
Andres Amaya Garcia
9b2c5b7202 Make DLEXT var configurable in programs and tests makefiles 2018-03-27 20:08:03 +01:00
Jaeden Amero
16499b5cbb Merge remote-tracking branch 'upstream-public/pr/1290' into mbedtls-2.1 2018-01-29 12:52:27 +00:00
Jaeden Amero
200966824d Merge remote-tracking branch 'upstream-public/pr/1054' into mbedtls-2.1 2018-01-26 15:07:11 +00:00
Manuel Pégourié-Gonnard
e56c77eeb2 Fix race condition in error printing in ssl_server2.c
The race goes this way:
1. ssl_recv() succeeds (ie no signal received yet)
2. processing the message leads to aborting handshake with ret != 0
3. reset ret if we were signaled
4. print error if ret is still non-zero
5. go back to net_accept() which can be interrupted by a signal
We print the error message only if the signal is received between steps 3 and
5, not when it arrives between steps 1 and 3.

This can cause failures in ssl-opt.sh where we check for the presence of "Last
error was..." in the server's output: if we perform step 2, the client will be
notified and exit, then ssl-opt.sh will send SIGTERM to the server, but if it
didn't get a chance to run and pass step 3 in the meantime, we're in trouble.

The purpose of step 3 was to avoid spurious "Last error" messages in the
output so that ssl-opt.sh can check for a successful run by the absence of
that message. However, it is enough to suppress that message when the last
error we get is the one we expect from being interrupted by a signal - doing
more could hide real errors.

Also, improve the messages printed when interrupted to make it easier to
distinguish the two cases - this could be used in a testing script wanted to
check that the server doesn't see the client as disconnecting unexpectedly.
2018-01-25 11:43:36 +01:00
Martijn de Milliano
8f96fb2141 dh_server: Fixed expected number of bytes received from client when receiving public value. 2018-01-22 23:48:57 +01:00
Hanno Becker
b70ba9fec7 Address issues found by coverity
1) The MPI test for prime generation missed a return value
   check for a call to `mbedtls_mpi_shift_r`. This is neither
   critical nor new but should be fixed.

2) The RSA keygeneration example program contained code
   initializing an RSA context after a potentially failing
   call to CTR DRBG initialization, leaving the corresponding
   RSA context free call in the cleanup section orphaned.
   The commit fixes this by moving the initializtion of the
   RSA context prior to the first potentially failing call.
2018-01-10 10:46:18 +00:00
Gilles Peskine
83cd34a39e selftest: fix build error in some configurations
Include stdlib.h for EXIT_FAILURE.
2017-12-21 11:07:37 +01:00
Gilles Peskine
a66fb3f221 selftest: allow excluding a subset of the tests
E.g. "selftest -x timing" runs all the self-tests except timing.
2017-12-20 21:58:25 +01:00
Gilles Peskine
edede44d97 selftest: allow running a subset of the tests
If given command line arguments, interpret them as test names and only
run those tests.
2017-12-20 20:31:32 +01:00
Gilles Peskine
6d51b63316 selftest: fixed an erroneous return code 2017-12-20 20:25:03 +01:00
Gilles Peskine
9d7dfb74d1 selftest: refactor to separate the list of tests from the logic
No behavior change.
2017-12-20 20:23:46 +01:00
Gilles Peskine
283a80d51f Merge remote-tracking branch 'upstream-public/pr/1108' into mbedtls-2.1 2017-11-28 18:31:28 +01:00
Hanno Becker
1a662eb928 Allow requests of size larger than 16384 in ssl_client2 2017-10-19 15:44:37 +01:00
Hanno Becker
cdba5cdcb9 Improve output on bad cmd line args in programs/x509/cert_write 2017-10-04 14:54:17 +01:00
Hanno Becker
37de7755fb Fix error code printing in cert_write
Error codes can consume up to two bytes, but only one was printed so far.
2017-10-04 14:52:13 +01:00
Hanno Becker
54d6c5bea2 Use X509 CRT version macros in cert_write program 2017-10-04 14:51:55 +01:00
Hanno Becker
4f4864a245 Fix senseless comment 2017-10-04 14:51:47 +01:00
Hanno Becker
7de3ff36df Minor style and typo corrections 2017-10-04 14:51:32 +01:00
Hanno Becker
781af0d60c Extend cert_write example program by multiple cmd line options
This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
                                   authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
                                 subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
                                basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
                                      when creating the CRT.
2017-10-04 14:35:34 +01:00
Ron Eldor
bd25784474 Fix ssl_server2 sample application prompt
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-02 19:17:48 +01:00