Commit Graph

11672 Commits

Author SHA1 Message Date
Philippe Antoine
42a2ce8255 No booleans and import config 2019-07-10 14:26:31 +02:00
Philippe Antoine
a82fdd4763 Removing space before opening parenthesis 2019-07-10 13:53:40 +02:00
Philippe Antoine
b3d3127d01 Style corrections 2019-07-10 13:34:51 +02:00
Jaeden Amero
74a87f8b29 Merge remote-tracking branch 'origin/pr/2738' into development
* origin/pr/2738:
  Test with MBEDTLS_ECP_RESTARTABLE
2019-07-10 07:55:25 +01:00
Jaeden Amero
5db519b59a Merge remote-tracking branch 'origin/pr/2730' into development
* origin/pr/2730:
  Allow TODO in code
  Use the docstring in the command line help
2019-07-10 07:55:25 +01:00
Jaeden Amero
98c234ff62 Merge remote-tracking branch 'origin/pr/2729' into development
* origin/pr/2729:
  Split _abi_compliance_command into smaller functions
  Record the commits that were compared
  Document how to build the typical argument for -s
  Allow running /somewhere/else/path/to/abi_check.py
2019-07-10 07:55:25 +01:00
Jaeden Amero
01604a334a Merge remote-tracking branch 'origin/pr/2726' into development
* origin/pr/2726:
  Warn if VLAs are used
  Remove redundant compiler flag
  Consistently spell -Wextra
  Allow declarations after statements
2019-07-10 07:55:25 +01:00
Jaeden Amero
58259fe10c Merge remote-tracking branch 'origin/pr/2721' into development
* origin/pr/2721:
  ChangeLog: Add ChangeLog entry for #2681
2019-07-10 07:55:24 +01:00
Jaeden Amero
150d7749ea Merge remote-tracking branch 'origin/pr/2719' into development
* origin/pr/2719:
  Deref pointer when using sizeof in x509_get_other_name
2019-07-10 07:55:09 +01:00
Jaeden Amero
0b8b5e3393 Merge remote-tracking branch 'origin/pr/2706' into development
* origin/pr/2706:
  Update Mbed Crypto to contain mbed-crypto#152
  CMake: Add a subdirectory build regression test
  README: Enable builds as a CMake subproject
  ChangeLog: Enable builds as a CMake subproject
  Remove use of CMAKE_SOURCE_DIR
2019-07-10 07:54:49 +01:00
Jaeden Amero
6d77d20f3a Merge remote-tracking branch 'origin/pr/2632' into development
* origin/pr/2632:
  Adapt ChangeLog
  Avoid use of large stack buffers in mbedtls_x509_write_crt_pem()
  Improve documentation of mbedtls_pem_write_buffer()
  Perform CRT writing in-place on the output buffer
  Adapt x509write_crt.c to coding style
2019-07-10 07:54:37 +01:00
Jaeden Amero
f473fa8fd7 Merge remote-tracking branch 'origin/pr/2455' into development
* origin/pr/2455:
  change .gitignore line endings to UNIX
  Update ChangeLog
  mention .gitignore changes in ChangeLog
  add Visual Studio filters to .gitignore
  update .gitignore to include Visual Studio artifacts
2019-07-10 07:54:06 +01:00
Jaeden Amero
b348a3b258 Merge remote-tracking branch 'origin/pr/2314' into development
* origin/pr/2314:
  Improve compatibility with firewalled networks
  Dockerfile: apt -> apt-get
  Change Docker container to bionic
  Clean up file prologue comments
  Add docker-based test scripts
2019-07-10 07:48:31 +01:00
Philippe Antoine
2321945e44 Syntax fix 2019-07-10 08:26:04 +02:00
Philippe Antoine
3e408d59c4 Fixes warnings from MSVC 2019-07-10 01:09:50 +02:00
Philippe Antoine
702c65922f Add a linker flag to enable gcov in basic-build-test.sh 2019-07-09 17:44:53 +02:00
Ron Eldor
b7c9626e76 Update soon to be expired crl
Update crl.pem, as it will expire on November 25 2019.
Resolves #2357.
2019-07-09 16:48:09 +03:00
k-stachowiak
01b3be4aa8 Add a test for mlaformed ECJPAKE context 2019-07-08 14:34:27 +02:00
k-stachowiak
4150335a27 Fix handling of md failure
The failure of mbedtls_md was not checked in one place. This could have led
to an incorrect computation if a hardware accelerator failed. In most cases
this would have led to the key exchange failing, so the impact would have been
a hard-to-diagnose error reported in the wrong place. If the two sides of the
key exchange failed in the same way with an output from mbedtls_md that was
independent of the input, this could have led to an apparently successful key
exchange with a predictable key, thus a glitching md accelerator could have
caused a security vulnerability.
2019-07-08 14:32:38 +02:00
Jaeden Amero
482a479ef0 Merge remote-tracking branch 'origin/pr/2699' into development
* origin/pr/2699:
  Update crypto submodule to a revision with the HAVEGE header changes
  Fix misuse of signed ints in the HAVEGE module
2019-07-05 15:41:39 +01:00
Gilles Peskine
06e752b2c2 Update crypto submodule to a revision with the HAVEGE header changes 2019-07-05 16:36:40 +02:00
Jaeden Amero
b6229e304e
Merge pull request #149 from gilles-peskine-arm/havege-asan-crypto
Fix misuse of signed ints in the HAVEGE module
2019-07-05 15:30:30 +01:00
Jaeden Amero
0f220ec73b Test with MBEDTLS_ECP_RESTARTABLE
We accidentally disabled testing with MBEDTLS_ECP_RESTARTABLE. Re-enable
testing with restartable ECP when MBEDTLS_USE_PSA_CRYPTO is not set.

Fixes 971dea3745 ("Enable USE_PSA_CRYPTO with config.pl full")
2019-07-05 15:14:57 +01:00
Jaeden Amero
e78cd62acb
Merge pull request #159 from k-stachowiak/IOTCRYPT-474-prevent-dead-code-warning
Prevent dead code warning
2019-07-05 14:43:11 +01:00
Hanno Becker
e69d0150d7 Add TEST_ASSUME macro to allow skipping tests at runtime
This commit adds a macro TEST_ASSUME to the test infrastructure
which allows to skip tests based on unmet conditions determined
at runtime.
2019-07-05 13:39:09 +01:00
Gilles Peskine
55b49ee10f Allow TODO in code
Don't reject TODO in code. Fix #2587
2019-07-04 19:39:06 +02:00
Gilles Peskine
7dfcfceb49 Use the docstring in the command line help 2019-07-04 19:39:06 +02:00
Gilles Peskine
ada828f36a Split _abi_compliance_command into smaller functions
This makes the code easier to read and pacifies pylint.
2019-07-04 19:20:35 +02:00
Gilles Peskine
3e2da4acf2 Record the commits that were compared
Record the commit ID in addition to the symbolic name of the version
being tested. This makes it easier to figure out what has been
compared when reading logs that don't always indicate explicitly what
things like HEAD are.

This makes the title of HTML reports somewhat verbose, but I think
that's a small price to pay.
2019-07-04 19:06:54 +02:00
Gilles Peskine
b6ce234c57 Document how to build the typical argument for -s 2019-07-04 19:00:31 +02:00
Gilles Peskine
6aa32ccfae Allow running /somewhere/else/path/to/abi_check.py
Don't require abi_check.py to be the one in scripts/ under the current
directory.
2019-07-04 18:59:36 +02:00
Jaeden Amero
93fe3a1a8f
Merge pull request #160 from yanesca/iotcrypt-790-update-tests-to-multipart-key-derivation
Iotcrypt 790 update tests to multipart key derivation
2019-07-04 17:19:36 +01:00
Gilles Peskine
2a38e2477a Slightly simplify derive_wrapping_key
No error can arise after the wrapping key is created, so remove the
corresponding cleanup code.
2019-07-04 14:41:07 +01:00
Gilles Peskine
4e2cc5353c Update key_ladder_demo to the current key derivation API 2019-07-04 14:41:00 +01:00
Janos Follath
343067e0d1 Add invalid_key_derivation test cases for TLS PRF
Add test_derive_invalid_key_derivation_state test cases for TLS 1.2 PRF.
2019-07-04 14:29:30 +01:00
Janos Follath
d958bb7aae Convert invalid_key_derivation_state to new API
Convert the test_derive_invalid_key_derivation_state() test to the new
KDF API.
2019-07-04 14:29:30 +01:00
Janos Follath
5ab0e0b601 Add derive_key_export test cases for TLS 1.2 PRF 2019-07-04 14:29:30 +01:00
Janos Follath
42fd888ab0 Convert derive_key_export to the new KDF API 2019-07-04 14:29:30 +01:00
Janos Follath
8d98a1e626 Add derive_key_exercise test cases for TLS 1.2 PRF 2019-07-04 14:29:30 +01:00
Janos Follath
e60c9052ec Convert derive_key_exercise to the new KDF API 2019-07-04 14:29:30 +01:00
Janos Follath
f2815eaec6 Refactor key derivation setup in tests 2019-07-04 14:29:00 +01:00
Janos Follath
e7e4706230 Add derive_full test cases for TLS 1.2 PRF 2019-07-04 14:22:27 +01:00
Janos Follath
47f27ed752 Convert derive_full test to the new KDF API 2019-07-04 14:22:27 +01:00
Janos Follath
46d9fbc4a9 Add test cases for exercise_key_derivation_key 2019-07-04 14:22:27 +01:00
Gilles Peskine
7607cd6e57 Convert exercise_key_derivation_key to the new KDF API 2019-07-04 14:22:27 +01:00
Jaeden Amero
c19dcebbdd
Merge pull request #154 from yanesca/iotcrypt-789-update-tls-prf-to-multipart
Update TLS 1.2 PRF to multipart API
2019-07-04 11:53:04 +01:00
k-stachowiak
653a4a2fba Prevent dead code warning
The window size variable in ecp_pick_window_size() can take values
4, 5 or 6, but we clamp it not to exceed the value of
MBEDTLS_ECP_WINDOW_SIZE. If that is 6 (default) or higher, the
static analyzer will point out that the test:
w > MBEDTLS_ECP_WINDOW_SIZE always evaluates to false.

This commit removes the test for the cases of the window size
large enough to fit all the potential values of the variable.
2019-07-04 12:19:47 +02:00
Janos Follath
d6dce9f4f3 Fix zero-length seed or label in TLS 1.2 PRF
The psa_tls12_prf_set_seed() and psa_tls12_prf_set_label() functions did
not work on platforms where malloc(0) returns NULL.

It does not affect the TLS use case but these PRFs are used in other
protocols as well and might not be used the same way. For example EAP
uses the TLS PRF with an empty secret. (This would not trigger the bug,
but is a strong indication that it is not safe to assume that certain
inputs to this function are not zero length.)

The conditional block includes the memcpy() call as well to avoid
passing a NULL pointer as a parameter resulting in undefined behaviour.

The current tests are already using zero length label and seed, there is
no need to add new test for this bug.
2019-07-04 09:11:38 +01:00
Jaeden Amero
6e70eb2678 tests: Limit each log to 10 GiB
Limit log output in compat.sh and ssl-opt.sh, in case of failures with these
scripts where they may output seemingly unlimited length error logs.

Note that ulimit -f uses units of 512 bytes, so we use 10 * 1024 * 1024 * 2 to
get 10 GiB.
2019-07-03 16:54:44 +01:00
Gilles Peskine
be517164d2 Warn if VLAs are used
We don't intend to use C99 variable-length arrays, so make the
compiler complain about them.
2019-07-02 20:22:11 +02:00